Security: Things You Need To Know Before Choosing An Online Backup Provider – 2014 Update
I lost 20,000 of my photos in both RAW and TIFF formats last summer.
Before you ask, they were all backed up. Online. I am a backup freak. Being in the photography business means that I have to store a lot of photos, from client works, from my own portfolio pieces and everything in between. RAW image files are not small, nor are TIFFs. At first, I was doing fine with backing them up onto an external hard drive until one day, that hard drive began to fail.
Then it hit me. Online backups were the way to go. They are offsite. They offer tons of storage. Heck, I can even get unlimited for the price of an espresso from Starbucks!
I found many providers and chose one . Unlimited storage, check! Monthly payment equivalent to a cup of Starbucks, check! Easy to use software, check! What more can I ask for?
For about 5 months, I was quite happy with what I had found. Then, one fine morning last summer, I woke up to see that I couldn’t connect to my online backup server from the software. Panicked, I logged into the web portal and saw that my files were gone. What’s going on here?
A quick check in Twitterville and blogosphere revealed that the provider had a security breach. And at least 40% of all customers’ data was gone. I tried to call but then I realized they don’t provide any telephone support. Emails are the only way to go.
I’ll make the long story short, after a series of angry emails and tweets, the result was… nothing. I didn’t get back my data. Their service-level agreements (SLA) are almost non-existent. And their security practices are pretty much unknown, except the vague description on their site that they use SSL to encrypt the data. My data? All gone. The backup provider followed suit a month later.
Here is the lesson, folks. Never trust a backup provider when they can’t even reveal their security measures in place and have a decent SLA. I’d learned my lesson the hard way. Now when I look for an online backup provider, first thing I look for is security.
Is SSL Encryption Used?
SSL stands for Secured Socket Layer which is a standard type of encryption in web communications and data transfers, and it is pretty reliable. But you need to know what type of SSL encryption is being used. Is it 128-bit or 256-bit? Is it AES encryption or Blowfish? You also need to know if the encryption takes place only locally (on your PC before your files are transmitted), or also during the transmission (when data is being sent over the Internet to the servers) as well as on the server. In brief, you need AT LEAST local encryption. If you get secured and encrypted transmission, then it’s better. If your data is encrypted again on the storage servers, then it’ll be so much better still. If your online backup provider can’t provide this information, move on.
Pro tip: AES is more secured than Blowfish, although Blowfish encryption itself is pretty secure already. And 256-bit is, naturally, more secure than 128-bit. If you see 448-bit Blowfish, don’t get dazed by the numbers. AES is still better (unless they are using 128-bit encryption).
Compliance with Government Regulations
Government regulations exist for a reason. There are industry regulations for online storage companies, as well as other regulations that your backup provider should comply with for clients from different industries. Small businesses like mine don’t need all those regulations, but yours might. If you are just looking for personal storage backup, then you will only want to look for online storage and security related regulations.
Locations of Data Centers
Either the backup provider owns their own data centers, or they will be grouping their network at a third party’s data center. Either one is fine. But you will need to know whether they are relying on one data center, or multiple. It’s better to have in multiple locations, for simple purpose of redundancy. Without redundancy, if anything happens to the only one data center, your data will be gone. So having geo-redundant data centers will increase the safety and integrity of your data.
Data Center Security
The security is not just about cyber security. If the physical location where your data are stored isn’t secured, then you could get royally screwed too. The data center should be secured with 24/7 security, keycard access, protection from natural disasters like earthquakes and tornadoes, uninterruptible power supply units, backup generators, security protocols which don’t allow employees to run amok, and all that. This is the information you need. This is the kind of security you will need to ensure that data centers of your backup provider have. If your backup provider is using a third party service for network or storage, then head on over to their site and check out their security details. Any good providers will have such information readily available on their site.
If you have any questions about security, you should email the backup provider or call them up to ask. They should be able to provide you with decent answers. Don’t just go for the price or storage space. You can also search around on the Web and forums for feedback and stories from existing customers about their customer service and service-level agreements.
Like the article? Follow us on Twitter: