Recently, online storage space startup divShare
announced on their blog a recent security breach by "a malicious user."
Lucky for them, only basic profile information available through the
database was accessed during the intrusion. But the important question
here is what else could have been taken by a more skilled trespasser?
Many people think that backup is a simple application – what's so hard
about backing up a PC? I remember one of my MIT students grousing
about Google's success: "Anyone can write a search engine," he said.
Backing up the data is not the problem. The problem is dealing with
huge volumes, millions of database transactions, hundreds of thousands
of customers, and all the complexity that this implies – all while
making sure that there is 100% security. Carbonite backs up over 50
million new files every day without losing any of them. Like any other
web site, we constantly get attacked by hackers, but we have enough
security measures in place that these attacks are always unsuccessful.
As I mentioned in a previous post, Carbonite was one of only two backup services that the guys at Heise Security weren’t able to crack.
If you’re doing your engineering properly, online backup can be made to
be extremely secure. For instance, Carbonite starts with encrypting
the data BEFORE it leaves your PC so that by the time we get it, it's
already useless to an intruder in the very unlikely event that someone
acutally gains access to our system. We also make sure that the
authentication is rock solid, so that there are no "man in the middle"
vulnerabilities. And, we actually pay people to constantly test our
After we get your encrypted files, we want to make sure that we don't
lose them, so we store all your data on RAID-6 redundant arrays that
are 36 million times more reliable than a single drive. The main Carbonite data center is located in a "bomb-proof" building, alongside those of major Boston financial institutions and telco companies.
Online backup is a hot area right now and you'll see more startups
entering the space over the next couple of years. Not all of them will
know enough about security to be really bullet-proof. It isn't easy or
cheap, but I can tell you that for Carbonite it's a live-or-die