Backing Up Data to Protect Against Corruption

I frequently search the Internet looking for answers to questions and issues that I run across in my daily work. I often find useful and valuable information. However, I also find a lot of misinformation posted by people who pretend to know what they are talking about. When reading forums and threads about data backup, I often find the comment from someone who thinks they have the ultimate answer. "Just get a 500GB USB drive and copy your data to it". The person who posts such advice is never an expert, and is often a computer amateur who thinks he is smarter than the professionals who recommend more robust backup methods.

Just plugging in a big USB drive and copying your data is not a bad idea if you are not backing up your data any other way. But the aforementioned method only protects against a limited set of problems that render your data useless. Suppose a virus writes zeros to half of your files and then you copy your data to your usb drive. Your backup data would also be worthless if you only had one recent copy on a usb drive. On the other hand, if you were using a tape backup system and retaining your backups for several weeks, you would probably be able to restore a good copy that was made before the corruption occurred. This is one very simple example of how backup methods can be used to protect against problems other than a complete hard drive failure.

The most common cause of data loss is human error, not hardware failure. I have personally experienced several hard drive failures over the last 20 years or so, but I have had many more occasions to restore data because it was accidentally deleted or updated and I wanted an older version. Here's a good one: You get a new computer and copy your documents over from the old computer. Eventually you dispose of the old computer. Later you realize that you didn't copy some of your old data from your old computer. This kindof thing happens everyday.

An effective backup system retains versions of files for a period of time so that old files can be retrieved. If you are doing regular, frequent, backups and retaining your backup data according to a plan, then you are protected against a much wider range of problems. When someone gives you advice over the Internet, don't assume they know what is best for you. Even though the USB drive seems like a good cheep alternative, it is not particularly effective against many common data losses. At a minimum, I suggest using a good online backup service as a component of your backup strategy.

Maintenance

We don't have a problem getting the oil changed in our cars on a regular basis, or having our houses painted when it starts to peel. We pay people to clean our houses and offices. We pay to have our lawns mowed and maintained. Either we pay or we do it ourselves. The point is that it seems obvious to most people that these things need to be done. What doesn't seem so obvious to a lot of people is that they need to backup their computer's hard disk.

When the house gets messy, we have visual indicators that something needs to be done (or we trip over things). When the grass gets tall, the lawn needs mowing. You probably won't have an indicator that your computer files need to be backed up. That is probably why so many people don't do any regular backups of their data. The fuel gauge in the car tells us when to stop and refuel. But your computer is not going to tell you when you need to backup your data.

I had a flash in my brain; "I could write a program that runs in the background and tells me when my data needs to be backed up!". But on second thought, the data needs to be backed up every day. If I use the computer and create any new files, or modify any existing files, then the new and changed data needs to backed up. I have been programming computers and working in the industry since the 1970's. I have seen many hard drives fail. I have had many of my own hard drives fail. Actually, I always worry about losing my data. You may think I am paranoid, but you should be too! Every hard disk drive will eventually fail, and you never know when it is going to happen.

I used to save my backup data to tapes, but a few years ago I started using online backup services. Online backup makes the backup process 100% automatic, and my data is stored off site automatically also. I have no reason to be paranoid now. What are you doing about backing up your computer data?

Onsite vs Offsite Backup

The cost per gigabyte of hard disk drives is going down every month.. You can easily find a 500GB hard drive for less than $100. It's a good thing the drives are getting cheaper because applications that use disk space are proliferating just as fast. As we get those big fat new hard drives, we are also getting new digital cameras and camcorders and mp3 players, and we are downloading television shows, movies and plenty of other disk hungry content. As if that weren't enough, the applications that allow us transfer stuff to our computers has gotten so easy that a 3 year old can do it. Just get the camera near the computer and the pictures just magically jump onto the computers hard drive.

Now that our computer hard drives are growing and precious pictures, movies, and other content are happily moving into the new space; the data on our hard-drives is becoming increasing valuable. We used to just keep our letters, bills, tax information and other rather-boring stuff on our computers. The same kind of stuff our grandparents stored in boxes and eventually discarded. Now we are keeping photo's, memories, home-movies... The kind of stuff that was kept in your grandparents photo album's and scrap-books. You know, the stuff that is irreplaceable, priceless, and you are trying to make sure it is preserved for your kids and future generations. Just keep in mind that every single hard disk drive ever made will eventually stop working!

A lot of us have already experienced at least one hard disk failure, and others have heard of such happenings. But there are just as many who never think such a thing will happen to them, until it does, and it happens to everyone. Some people are prepared and the disk failure is just an inconvenience, and others lose everything with no hope for recovery. Which camp will you be in?

There are two fairly simple and inexpensive ways to protect your data:

1. Make backup copies to a local portable hard disk. This option requires that you buy a portable hard disk and plug it into your computer. You should also use software that will automatically copy your files at certain times to the backup hard disk. This option gives you the ability to restore your files from your local backup hard disk whenever there is a problem with your primary computer hard drive.
   
2. Use an online backup service. This option requires that you subscribe to a monthly or annual subscription to use an off site backup facility. Online backup services usually supply you with the software and everything you need to start backing up your data immediately. While online backup does require you to pay a subscription fee, the cost of a portable disk drive is usually equal to a year or two of online backup service. Online backup may take significantly longer to restore large amounts of data, but it does offer protection against a much wider range of problems (such as fire or disaster).

I like both options. I backup everything that is valuable and I want to keep for the long-term to an online backup provider. I also backup some other files locally to a raid disk array. In case of a major fire, I would likely lose my local storage, but the most valuable files are safely stored on an offsite backup server that is in a disaster-resistant data-center many miles away.

How Secure Is Your Encrypted Data?

Most people with portable computers carry around sensitive data on their hard drives. The computer may contain personal data such as accounts and social security numbers. It may also contain sensitive business data, and even worse customer personal information.

The problem is not just limited to portable computers.  What about the computers in your office?  If someone steals a computer or gains physical access to it, could they get sensitive data?  In most cases, the answer is yes.  The standard logon/logoff procedures are usually good enough to keep the typical office worker or janitor out of a computer.  However, even with sophisticated password polices, a person determined to steal data will blow right past those password defenses if they have physical access to the computers.   We are not just talking about some very smart professionals either, hacking tools are easy enough to use for any high-school drop-out. 

More security conscience organizations have moved to enforce encryption on portable computers, and some workstations.  Encryption raises the bar out of reach for even sophisticated hackers. There are some great encryption systems available like AES, 3DES, Blowfish, Twofish...,  these are all virtually unbreakable without the encrypting key. So if your encrypting key is vulnerable, then your data is only as safe as your encrypting key.  Your encrypting key could be vulnerable for obvious reasons, like it is based on a persons name, address, or other common information.  Or it may be vulnerable because it is stored some place where the hacker can gain access to it.  Obviously, if it is in the secretary's top drawer it is vulnerable, but there are less obvious ways that your encryption key might be obtained.  See the article below about how it is possible to extract an encryption key from a computer using special electronic tools, even after the computer is powered off.  Now keep in mind that this type of attack requires physical access to the computer, it also requires sophisticated electronics and skills.  This is beyond the reach of all but the most sophisticated hackers. 

Quoted from http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html:

Researchers: Disk Encryption Not Secure | Threat Level from Wired.com

Researchers with Princeton University and the Electronic Frontier Foundation have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer -- say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen.

At least one of the encryption tools that was mentioned in he above article, Truecrypt, allows you wipe the cache and memory of the computer when you are finished using the data or turning off the computer. 

I would also like to point out that many online backup service providers store data in encrypted form.  A few of the better designed systems never have and never store your encrypting key.  So even if the most sophisticated professional hacker gained access to the offsite server providers equipment, there would be virtually no chance that data could be decrypted and stolen, because the encryption key is never stored and never used by the service provider.

Too Cheap to Pay For Backup Service

There are ways to store your backup data online and pay next to nothing, but that doesn't mean they are a good value. I have seen postings where people are using Gmail and other online storage that wasn't intended to be used as a backup solution. If your data is worth backing up, then you should at least use a real backup service.

Quoted from http://www.pcmag.com/article2/0,2817,2272331,00.asp:

Online Backup Nightmare: I've Lost Everything! - Columns by PC Magazine

Most online backup solutions would charge you hundreds of dollars per year to store 250GB of data. My budget doesn't run too deep, unfortunately. That's when an idea struck me: What if I contract with a cheap Web-hosting company and use the web server space as an online backup solution?