Do You Have a Secure Online Backup Provider?

by Lynnette Nolan | Jun 23, 2008

Recently, online storage space startup divShare announced on their blog a recent security breach by "a malicious user." Lucky for them, only basic profile information available through the database was accessed during the intrusion. But the important question here is what else could have been taken by a more skilled trespasser?

Many people think that backup is a simple application – what's so hard about backing up a PC?   I remember one of my MIT students grousing about Google's success: "Anyone can write a search engine," he said.  Backing up the data is not the problem. The problem is dealing with huge volumes, millions of database transactions, hundreds of thousands of customers, and all the complexity that this implies – all while making sure that there is 100% security.  Carbonite backs up over 50 million new files every day without losing any of them.  Like any other web site, we constantly get attacked by hackers, but we have enough security measures in place that these attacks are always unsuccessful. As I mentioned in a previous post, Carbonite was one of only two backup services that the guys at Heise Security weren’t able to crack. 

If you’re doing your engineering properly, online backup can be made to be extremely secure.  For instance, Carbonite starts with encrypting the data BEFORE it leaves your PC so that by the time we get it, it's already useless to an intruder in the very unlikely event that someone acutally gains access to our system. We also make sure that the authentication is rock solid, so that there are no "man in the middle" vulnerabilities.  And, we actually pay people to constantly test our defenses. 

After we get your encrypted files, we want to make sure that we don't lose them, so we store all your data on RAID-6 redundant arrays that are 36 million times more reliable than a single drive.  The main Carbonite data center is located in a "bomb-proof" building, alongside those of major Boston financial institutions and telco companies.

Online backup is a hot area right now and you'll see more startups entering the space over the next couple of years.  Not all of them will know enough about security to be really bullet-proof.  It isn't easy or cheap, but I can tell you that for Carbonite it's a live-or-die proposition. 

CEO, Carbonite