Are Online Backup Services Safe?
The recent hack of Google by Chinese espionage agencies has raised concerns about the security and safety of online backup services. Is the protection provided by Mozy, Carbonite and other popular backup services enough to keep your files safe from prying eyes?
How Safe is Online Backup?
In the case of the Google hack, it was enabled by a flaw in Microsoft's Internet Explorer browser, not by something Google did wrong, nor by anything inherently risky in cloud-based online storage. But the incident does raise some valid questions about cloud computing in general, and online data backup services in particular.
Cloud computing is inherently less secure than keeping data in-house, all else being equal. If your money is in a bank vault, it's pretty safe compared to even an armored car moving about in public. It's simply harder for bad guys to get to your data if it's never exposed on the Information Highway. But if the vault door is left open and the armored cars locked, the relative risks certainly change.
Most home computer users, and many small businesses, are quite careless with their precious data. They don't use even minimal password protection. They give everyone administrator privileges. They write passwords on Post-It notes and stick them to the monitors where it's convenient for everyone to read them. If they were banks, they'd be leaving the vault door open and the keys in the locks of safety deposit boxes.
Cloud computing (of which online backup is a specific application) is like a locked armored car staffed by armed guards. The network connections between your local network and the online backup vendor's servers are encrypted and monitored for attempts to tap into the data streaming between you and the vendor. It's certainly more secure than the wide-open bank vault I just described, and it's generally secure enough to thwart even the most well-financed hackers. The risk of a security breach during your data's transport between you and a cloud computing vendor is quite low.
Physical Security at Online Backup Providers
But what about security at the vendor's site? Online backup services such as Mozy, Carbonite, and iBackup are high-profile targets for hackers who know that many companies' valuable data are stored on these vendors' servers. Banks are targets for sophisticated criminals because lots of money is in them. So the online backup services, like banks, take much greater security precautions than the typical home user or mattress-stuffing home saver.
The first precaution taken by most online backup services is to encrypt users' data at the user's site, before it is moved across the Internet. When new data arrives at the online backup services receiving servers, it is moved immediately to a server that is not accessible via the Internet. Only when a customer requests restoration of backup data is a copy of it placed where it can be downloaded; again, the data is encrypted before it moves over the Internet.
This a pretty secure system. But what if the "bank" burns down? A big reason users turn to online backup services is to store copies of critical data in a remote location safe from local disasters such as fire, flood, earthquake, etc. But a disaster can happen at the online backup service's data center, too. If you have erased your local copies of older data, you may be out of luck if the online backup service's copy is destroyed. So you need to ask: what is the disaster recovery service provider's disaster recovery plan?
A well-run vendor will tell you, proudly, how it protects the data that you entrust to it. A less reliable vendor won't, and they'll probably tell you the secrecy is for your protection. But if knowing what sort of lock is used on a door makes it easier for thieves to pick the lock, then you need a better lock. Assume that no answer to "What's your security policy and disaster recovery plan?" means there isn't any.
Will Your Data Be There When You Need It?
How long do online backup services keep your data safe? As long you pay for the service, of course. They charge by the byte stored, so it makes no sense for the service to delete your ancient data to save storage space. You will have to decide what data you can finally let go of and delete it yourself.
But here's a related issue to consider. Suppose you have some files on your hard drive, which you know are backed up by your online backup service. You go ahead and delete them, either on purpose or accidentally. If the online backup service is designed or configured to keep your backup in sync with your hard drive, it will delete that file from the backup. Some backup services remove deleted files after a delay of a certain number of days, others may never do so. Find out what your provider's policy is, and what features your plan offers to handle this data archiving issue.
Here's the bottom line... Online backup services that are offered by large, nationwide vendors with redundant, widely dispersed, and heavily secured storage sites are a very safe place to put your data. Even an "inside job" would require an individual to have enormous amounts of time and computing power to break the 256-bit AES or 448-bit Blowfish encryption that protects your data.
There's always some risk and uncertainty when your data is stored in a remote location, but the physical security and strong encryption they provide is probably a lot better than anything you could cobble together at your home or office.
Do you have thoughts about the safety of online backup services? Post your comment or question below..
Posted by Bob Rankin on 26 Jan 2010
|For Fun: Buy Bob a Snickers.|
The Top Twenty
Repair Vista or Windows 7
Link to this article from your site or blog. Just copy and paste from this box:
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005
- Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- Are Online Backup Services Safe? (Posted: 26 Jan 2010)
Copyright © 2005 - Bob Rankin - All Rights Reserved