There are a number of ways to secure cloud backup when transferring data between clouds.
One popular option uses backup software to encrypt data prior to transmission. A drawback to this approach is that the encryption keys must also be backed up to an alternate location. If this does not occur, a data loss event could potentially result in the loss of the encryption keys, thereby making data restoration impossible.
Another approach is to use a cloud-to-cloud VPN that creates an encrypted tunnel between two clouds. This tunnel can then be used to ensure privacy during secure cloud backup processes.
In addition to protecting data while it traverses the internet, data must be protected once it arrives at its destination. Storage-level encryption is probably the most popular option for protecting data at rest.
Cloud-level erasure coding is another way to secure cloud backup. Erasure coding distributes write operations across multiple disks, not unlike a RAID array. There are different types of erasure coding, like the bunch of redundant independent clouds (BRIC) architecture that allows data to span multiple public clouds. While this may, at first, seem like a way to ensure only redundancy, erasure coding can also be used to improve security.
Some BRIC implementations, like Tahoe-LAFS, allow data to be structured in such a way as to provide both redundancy and privacy. Secure cloud backup is achieved by virtue of the fact that none of the public cloud providers used in a BRIC architecture has a complete copy of your data. As such, a public cloud provider has no way of accessing your sensitive data because they only have fragments of it.
The primary disadvantage to using a BRIC architecture is cost. To protect your backup data in this way requires several public cloud subscriptions, so costs can quickly add up.
The need for cloud-to-cloud backup services
Benefits and drawbacks of cloud-based data backups
New storage technologies complicate backups