Are online backup services really secure?

Your data is super sensitive. That’s why it’s so important to point out the  issue regarding secure online backup services and what actually makes them “secure”. I already mentioned it in a great article: How to choose an online backup service? When I started backing up my data online (pffew, I think it was back in 2005, but not quite sure) I had major concerns of my data being safe at all those services that promised quick, secure and reliable backups. And remember it was 2005! So security leaks were quite common back then. For those of you that don’t like to read this whole article I’ll quickly sum up my take aways for backups in the cloud:

• Always have multiple backups (this is very import).
• Online backups are relatively secure.
• Always have physical backups.
• Always think twice when giving sensitive information (credit card numbers, passwords, etc…) to companies. Remember the Playstation Network that got hacked awhile ago and millions of credit card data could have been exposed? There you go.

But let’s start with a little crash course on internet security first. You gotta know more less the basics to fully understand why that is important to your backups.

No, no, Mauricio I want to get right to the meat, save me the bladidibla and get me to the most secure online backup providers.

Internet Security  101 for online data backups

There are two main topics that one needs to understand regarding secure online backup services. I’ll try to quicky sum them up in this article albeit these are by itself vast topics where entire books have been written about. Quite a challenge. But I like challenges so here we go:

• What is the internet (no I don’t think you’re being stupid, but we need to cover that one)
• What is cryptography? (uff, can you actually pronounce that? I am German so for me that one is challenging as well…)

What is the internet?

You know the internet is the thing where people are surfin’, emailin’, facebookin’, right? Well, not really. Obviously there is some truth in it because the Internet is a big network with connections, nodes, servers and all that goodness that make things possible today. Okay, so we said it’s a network. Networks tend to be connected somehow. Just think about the television networks, or your local bridge club for that matter. In the same way that the lady playing bridge is connected with the members of her group the servers (or computers if you will) in the internet are connected. But these connections alone wouldn’t make much sense without a language. Ah, a language you say? Yes because computers have to “speak” to each other in order to server information. These languages are called protocols.

What does this have to with me and my backups?
Well, a lot. First, without these protocols and connected computers you wouldn’t see this website. Because website are stored on these computers and then transmitted via those protocols where they finally reach your computer when you “ask” for them, that is typing something like “www.google.com” in your browser. Second, when you want to store your data online with an online backup service provider then you have to establish a connection with one of those millions of computer networks out there. And here comes the crucial part: whenever information is transferred there might be security issues because somebody could be interested in your data. And this is where cryptography comes into play and why we need this for secure online backups.

What is cryptography and why is it important for my backups?

The good thing about the internet is that it is a network of network and that these networks are open. Anybody can acces the internet, you can surf to your favorite website, you can even create your website, your can share photos and videos. But what if you want to share or store private and sensitive data? There you go: you need cryptography to ensure that only the sender and the recipient has access to the information, or even just you, the sender. When you want to make your data secure that nobody else can see it you need to encrypt it. With the encryption the contents you want to hide can only be made readable with the corresponding decryption method. Uff okay, we got the most difficult words out of our way.

So when you want to encrypt your data, that is making it secure you need a special key. (Don’t go and get your keys just yet. Remember it’s only bits and bytes.) This key is needed to make your online backup safe and to be able to decrypt the data when you (or other people) need it. The level of security is mainly determined by the length of the key. With the rise of the internet we had key lengths of 40-bit but this turned out not to be very secure because it was easily hackable. Modern computers just need a fraction of a millisecond for that. Nowadays, we use the lot more secure encryption of 128, 192 and 256 bits. No eat this number, if you like to hack into an 256 bit encryption you’d need

50,955,671,114,250,100,000,000,000,000,000,000,000,000,000,000,000,000

years. This is a heck more secure! I think this number doesn’t even have a name! The problem is that so called “secure online backup services” like to market their products with these number because they are so impressive, right? You were also trying to count the zeros, see? Carbonite even says that they have the same security level as all the major banks. One could think secure online backups or online communication in general would only depend on the level of sophisticated algorithms and and the length of the keys.

Why encryption can be worthless

All the fancy encryption can be worthless if not used with proper athentication. It can even be more dangerous than transfers without any encryption because you might have the sense false security. You always need to make sure you know who you are talking to at the end of the line to protect yourself from so called “Man in the Middle” attacks. If your recipient instead of your online backup service is a spy than even a one trillion bit encryption is worhless. If the the spy got the keys, well than he can comfortably enter your home, right?

Now the good news for your online backups

Well the good news is that the majority of online backup service providers do work with certificates that verifiy the identity of both the sender and the recipient and use high encryption standards. Whenever you look for online backup companies make sure that Man in the Middle attacks are not possible. How do I do that? Granted, this is not easy, but I’ll give you my recommendation or you write an email to the company of your choosing asking specifically for those kind of attacks and if they use a trustworthy “Certification Authority (CA)”

Secure online backup services

Before we are getting to our list of secure online backup services let’s quickly summarize a few take aways from this article:

• Make multiple backups and never trust just one company
• Be care with really sensitive data
• Check the encryption process of your backup company
• backup, backup and again back your data up

Tagged as: article, security