Online Storage & Security

Discussion in 'backup, imaging & disk mgmt' started by beethoven, Aug 9, 2008.

Thread Status:
Not open for further replies.
  1. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    I am looking for some comments regarding online Storage as a backup. While I am currently looking at Jungle Disk and Amazon, my query is general in nature. Also, while I appreciate that factors like pricing or user-friendliness are important issues, for this topic I would like to focus only on security.

    I would like to use online storage as safety backup for my normal backup (in case the house burns down or thieves run away with everythingo_O ).
    The data I would like to store is confidential, so I want this to be encrypted and not accessible during upload/download or on the server. I am not concerned about government agencies snooping with super high-tech software or warrants.

    In case of JD (Jungle Disk) I understand that the upload/download is done via SSL (encrypted) and the files are also encrypted on the Amazon servers. Question: How much can I trust either JD or Amazon with respect to their software and encryption keys? Is this just a judgement call or can someone state with conviction that no backdoor could exist for them to use a "supermasterkey" to snoop?

    Would it be better to use an external program like Cobian to do the upload using their inbuilt encryption function? That way there is a separation of keys and data.
     
  2. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello ,
    ... and : 50 GB of Free Online Storage & Backup : http://www.adrive.com ...
    Thanks , PROROOTECT
     
  3. tradetime

    tradetime Registered Member

    Joined:
    Oct 24, 2006
    Posts:
    1,000
    Location:
    UK
    Here's something to look at, prior to user experienced opinion
    http://www.techcrunch.com/2006/01/31/the-online-storage-gang/
    http://online-storage-service-review.toptenreviews.com/
    though you've probably looked at these already. One issue additionally to the security aspect for me would be the company's chances of survival, as it's a rapidly developing market, I can imagine a lot of these companies will go to the wall.
    I know I'll get slated for suggesting the dreaded MSFT but they do something called SkyDrive. I don't know if they offer paid storage as the free is only 5GB, but my theory as related to the above point is that I'd rather pay a little extra for a well established brand name if the data is very important.
     
  4. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    tradetime, you are right that the backup is only useful if the company will be around at the time. That's why Amazon is probably a somewhat safer bet than some of the smaller outfits.
    Still I am more interested in the encryption/security aspect of this issue.

    One of the articles I read reported that though using SSL, with a "man-in-the-middle" attack many services can be compromised. http://www.heise-online.co.uk/security/Some-online-backup-services-insecure--/news/110771.
     
    Last edited: Aug 9, 2008
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    I use Iomega for Online backup. It's called Istorage It also makes it easy to send large files to someone.

    Primary reason I use them is they are very likely to be around, and they have a reputation to protect.

    Pete
     
  6. Pinga

    Pinga Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    1,420
    Location:
    Europe
    I doubt it, they are charging for a service that many are already offering for free. If you save up their minimum charge of $5.99 a month you can buy your own external hard drive after a year.

    It's generally a good idea to sign up with a German company as its use will be governed by strict German data protection laws. If you speak German, that is :)
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    I am not judging their survivability on that service alone, but all their business. I think it safe to say Iomega will be around.
     
  8. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Yes, that is correct but that does not address the original issue that your house may burn down or someone runs off with your external hd :oops:
     
  9. ex3

    ex3 Registered Member

    Joined:
    Jul 9, 2008
    Posts:
    34
    i would do both have hardware backup and have online backup as encrypted container
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    MozyHome gives you the option to use your own encryption key or use theirs. Of course, even if you use your own encryption key, you're trusting that whatever program you use didn't send the encryption key to their servers. I have my sensitive data in TrueCrypt container files.
     
    Last edited: Aug 9, 2008
  11. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    MrBrian,

    how are you using the truecrypt containers in this respect. Are you creating a special container just for the upload? In this case you will copy all files into this container and then upload the container? I assume this means that the data is being written twice? How long would that take for 1gb?
     
  12. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Moze Home is part of RMC and they will have a reputation to protect. If they have made public that having an encryption key will mean that the data cannot be accessed yet they still maintain a backdoor, they are liable for legal action.
     
  13. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Let's be reasonable.

    If the house burns, so can people ... and then there's meteor strikes, earthquakes, everything. But if you wanna keep your sanity, you need to lower the gear.

    What about the online storage? Do you trust them? Can their stuff break? What if they go bankrupt or decide to sell out info?

    I know that we all hang to our precious digital stuff like madmen, but basically, those are just things, and they can be replaced.

    Mrk
     
  14. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    Mrkvonic, but I do try to remain reasonable.

    I don't really want to use online storage as I find using a second harddrive or external harddrive more convenient.
    However, as the data I want to protect is not my precious collection of holiday pics but confidential & relevant company data, I do need to be sure that it is available when needed.
    Now I can live with the online company going bust as I will have the original. If the house burns down and the original is lost I hope to retrieve from online storage - now if both events happen at the same time, then I have a problem but I am willing to accept that possibility.

    I don't think a housefire is that uncommon (just ask the people in California, Spain, Greece or various areas in Australia over the last few years). So my intention is to cover that possibility. At the same time I don't want to risk that my data ends up on the internet for everyone to see and for my customers to sue me. So questioning the security of the service of online storage providers seems obvious to me. Unfortunately the answer to this is not so obvious for someone who is not dealing with IT issues fulltime.
     
  15. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    The situations where both the actual computer and the backed up data are in the same location being destroyed is not totally unforeseeable. Examples could include a fire, a break-in, a power surge them both the computer and hard drive plugged in etc. Doing an off-site backup plodded it a reasonable precaution.
     
    Last edited: Aug 10, 2008
  16. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    beethoven, if you're talking about company data, then you should have an offline, offsite backup strategy.

    If it's valuable personal data, I recommend several copies on multiple DVDs, hard disk, portable hard disks, where you can keep one or more offsite, or at the very least in another room in the house.

    A passport-type 2.5" hard disk might be a good idea.

    Mrk
     
  17. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    That is actually what I was hoping to achieve with online storage.:D
     
  18. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Notice the word "offline" ...
    Cheers,
    Mrk
     
  19. beethoven

    beethoven Registered Member

    Joined:
    Dec 27, 2004
    Posts:
    1,044
    So, what do you mean? I specified right at the beginning that I am looking for an online additional backup solution. I don't need minute by minute incremental updates but on the other hand I am not looking for a CD/DVD burning solution locking up the media in a bank safe.

    Are you saying that online storage should not be used? What would be the offline/offsite solution?
     
  20. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    My opinion is that an off-site online backup solution is a good idea. I use a free service to do my online backup. That is because I only backup important documents so I do not need a lot of space. I do however, back up to an external USB drive monthly just so I can have an image of my operating system. That way my important documents are backed up daily while I have a fresh image of my hard drive monthly.
     
  21. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,
    Offline / offsite, another house (a friend's), bank safe... something of the sort.
    If you gonna go online, remember that online can go offline and then you're stuck, and make sure your data is not accessible to just about anyone.
    Mrk
     
  22. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I didn't create the TrueCrypt containers due to any concerns about Mozy. They had already been created to keep sensitive information private. I use several different TrueCrypt containers, and put only sensitive information in them. The containers are relative small in size. By the way, I trust that Mozy doesn't send the encryption key I used to their servers. I don't, however, use Mozy's own encryption key, because then its employees could potentially access your information.
     
    Last edited: Aug 10, 2008
Loading...
Similar Threads
  1. Oleg
    Replies:
    7
    Views:
    407
Thread Status:
Not open for further replies.