Security: Things You Need To Know Before Choosing An Online Backup Provider
I lost my 20,000 photos in both RAW and TIFF formats last summer.
Before you ask, they were all backed up. Online. I am a backup freak. Being in photography business means that I have to keep a lot of photos, from client works, from my own portfolio pieces and everything in between. RAW image files are not small, so as TIFFs. At first, I was doing fine with backing them up onto an external hard drive until one day, the hard drive began to fail.
Then it hits me. Online backups are the way to go. They are offsite. They offer tons of storage. Heck, I can even get unlimited for the price of an espresso from Starbucks!
I chose a provider among many I found. Unlimited storage. Check. Monthly payment equivalent to a cup of Starbucks. Check. Easy to use software. Check. What more can I ask for?
I was quite happy with what I found for about 5 months. Then one fine morning last summer, I woke up to see that I couldn’t connect to my online backup server from the software. Panicked, I logged into the web portal and saw that my files were gone. What’s going on here?
A quick check in Twitterville and blogosphere revealed that the provider had a security breach. And at least 40% of the customers’ data were gone. I tried to call but then I realized they don’t provide any telephone support. Emails are the only way to go.
I’ll make the long story short. After a series of angry emails and tweets, the result was nothing. I didn’t get back my data. Their service-level agreements (SLA) are almost non-existent. And their security practices are pretty much unknown, except the vague description on their site that they use SSL to encrypt the data. My data? All gone. The backup provider followed suit a month later.
Here is the lesson, folks. Never trust a backup provider when they can’t even reveal their security measures in place and have a decent SLA. I’d learned my lesson the hard way. Now when I look for an online backup provider, first thing I look for is security.
Is SSL Encryption Used?
SSL stands for Secured Socket Layer which is a standard type of encryption in web communications and data transfers, and it is pretty reliable. But you need to know what type of SSL encryption is being used. Is it 128-bit or 256-bit? Is it AES encryption or Blowfish? You also need to know if the encryption only takes place locally (on your PC before your files are transmitted), or also during the transmission (when data is being sent over the Internet to the servers) as well as on the server. In brief, you need AT LEAST local encryption. If you get secured and encrypted transmission, then it’s better. If your data is encrypted again on the storage servers, then it’ll be so much better. If your online backup provider can’t provide even these information, move on.
Pro tip: AES is more secured than Blowfish, although Blowfish encryption itself is pretty secure already. And 256-bit is, naturally, more secure than 128-bit. If you see 448-bit Blowfish, don’t get dazed by the numbers. AES is still better (unless they are using 128-bit encryption).
Compliance with Government Regulations
Government regulations exist for a reason. There are industry regulations for online storage companies, as well as other regulations that your backup provider should comply for clients from different industries. Small businesses like mine don’t need all those regulations, but you might. If you are just looking for personal storage backup, then you will only want to look for online storage and security related regulations.
Locations of Data Centers
Either the backup provider owns their own data centers, or they will be colocating their network at a third party’s data center. Either one is fine. But you will need to know whether they are relying on one data center, or multiple. It’s better to have in multiple locations, for simple purpose of redundancy. Without redundancy, if anything happens to the only one data center, your data will be gone. So having geo-redundant data centers will increase the safety and integrity of your data.
Data Center Security
The security is not just about cyber security. If the physical location where your data are stored isn’t secured, then you are royally screwed too. The data center should be secured with 24/7 security, keycard access, protection from natural disasters like earthquake and tornados, uninterruptible power supply units, backup generators, security protocols which don’t allow employees to run amok, and all that. Those are the information you need. Those are the kind of security you will need to ensure that data centers of your backup provider have. If your backup provider is using a third party service for network or storage, then head on over to their site and check out their security details. Any good providers will have such information readily available on the site.
If you have any questions about security, you should email the backup provider or call them up to ask. They should be able to provide you with decent answers. Don’t just go for the price or storage space. You can also search around on the Web and forums for feedbacks and stories from existing customers about their customer service and service-level agreements.
Like the article? Follow us on Twitter:
- How to backup your photos
- Recovering data from a huge hack
- The Debate: Automatic Cloud Storage or Online Drives
- Important Features To Look For When You Shop Online Backup Services
- 5 Best Cloud Backups For Mac in 2013