Cloud storage for backups: How paranoid should I get?
 

Having spent some time recently helping friends and family sort out backup approaches, I thought perhaps it was time to finish off the one I've been using at home for a while now. The last step being automated backups to cloud storage.

There are quite a few options about (although less so that support Linux via a command line) and currently I'm looking at Spider Oak which claims to have a zero knowledge policy.

Given this is a backup of personal data (including digital copies of bank statements, credit card statements, etc.) would I be going over the top if I added PGP encryption in along the line somewhere?

Given the folk about on CF with better techie knowledge and understanding of some of the privacy implications than me I thought I'd canvas for opinions. (And if anyone has suggestions beyond Spider Oak they'd be welcome.)

Thanks!

Re: Cloud storage for backups: How paranoid should I get?
 

I personally wouldn't put very personal data online.

I would put on on DVD or other home based storage.

Re: Cloud storage for backups: How paranoid should I get?
 

I don't think you'd be going over the top adding encryption yourself. I wouldn't store anything sensitive online unless it was encrypted (I've used TrueCrypt for some stuff).

Re: Cloud storage for backups: How paranoid should I get?
 

As Matt says - that's what I do (and on my PC and laptop).

Re: Cloud storage for backups: How paranoid should I get?
 

Check the terms and conditions before using any given service. What you are basically looking for is accountability on their part for a server side breach of some form. Reading those also gives you a sense of how seriously they take counter-measures.

Re: Cloud storage for backups: How paranoid should I get?
 

Appreciate the feedback guys - must admit part of me agrees with the full control over the storage media but at the same time I know what I'm like with admin tasks like backups - hence wanting to automate it to get the data somewhere safe from the house burning down while I'm not here to run out with the external drive!

heero_yuy - Agree on the reliance on the cloud. In this case though, it's the final step in a backup approach. The full setup being that my laptop and other bits in the house that need backing up automatically backup to a RAID5 server in the house. The cloud step is for where does that back up to.

BTW, I've started looking at the Amazon S3 storage option so (hopefully!) supplier going belly up becomes a very low risk!

Of course sticking with the house burning down paranoia the next step will be working out where to keep the keys for decryption when I get the data back!

Are they really out to get me or can I forget about this secure backup lark? :p:

Re: Cloud storage for backups: How paranoid should I get?
 

Once you have a service that looks unlikely to go out of business or a well branded service then I see no reason why you shouldn't post backups to the cloud.

Use Truecrypt to create an encrypted container file, put your stuff in there and upload.

Truecrypt is open source which means every expert around can inspect its integrity and comment about its security. AES256 is a pretty good encryption process as long as you choose a suitable passphrase (which you can remember).
1. Dont't use John01051975 if that's your name and DOB.
2. Don't use phrases from films or songs. They are vulnerable to dictionary attacks.
3. Use something personal such that only you know it...Such as date your first......well use your imagination for that one. Date of your first ASBO etc :D plus some other random personal stuff.

Re: Cloud storage for backups: How paranoid should I get?
 

I've went with Amazon S3 + a client app that integrates with S3 - probably the cheapest type of storage you will get in the cloud. We re-sell this set up to clients and make a tidy ££ - you'll find most online backup services actually just use amazon s3.

hope this helps

Re: Cloud storage for backups: How paranoid should I get?
 

I currently host a backup cloud service which supports linux, now i would disagree with how secure onine data can be. i can see a list of files but couldnt ever break the 256aes key built by the windows/linux machine or by yourselves if you have more knowledge. offing it at £50 per year per 15gb. and on the end of a 2gbps feed its simply going to max out most peoples connections quite happily.

[Mod Edit - commercial information removed.

Please do not try to advertise your products/services - this is against site t&c's.].

Hope this helps some people

Re: Cloud storage for backups: How paranoid should I get?
 

Re: Cloud storage for backups: How paranoid should I get?
 

A 500mb 2.5" hard drive does me. I wouldn't use Cloud storage even if it was free* :)

(* Yes, I know it is. That was my point ;))

Re: Cloud storage for backups: How paranoid should I get?
 

New SkyDrive sync tool is wonderful.

Moved My Docs into SkyDrive folder and I now have everything sync'd between desktop and laptop. Plus I can still access & edit seamlessly from work and on my phone. Always the latest version of files, and stored on far more robust infrastructure than I can afford at home.

I understand the concerns of giving up control, but hasn't everyone done this already with their email by using gmail or hotmail? For me the cloud is the way to go and the 25gig free from MS is doing nicely.

Re: Cloud storage for backups: How paranoid should I get?
 

Interesting I was told some years ago that something along those lines would work very well. Only was told to put a number in the middle.Perhaps to stop dictionary attacks. Also I guess if the song is written with misspellings then that adds to it. My ex / old one was
"Walking down 123456(ok not this number but a boys got to have some secrets) the street singing do wa diddy dum " never knowing broken:dunce:

Re: Cloud storage for backups: How paranoid should I get?
 

I use backblaze.com, it encrypts everything right from the PC, for more security you can lock it with not only a password, but a pass phrase as well.

Re: Cloud storage for backups: How paranoid should I get?
 

The problem here is you have no idea on how robust the encryption at this level is. It's upto a third party. You are 100% relying on backblaze.com who for all you know maybe subscribed to the 'key escrow' idealogy where someone (and not you) is given third party trust of the security of your data.

Using something like Truecrypt (yep the same does apply) but it has a wider audience of cryptographers/good programmers who have access to the open source and can (hopefully) spot any weaknesses.

My personal encrypted files are nothing more than tax returns and a few personal letters. Nothing for anyone else to worry about, but I would rather that be my choice.