Recently, online storage space startup divShare announced on their blog a recent security breach by "a malicious user." Lucky for them, only basic profile information available through the database was accessed during the intrusion. But the important question here is what else could have been taken by a more skilled trespasser?

Many people think that backup is a simple application – what's so hard about backing up a PC?   I remember one of my MIT students grousing about Google's success: "Anyone can write a search engine," he said.  Backing up the data is not the problem. The problem is dealing with huge volumes, millions of database transactions, hundreds of thousands of customers, and all the complexity that this implies – all while making sure that there is 100% security.  Carbonite backs up over 50 million new files every day without losing any of them.  Like any other web site, we constantly get attacked by hackers, but we have enough security measures in place that these attacks are always unsuccessful. As I mentioned in a previous post, Carbonite was one of only two backup services that the guys at Heise Security weren’t able to crack. 

If you’re doing your engineering properly, online backup can be made to be extremely secure.  For instance, Carbonite starts with encrypting the data BEFORE it leaves your PC so that by the time we get it, it's already useless to an intruder in the very unlikely event that someone acutally gains access to our system. We also make sure that the authentication is rock solid, so that there are no "man in the middle" vulnerabilities.  And, we actually pay people to constantly test our defenses. 

After we get your encrypted files, we want to make sure that we don't lose them, so we store all your data on RAID-6 redundant arrays that are 36 million times more reliable than a single drive.  The main Carbonite data center is located in a "bomb-proof" building, alongside those of major Boston financial institutions and telco companies.

Online backup is a hot area right now and you'll see more startups entering the space over the next couple of years.  Not all of them will know enough about security to be really bullet-proof.  It isn't easy or cheap, but I can tell you that for Carbonite it's a live-or-die proposition. 

— Dave
CEO, Carbonite

When Carbonite entered the online backup market in May 2006, everyone in the online backup business was pricing their services by the gigabyte. We introduced the first backup service with unlimited storage for a fixed price. Why? Because our market research showed that people didn't like having to learn new software applications and they didn't like having to figure out what they needed to back up. If your backup is limited to, say, 5GB, you are forced to pick and choose files and folders. We envisioned a service that didn't require the user to do anything other than put in an email address and password.

Many people think that we came out with unlimited backup in order to win the "gigabyte war" vendor A gives you 5GB for $5/mo, vendor B gives you 10GB for $5/mo, and so on. But that's really not why we decided on unlimited backup – the REAL reason was simplicity of the user experience. If you make the capacity unlimited, then the user doesn't have to make any choice – we just back up everything by default.

What happened, of course, is that our direct competitors were forced to switch to an unlimited pricing plan, but THEY DIDN'T CHANGE THEIR PRODUCTS! They missed the point. You still had to learn new software. Every bit of complexity makes it harder for the user and lowers adoption rate.

We are committed to one simple task: protect all the valuable data on your computer with the absolute minimum of effort and at the lowest possible cost to you.

— Dave
CEO, Carbonite

In Carbonite's Customer Support department, we answer thousands of questions each week, and many folks want to know the same things. I've compiled a list of the top ten questions we receive most often and the best (general) answers we can give. These answers are specific to Carbonite Version 3.5. (If you're on an earlier version, log into your account and reinstall Carbonite to get the latest version.) Given the length of some of the answers, I have decided to turn this into a multi-part post. And so, without any further ado, here's part 4:

9. Initially I said I want to back up just "my desktop and documents", but now I want to back up more. How do I do that?

The simplest way to change your backup selection is to open My Computer, right-click your hard drive icon, and select Don't back this up from the Carbonite context menu. It will take Carbonite a few minutes to remove your backup selections, and then the colored dot will disappear from your hard drive icon. Next, restart your computer. Now you can select items for backup. Simply right-click any file or folder and select Back this up from the Carbonite context menu to add it back to your backup selection.

If you wish to switch to the "recommended" option of backing up your documents and desktop, right-click the C:\Documents and Settings folder (C:\Users on Windows Vista) and select Back this up from the Carbonite context menu.

10. What if I get a virus? Will Carbonite back that up too?

Viruses live in and affect executable files. By "executable files", I mean files that can perform some kind of task. In the past, it was safe to say that viruses only affected programs, but these days most documents support some type of embedded macro or scripting language. It's possible that documents created by Microsoft Office or other programs could contain what is called a "macro virus" - a virus that can run when that file is opened by the program that created it. Luckily, these types of viruses tend to be the easiest to correct and remove while the virus is still dormant.

When recovering from a virus infection, my recommendation would be to reinstall your operating system and applications, and in particular a good anti-virus program. Be sure to get the latest virus definition files from the manufacturer of the anti-virus program. (This is usually included as part of your subscription, and the latest definition files can be downloaded via the Internet.) After reinstalling your operating system and anti-virus program, restore your backup, but be careful not to open your restored documents until after scanning them for viruses.

Well, there you go. That's our top ten. I hope you find this information helpful. You can find more detail on these topics by searching the frequently asked questions in Carbonite support. But as always, if you have additional questions, please let us know by e-mailing customersupport@carbonite.com.

— Len

Although it didn't come as a surprise, the news about the SwapDrive acquisition has caused quite a stir in the industry.  Yesterday, we were in touch with eWeek and Backupreview.info, two sites that wanted to share Dave’s view on the acquisition.  eWeek published an article as well as a blog post that included much of what Dave posted on our blog yesterday. BackupReview.info also posted a Q & A to share Dave's thoughts with the online backup industry.

In addition, we issued the following press release:

June 11, 2008

Online Backup Continues to Emerge Mainstream as Old Industry Giant
Snaps up Another Established Backup Brand

BOSTON — (BUSINESS WIRE) — David Friend, CEO and co-founder of online data backup company Carbonite, says online backup is continuing to emerge mainstream, as illustrated by another old industry giant gobbling up an established online backup player.

Symantec acknowledged the truth of reports yesterday that it acquired SwapDrive and its companies, Backup.com and WhaleMail.com, leaving Carbonite as one of the last-standing large independent online backup services.

“Frankly, I was surprised that the price was so low, given how hot this market is,” Friend said. “However, that's the danger of being a white label provider to someone like Symantec. It's like the lawnmower company that sells 80 percent of its output to a major retailer. One day they come along and make you ‘an offer you can’t refuse,’ so to speak.”

In the past year, Mozy has been acquired by EMC and Arsenal Digital was acquired by IBM. In previous years Connected and LiveVault were acquired by Iron Mountain, and EVault was acquired by Seagate Technologies

“The online backup space is hot and everyone is suddenly interested in getting into the game,” Friend said. “Symantec realized you can protect your PC with antivirus, anti-spyware, and so forth, but the most important thing to protect is your data. Only online backup provides that protection. No anti-anything can keep your hard drive from crashing or keep a burglar from stealing your computer.”

Carbonite recently passed its 200 millionth file restored and has backed up more than three billion files for consumers and small businesses.

“One by one our competitors have been snapped up by big old companies and we are standing alone as the top independent backup provider,” Friend said. “We’re poised to become the trusted brand in online backup, much like Norton emerged for anti-virus. With a simple and trustworthy product, we are in a position to continue our rapid growth.”

About Carbonite

Carbonite launched its Online PCBackup™ service in May 2006. Carbonite’s industry-first offer of unlimited backup space for a flat low price revolutionized the market for consumer and small business backup services. So far the company has backed up more than 2.5 billion files, has restored more than 160 million lost files for its customers and has a large data center where capacity is measured in petabytes. There are Carbonite users in nearly 100 countries.

Founded in 2005, Carbonite believes that computer users should not have to think about backup. The company’s mission is to provide an affordable, reliable, secure and easy-to-use solution for the mainstream computer user. Carbonite is available to consumers and small business through numerous channels, including its corporate Web site, major US retailers and international distributors. For more information, please visit www.carbonite.com.

— Alison

Symantec announced today that they have acquired Swapdrive for $123 million. Swapdrive is the white-label online backup company that has been providing the free 2GB offer that is included with every copy of Norton 360. Frankly, I was surprised that the price wasn't higher given how hot this market is. However, that's the danger of being a white-label provider to someone like Symantec. It's like the little lawnmower company that sells 80% of it's output to Sears. One day they come along and make you "an offer you can't refuse," so to speak.

From what we hear, the take rate on the Norton 360 backup option has been pretty good. The bundle definitely makes sense: you can protect your PC with antivirus, anti-spyware, and so forth, but the most important thing is to protect your data. And only online backup provides that protection. No anti-anything can keep your hard drive from crashing or keep a burglar from stealing your computer.

One by one our competitors have been snapped up by big old companies. LiveVault, EVault, Connected, and most of the old-line enterprise online backup companies have been bought. Mozy was recently bought by EMC for $76M. And now SwapDrive for a reported $123M.

Our ambitions go far beyond the white-label strategy of Swapdrive. In the consumer space, Carbonite now has 11% brand recognition. Swapdrive is probably 0. Norton was one of the early providers of anti-virus software and built a brand that, for a while, was almost synonymous with anti-virus in the consumer and business markets. We’re trying to do the same thing with backup – that’s why you hear our endorsement ads on radio shows with hosts like Howard Stern, Rush Limbaugh, and others. In fact, I often tell our employees that we’re going to be to online backup what Norton is to anti-virus. While we have lots of co-marketing and reselling deals, it should be clear to everyone that one of our goals is to be the trusted brand name in online backup.

The online backup space is hot. Everyone is suddenly interested in getting into the game. We just cut a deal with a leading PC manufacturer (announcement shortly) that is starting to ship their PCs with a free subscription to Carbonite pre-loaded. In a few years, online backup will be part of the pre-install on every PC. Why? Because when your hard drive crashes and you lose all your family pictures, you don’t blame Seagate or Western Digital – you blame your PC manufacturer. It’s a big brand liability issue for the PC manufacturers. Carbonite can make that problem go away for a PC manufacturer. Similarly, bundling online backup with anti-virus makes sense and we’re pursuing partnership deals.

When you look out 5 years, I think almost everyone will be backing up their PC using services like Carbonite. Broadband is getting cheaper and faster, and disk storage costs are dropping like a rock. The alternatives don’t look very attractive: a) don’t backup and risk losing everything, b) buy an external hard drive. External hard drives are not ideal for backups because they usually sit right next to your computer, so if someone breaks in and steals your computer, or if it is damaged by fire, flood, or virus attack, both the computer and the hard drive will go bye-bye. Plus they are prone to failure (roughly 3% per year die) – a RAID6 array that stores your data at Carbonite is 36 million times more reliable than an external hard drive.

We think Carbonite is a much better product than Swapdrive (we are of coursed biased in that regard) — it’s much simpler to use, and much less expensive.

We just want to keep building the best online backup company in the world and hopefully take it public in a couple of years.

— Dave
CEO, Carbonite

In Carbonite’s Customer Support department, we answer thousands of questions each week, and many folks want to know the same things. I’ve compiled a list of the top ten questions we receive most often and the best (general) answers we can give. These answers are specific to Carbonite Version 3.5. (If you’re on an earlier version, log into your account and reinstall Carbonite to get the latest version.) Given the length of some of the answers, I have decided to turn this into a multi-part post. And so, without any further ado, here's part 3:

6. Can I back up my USB external drive? How about my network drive?

At present, Carbonite only backs up local, internal hard drives. It will not back up network drives, external drives, and NAS (network accessed storage) drives. In the near future, we will release a version of Carbonite that supports USB external drives.

7. Can I schedule Carbonite to back up just at certain times?

You sure can! Just double-click on the Carbonite Lock icon in your system tray by your computer’s clock) and select Set Options, and then click Backup Schedule. You can then select the desired times that you would like to back up, or the times that you would not like to back up. By default, Carbonite backs up your system automatically when you add or change files, so you don’t need to set up a schedule at all.

8. How can I view the progress of my backup in more detail than just the percent bar?

Carbonite’s History view can show you exactly which files have been backed up or restored. Hold down the right shift key on your keyboard while you click the Carbonite Lock icon, and select View History. Change the display type to Detail, and you can view a complete log of Carbonite’s backup and restore activity.

To be continued...

— Len

Several people have asked me to post a description of our infrastructure. As I mentioned in my previous post about HP’s infrastructure difficulties, "HP Upline and the challenge of large scale backup," keeping billions of files safe is no small task.

The first thing you should know about our architecture is that we never handle unencrypted data. Carbonite encrypts all files before they leave your PC. We use 448-bit Blowfish encryption. I’ve been told that Blowfish has never been cracked. It is the strongest commercial encryption on the market.

Carbonite employs the most sophisticated firewalls and intrusion detection systems available. We pay a professional hacker firm to attack the data center constantly, looking for security holes. I think our defenses are as good as most banks. Heise Security recently wrote about how they hacked into many of our competitors’ backup systems but were unable to hack into Carbonite Their so-called “Man-In-The-Middle” test attack is something we designed against from the beginning. Frankly, I was amazed that most of the other vendors were so easily hacked by these guys and backed up files either compromised or deleted.

At our secure data center, your data is stored on arrays of 1-terabyte enterprise-grade drives. Carbonite uses RAID-6 redundant arrays which spread copies of the data across multiple hard drives. Each array has 16 drives. Three of the 16 would have to fail simultaneously and the user’s PC would have to crash at the same time before any data would be lost. These RAID-6 arrays are 36,000,000 times more reliable than the hard drive in your computer. We have redundant power, redundant Internet connections, redundant Web servers and so forth. The data center is guarded 24 hours a day, seven days a week; and admission is controlled by fingerprint ID locks.

As you can imagine, we use a lot of bandwidth. We currently back up over 40 million new files every day and we have over 7 billion already backed up. Given the amount of bandwidth we use, it’s best to be located in a major telecoms center where multiple carriers converge. Therefore, we chose to build our data center in one of those so-called “bomb-proof” buildings with all the major Boston financial institutions and telcos.

— Dave
CEO, Carbonite

Dave recently appeared on Fox Business News. In case you didn't have a chance to see it, you can stream it here on Fox Business News. Enjoy!

— Alison

In Carbonite’s Customer Support department, we answer thousands of questions each week, and many folks want to know the same things. I’ve compiled a list of the top ten questions we receive most often and the best (general) answers we can give. These answers are specific to Carbonite Version 3.5. (If you’re on an earlier version, log into your account and reinstall Carbonite to get the latest version.) Given the length of some of the answers, I have decided to turn this into a multi-part post. And so, without any further ado, here's part 2:

3. If I delete a file from my computer, how long will Carbonite keep it in my backup?

As a backup program, Carbonite maintains a copy of each of the files that are on your computer. If you delete files, Carbonite marks those files for removal from the backup server. We know that folks sometimes delete the wrong file by accident and don’t notice right away, so we save the files you delete for thirty days before removing them. If you’re a trial customer, we’ll keep the file for 30 days or for 15 days after your trial has ended – whichever is shorter.

4. Is it really unlimited? No, seriously… How much can I back up?

Yes, it really IS unlimited - we don't limit how much data you can back up. Remember, the more you back up, the longer it will take, both to back up and to restore. Ultimately, practicality will determine just how much you should back up. Folks with hundreds of gigabytes of data really should consider a local backup solution, such as an external hard drive, for their less important files and use Carbonite to back up the most important items.

5. How do I restore just one file (or a few files)?

To restore individual items (rather than the entire computer), just open the Carbonite Backup Drive located within My Computer and browse to items you want to restore. Folders in the Carbonite Backup Drive are organized the same way as they were on your computer. Right-click the item or items you want to restore, and then select Restore.

To be continued...

— Len

I'd like to draw your attention to an article from Heise Security that claims that some online backup services are not secure. I’m pleased that Carbonite was among the two that the writers were unable to compromise. While an article like this is not exactly good publicity for the online backup industry, if their findings are true (and I believe they are), some of these vendors deserve to be criticized for bringing weak products to market that damage the reputation of the whole industry. I agree with the sentiment expressed on Backup Review: "Online backup, like online banking and online credit card transactions, can be made to be very secure, but not everyone is going to do it right."

— Dave
CEO, Carbonite