Grade My Data Security Approach

I had been using internet backup services, such as Humyo, Sugarsync, LiveDrive, etc., for data backup. But now because of cost issues I've looking at other ways to securely backup my data while eliminating the monthly cost of storing around 80 gig of data. Tell me what you think of this approach:

• Using an external harddrive, which I already have, that will be able to hold all my data in encrypted TrueCrypt files, which I will give to a friend of mine as a means to store my data off-site.
  
• I would also purchase at least two 32 gb flash cards, which are relatively cheap on ebay, which will be able to hold all my data, again in encrypted TrueCrypt files. These I'll keep. I thought I'd make use of the integrated card reader/writer on my new HP system.

How safe is that approach, in particular the latter? How safe is data on high capacity flash drives?

Thanks all very much.

 

How often do you plan to visit your friend? That could be annoying - sounds like you would have to pick up the drive, go home and run a backup and then return it to your firiend's home.

I can't comment on the flash card strategy - I don't use them and don't know how much they cost.

I understand why you want to have your storage offsite - I'll tell you how I do it without paying for online backup. I backup my data onto an external harddrive (25gig of data) and keep it locked and encrypted with truecrypt in my office (not at home). Everyday, I run a differential backup and create a zip file that contains all changed files since I created the external hardddrive backup. I use Mozy to store that data for free -it is way less than their free storage limit. So if I have disaster at home, I can pick up the external harddrive, download the differential file as of previous day and recreate all my data.

I bring the external harddrive home every two months - I create a new backup and then restart the differential backup process based on the new backup.

This works well for me.

 

Len, very clever!

 

I don't plan on updating the external drive every time there is any kind of a change, just big changes such as system images. I plan on updating the drive about every two months baring necessity. I plan on eventually implementing this backup routine for all household data, not just my system. The external drive already had all the data I need backup up.

If I do it this way, rather than using internet storage, I can say $50/month.

I guess I just don't know how reliable SDHC cards are for storage.

 

If you update the external drive every two months, you stand the risk of loosing up to two months worth of data if your computer is stolen, destroyed, or unusable for any reason. That's not a good strategy.

Online backup costs in the neighborhood of $50 per year, and not $50 per month.

You indicate that establishing procedures for backing up your system comes first, and then you'll work on household data. IMHO, I would work on household data first. You can always replace a computer, but if you lose data, it is lost forever.

 

That is not exactly true. Remember this is a two method strategy; complete backups on the off-site external drive and complete backups + incremental on the 32 gb flash cards. Of course if both the system harddrive and the flash cards were to die then this would be the case, but that can be said for any amount of fail safes that are in place.

That is flat out not true. In order to go with a reputable company you are going to have to pay more than $50 per year for 80-100 gb of storage space. Yes, you could use a cheaper, less reputable, company (see Internet Storage Solutions. But I chose not to. Here are the six major ones:

• Humyo Premium - $7.00
• Amazon S3 - $.15/gb/month + $3
• SugarSync (100 gb) - $15/month
• LiveDrive (100 gb) $56/year
• Syncplicity (50 gb) - $15/moth
• Mozy - $5.00/month (Mozy has trouble uploading large files such as system images)
• SpiderOak (100 gb) - $10/month

I've done my research here, and if you want to discuss this further just ask me. I've done inbternet backup research for a work article.

This is why I asked the question and have not yet implemented this

 

I misunderstood - I thought you would be using one strategy or the other - not both. But if you keep the flash cards at home, you are partially defeating the goal of having off-site secure strategy.

I didn't realize how expensive these services can be - You've done more research than I have. I thought pricing was generally in the neighborhood of Mozy pricing. (But none of these will get you up to $50 per month.)

You've given this subject a lot of thought (and research) - what do you think of my approach?

 

Well, I can answer that by telling you why I have waited so long to do this and why I place so much emphasis on disk imaging applications. I don't like the idea of incremental backups. I would prefer to have everything all in one place. That does not mean to have all your data stored in one location, rather that I appreciate full, all-encompassing, system backups. That way you are not stuck, should the worst happen, trying to find the right backup that contains thee data you need. Ideally, you would have full system backup, or images, mirrored at different locations. But that is not realistic and can be quite "annoying". That is why online storage can be so appealing if properly implemented. In short, I prefer not to use incremental backups but am willing to bend out of necessity. But if you are keeping your swecondary off-site backup at a place that you visit frequently I supposed that is the nest best thing to full mirrored backups.

Also, the reason it is more expensive for me is that everyone in my family has their own storage space; I use Humyo, Dad uses Sugarsync, Mom uses Mozy. That way data can remain compartmentalized and private. But I aqm still the IT guy making me resposible for data security.

 

I use ADrive http://www.adrive.com/ to store material that can be downloaded by others. I tried several storage companies and ADrive is the one that gave me less problems. The only drawback is that to have the material encrypted one has to pay (I'm undecided at the moment as annual prices start from $69.50).

I have 3 medium sized USB external drives which have exactly the same images and data stored. I usually backup every months when updating Windows. I keep one USB Drive hidden in the house, although where I live the likelihood for theft is indeed a remote one.

I never use flash Drives to backup as they are still low in memory, although I download very important stuff straight to DVD for extra security.

I also think that it depends on one's activity: medical/legal practitioners who deal with extremely private matters should seek professional advice, even though some clinics and hospitals still keep paper copies.

 

Thank you Osaban. There are some good points there. Let me see if I can get them all.

The more feature an online storage provider has, eg. encryption, shareable links, wedav, online media streaming, etc., the more the price is going to be. Anything that differentiates the service from a simple storage site is going to cost more. Also, there are a lot of these services out know, some of which have folded (see xdrive). So it's important to research the company to make sure that this will not be the case with the one you chose. I would be hesitant to chose Adrive because it does not have very many paying subscribers, in comparison to Jungledisk, Humyo, or Sugarsync. A cheaper service does not equal a better service. In fact, in a way, the opposite is true. The more money they charge the more capital the company has, which makes it more likely that they are going to stick around. That obviously is a generalization. Please take a look at Sugarsync and Humyo.

Encryption of any external media is critical, regardless of what data that happens to be. If I did not make it clean already all my backup data will be encrypted using Truecrypt containers and a 25 key passcode with a keyfile. I recommend everyone do something similar.

For me flash is okay, seeing as I only have 80-100 gb of personal data. If I had terabytes I would not use them.

 

I don't have any personal data stored with ADrive, I use it to send large files to other people. These files if they were lost, because of sudden death of the company it wouldn't be of great loss for me. I've tried Sugarsync, and without trying to contradict you, it really installed so much stuff that it froze my main computer. Just out of curiosity how do you know the number of suscribers for each company? $69.50 for 50GB annually it's not exactly cheap, but as I said I want to try them for a while before spending any money. I also found their upload speed quite fast.

 

Why are you not thinking of using a raid1 or raid5 hardware setup? There are some pretty nice raid boxes out these days, that sport 1tb raid for redundancy. They can be network drives or usb/firewire/esata hookups. The advantage is that you can just backup to them or use them knowing they are 'redundant'.

I understand the use of the services you are using, but it would seem you are ignoring for whatever reason the method that corps use. Or tape backup works too.

Are you not considering raid options for a specific reason? Other than off-site backup?

Sul.