[Computer] Security in the Cloud?

[DaveTN]

I’m thinking about using cloud storage for backing up. Acronis offers 250GB for $50 a year.

I’m concerned with security. I mean once it’s out there; it’s out there. How do you pick a secure site, or how are they rated?

What do you guys think?

[MacGyver]

I encrypt my files locally before backing up to the cloud. When I'm not on my mobile, I'll be happy to post more.

[quietguy]

I am a lot more familiar with the commercial offerings, but by all accounts you still get what you pay for. I would probably stick with Mozy or Carbonite for personal storage, if I had to go that direction, and encrypt before I uploaded.

My brother and I have a pretty unique setup. We each have a NAS installed in our safes, and each computer will backup locally on our NAS, and then sync to each others NAS array. It probably cost us $400 each to set everything up. but the control and piece of mind are well worth it.

I also backup all of our machines every couple of months to a USB drive and keep it in a separate document safe. I also create DVD backups of critical files (mostly pics and financial records) and store them in a third safe.

Edited September 3, 2012 by quietguy

[Oh Shoot]

I am a lot more familiar with the commercial offerings, but by all accounts you still get what you pay for. I would probably stick with Mozy or Carbonite for personal storage, if I had to go that direction, and encrypt before I uploaded.

???

Acronis has been in business longer than Mozy or Carbonite.

- OS

Edited September 3, 2012 by OhShoot

[quietguy]

???

Acronis has been in business longer than Mozy or Carbonite.

- OS

True, but not really in the cloud storage market.

[Guest Lester Weevils]

For years have had a netfirms.com business site for parking files and personal web pages I never get around to updating. Not expensive.

So anyway supposedly such server farms backup their machines and haven't been unhappy with the quality vs price. But one time a couple of years ago they were re-doing their server farm and somehow managed to lose half the files on my 'virtual server' on there. I had em backed up other places, but was kinda surprising they managed to lose my files. Lucky hadn't just "assumed" that a big server farm company with a staff of support folks wouldn't ever lose my data. Am not claiming that carbonite or whoever are likely to lose yer data. It was just an interesting experience.

The company I contract program for, a fella on payroll routinely backs up the internal servers, and important stuff goes home on hard drives with more than one employee, They hire out the web servers (not the internal network) to a server farm company, but their servers are on their own machines that happen to live in the building of the server farm. Rather than virtual on a pool of machines at the server farm. The company pays extra for the server farm make routine backups of the web servers. Hopefully that gets faithfully done. One time the web pages got corrupted by hackers and the routine backups were available to reboot the web pages without losing very much. That was a few years ago.

[Jonnin]

yea an encrypted wadfile is the way to go, either compress all the stuff to save money/space and encrypt that, or tarball it (no compression but fast) and same idea. That is the easy way out. Do NOT use built in zip encryption, as far as I know, that is not hard to crack (??) or it used to be easy anyway (been a while since I tried).

Edited September 3, 2012 by Jonnin

[Sam1]

I’m thinking about using cloud storage for backing up. Acronis offers 250GB for $50 a year.

I’m concerned with security. I mean once it’s out there; it’s out there. How do you pick a secure site, or how are they rated?

What do you guys think?

Before you decide, try out http://crashplan.com they have a 30 day free trial, unlimited online storage and their application will allow you to back up your files to other computers so you maintain control of the data (this option is 100% free). You can set up your work computers to back up to your home computers and vice versa so you have an off-site backup and still maintain full control of the data.

IMHO, most of the big boys of online backup service roughly provide the same level of encryption and security (either 448 or 512 bit encryption). As with any device that is connected to the internet, there is always a risk but that even occurs with your home use systems. We have used the online crashplan for a couple of years now and switched out computers to new computers twice and reimaged once, (it is extremely easy to transfer the old data to the new system) and we've had complete satisfaction with the service. Crashplan allows you to throttle bandwidth while you're using the computer, sends email reports, is priced right with the other good service providers, they never delete any versions of your files and have unlimited storage space... Just can't beat them.

The few things I would say to make sure of; stick with a well-known company like Mozy, Acronis, CommVault, Carbonite, Crashplan etc.. All of these provide encrypted storage and encrypted communications when the files are being transferred.

[enfield]

My brother needed his Carbonite backup once, and it wasn't there. He uses thumb drives now.

[Sam1]

My brother needed his Carbonite backup once, and it wasn't there. He uses thumb drives now.

Tools are only as smart as the person using them

[Guest nysos]

Acronis's products have been pretty good in the enterprise market, just because they are "new" to cloud storage I wouldn't hesitate to use them.

[enfield]

Tools are only as smart as the person using them

Thanks for the kind words! He's a police detective. You obviously know him well.

Edited September 5, 2012 by enfield

[nightrunner]

Thanks for the kind words! He's a police detective. You obviously know him well.

I would have guessed he was referring to Carbonite not using their "tools" well but i guess it could be interpreted either way.

[Sam1]

I would have guessed he was referring to Carbonite not using their "tools" well but i guess it could be interpreted either way.

No offense was meant on it, but these services don't just fail... 99.9% of computer problems are a result from human interaction of some sort. We used to call it the PEBKAC error (problem exists between keyboard and chair) but not sure if there is any new lingo for it.

Following that up with, I'm guilty of screwing stuff up just like the next guy

[Guest Lester Weevils]

Well, my case of the giant web host company losing my data wasn't because I messed it up. Best laid plans of mice and men. I don't think they intentionally lost my data. There's hardware failures and there are software/operator/programmer failures. Just wouldn't be so quick to judge whether the idiot behind the keyboard was Enfield's friend or some fella working for carbonite. Ya pays yer money and takes yer chances.

Long ago at the dawn of the personal computer I met a fella with a degree in computer science working as a salesman in a little hole in the wall computer store selling apple II's and kaypro's. We were yakking and I asked the fella why he wasn't still working for a big corp programming big iron for big bucks. He acted real embarrassed and mumbled something about getting tired of it, wasn't really cut out for that kind of work. Someone later told me that the guy had committed an error which corrupted his employer company's database, and then in working to correct his error he managed to also corrupt all the backups. That was a sufficiently heinous sin to have him excommunicated from the priesthood of the mainframe.

[quietguy]

No offense was meant on it, but these services don't just fail.

While I have to agree with your comment that the mentioned failure was probably user related, I wouldn't say that all of these services are bulletproof.

I worked for a competitor of Mozy and Carbonite (we were really more focused on the enterprise, but the technology is pretty much the same and we considered them competition and kept a keen eye on them), and the competitive intelligence was that they had really built their infrastructure extremely well. There are a lot of the smaller operations that just can't say that. It is pretty easy to setup a server and a series of linear hard disk arrays, and say that you have a cloud backup solution.

Acronis, IBM Tivoli, EMC, and many others are great enterprise solutions, but in my experience they really don't understand the dynamics of how the residential and home office businesses work. Their cloud storage offerings are really designed to support large accounts. Essentially, it is a lot easier to understand and predict the impact of onboarding one account that will include 15,000 users with a finite storage requirement on a schedule that you can predict. When you deal with 1,000 small businesses that have 15 users each, the dynamics change considerably. They change even more when you start talking about 7,500 users with two devices that they need to backup. When you start marketing to the masses, the requirements change considerably, and I am just not sure that some of these companies are prepared to offer the level of services that individual customer will expect.

Edited September 5, 2012 by quietguy

[TGO David]

No offense was meant on it, but these services don't just fail... 99.9% of computer problems are a result from human interaction of some sort. We used to call it the PEBKAC error (problem exists between keyboard and chair) but not sure if there is any new lingo for it.

Following that up with, I'm guilty of screwing stuff up just like the next guy

Not sure the second pass was any better than the first pass.

[Sam1]

Not sure the second pass was any better than the first pass.

It happens from time to time

[Jonnin]

I guess for me, it comes down to how important the data is and how secret it is. If you absolutely do not want the information public, you better do your own encryption locally. How many times in the last 2 years have we seen hackers pull down a big wad of weakly encrypted data stored somewhere, decrypted it in full or in part, and caused no end of problems? Database after database has been nabbed and personal info made public.

If you care about it, you better do it yourself. Once it is garbled beyond all hope of recovery, THEN you can trust the cloud or having that PC on the internet.

I am hopelessly paranoid, though. Probably because I am a computer guy and understand that it only takes one person at any point in the chain to make one small mistake to compromise an entire system.

I trust the big backup guys to have the data when you need it and to restore your PC if something happens. I do not trust that at some point in the next decade no hacker will lift data from their systems.

[enfield]

I do not trust that at some point in the next decade no hacker will lift data from their systems.

That's the way I see it. I keep my files local, backed up on multiple media - hard drives, DVD's, flash drives. Maybe SSD's next.

If I do any off-site storage, it'll be just one copy of many. I'm more concerned with loss of data than unauthorized access. My data is of personal value only.

[Guest Lester Weevils]

Yeah I was reading the "security" as more "data loss" security rather than security from theft. I'm not trusting enough to expose personal financial data to cloud storage or even routinely-accessible-from-the-internet local computers.

My personal docs, pictures and songs are worthless to anyone but me, but would rather not lose them.

Some companies surely have software code and design data that needs jealous guarding. My niche in the software biz is narrow enough that maybe only a handful of folks in the world would want my source code, but it is a product of man-years and I don't want to lose it. Then again, though there are only a few people in the world who would want my source code, it wouldn't be so good if certain folks actually HAD the source code. Not that anything is a work of genius, but it takes time to write the stuff. Competitors have to invest the time to "catch up" if they have to reinvent the wheel from square one. Limits the number of competitors in the niche.

One inherent protection is the arrogance of programmers who think they can do it better. Well that would be another reason to keep the source code confidential, so other programmers can't laugh at all that spaghetti code held together with duct tape and baling wire.

One time we were contracting a couple of programs from some russian dudes, real smart guys. Efficient and hard workers. One program's spec included musical tempo and beat-finding features. I had previously got that working pretty good in some other programs. Its an area where lots of people have made various solutions. Not exactly high tech, bleeding edge or super-secret, but some methods work better than others. So anyway I sent em example code for tempo and beat-finding, and spent a couple of days writing documentation painstakingly explaining how it worked and why.

So they apparently thought the code was too stupid and ignored my code, and ended up spending a couple of months rolling their own. Which is fine by me. It just illustrated that code is sometimes inherently "theft-proof" because programmers tend to be so arrogant that they can do it better than anybody else.