Online Storage & Security

[beethoven]

I am looking for some comments regarding online Storage as a backup. While I am currently looking at Jungle Disk and Amazon, my query is general in nature. Also, while I appreciate that factors like pricing or user-friendliness are important issues, for this topic I would like to focus only on security.

I would like to use online storage as safety backup for my normal backup (in case the house burns down or thieves run away with everything ).
The data I would like to store is confidential, so I want this to be encrypted and not accessible during upload/download or on the server. I am not concerned about government agencies snooping with super high-tech software or warrants.

In case of JD (Jungle Disk) I understand that the upload/download is done via SSL (encrypted) and the files are also encrypted on the Amazon servers. Question: How much can I trust either JD or Amazon with respect to their software and encryption keys? Is this just a judgement call or can someone state with conviction that no backdoor could exist for them to use a "supermasterkey" to snoop?

Would it be better to use an external program like Cobian to do the upload using their inbuilt encryption function? That way there is a separation of keys and data.

[PROROOTECT]

Hello ,
... and : 50 GB of Free Online Storage & Backup : http://www.adrive.com ...
Thanks , PROROOTECT

[tradetime]

Here's something to look at, prior to user experienced opinion
http://www.techcrunch.com/2006/01/31...-storage-gang/
http://online-storage-service-review.toptenreviews.com/
though you've probably looked at these already. One issue additionally to the security aspect for me would be the company's chances of survival, as it's a rapidly developing market, I can imagine a lot of these companies will go to the wall.
I know I'll get slated for suggesting the dreaded MSFT but they do something called SkyDrive. I don't know if they offer paid storage as the free is only 5GB, but my theory as related to the above point is that I'd rather pay a little extra for a well established brand name if the data is very important.

[beethoven]

tradetime, you are right that the backup is only useful if the company will be around at the time. That's why Amazon is probably a somewhat safer bet than some of the smaller outfits.
Still I am more interested in the encryption/security aspect of this issue.

One of the articles I read reported that though using SSL, with a "man-in-the-middle" attack many services can be compromised. http://www.heise-online.co.uk/securi...--/news/110771.

[Peter2150]

I use Iomega for Online backup. It's called Istorage It also makes it easy to send large files to someone.

Primary reason I use them is they are very likely to be around, and they have a reputation to protect.

Pete

[Pinga]

Quote:

Originally Posted by Peter2150

Primary reason I use them is they are very likely to be around

I doubt it, they are charging for a service that many are already offering for free. If you save up their minimum charge of $5.99 a month you can buy your own external hard drive after a year.

It's generally a good idea to sign up with a German company as its use will be governed by strict German data protection laws. If you speak German, that is :-)

[Peter2150]

Quote:

Originally Posted by Pinga

I doubt it, they are charging for a service that many are already offering for free. If you save up their minimum charge of $5.99 a month you can buy your own external hard drive after a year.

It's generally a good idea to sign up with a German company as its use will be governed by strict German data protection laws. If you speak German, that is :-)

I am not judging their survivability on that service alone, but all their business. I think it safe to say Iomega will be around.

[beethoven]

Quote:

If you save up their minimum charge of $5.99 a month you can buy your own external hard drive after a year.

Yes, that is correct but that does not address the original issue that your house may burn down or someone runs off with your external hd

[ex3]

Quote:

Originally Posted by beethoven

Yes, that is correct but that does not address the original issue that your house may burn down or someone runs off with your external hd

i would do both have hardware backup and have online backup as encrypted container

[MrBrian]

MozyHome gives you the option to use your own encryption key or use theirs. Of course, even if you use your own encryption key, you're trusting that whatever program you use didn't send the encryption key to their servers. I have my sensitive data in TrueCrypt container files.

[beethoven]

MrBrian,

how are you using the truecrypt containers in this respect. Are you creating a special container just for the upload? In this case you will copy all files into this container and then upload the container? I assume this means that the data is being written twice? How long would that take for 1gb?

[jrmhng]

Quote:

Originally Posted by MrBrian

MozyHome gives you the option to use your own encryption key or use theirs. Of course, even if you use your own encryption key, you're trusting that whatever program you use didn't send the encryption key to their servers. I have my sensitive data in TrueCrypt container files.

Moze Home is part of RMC and they will have a reputation to protect. If they have made public that having an encryption key will mean that the data cannot be accessed yet they still maintain a backdoor, they are liable for legal action.

[Mrkvonic]

Quote:

Originally Posted by beethoven

Yes, that is correct but that does not address the original issue that your house may burn down or someone runs off with your external hd

Let's be reasonable.

If the house burns, so can people ... and then there's meteor strikes, earthquakes, everything. But if you wanna keep your sanity, you need to lower the gear.

What about the online storage? Do you trust them? Can their stuff break? What if they go bankrupt or decide to sell out info?

I know that we all hang to our precious digital stuff like madmen, but basically, those are just things, and they can be replaced.

Mrk

[beethoven]

Quote:

Let's be reasonable.

Mrkvonic, but I do try to remain reasonable.

I don't really want to use online storage as I find using a second harddrive or external harddrive more convenient.
However, as the data I want to protect is not my precious collection of holiday pics but confidential & relevant company data, I do need to be sure that it is available when needed.
Now I can live with the online company going bust as I will have the original. If the house burns down and the original is lost I hope to retrieve from online storage - now if both events happen at the same time, then I have a problem but I am willing to accept that possibility.

I don't think a housefire is that uncommon (just ask the people in California, Spain, Greece or various areas in Australia over the last few years). So my intention is to cover that possibility. At the same time I don't want to risk that my data ends up on the internet for everyone to see and for my customers to sue me. So questioning the security of the service of online storage providers seems obvious to me. Unfortunately the answer to this is not so obvious for someone who is not dealing with IT issues fulltime.

[jrmhng]

The situations where both the actual computer and the backed up data are in the same location being destroyed is not totally unforeseeable. Examples could include a fire, a break-in, a power surge them both the computer and hard drive plugged in etc. Doing an off-site backup plodded it a reasonable precaution.

[Mrkvonic]

Hello,

beethoven, if you're talking about company data, then you should have an offline, offsite backup strategy.

If it's valuable personal data, I recommend several copies on multiple DVDs, hard disk, portable hard disks, where you can keep one or more offsite, or at the very least in another room in the house.

A passport-type 2.5" hard disk might be a good idea.

Mrk

[beethoven]

Quote:

Originally Posted by Mrkvonic

if you're talking about company data, then you should have an offline, offsite backup strategy.

Mrk

That is actually what I was hoping to achieve with online storage.

[Mrkvonic]

Hello,
Notice the word "offline" ...
Cheers,
Mrk

[beethoven]

Quote:

Notice the word "offline"

So, what do you mean? I specified right at the beginning that I am looking for an online additional backup solution. I don't need minute by minute incremental updates but on the other hand I am not looking for a CD/DVD burning solution locking up the media in a bank safe.

Are you saying that online storage should not be used? What would be the offline/offsite solution?

[jrmhng]

My opinion is that an off-site online backup solution is a good idea. I use a free service to do my online backup. That is because I only backup important documents so I do not need a lot of space. I do however, back up to an external USB drive monthly just so I can have an image of my operating system. That way my important documents are backed up daily while I have a fresh image of my hard drive monthly.

[Mrkvonic]

Hello,
Offline / offsite, another house (a friend's), bank safe... something of the sort.
If you gonna go online, remember that online can go offline and then you're stuck, and make sure your data is not accessible to just about anyone.
Mrk

[MrBrian]

Quote:

Originally Posted by beethoven

how are you using the truecrypt containers in this respect. Are you creating a special container just for the upload? In this case you will copy all files into this container and then upload the container? I assume this means that the data is being written twice? How long would that take for 1gb?

I didn't create the TrueCrypt containers due to any concerns about Mozy. They had already been created to keep sensitive information private. I use several different TrueCrypt containers, and put only sensitive information in them. The containers are relative small in size. By the way, I trust that Mozy doesn't send the encryption key I used to their servers. I don't, however, use Mozy's own encryption key, because then its employees could potentially access your information.