I have been asked by several small businesses and individuals regarding services like those offered by Carbonite, Mozy and iDrive. I’ve always had a bad feeling about the idea. Recently though, I thought a little harder about the reasons why I could never store all my data online. Of course, online backup systems are infinitely more valuable than no backup solution at all. As some readers have pointed out, online backup services have saved a lot of butts. At the same time, there are some factors that make online backups less attractive to the “old fashioned way” of backing up data. There are three main factors that I feel give standard backups an upper hand.
- Storage is cheap.
- Your data is only as safe as your password.
- When stored online, your data is no longer yours.
While these factors are why I do not recommend online backups, I want to take a moment to discuss when online backups do make sense.
Disclaimer: When Online Backups Make Sense
As a reader pointed out, many people setup a backup process but the process gets in their way of doing it properly. Either their backups fail to run regularly or they stop rotating the media because the process is cumbersome. If this is the case, backup your data online.
Also, please understand that this is only meant to explain why I do no recommend online backup services as a regular practice. It does not mean there is no place for it. There are many reputable online services out there. The vast majority of them encrypt the connections end-to-end and store the data in encrypted form. But that is something you should ask or check before just signing up for the service and dumping your data on their servers.
For each of the weaknesses I discuss, there are measures that can be taken to protect your data, even if stored online. Most technically savvy people know how to operate online and protect their data and identity. But all too often, I find people and small businesses operating online in an insecure fashion. They may be required by their insurance company to have offsite backups. They see online backups as a panacea without understanding the potential risks they face by not fully understanding the importance of protecting their data.
One other point regarding offline backups. If you store your data on a hard drive that is stored in the back seat of your car or in your gym bag, just save yourself the hassle and use an online service. By now, most of us have heard the stories about the IT guy at the hospital whose car was broken into and all the hospital’s data was compromised. Or, the VA worker whose laptop was stolen with patient records. The same thing can (and will) happen to you if you do not treat your offline backups with care.
Disks Are Cheap
The other day I was spec’ing out a brick-and-mortar backup solution for a small business. I was surprised to find a 1TB external hard drive for only $90. I realize that in a few years from now, that 1TB drive will not be enough storage. File sizes grow. However, as history has shown, a comparable storage medium will be available at that time for a similar price.
Online storage solutions exist because they offer strategy, software and storage for ~$50/year. The price point and ease of use is attractive. It is why the services are popular. When you add the fact that to do your own backups you need (probably) two 1TB external drives, software and some knowledge of your computer, these solutions become even more attractive. It is the same reason people use Gmail or Yahoo! for their e-mail. Sure, they could buy a domain name, setup postfix and roundcube and have control over their e-mail services. But why? Especially when it is free to use Yahoo! or Gmail.
The real reason against online backups is in my two points below. However, the cost and expertise needed to do it on your own is minimal. If you do it on your own, you first have to assume that you probably replace your computer every 5 years. Over that period, an online service would cost roughly $250 over that time.
To do this on your own, you probably want to start out with two 1TB disks. The software needed is free. You can use Windows Backup or an Open Source solution like Areca. The time needed to learn how to properly backup your data and to manage the backups is the wildcard. It depends on how much you value your data (if you’ve ever lost everything, your probably realize it is worth a lot; or maybe not). The resources are available on the internet. You just have to find a solution that works for you.
My solution. I use two 1TB disks along with Areca to backup all my data to the disk. I always store one of the hard drives in a locked, fireproof safe and the other at an external location I can trust.
Your Data, Your Password
If you are like most people, you use the same password for your online banking as you do your e-mail and your e-bay account. It is a fact that people repetitiously use their passwords. Although there is a positive trend in password strength, as was evident in the recent presidential race, there are ways to get around strong passwords. For example, Sarah Palin’s e-mail account was compromised and all her e-mail accessed during the campaign. Not because she used a weak password. Instead, it was because the security questions used to reset her password were setup using easy to guess answers. What is your mother’s maiden name? What high school did you attend? As social networking and the semantic web become more prevalent, the answers to these questions become easier to find. And what about that computer support forum you posed a question on? Well, you had to setup an annoying username and password. You also supplied your e-mail address. Odds are, you used the same password for that account as you did your e-mail account. You trust the people that setup that forum without even knowing them. You also trusted their ability to secure the data you submitted. What if somebody were to compromise their database? They now have access to your e-mail and any other online services you use that utilize that same password. Thanks for playing, come again…
It is a fact that this activity goes on every day. In my own testing, I was able to find forum after forum, website after website that were setup by lazy administrators and were vulnerable to these same attacks. Now you are talking about client lists, confidential contracts, business relationships, personal information, tax information, etc. All of that is vulnerable to these attacks when you store your data online. The web is not a nice place for the complacent.
Your Data != Your Data
The 10 Immutable Laws of Security. While they tend to talk about your computer explicitly, they are really talking about the security of the data on your computer. If you don’t care about the data on your computer, then they don’t apply. But, if you are like most, you value the safety of the data on your computer.
When you talk about backups, you are talking about storing all your data in a different place and medium than “your computer”. I still tell people and small business that a security deposit box is tested and trusted; use it! I tell them this because it is a trusted storage place and has been so for decades, if not years. Online storage is a new medium that has only recently reached mainstream.
To store all your data online, you must trust all the individuals that handle your data. You trust the geek squad or your neighborhood geek to fix your computer. You know where they work. You know where they live. Yet, people have no idea where their data goes when they use one of these online services beyond what is posted on a web page. Is your data handled by foreign nationals? Are the employees at the corporation happy? (We’ve all heard of rogue admins.) How well do you know all those that have access to your data? When you let somebody into your home, whether as a friend or contractor, you analyze the situation and give them a certain level of trust. Do you do the same when you select an online service to upload everything you have stored on your computer?
You should ask yourself all these questions before selecting any backup solution, online or offline. Most online services will offer some level of encryption. You need to know what that means and do your homework to ensure you data is transferred in a secure manner and stored in a secure fashion. Again, this goes for both offline and online backups.
Conclusions
The technology is neat. The fact that we now have enough bandwidth to copy the entirety of hard drives up to the cloud is not something to scoff at. My biggest concern is that the vast majority of people do not realize the repercussions of storing their data in the cloud. If you put serious thought into the decision to do this and you still feel confortable, then go for it. I, for one, will continue to backup my data to a disk I can touch and hold with my own hands. Now get off my lawn!
If the writer of this article is not a lawyer, this opinion does not mean anything. Otherwise, it is like a carpenter giving advice how to perform an open heart surgery.
How would taking technical advice from a lawyer be any better than taking technical advice from an IT professional? I am an IT Professional giving advice on backing up your data. This is nothing like a carpenter giving advice on open heart surgery. Your analogy makes no sense.
In response to your three points:
1) Online backup services are useful because most people / small businesses cannot regularly and reliably get their data stored offsite. They think they will, but they don’t.
2) Use of complex passwords, along with a password keeper such as Roboform, should solve this problem. But I agree that many online services make password retrieval too easy.
3) Reputable on-line backup services encrypt all data during transmission and storage so that their employees can’t access your data even if they wanted to. (The flip side to that is that if you forget your encryption password, you’re hosed.) Obviously it’s a good practice to know something about the company you’re doing business with, but the same applies to ALL services, not just online backup.
Conclusion: online backup has saved many butts. Don’t be so quick to write it off.
David,
Thanks for taking the time to make some good arguments. I do think online backups are a much better solution than no backup at all. I also understand the ease of use the services offer is the main purpose online services have grown so quickly. My biggest concern is that people do not truly understand the dangers of doing business online. It is just like anything else in life. There are risks. If you weigh those risks properly and take steps to protect yourself, you can be safe, even in a dangerous world. But most people do not take those risks into account when they choose these services. You do. Many people do. They are the ones doing the right thing. I only wished to offer some insight into some of the things people should consider when backing up their data online. I will revise the last point and add some notes about encryption. It is a good point that should be mentioned.
Thanks for the response.