Data Backup Software & Remote Backup News – Carbonite Blog

Go Back

Carbonite Data Center: Security, Encryption and Redundancy

June 05, 2008

Several people have asked me to post a description of our infrastructure. As I mentioned in my previous post about HP’s infrastructure difficulties, "HP Upline and the challenge of large scale backup," keeping billions of files safe is no small task.

The first thing you should know about our architecture is that we never handle unencrypted data. Carbonite encrypts all files before they leave your PC. We use 448-bit Blowfish encryption. I’ve been told that Blowfish has never been cracked. It is the strongest commercial encryption on the market.

Carbonite employs the most sophisticated firewalls and intrusion detection systems available. We pay a professional hacker firm to attack the data center constantly, looking for security holes. I think our defenses are as good as most banks. Heise Security recently wrote about how they hacked into many of our competitors’ backup systems but were unable to hack into Carbonite Their so-called “Man-In-The-Middle” test attack is something we designed against from the beginning. Frankly, I was amazed that most of the other vendors were so easily hacked by these guys and backed up files either compromised or deleted.

Data Center

At our secure data center, your data is stored on arrays of 1-terabyte enterprise-grade drives. Carbonite uses RAID-6 redundant arrays which spread copies of the data across multiple hard drives. Each array has 16 drives. Three of the 16 would have to fail simultaneously and the user’s PC would have to crash at the same time before any data would be lost. These RAID-6 arrays are 36,000,000 times more reliable than the hard drive in your computer. We have redundant power, redundant Internet connections, redundant Web servers and so forth. The data center is guarded 24 hours a day, seven days a week; and admission is controlled by fingerprint ID locks.

As you can imagine, we use a lot of bandwidth. We currently back up over 40 million new files every day and we have over 7 billion already backed up. Given the amount of bandwidth we use, it’s best to be located in a major telecoms center where multiple carriers converge. Therefore, we chose to build our data center in one of those so-called “bomb-proof” buildings with all the major Boston financial institutions and telcos.

Dave
CEO, Carbonite

Topics: Company News

Tags: encryption carbonite online backup data center security

Facebook Twitter DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Add diigo bookmark

Comments  1

  • Dave Yuhas 04 Jul

     "I think our defenses are as good as most banks."

    Organized cyber criminals stole more than $25 million from small to mid-sized businesses in brazen e-banking heists in the 3rd quarter of 2009 alone, federal regulators said last week. In contrast, traditional stick-up artists hauled less than $9.5 million out of U.S. banks over that same time period last year.

    Speaking at the RSA Security Conference in San Francisco last week, David Nelson, an examination specialist with the Federal Deposit Insurance Corporation (FDIC), said online banking attacks against small businesses of the sort I have chronicled countless times over the past year netted thieves $25 million between July and September of 2009.
    --http://krebsonsecurity.com/2010/03/cyber-crooks-leave-bank-robbers-in-the-dust/


    Murphy is convinced that banks are losing billions of dollars to cyber thieves, just because they can’t afford the IT investments needed to stop such theft, and in any case have no assurance that such investment would actually be successful in preventing further theft. All they can do is quietly reimburse any customers who are hit, while keeping the scale of the problem as secret as possible.

    Carbonite's security may be very good indeed, but I wouldn't use banks as an example of good security.
Post a comment!
  4. Formatting options
       
     
    		 
    		 
     
       

Links

Blog HomeSubscribe to Carbonite's Blog

Search

Comment Policy

It's your turn. At Carbonite, we care about what you have to say. We welcome opposing viewpoints and will post all comments as long as they do not include profanity, derogatory comments about other people, racial slurs, off-topic posts or spam. For more detail, please see our Users' Guide.

We look forward to hearing from you.