Backing Up Data to Protect Against Corruption

I frequently search the Internet looking for answers to questions and issues that I run across in my daily work. I often find useful and valuable information. However, I also find a lot of misinformation posted by people who pretend to know what they are talking about. When reading forums and threads about data backup, I often find the comment from someone who thinks they have the ultimate answer. “Just get a 500GB USB drive and copy your data to it”. The person who posts such advice is never an expert, and is often a computer amateur who thinks he is smarter than the professionals who recommend more robust backup methods.

Just plugging in a big USB drive and copying your data is not a bad idea if you are not backing up your data any other way. But the aforementioned method only protects against a limited set of problems that render your data useless. Suppose a virus writes zeros to half of your files and then you copy your data to your usb drive. Your backup data would also be worthless if you only had one recent copy on a usb drive. On the other hand, if you were using a tape backup system and retaining your backups for several weeks, you would probably be able to restore a good copy that was made before the corruption occurred. This is one very simple example of how backup methods can be used to protect against problems other than a complete hard drive failure.

The most common cause of data loss is human error, not hardware failure. I have personally experienced several hard drive failures over the last 20 years or so, but I have had many more occasions to restore data because it was accidentally deleted or updated and I wanted an older version. Here’s a good one: You get a new computer and copy your documents over from the old computer. Eventually you dispose of the old computer. Later you realize that you didn’t copy some of your old data from your old computer. This kindof thing happens everyday.

An effective backup system retains versions of files for a period of time so that old files can be retrieved. If you are doing regular, frequent, backups and retaining your backup data according to a plan, then you are protected against a much wider range of problems. When someone gives you advice over the Internet, don’t assume they know what is best for you. Even though the USB drive seems like a good cheep alternative, it is not particularly effective against many common data losses. At a minimum, I suggest using a good online backup service as a component of your backup strategy.

Maintenance

We don’t have a problem getting the oil changed in our cars on a regular basis, or having our houses painted when it starts to peel. We pay people to clean our houses and offices. We pay to have our lawns mowed and maintained. Either we pay or we do it ourselves. The point is that it seems obvious to most people that these things need to be done. What doesn’t seem so obvious to a lot of people is that they need to backup their computer’s hard disk.

When the house gets messy, we have visual indicators that something needs to be done (or we trip over things). When the grass gets tall, the lawn needs mowing. You probably won’t have an indicator that your computer files need to be backed up. That is probably why so many people don’t do any regular backups of their data. The fuel gauge in the car tells us when to stop and refuel. But your computer is not going to tell you when you need to backup your data.

I had a flash in my brain; “I could write a program that runs in the background and tells me when my data needs to be backed up!”. But on second thought, the data needs to be backed up every day. If I use the computer and create any new files, or modify any existing files, then the new and changed data needs to backed up. I have been programming computers and working in the industry since the 1970’s. I have seen many hard drives fail. I have had many of my own hard drives fail. Actually, I always worry about losing my data. You may think I am paranoid, but you should be too! Every hard disk drive will eventually fail, and you never know when it is going to happen.

I used to save my backup data to tapes, but a few years ago I started using online backup services. Online backup makes the backup process 100% automatic, and my data is stored off site automatically also. I have no reason to be paranoid now. What are you doing about backing up your computer data?

Onsite vs Offsite Backup

The cost per gigabyte of hard disk drives is going down every month.. You can easily find a 500GB hard drive for less than $100. It’s a good thing the drives are getting cheaper because applications that use disk space are proliferating just as fast. As we get those big fat new hard drives, we are also getting new digital cameras and camcorders and mp3 players, and we are downloading television shows, movies and plenty of other disk hungry content. As if that weren’t enough, the applications that allow us transfer stuff to our computers has gotten so easy that a 3 year old can do it. Just get the camera near the computer and the pictures just magically jump onto the computers hard drive.

Now that our computer hard drives are growing and precious pictures, movies, and other content are happily moving into the new space; the data on our hard-drives is becoming increasing valuable. We used to just keep our letters, bills, tax information and other rather-boring stuff on our computers. The same kind of stuff our grandparents stored in boxes and eventually discarded. Now we are keeping photo’s, memories, home-movies… The kind of stuff that was kept in your grandparents photo album’s and scrap-books. You know, the stuff that is irreplaceable, priceless, and you are trying to make sure it is preserved for your kids and future generations. Just keep in mind that every single hard disk drive ever made will eventually stop working!

A lot of us have already experienced at least one hard disk failure, and others have heard of such happenings. But there are just as many who never think such a thing will happen to them, until it does, and it happens to everyone. Some people are prepared and the disk failure is just an inconvenience, and others lose everything with no hope for recovery. Which camp will you be in?

There are two fairly simple and inexpensive ways to protect your data:

1. Make backup copies to a local portable hard disk. This option requires that you buy a portable hard disk and plug it into your computer. You should also use software that will automatically copy your files at certain times to the backup hard disk. This option gives you the ability to restore your files from your local backup hard disk whenever there is a problem with your primary computer hard drive.
2. Use an online backup service. This option requires that you subscribe to a monthly or annual subscription to use an off site backup facility. Online backup services usually supply you with the software and everything you need to start backing up your data immediately. While online backup does require you to pay a subscription fee, the cost of a portable disk drive is usually equal to a year or two of online backup service. Online backup may take significantly longer to restore large amounts of data, but it does offer protection against a much wider range of problems (such as fire or disaster).

I like both options. I backup everything that is valuable and I want to keep for the long-term to an online backup provider. I also backup some other files locally to a raid disk array. In case of a major fire, I would likely lose my local storage, but the most valuable files are safely stored on an offsite backup server that is in a disaster-resistant data-center many miles away.

How Secure Is Your Encrypted Data?

Most people with portable computers carry around sensitive data on their hard drives. The computer may contain personal data such as accounts and social security numbers. It may also contain sensitive business data, and even worse customer personal information.

The problem is not just limited to portable computers.  What about the computers in your office?  If someone steals a computer or gains physical access to it, could they get sensitive data?  In most cases, the answer is yes.  The standard logon/logoff procedures are usually good enough to keep the typical office worker or janitor out of a computer.  However, even with sophisticated password polices, a person determined to steal data will blow right past those password defenses if they have physical access to the computers.   We are not just talking about some very smart professionals either, hacking tools are easy enough to use for any high-school drop-out. 

More security conscience organizations have moved to enforce encryption on portable computers, and some workstations.  Encryption raises the bar out of reach for even sophisticated hackers. There are some great encryption systems available like AES, 3DES, Blowfish, Twofish…,  these are all virtually unbreakable without the encrypting key. So if your encrypting key is vulnerable, then your data is only as safe as your encrypting key.  Your encrypting key could be vulnerable for obvious reasons, like it is based on a persons name, address, or other common information.  Or it may be vulnerable because it is stored some place where the hacker can gain access to it.  Obviously, if it is in the secretary’s top drawer it is vulnerable, but there are less obvious ways that your encryption key might be obtained.  See the article below about how it is possible to extract an encryption key from a computer using special electronic tools, even after the computer is powered off.  Now keep in mind that this type of attack requires physical access to the computer, it also requires sophisticated electronics and skills.  This is beyond the reach of all but the most sophisticated hackers. 

Quoted from http://blog.wired.com/27bstroke6/2008/02/researchers-dis.html:

Researchers: Disk Encryption Not Secure | Threat Level from Wired.com

Researchers with Princeton University and the Electronic Frontier Foundation have found a flaw that renders disk encryption systems useless if an intruder has physical access to your computer — say in the case of a stolen laptop or when a computer is left unattended on a desktop in sleep mode or while displaying a password prompt screen.

At least one of the encryption tools that was mentioned in he above article, Truecrypt, allows you wipe the cache and memory of the computer when you are finished using the data or turning off the computer. 

I would also like to point out that many online backup service providers store data in encrypted form.  A few of the better designed systems never have and never store your encrypting key.  So even if the most sophisticated professional hacker gained access to the offsite server providers equipment, there would be virtually no chance that data could be decrypted and stolen, because the encryption key is never stored and never used by the service provider.

Too Cheap to Pay For Backup Service

There are ways to store your backup data online and pay next to nothing, but that doesn’t mean they are a good value. I have seen postings where people are using Gmail and other online storage that wasn’t intended to be used as a backup solution. If your data is worth backing up, then you should at least use a real backup service.

Quoted from http://www.pcmag.com/article2/0,2817,2272331,00.asp:

Online Backup Nightmare: I’ve Lost Everything! – Columns by PC Magazine

Most online backup solutions would charge you hundreds of dollars per year to store 250GB of data. My budget doesn’t run too deep, unfortunately. That’s when an idea struck me: What if I contract with a cheap Web-hosting company and use the web server space as an online backup solution?

The Danger of Using Replication for Data Backup

I only get one chance every four years to write a blog post on February 29th. However, I am not writing this just to get something posted with a Feb 29 date. I want to warn you about a serious danger of using replication as a backup strategy. Replicating files or databases ensures that you have a secondary copy of your data in a different location in the event that your primary storage fails or is destroyed. The replicated data can be in an off-site location which adds some additional protection against disasters that may render your entire office or data-center unusable.

While replication protects data against many hardware and connectivity problems, there are many other hazards to your data that replication offers absolutely no protection for. Suppose your data is accidentally deleted or overwritten, which are common causes of data loss. Guess what? Your replicated data is also deleted or overwritten. What if a virus, malicious code, hacker, or other security problem affects your data? Your replicated data will almost certainly be affected in the same way. The fact is that replication does not protect against the most common causes of data loss.

Data replication is not a substitute for backup and recovery procedures. If data is important enough to be replicated then it also needs to be backed-up.

Mozy Pro Prices Increasing Dramatically

According to an Information Week article on Feb 27, EMC has announced new pricing for it’s online backup service Mozy Pro. Under the new pricing a SOHO customer with 1 server and 10GB of data will increase from $8.95/mo to $24.95/mo. A 100GB customer will pay $224.50/mo, up from $89.50.

I am sure a lot of people are thinking that EMC is screwing up Mozy. I don’t think we should blame EMC for this. Long before EMC came into the picture Mozy has been giving away free and dirt-cheap online backup accounts. This was a very effective marketing strategy for Mozy. They amassed a customer base in the hundreds of thousands, most paying nothing and others paying relatively small amounts. That business model can’t be sustainable for the long-term. I think Mozy’s plan from the onset was to build a big customer base with the free accounts, and then sell the company and make a ton of money for the management and VC investors. Seeing how EMC bought Mozy for $76M last fall, I would say they accomplished their goal.

EMC didn’t buy Mozy to give away free accounts and dirt-cheap backup services. They probably don’t have any intentions of selling the business either. I would have to believe that EMC intends to turn the Mozy business into a profit for their shareholders. I would also expect the other Mozy offerings to be adjusted with that goal in mind as well. Don’t blame EMC for this, they are not the ones that created a business model that was designed to suck up market share and then sell the business.

Using Online Backup for Offsite Storage Needs

Magnetic tapes have been the preferred media for backing up data for about four decades. Tapes were used for backup when programs and data were stored on Hollerith punch cards. The tapes and machinery have changed many times over the years, but tape is still the most widely used backup media in 2008.

Over the past several years, many organizations have migrated toward disk-based backup systems. Disk-based systems are more reliable than tapes and they have become less expensive to own. Although there are clear advantages to disk-based backup systems, many organizations have large investments in tape backup hardware and media as well as software and processes. Some CIO’s and IT directors are reluctant to scrap their investments in tape backup systems and convert over to disk-based systems. Disk-based backup has only recently become cost-effective and widely accepted, but it still does not have the long-term history that tape-based system have.

While many IT executives have been reluctant to make the switch to disk-based backup systems, others have felt compelled to move to disk-based systems due to the cost-saving and reliability advantages. For the traditional shops that have no intention of moving to disk-based systems anytime soon, there is one area where immediate benefits can be had without scrapping the tape backup systems. Moving tapes to an offsite storage facility has always been part of tape backup systems. Online backup services are an ideal way to move critical data off-site automatically, eliminating the manual and error-prone procedures of manually seleting tapes and transporting them back and forth to and from an offsite facility. For those who are determined to keep their tape backup systems in place, they can continue to backup to tape, and also use an online backup service to move critical data off-site. Having the backup data moved off site to a disk-based online backup service provider, is much simpler, less expensive, and more reliable than the traditional methods of physically moving tapes from location to location.

Secure Online Backup Can Be an Inexpensive Solution to Costly Data Breaches

I received a notice from my mortgage company that my personal information may have been stolen. They said that a backup tape containing customer information had been lost and they were notifying all affected customers in case their information was used in an identity theft. To help me protect my credit, they paid for a credit monitoring service that I could use for one year. I occasionally hear about data similar data breaches, but this is the first time my data was involved.

The letter from the mortgage company went on to explain that they create regular backup tapes of important data and the tapes are transported to a secure offsite storage facility. In this case, one or more of the backup tapes were lost in transit. My first thought was, “why weren’t they encrypting the backup data”. If they were encrypting the data on the backup tapes, then there would be no need to go through the expense and embarrassment of having to notify thousands, if not millions of customers because no data would have been exposed. And what if the data was actually used for identity theft; I suppose some very expensive remedies and lawsuits would be forthcoming. Thinking back to my first job out of college when I worked as a systems programmer in a bank data center; we didn’t encrypt our backup tapes either, but that was in the 1980’s.

Fast-forward twenty years–encryption technology is widely available, affordable, efficient, and very secure. There is no good excuse for sending data offsite in plain-text form. Many of the long-time IT operations are probably operating pretty-much the same way that we did it back at the bank; at the end of nightly processing, copy the databases out to tape and put them in cases to be transported to the offsite storage location. Another factor may be pure ignorance on the part of small and medium sized organizations that don’t have professional IT staff. In any case, these companies are probably feeling pretty good about the fact that they are doing regular backups and storing the data off-site.

The problem is getting to be more critical than ever because companies are storing more data on computers and retaining the data for longer periods of time. That trend will certainly continue. If large and small IT operations don’t improve their backup methods with encryption, then the frequency and volume of data breaches related to mishandled backup data will increase also.

One very simple solution that solves the problem is secure online backup services. With online backup, there is no tape to get lost, and the secure online backup services encrypt the data before it leaves your computers and the backup data remains encrypted at all times. Although backup tapes can be encrypted, it is much easier to skip the tapes and the transportation, and just backup the data straight to an online backup service. In almost every case, online backup services are a much less expensive offsite backup solutions than tapes and other media.

All online backup services are not the same. You can search the Internet for professional and secure online backup services and find quite a few that worth considering. I also advise you to read this article: SSL is Not Enough Security for Online Backup. When you consider the cost to purchase and maintain backup hardware and media, and then add in the IT operational costs, transportation, and software; secure online backup services are clearly an inexpensive solution to offsite backup of sensitive information with very low exposure to data breaches.

Backup Your Entire Drive or Just The Data?

“Should I backup my entire hard drive, or just my data files?”

If you have a huge hard drive with lots of software on it, then backing up your entire hard drive can be a challenge. If you purchase an external hard drive to use as your backup you will need to make copies of your primary drive frequently to keep your external drive up-to-date. You will also need to make that sure you are using a backup program that clones everything, including the boot sectors. This is not trivial and usually requires creating some kind of boot disk, booting your computer from a special disk and duplicating your hard drive while your computer is running some specialized software outside of your normal operating system. If you go the route of backing up your data only, then you will have some much simpler and quicker options, however, in the event of a hard drive crash you will be required to reinstall your operating system and software before you can restore your data. Power-users can easily handle either method, but everyone isn’t a power-user.

Christopher Null recently wrote a blog entry that says; “Do you feel comfortable reinstalling Windows and your various programs on a bare hard drive? If not, then back up everything. Power users can forgo the full drive backup and just grab data files, typically the stuff that lives in your My Documents folder.” It seems to me that you need to be a power user either way. Duplicating the entire disk requires a certain amount of expertise for both the backup and restore. I think he has a very good point, but it is not as simple as that. Making a complete clone of your hard drive is not a bad idea, but you also need to do the data backups on top of that. Here is something that I posted a few weeks ago on the topic: Full Disk Backup vs Data Backup.

If you have decided to backup your data files only, then you need to make sure you are backing up the correct files. See Selecting Which Files to Backup and also A Useful Tip for Software.

Whether you are duplicating your entire disk, backing up your data files only, or doing a combination of both, you will need a certain amount of computer know-how to successfully restore. If you are not a power-user or you are not sure if your backup methods are adequate, then you should enlist the help of a friend, relative, or professional who knows what they are doing. Don’t wait until your hard disk is fried to find out that your backup is useless.