Document Status: Public Draft
This documentation is a public record of the critical parts of the Kee Vault Ltd disaster recovery plan.
It’s early days for the company and the Kee Vault service - at the time of writing this first draft, we’ve not even launched the service!
None-the-less, designing the service such that it can survive worst-case scenarios - like the death of the company founder and lead developer - has been a core concern from the very start.
For similar reasons to our policy of publishing the source for all code that can impact the security of your data, we want to be open about the risk of disasters, any impact that might have on you and what we’re doing now and in the future to reduce the risk and impact.
A lot of the operational details will remain private mainly because they’ll be changing frequently and are of no consequence to users of our products and services. The rest of this document is a starting point for us to outline the most important issues relating to our disaster planning.
Ensuring continued access to the passwords inside your Kee Vault
Any device you’ve used to sign-in to Kee Vault will contain a working copy of all of your data (including all changes up to the time you last signed in to that device).
This ensures that you will have continued access in a variety of situations including when your device has no network connection or the Kee Vault server infrastructure is unavailable for any reason, either temporarily or permanently.
It is possible to export your data in a standard format even if Kee Vault can’t confirm that your account remains active.
When none of your devices contain a working copy of your data
Some situations may leave you without a copy of your data on any of your devices (such as multiple device failures or you manually deleting the data).
While the Kee Vault service is available and online this is automatically resolved when you sign-in but if Kee Vault is offline for any reason you would be unable to access your data.
The Kee Vault infrastructure is continually maintained to a configuration that maximises the chances that it will continue working on “autopilot” throughout most conceivable disasters - as long as customer funds continue to be transferred into the Kee Vault bank account, infrastructure invoices will continue being paid and the service will keep ticking along for a length of time that should be far in excess of what is required to recover from a disaster.
In the unlikely event that the service becomes unavailable due to the death of the sole director of Kee Vault Ltd, it is possible that your data will not be made available until after manual intervention by the director’s personal representative. You may wish to avoid this small risk by taking occasional exports of your data and storing them somewhere safe.
As Kee Vault becomes more popular, we will be able to expand the range of protections against this risk through mechanisms such as legal escrow services or funds reserved for making your data available for export as part of a controlled service shutdown. Related improvements might include automated notifications or actions when there is a risk of long-term service disruption. Obviously designing such improvements to ensure no security or privacy risks are introduced is not a trivial task so we’re not intending to focus on this in the short term.
More formal risk assessment procedures will be considered as Kee Vault Ltd grows and this document will be updated with any new developments in this area.