How Secure Are Online Backup Services?

Cloud with lockOne of the biggest concerns about online backup services is security.  The idea of handing over your most precious data to a third party is frightening to many people.

In an InformationWeek Cloud Security and Risk Survey, 27% of respondents said they had no plans to use cloud services.  Of those, 48% said their primary reason was… yup, you guessed it – security.

That means over 10% of people will never use the cloud, precisely because of security concerns.

Are their concerns legitimate?

Encryption to the Rescue

Many online backup services use encryption to secure your data.  This encryption is usually done on the client side, before your files even leave your computer.

Your files are encrypted, transmitted over the internet using SSL (double encryption), and then stored encrypted.

The encryption key can either be controlled by the online backup service, or by you – via personal encryption.

There are pros and cons to both situations.

Security vs. Convenience

Personal encryption provides more security, since you control the encryption key (or password) to access your backups.  It has less convenience however, because you can’t reset your password if you forget it.

When the online backup service controls the encryption key, you still access your backups with a password, but you trust them to safeguard the key.  The benefit is if you forget your password, you can reset it via email.  Most online backup services use this as the default security scheme (SpiderOak being the exception).

Past Security Mishaps

To date, there have been no reported security mishaps with online backup services.  Cloud storage services are another issue…

Dropbox accidentally allowed all users to log in without a password in 2011.  The security breach lasted 4 hours and about 100 accounts were compromised.

PRISM, the U.S. government’s secret spy program, was reportedly given access to Microsoft’s SkyDrive service in early 2013.  Dropbox, Backblaze, SpiderOak, and others have denied any involvement.

It should be noted that neither Dropbox or SkyDrive provide personal encryption as an option to users.  The security just isn’t as good.  Cloud storage services are not held to the same standard as online backup services, due to their ability to share and sync files.

Data Loss is the Biggest Threat

In reality, no backup is going to be 100% secure.

Even the hard drive sitting next to your computer is susceptible to physical theft if someone breaks into your house.  And hackers?  Two words: Trojan horse.

Let’s not forget the biggest concern of all: actually losing your data.  In this case, online backup services provide a good balance of convenience and security to protect your data.

That brings us back to encryption.

Summary

Encryption is the most important safeguard you can use to protect your backups, whether online or offline.

For those concerned about government surveillance programs, hackers, and corporate espionage – you should choose an online backup service that supports personal encryption, ensuring only you can read your data.

It’s equally important to use a password that is both long and random, to guard against brute force attacks.  Then store the password in a safe place, such as in a fireproof safe or using a password manager program.  I recommend KeePass, which is free (open source) and works on any OS.  Just make sure the password file is stored in multiple locations, or you may find yourself in a Catch-22 and unable to access your backups.

In short, online backup services are very secure, as long as you use encryption to your advantage.

Geoff Akerlund

Geoff Akerlund

Geoff Akerlund is the founder and editor-in-chief of BackupReview.com. He enjoys attending music festivals, whitewater kayaking on the American River, and board game nights in his free time.

Geoff Akerlund