|Practical Computer Advice |
from Martin Kadansky
|Volume 6 Issue 6||June 2012|
| || |
|Online backup and storage services can be really useful, but they carry a number of hidden risks. Read on for my advice on this.|
|13 Reasons I Don't Like Cloud (Online) Backup and Storage Services|
They're convenient. They're easy to set up. They offer peace of mind. They're often free. Why wouldn't you use an online ("cloud-based") backup and storage service like Carbonite or CrashPlan or an online storage service like Dropbox or SugarSync?
There are lots of reasons! Security and convenience are always in conflict. (If you want quick access to your money, just leave a big pile of cash in a cardboard box on your porch, right?) These services can be good tools to protect your data from being lost in a disaster, but their very convenience can make them less secure, potentially opening your private data up to scrutiny and theft. Martin's top reasons not to use online backup and storage services
A few reasons why online backup and storage services might be appropriate
- Time: It may take days to upload a baseline copy of your data, and in the event of a disaster it may take days to download and restore your data. Can you wait that long?
- Data vs. entire computer: It's just not practical to back up your entire hard drive (often 10s or 100s of gigabytes) to such a service. And in the event of a complete disaster (where you've lost everything), it's just not practical to restore your entire hard computer from a service. Thus the only practical use of such services is to back up your data. By itself, this may not be the best choice for your situation.
- Scope: Every time I have reviewed the "automatic" settings for a client's online backup, I have found important folders that were skipped, and useless folders that were included. No piece of software can possibly know what is appropriate for your specific situation without your help, e.g., it can't know which user(s) to back up, which email program you use, where your bookkeeping files are stored, etc.
- Internal drive only: You may have good reasons to use external drives to organize your data, but many services will only back up data on your internal hard drive, ignoring any external drives.
- Hacking: Just as thieves and vandals can break into your email account by stealing or guessing your password, your online backup or storage account can similarly be "hacked."
- Lack of encryption: While the connection to the service may be secure with SSL encryption during uploading and downloading, the storage of your data on the service may not be encrypted. This can mean that employees of the service have access to your data, and that if (for some reason) a law enforcement agency serves a subpoena to the service to see your data, they will be given access, and in some cases the service will not be permitted to notify you. Some services (like Mozy) give you the option of choosing an encryption key (separate from your account password) that their software will use to encode your data before it is uploaded to the service, rendering it unreadable to anyone (service employees, law enforcement, hackers, thieves, and you) without that key.
- Security breach: Any service may experience a security breach (someone hacking into their system, or an employee may make a mistake or intentionally give access, or a vendor they depend on has a problem), putting your data at risk.
- Company stability: Any service may change their Terms of Service, get bought by another company, go out of business, etc.
- Your legal responsibilities: If you run a business and store confidential information about your clients or customers or patients on your computer (or information on how to access such information stored elsewhere, such as clients' passwords or security codes), the above security issues may mean that you would be violating state or federal law if you used such a service to store that information.
- Common sense: Beyond your legal responsibilities, do you really want to risk your clients' confidential information by storing it in a service with known or potential security problems?
- Data integrity: During the backup process, files you have left open (documents, email messages, calendars, etc.) may not get backed up properly if they are being modified while the backup is running.
- No offline access: Your data can't be backed up or restored if your internet connection is down.
- Macintosh: Such services usually work great on Windows, but many have poor implementations on the Mac, which you may not fully realize until you try them out, possibly not until after you have a disaster.
There are some situations where such a service may be a good idea:
The approach I recommend most of the time
- You first encrypt your confidential data (or, for simplicity, all of your data), and then carefully let the service back up only that encrypted data. However, even if you use a modern, state-of-the-art encryption method with a strong password, there is always the risk that any encryption scheme can be "broken" in the future, as many have been in the past. Do you want to risk your encrypted data being in someone else's hands?
- Personal use: You don't run a business, don't store any confidential data (yours or someone else's), don't have more than 5 or 10 gigabytes of data, and want a convenient, easy-to-use backup or storage system.
- You use such a service in combination with a more thorough (and secure) backup to a hard drive (see below), and only after carefully considering the security issues listed above.
Most of the time I recommend a more basic approach to backup and data storage using external hard drives or flash drives:
- Decide whether you want to (a) back up your entire computer, or (b) just your data. If you decide on just your data, do all of your data. Don't try to separate "important data" from "unimportant data," you'll probably regret it later.
- If you can't decide (or you like both approaches), combine the two: Back up your entire computer once a month, and your data every day.
- Measure the current size of what you'll be backing up (entire computer vs. data) in megabytes or gigabytes.
- Buy at least two hard drives (or flash drives) large enough to hold at least one copy of your backup, ideally 5 to 10 copies. At the time of this writing, the smallest external USB hard drives I can find hold 500 gigabytes and cost about $80 to $100, and I can find USB flash drives (also called "thumb drives," "keychain drives," or "memory sticks") holding 4 gigabytes for under $5, 8 gigabytes for under $10, and 16 gigabytes for under $20.
- Plug your backup drive into your computer and set up a regularly scheduled backup (at least daily if you run a business) using well-recommended backup software that clearly backs up what you want (and doesn't back up what you don't want).
- If possible, use backup software that encrypts your backup with a strong password, so you're protected if your backup drive is lost or stolen.
- If you're not comfortable setting this up yourself, hire a professional to do it with you in close consultation (not someone who does it for you with no discussion).
- Learn how to restore from your backup.
- Regularly check your backup and confirm that it's working.
- On a weekly or monthly basis, switch to the other backup drive of the pair you purchased, and store the one you've just unplugged at a different location - at your home or your office, in a friend's basement, in your bank safety deposit box, etc. Don't risk your computer and your only backup both being stolen, both getting destroyed by an electrical surge or a fire, etc.
- Just like your computer, your backup drives will wear out or suddenly stop working. No device will last forever. This is normal, and another reason to buy more than one. Be prepared to replace them periodically.
Where to go from here
- Don't get taken in by the convenience of these services or their many features. Make a careful assessment of your situation, especially your needs and responsibilities regarding security, before using any such service.
- Only you can assess what level of risk is acceptable, but only if you are aware of the risks. Be an informed consumer, ask any service you're using (or considering) these tough questions!
- Giving physical possession of your data to someone else is big deal. Seriously consider the lower-tech alternative of using backup software and old-fashioned hard drives or flash drives.
How to contact me:
phone: (617) 484-6657
On a regular basis I write about real issues faced by typical computer users. To subscribe to this newsletter, please send an email to firstname.lastname@example.org
and I'll add you to the list, or visit http://www.kadansky.com/newsletter
Did you miss a previous issue? You can find it in my newsletter archive: http://www.kadansky.com/newsletter
Your privacy is important to me. I do not share my newsletter mailing list with anyone else, nor do I rent it out.
Copyright (C) 2012 Kadansky Consulting, Inc. All rights reserved.
I love helping people learn how to use their computers better! Like a "computer driving instructor," I work 1-on-1 with small business owners and individuals to help them find a more productive and successful relationship with their computers and other high-tech gadgets.
Subscribe to this free newsletter
Go to the Newsletter Archive