Are Online Backup Services Safe?
The recent hack of Google by Chinese espionage agencies has raised concerns about the security and safety of online backup services. Is the protection provided by Mozy, Carbonite and other popular backup services enough to keep your files safe from prying eyes?
How Safe is Online Backup?
In the case of the Google hack, it was enabled by a flaw in Microsoft's Internet Explorer browser, not by something Google did wrong, nor by anything inherently risky in cloud-based online storage. But the incident does raise some valid questions about cloud computing in general, and online data backup services in particular.
Cloud computing is inherently less secure than keeping data in-house, all else being equal. If your money is in a bank vault, it's pretty safe compared to even an armored car moving about in public. It's simply harder for bad guys to get to your data if it's never exposed on the Information Highway. But if the vault door is left open and the armored cars locked, the relative risks certainly change.
Most home computer users, and many small businesses, are quite careless with their precious data. They don't use even minimal password protection. They give everyone administrator privileges. They write passwords on Post-It notes and stick them to the monitors where it's convenient for everyone to read them. If they were banks, they'd be leaving the vault door open and the keys in the locks of safety deposit boxes.
Cloud computing (of which online backup is a specific application) is like a locked armored car staffed by armed guards. The network connections between your local network and the online backup vendor's servers are encrypted and monitored for attempts to tap into the data streaming between you and the vendor. It's certainly more secure than the wide-open bank vault I just described, and it's generally secure enough to thwart even the most well-financed hackers. The risk of a security breach during your data's transport between you and a cloud computing vendor is quite low.
Physical Security at Online Backup Providers
But what about security at the vendor's site? Online backup services such as Mozy, Carbonite, and iBackup are high-profile targets for hackers who know that many companies' valuable data are stored on these vendors' servers. Banks are targets for sophisticated criminals because lots of money is in them. So the online backup services, like banks, take much greater security precautions than the typical home user or mattress-stuffing home saver.
The first precaution taken by most online backup services is to encrypt users' data at the user's site, before it is moved across the Internet. When new data arrives at the online backup services receiving servers, it is moved immediately to a server that is not accessible via the Internet. Only when a customer requests restoration of backup data is a copy of it placed where it can be downloaded; again, the data is encrypted before it moves over the Internet.
This a pretty secure system. But what if the "bank" burns down? A big reason users turn to online backup services is to store copies of critical data in a remote location safe from local disasters such as fire, flood, earthquake, etc. But a disaster can happen at the online backup service's data center, too. If you have erased your local copies of older data, you may be out of luck if the online backup service's copy is destroyed. So you need to ask: what is the disaster recovery service provider's disaster recovery plan?
A well-run vendor will tell you, proudly, how it protects the data that you entrust to it. A less reliable vendor won't, and they'll probably tell you the secrecy is for your protection. But if knowing what sort of lock is used on a door makes it easier for thieves to pick the lock, then you need a better lock. Assume that no answer to "What's your security policy and disaster recovery plan?" means there isn't any.
Mozy, for example, has a Privacy Commitment that specifies how your information is kept private and secure. They use military-grade encryption, and world-class data centers with state-of-the-art physical and technical security. In addition, they are SAS70 certified, which means they are regularly audited to ensure that these safeguards stay in place. Carbonite gives similar assurances in their own Privacy Policy document.
Will Your Data Be There When You Need It?
How long do online backup services keep your data safe? As long you pay for the service, of course. They charge by the byte stored, so it makes no sense for the service to delete your ancient data to save storage space. You will have to decide what data you can finally let go of and delete it yourself.
But here's a related issue to consider. Suppose you have some files on your hard drive, which you know are backed up by your online backup service. You go ahead and delete them, either on purpose or accidentally. If the online backup service is designed or configured to keep your backup in sync with your hard drive, it will delete that file from the backup. Some backup services remove deleted files after a delay of a certain number of days, others may never do so. Find out what your provider's policy is, and what features your plan offers to handle this data archiving issue.
Here's the bottom line... Online backup services that are offered by large, nationwide vendors with redundant, widely dispersed, and heavily secured storage sites are a very safe place to put your data. Even an "inside job" would require an individual to have enormous amounts of time and computing power to break the 256-bit AES or 448-bit Blowfish encryption that protects your data.
There's always some risk and uncertainty when your data is stored in a remote location, but the physical security and strong encryption they provide is probably a lot better than anything you could cobble together at your home or office.
Do you have thoughts about the safety of online backup services? Post your comment or question below..
|
|
Need more tech support?
|
|
|
 Check out other articles in this category:
|
Posted by Bob Rankin on January 26, 2010 12:24 AM
| Need More Help? Try the AskBobRankin Updates Newsletter. It's Free! |
 |
Prev Article: Is Javascript the Same As Java? |
|
Next Article: Geekly Update January 26 |
 |
|
Link to this article from your site or blog. Just copy and paste from this box: Related Keywords: Backup online backup privacy security encryption Mozy Carbonite iBackup |
There's more reader feedback... See all 11 comments for this article.
Post your Comments, Questions or Suggestions
|
Ask Bob Rankin Home Page
Subscribe to AskBobRankin Updates: Free Newsletter |
|
| Copyright © 2005 - Bob Rankin - All Rights Reserved | ||
Article information: AskBobRankin -- Are Online Backup Services Safe? (Posted: January 26, 2010 12:24 AM)
Source: http://askbobrankin.com/are_online_backup_services_safe.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "Are Online Backup Services Safe?"
(See all 11 comments for this article.)Posted by:
Tom Smith
26 Jan 2010
With external hard drives in the 1 terabyte range for less then $100 why bother backing up data to a company somewhere out there in 'The wild blue yonder'? With backup software that's free as well it makes no sense to backup your data any place else but in your own home or office!
And to show you that I do what I say, I now have over 2.5tb of data & movies all on external hard drives! When I'm not accessing the drives they are turned off or disconnected from the pc.
EDITOR'S NOTE: Why consider offsite backup? Hmmm... did you notice the image I chose to go along with this article.. the flaming house with the hard drive superimposed?
Posted by:
Joe Gill
26 Jan 2010
I do have one question about these services, and also the tools you can use to do backup at home.
What happens to JPEG images as they undergo (I assume!) compression when being stored and then decompression upon retrieval? Is there any loss of quality?
EDITOR'S NOTE: For home backup, see http://askbobrankin.com/free_backup_solutions.html
I don't think any compression is being done. Encryption, yes. But even if the files were compressed and then uncompressed, they would end up identical. JPEG image compression is very different from file compression.
Posted by:
Kahlil Black
28 Jan 2010
I would caution against being seduced by high-profile cases of data theft when the sad reality is you still probably have a much higher probability of losing data by your own hand (or that of a family member, friend or other trusted person).
Your example of reconsidering a file deletion is a good example. Another is the backup software or hardware fails un-noticed (how often does anyone test sample restores?).
So, a top consideration, after which method would you most likely use regularly, could be which method reduces human error the most and prevents accidental data harm.
Posted by:
Scott
28 Jan 2010
I didn't see this issue addressed...what happens to my data if/when I cancel my account. Is it securely deleted, or what? The issue is I actually have no real control over my data stored there, only assurances.
Posted by:
Dan
28 Jan 2010
I use Jungledisk - very inexpensive, good encryption, multiple versions of backups (which also allows recovery of deleted local files), restore to any point-in-time for which backups exist, etc. I *also* have backups at home - data mirrored to external USB drives, and backups from my laptop to my home server.
The bottom line is: if you don't have offsite backups, you don't have a complete recovery plan.
Posted by:
John Genzano
28 Jan 2010
What happens if the company goes out of business. or worse, goes bankrupt. In the case of a bankruptcy, your data may be considered a corporate asset to be sold off to pay secured creditors. It is strictly up to the judge, not the contract you have with the backup company.
Posted by:
markie carlson
28 Jan 2010
I am using Carbonite. Should I still be using the flash drives that I used to use ( and would throw them in a fireproof safe at night)?
EDITOR'S NOTE: If your computer crashes and you can't get online, a local backup is a lot more useful.
Posted by:
Robert Armstrong Jr
30 Jan 2010
The different companies and antivirus companies are offering many online backup solutions. The problem is which one is the safest to use and have the best security available. I know, that is one variable that is subject to change. I currently use Carbonite and have been satisfied with the end results, but have read where they were hacked and some information was leaked. Of course, they did not elaborate on what information was leaked.
My qauestion is this, of all the different options this story seemed to lean on Mozy. I am loyal up to a degree with software companies, but have any other companies been hacked? Which online program seems to offer the most security and confidence? Looking forward to the replies.
Posted by:
John
31 Jan 2010
I use Carbonite and have been happy with it, but I plan to buy a new computer soon. My question is, will my account transfer to my new computer and allow me to recover all my files? When I install Carbonite on the new PC will it recognize that I now have a new machine and not charge me for a new account? The uncertainty is one reason I've hesitated to buy a new computer.
EDITOR'S NOTE: I think that scenario is one of the primary reasons for using a service like Carbonite. Your old computer dies, you get a new one, and then restore your files from the backup.
Posted by:
EM Chance
02 Feb 2010
Aside from bankruptcy mentioned above what happens if the feds or a state seizes the server farm where the principals are accused of not paying taxes or being engaged in some sort of nefarious activity? It could be months before you could access your data, if at all. Heck, all the authorities have to do is seize a bank account to shut down any business.
You need TWO backups. One of them should be physical and is local to you. A clone of or a mirror image of your drive(s) if you should be hit by fire, flood, mudslide or tornado where your original installed program discs are rendered unusable.