• Do you have a secure online backup provider?

  June 23, 2008

  Recently, online storage space startup divShare announced on their blog a recent security breach by "a malicious user." Lucky for them, only basic profile information available through the database was accessed during the intrusion. But the important question here is what else could have been taken by a more skilled trespasser?

  Many people think that backup is a simple application – what's so hard about backing up a PC?   I remember one of my MIT students grousing about Google's success: "Anyone can write a search engine," he said.  Backing up the data is not the problem. The problem is dealing with huge volumes, millions of database transactions, hundreds of thousands of customers, and all the complexity that this implies – all while making sure that there is 100% security.  Carbonite backs up over 50 million new files every day without losing any of them.  Like any other web site, we constantly get attacked by hackers, but we have enough security measures in place that these attacks are always unsuccessful. As I mentioned in a previous post, Carbonite was one of only two backup services that the guys at Heise Security weren’t able to crack. 

  If you’re doing your engineering properly, online backup can be made to be extremely secure.  For instance, Carbonite starts with encrypting the data BEFORE it leaves your PC so that by the time we get it, it's already useless to an intruder in the very unlikely event that someone acutally gains access to our system. We also make sure that the authentication is rock solid, so that there are no "man in the middle" vulnerabilities.  And, we actually pay people to constantly test our defenses. 

  After we get your encrypted files, we want to make sure that we don't lose them, so we store all your data on RAID-6 redundant arrays that are 36 million times more reliable than a single drive.  The main Carbonite data center is located in a "bomb-proof" building, alongside those of major Boston financial institutions and telco companies.

  Online backup is a hot area right now and you'll see more startups entering the space over the next couple of years.  Not all of them will know enough about security to be really bullet-proof.  It isn't easy or cheap, but I can tell you that for Carbonite it's a live-or-die proposition. 

  
  

  — Dave
  CEO, Carbonite

  Full story

  Comments (0)

  Topics: Industry News

  Tags: encryption carbonite online backup data center security industry

• Carbonite Data Center: Security, Encryption and Redundancy

  June 05, 2008

  Several people have asked me to post a description of our infrastructure. As I mentioned in my previous post about HP’s infrastructure difficulties, "HP Upline and the challenge of large scale backup," keeping billions of files safe is no small task.

  The first thing you should know about our architecture is that we never handle unencrypted data. Carbonite encrypts all files before they leave your PC. We use 448-bit Blowfish encryption. I’ve been told that Blowfish has never been cracked. It is the strongest commercial encryption on the market.

  Carbonite employs the most sophisticated firewalls and intrusion detection systems available. We pay a professional hacker firm to attack the data center constantly, looking for security holes. I think our defenses are as good as most banks. Heise Security recently wrote about how they hacked into many of our competitors’ backup systems but were unable to hack into Carbonite Their so-called “Man-In-The-Middle” test attack is something we designed against from the beginning. Frankly, I was amazed that most of the other vendors were so easily hacked by these guys and backed up files either compromised or deleted.

  

  At our secure data center, your data is stored on arrays of 1-terabyte enterprise-grade drives. Carbonite uses RAID-6 redundant arrays which spread copies of the data across multiple hard drives. Each array has 16 drives. Three of the 16 would have to fail simultaneously and the user’s PC would have to crash at the same time before any data would be lost. These RAID-6 arrays are 36,000,000 times more reliable than the hard drive in your computer. We have redundant power, redundant Internet connections, redundant Web servers and so forth. The data center is guarded 24 hours a day, seven days a week; and admission is controlled by fingerprint ID locks.

  As you can imagine, we use a lot of bandwidth. We currently back up over 40 million new files every day and we have over 7 billion already backed up. Given the amount of bandwidth we use, it’s best to be located in a major telecoms center where multiple carriers converge. Therefore, we chose to build our data center in one of those so-called “bomb-proof” buildings with all the major Boston financial institutions and telcos.

  — Dave
  CEO, Carbonite

  Full story

  Comments (1)

  Topics: Company News

  Tags: encryption carbonite online backup data center security

• Security and Online Backup

  May 27, 2008

  I'd like to draw your attention to an article from Heise Security that claims that some online backup services are not secure. I’m pleased that Carbonite was among the two that the writers were unable to compromise. While an article like this is not exactly good publicity for the online backup industry, if their findings are true (and I believe they are), some of these vendors deserve to be criticized for bringing weak products to market that damage the reputation of the whole industry. I agree with the sentiment expressed on Backup Review: "Online backup, like online banking and online credit card transactions, can be made to be very secure, but not everyone is going to do it right."

  
  

  — Dave
  CEO, Carbonite

  Full story

  Comments (0)

  Topics: Industry News

  Tags: carbonite online backup security

• How to Choose a Home PC Backup method

  April 14, 2008

  I'll admit it: Before I came to work at Carbonite, I was among the many computer users that never backed up their files. If I were working on a huge paper in college, or a really important work project, I occasionally would take the time to put the document on a USB drive, but other than that, I never thought of backup. Now that I work for an online backup company and see how easy it is to back up your files, I feel like I was such a slacker. It's really embarrassing to admit, but I guess I just never thought that losing everything was that big of a threat.

  Naturally, being in a position where I monitor media coverage all the time, I see endless articles and blogs about what backup methods are best. Everyone has their own opinions as to the best way to back up your files, but everyone agrees on one thing: No matter how you do it, make sure you back them up! This weekend, I was reading an article on PC World.com about How to Choose a Home PC Backup Method. I thought it was a great read for anyone who isn't sure if Online Backup is the right solution for them. Carbonite is mentioned down the bottom with a few other companies, but mostly it's just a great general overview of Online Backup vs. Traditional Backup.

  Enjoy!

  
  

  — Alison

  Full story

  Comments (0)

  Topics: Industry News

  Tags: online backup news security

Links

Search