Which Cloud Backup?

Which Cloud Backup? a reader asks…

Wondered if you have an opinion re cloud back-up services — read good things about Crashplan and Backblaze (and of course there is Carbonite).  Do you have an opinion?  Should I worry about these guys getting hacked or that’s just an ever-present risk?  (Do you think one is more secure than the others?)

I’m certainly glad you’re considering backing up your computer(s) since 98% of folks don’t bother. I should mention that of those folks who neglect backup, 100% of those who suffer a disaster regret that neglect. So kudos to you for taking an important step! Especially important these days since Ransomware is on the rise and having a good backup and recovery plan is currently the only way to recover from a Ransomware attack. And no, I don’t count paying the ransom as a viable way to recover your files, too often the scam continues with more demands for money.

Cloud backup services are really dependent on a) your specific needs and b) your budget. For specific needs, most of these programs work on both Mac and PC, but may operate differently on each platform. You may only need a plain-vanilla backup solution for disaster recovery, which may not be fully covered by any of these plans. You may need it only for your own personal computer, or for all computers in your family, or for a business with one or more computers. These plans have tiers for all, but the pricing may be significantly different.

All three of the service providers you referenced are good, I think I prefer Crashplan for family/home protection, and Backblaze if it was just myself. To me, Carbonite seems a bit less user-friendly. These are just my opinions based on reviews of others, folks I trust such as Tom’s Guide and Lifehacker.com. I haven’t actually tried them out and tested them against each other. For myself, I look at backup and disaster recovery as a multi-pronged process, so none of these cloud-based solutions would totally fit my situation:

1. I backup my computer’s hard drive as an image so if the hard drive crashes I can replace it, restore the image and get back to work quickly.
2. I backup my personal files to a cloud-based storage (I use dropbox.com but any will do), and set it to twin all my personal folders to the cloud. Since I use multiple computers, this lets me work on any computer and they all keep the files synchronized since they’re all setup the same way (with the personal folders inside the dropbox folder).
3. I have a system repair USB stick for each computer so if something goes wrong I can use it to either restore a backup or setup a new drive.

My method ensures that I have a solution to quickly get back to work regardless of the type of disaster that hits. For most consumers, that’s more than they really need, so simple cloud-based backup services are very attractive.

All of these cloud-based services deal with your personal files and folders, not the entire hard drive. So if your computer’s hard drive crashes or the computer is lost/stolen, you’ll still need a working computer with the programs you use installed – then you can restore your personal files to that computer. System administrators and developers are better served with image-based backups where a snapshot of your entire hard drive is taken. So when (not if!) a hard drive crashes, they replace the drive and restore the latest image backup and the server is back up and running. For home users, this is likely overkill.

I think your main question is about the security of these cloud-based backup service providers. The security specifications of each of the providers you listed are very secure for your purposes. All of these use 128-bit SSL encryption between your computer and their servers, and then further encrypt your data on their servers. All three offer a private key encryption option which you can use so that not even the company can access your files. This is a double-edged sword since if you lose your private key your files are lost forever. But it’s an option to prevent government or other snooping, if you consider that a risk.

For the most part, the biggest vulnerability is not the cloud-based backup service, but the individual – you. Unsafe behavior like downloading programs from the internet, clicking links on shady sites, clicking on ads, opening email file attachments, clicking on links in emails – these are all the most common ways consumers get hacked. And one more – using a weak password and not using 2-factor authentication if available.

If you are serious about the security of your backup service, then you should create an un-guessable and long password to secure your account. In my opinion that means a password that’s at least 20 characters long, and that doesn’t include any easily guessable words, just random characters (letters both upper and lower case, numbers and type-able keys like ? $, # & !). Using a weaker password will simply reduce the security of your online account. Then top it off with enabling 2-factor authentication (also called 2-step). That not only requires a username and password, but also a code that’s either texted to you or generated by a smartphone or computer app. So even if your username and password were leaked, a hacker still couldn’t gain access to your files.

I don’t think you have to worry about the security of these online services and they’re all really great. They all use highly secure encryption methods both for transmission between you and the cloud, and for your cloud-based storage location. By exercising the private key option, you can ensure that nobody will ever be able to access your files, at least until quantum computing becomes available to hackers, then all bets are off.