Computer on line back up
Could find anything using the search button on this site. I waded thru all the "fluff" with a google search for on line back sites. Of course they all say they are the best. Question for folks ...
Forum Discussion
Here is one issue about cloud providers:
1: Cloud provider is in business for a bit, and business "A" signs up and uses them for storage/backups. Said cloud provider has a security service level "guarantee" in place.
2: Cloud provider goes bankrupt.
3: The physical servers of the cloud provider are bought by business "B", business "A"'s main competitor.
4: Business "B" makes all the data public including social security numbers of employees, slurps all trade secrets, publishes all internal memos, and makes a press release about how poor business "A"'s security is.
5: Business "A" is hosed. They can't sue the cloud company because it is bankrupt. Business "B" has no contracts, so the data on the servers, they can do with it as they absolutely wish, as it is legally theirs now.
I've seen this more than a couple of times.
I would say that it is OK to use a provider like Mozy or Carbonite... but use the feature on their client to encrypt data with your own key before sending it up. That way, all data is stored encrypted and inaccessible to them, any hackers, or anyone who ends up owning the servers down the road.
For providers like Dropbox, I use a program called Truecrypt. I create a large container on my Dropbox partition, mount it to the computer, and store my files in that. If Dropbox gets compromised, the bad guys have an encrypted container and that's it. Since I use keyfiles, guessing passwords will be completely useless to them.
Finally, for "archive" storage like Amazon Glacier, I use PGP or GNU Privacy guard. All my critical documents, I copy to a ZIP file, encrypt that file with my private PGP key, then upload the encrypted file. Again, if someone hacks my AWS account, they will find a bunch of encrypted files that can't be decrypted by guessing passwords.
1: Cloud provider is in business for a bit, and business "A" signs up and uses them for storage/backups. Said cloud provider has a security service level "guarantee" in place.
2: Cloud provider goes bankrupt.
3: The physical servers of the cloud provider are bought by business "B", business "A"'s main competitor.
4: Business "B" makes all the data public including social security numbers of employees, slurps all trade secrets, publishes all internal memos, and makes a press release about how poor business "A"'s security is.
5: Business "A" is hosed. They can't sue the cloud company because it is bankrupt. Business "B" has no contracts, so the data on the servers, they can do with it as they absolutely wish, as it is legally theirs now.
I've seen this more than a couple of times.
I would say that it is OK to use a provider like Mozy or Carbonite... but use the feature on their client to encrypt data with your own key before sending it up. That way, all data is stored encrypted and inaccessible to them, any hackers, or anyone who ends up owning the servers down the road.
For providers like Dropbox, I use a program called Truecrypt. I create a large container on my Dropbox partition, mount it to the computer, and store my files in that. If Dropbox gets compromised, the bad guys have an encrypted container and that's it. Since I use keyfiles, guessing passwords will be completely useless to them.
Finally, for "archive" storage like Amazon Glacier, I use PGP or GNU Privacy guard. All my critical documents, I copy to a ZIP file, encrypt that file with my private PGP key, then upload the encrypted file. Again, if someone hacks my AWS account, they will find a bunch of encrypted files that can't be decrypted by guessing passwords.
