Why Bother Backing Up?

Backing up is something that people do quite reluctantly, for some reason.

But once bitten twice shy, as the saying goes. So for many of us, after a catastrophe, or two, in which we lose something really valuable, like precious photos of important family events that cannot be replaced, or important financial documents, or business contracts, or some work that represents a significant investment in time and effort, or something like that, we might start making the effort to back up our electronic data.

Backing up actually forms an important part of your on-line security, because it allows one to become more resilient to cyber attacks. For example if you are unfortunate, or stupid enough, to become the victim of a ransomware attack, as a last resort, one can simply reformat your hard drives and then restore your data from back up, without needing to pay any ransoms. But that assumes your back up data is untainted. Which then may require that you are able to go back to a previous point in time, to get a version of the back up, which you know is safe. Obviously that is assuming that you were backing up your data frequently enough.

Hard-Drives and Flash Drives are not Reliable Enough

Another thing we all have probably learned by now, is that data stored on mechanical hard drives, as well as solid state flash drives, is not as safely and reliably stored, as one might expect.

Your backup hard drive can fail suddenly without warning, and the same goes for flash drives. Which can leave you in the frustrating situation, where even though you invested the effort to put safety measures in place, when you needed them, they didn’t actually work.

I personally have lost a lot of irreplaceable data, when a Network Access Server, that I used at home as my central personal backup system, suddenly literally screeched to halt on my desk one afternoon. It turned out that a lot of the data on that drive, which I thought was also on other devices, was either not there, or those other storage devices, such as flash drives, were also no longer working.

Another problem with long term data storage is file corruption. In this case the hard drive has not actually failed completely, but the sectors that were used to store your data have become bad and unreadable. And thus you lose access to your data files. Keeping alternative back ups would help you recover from that situation.

Another problem is the formats and hardware used to save your data files may have become obsolete, so that even though you have the data, and the hard drive still works, your modern computer may no longer be able to open those older files. NASA apparently suffered this problem with some video files of the moon landings.

Benefits of Using Cloud Storage

The primary benefit of the cloud is that the hardware issues are abstracted away from you, to the degree that they should not have any effect on you. What that means is that your data should become impervious to hardware failures, because the cloud storage systems use multiple layers of redundancy in their storage system design, which ensures that even when their actual hard drives fail (as they all eventually do), the data has been stored on multiple discs simultaneously and thus is not lost.

For example, AWS S3 boasts up to a 99.99999999999% durability level for files stored in their S3 cloud storage facility (that’s eleven 9’s after the decimal). This means that there is almost no chance that any files you store there, will later be found to be corrupt, or lost.

Obviously you could replicate that same technology at home yourself, but at a significant cost. The scale of cloud operations allows them to implement redundancy across multiple machines, and then across multiple data centres, in different locations in the world, all using the latest methods and hardware, while still offering that service at a reasonable price, or even for free, on a limited basis. It’s hard to argue against that benefit, to be honest.

Most of the storage service providers offer the ability to recall previous versions of a file, which can also save you from disaster. For example, where a file has become corrupt on your computer and then saved into the cloud, which would represent a disaster in a simple back up scenario, you could simply fall back to a previous version that was uploaded before – this has saved me in a few cases myself. Another scenario is where you make some sort of error on an important document or file, which might be very difficult to rectify. Reverting to a previous version of the same file often saves the day.

By the same token, if you mistakenly delete a file, it is often possible to undelete it, if you act quickly enough, with many of these services.

Another benefit is sharing your data with others, or sharing across your devices, as well as collaborating with others. Because the cloud is centrally available, data stored in the cloud can then be made available to multiple users, or devices, simultaneously. This method of sharing data is very secure and far more efficient than emailing files between people, especially where large files are involved.

The security infrastructure and resources of a cloud storage service provider are probably far greater than anything you can replicate, so provided you choose the right service provider, use the appropriate settings and follow good practice, your data is probably more secure in the cloud, than your data would be at home.

A further advantage is that your data is stored off-site, so if, heaven forbid, your house burns down, your data will still be safe.

Possibly the main advantage of using a cloud based storage service, is the way that most of the services will automatically upload files in designated folders on your computer, up to the cloud, whenever you change a file, or add a new file to any of those folders. The files in those folders are backed up as you work. So you don’t have to remember to back up your data. As long as you are connected to the internet, your files are backed up into the cloud automatically for you.

Problems with Using Cloud Storage

The biggest single problem with cloud data storage is you need access to the internet, and depending on the amount of data flowing between your devices and the cloud, you may need quite substantial bandwidth. Thus your monthly data usage costs may be higher.

This also means that if you lose a connection to the internet, you could temporarily lose access to your data, if it is not replicated on your local devices. This may, or may not, be a problem in your specific case.

The other problem with the cloud is that you become reliant on some other company, whose terms and conditions may be such that they could suddenly terminate your access to your data at an inconvenient time. They could do this for various reasons, such as your credit card expires, or they feel that you have violated their terms. or some other reason, such as they experience their own system problems, or suddenly cease operations, or cease supporting your region, or the operating system that you are using. This can become a significant issue if you build up a very large repository of stored data, which is important to you. It can take significant time, effort and possibly cost, to move large quantities of data from one storage provider to another. This reliance on a third party needs to be kept in mind, because that can begin to represent risks of its own.

While cloud storage providers probably have far better security in place protecting your data, than you could provide, they are also bigger, more attractive targets for hackers. They do occasionally suffer breaches, perhaps due to mistakes from their staff, or superior ingenuity on the part of the hackers.

Security Issues

The main security problem is that you are storing your data on someone else’s infrastructure and thus have to trust that they will keep it safe and available, or take your own precautions to ensure your data will be safe regardless.

Obviously one should investigate the cloud storage company’s security precautions thoroughly, as far possible. Most reputable companies will provide a fair amount of detailed information about the steps they take to keep the data stored in their facilities safe. One should do one’s homework and take time to understand what those precautions are.

They will all offer motherhood marketing statements about how safe their systems are, but one needs to dig down into the weeds a bit, to understand the details.

The key questions are:

  • Who in their company has access to your data?
  • Are there any circumstances where your data could be exposed to the internet in general, if so, how can you ensure that never happens, without your explicit control and authorisation?
  • Do they encrypt the data? What method of encryption is used? And most importantly, who controls the encryption keys? Can you use your own keys in such a way that no-one from their organisation has any knowledge of those keys?
  • What are the circumstances in which you may be denied access, by them, to your own data?
  • Do they offer versioning, where previous versions of saved files are kept? If so, for how long are those versions kept. How difficult is it to revert to a previous version of any given file?
  • Do they keep logs of who gained access to your data, and how can you gain access to those logs?
  • Do they offer the ability to “un-delete” files that were deleted erroneously?
  • How do you securely share access to specific files with other people?

One should do some diligence on the reputations and track records of these various companies.

But ultimately, responsibility for the safety of your data rests with you. Obviously the services offered by various companies are offered on terms that suit the company, it is your choice as to whether you can accept those terms – so you should do your homework and understand what they will and will not do, and where their responsibility and liability ends, and yours starts.

One of the easiest ways to short circuit a lot of this due diligence, is to encrypt your data yourself, before you upload it into the cloud. That way even if the storage company suffers a breach of their systems, all the hackers, or anyone else, will get, is a collection of files that they cannot open. There are some useful services and products available, to achieve that such as BoxCryptor.

As discussed in a previous article, it is important to note that for encryption to be 100% effective, you, and you alone, need to be in control of the encryption keys. Which also means that if you lose those keys, you will lose access to your data. This is the safest way to store your data in the cloud, but it does require some extra effort, responsibility and organisation, on your part. The best way to do that, is use a password manager, which will probably be the subject of a separate discussion.

What Options are Available?

There are many different options available. You should do your own research to find a service that suits your requirements. But to get you started, I will briefly discuss some of the options I have used, and why I did not want to use others. But bear in mind these are my choices, which may not have any relevance to your requirements and preferences.

Firstly I do not like the idea of being herded into some company’s empire, where my choices are steadily reduced to only that company’s offerings. I also have developed over time, a dislike for the way certain companies conduct themselves, particularly with regard to their respect for their customers. So for those reasons, I avoid using the cloud storage options from Google and Microsoft. And while I have more respect for Apple as a company, primarily because until recently, one of their core principles was to place a very high priority on the security and privacy of their customer’s devices and data (although that is diminishing these days as well), Apple’s cloud storage offerings are too exclusive to the Apple universe and operating system, so that does not suit my needs either.

I far prefer a more agnostic service that will work across all operating systems and devices and which does not try suck you into one empire only. I want a service that is only trying to provide you with storage and is not trying to gain access to your data, to sell that to advertisers, or who is trying to trap you into being forced to use their other services and products exclusively, or anything like that.

DropBox has met those requirements for me quite well. They are not the cheapest, but having used them extensively for quite a few years, I have no major complaints. Their synchronisation app that runs on my phones and laptops, which use different operating systems (Apple and Microsoft) works fine. Sharing data with other people works fine. The only bad experience I’ve had is they suddenly stopped supporting a version of Linux, which left me scrambling for an alternative at work. They will accept large files uploaded during multiple breaks in communication. They keep versions of your files, so you can recover from small disasters easily, and offer many other features, which you will find explained in more detail on their website.

I have also tried Box, to a limited extent, and they also seem quite good. One feature of theirs that is superior to DropBox, is they offer the ability to use your own encryption keys. I think that is critical, if you are going to store any sensitive data in the cloud. I use BoxCryptor to encrypt all my sensitive data, automatically on my devices, before it gets uploaded into the cloud. With Box, you should not need to do that, so that’s a benefit in my opinion.

Box actually runs on Amazon’s AWS infrastructure, which can also be used directly by end users (anyone can open an AWS account), although that requires a bit more technical knowledge. But if you are willing to do a bit of learning, you could use AWS S3, together with the AWS CLI tool set to periodically synchronise specific folders on your computers directly into S3.

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 18 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.