Stop Relying on Cloud File Stores as a Backup Strategy

There is a growing assumption that Cloud file-storage services represent an ideal way of backing up files. It seems a compelling idea because it is so easy and seems secure. The truth is, as always, more complicated. There is more to any backup strategy than just cloud storage

It’s a common enough story. Those files you thought you had safely uploaded to Dropbox have magically disappeared. User error? Software glitch? Undetected virus? It doesn’t matter. Your files are gone. Too bad you didn’t back them up to a DVD or flash drive or external hard disk or something. Even another computer would have been better than nothing. But then, like a lot of folks, you assumed all that Dropbox syncing and replicating had you covered.

Lessons learned.

At least you can take comfort in knowing you’re not alone. This past summer, Jan Curn posted a story to Medium about how Dropbox had permanently deleted 8000 of his photos because of a bug in the syncing process. In an effort to make room on his laptop’s hard drive, Curn enabled the Selective Sync feature, deselected a number of folders, and then clicked the Update button. Nothing happened. He waited a couple minutes, then restarted the client. This time around, he removed the folders one-by-one. That seemed to work. The folders no longer existed on his laptop, but showed up on the Dropbox servers, just as he had hoped. Two months later, his hopes were dashed. The folders were still in place, but most of files had been deleted.

Curn’s story is, of course, not the only such tale of woe, nor is Dropbox the only service to have files go missing. Curn is also not the first person to assume that Dropbox or other cloud storage services can be trusted as backups.

Cloud Storage Is Not Cloud Backup

Rule number one. Dropbox is not a backup service, nor is Box or One Drive or Google Drive or any of the other cloud storage services out there. They store your files and maintain version histories. They hang on to deleted files for 30 days or longer. They sync files across multiple devices and make it super easy to share those files with other users.

Cloud storage services have, in fact, gotten so damn good at what they do that more of us are flocking to them every day. They’ve become an integral part of our personal lives and the way we conduct business. They make files available wherever we are, whenever we need them, on whatever devices we’re using. They are magicians, pulling out one rabbit after the next.

But that doesn’t make them full-fledged backup solutions, no matter how much we want to pretend otherwise.

Here’s what a backup solution does. It ensures redundancy so multiple copies of each file exist at all times. It ensures durability so that no matter what files are deleted or corrupted, at least some version of the file can be recovered (assuming the file wasn’t corrupted from day one). A backup solution also ensures that snapshots exist at regular intervals and that files can be restored to a specific point of time from those snapshots.

Cloud storage services cannot deliver on such promises. One little glitch and your files cease to exist, or at least are no longer accessible. Whether they still actually exist is another question altogether. What’s important is being able to recover what you expect when you expect it. Your storage service might save those files ad infinitum, and hang on to as many versions of each file as you create, but versioning does not equal a backup strategy, nor does the promise of a file existing for all time. Files are too easy to delete from such a service, and those deletions can be easily propagated across all your devices. Just like a virus.

A backup solution archives your data and keeps it safe in the event the unthinkable occurs-flood, fire, theft, malware, system meltdown, someone doing something really dumb. It can happen. It will happen. It’s just a matter of time. Unlike a cloud storage service, a backup solution is not about quick access and frequent updates and rapid sharing, but rather the steady, methodical archiving of data over the long haul to prepare for possible disaster.

And that disaster can strike both individuals and businesses alike, hitting the hardest when we least expect it. Who among us doesn’t have something of value we don’t want to lose or can’t afford to lose? A significant loss can lead to frustration and wasted resources and a whole lot of heartache. If a storage and syncing service is your only backup, your files are susceptible to any number of vulnerabilities, from cyber attacks to provider oversight to software bugs to rogue insiders. What if the provider experiences a major system failure? What if its facilities are broken into? What if it goes out of business? Even if the service maintains a copy of the files on your computer, you cannot count on them being there when you need them. Storage services don’t just sync files, they sync changes to files, including inadvertent deletions. One bug or misstep, and everything could be gone.

A Backup Strategy Is More than Just Cloud Storage

Don’t get me wrong. I’m not advocating you abandon your cloud storage services. All that automated syncing and versioning translates to management bliss. You can update a document on one device and within seconds be reading it on another. Just don’t trust these services as your sole method of file protection. They might duplicate those files across multiple computers and maintain copies in several data centers, but all that integrated management and synchronization can be as much a curse as a blessing. It takes only one permanently “misplaced” file to recognize how vulnerable your data is.

The only way to protect your synced and shared files is to back them up to other devices or services, which means coming up with an effective strategy for managing that process. Many backup proponents point to the old 3-2-1 standard. Maintain three backups of each file you consider too important to lose. Utilize at least two different formats. Make certain at least one of those backups resides off-site.

Most people understand that one copy of important data is never enough. Hard disks fail. Crooks steal computers. Houses burn down. Viruses spread. That’s why we back up our files. That’s why we do it often. Even then, backups can fail, usually when we need them the most. We might even lose our backups altogether, at the same time we lose our primary files. Think floods, earthquakes, treachery, or any number of natural and unnatural disasters.

So one backup at least. Always. Two backups, even better. That way, you’re not relying on a sole backup to be there when you need it. Three, of course, is best. That seems to be the magic number to appease even the staunchest of IT types sworn to uphold the laws of data preservation. They assume, and many would agree, that the odds are stacked against all three backups failing at the same time.

As equally important to the 3-2-1 strategy, however, is to use at least two different formats for your backups-external drives, DVDs, backup services, that sort of thing. Different formats are susceptible to different types of risks. A DVD or CD can decay and churn out nothing but gibberish. A backup drive can take a great fall, and no one can put it together again. A false alarm can set off a sprinkler in the room hosting your network attached storage (NAS), shorting out its circuits and frying everything inside. Even a cloud backup service can go out of business and leave your files in a state of perpetual-and inaccessible-limbo.

And then there’s the off-site component. As part of your multi-format strategy, you should ensure that at least one of those backups remains safely ensconced someplace separate from your other copies. That way, you’re not left holding an empty bag if a thief takes off with your computer and attacked backup drive or that raging river overflows its banks and washes away your home.

For some of you, the 3-2-1 strategy might seem a bit too much. You’re willing to concede the fallibility of storage services, but you’re not willing to invest a lot of time and energy and money into protecting all those wedding photos from your first three marriages. So you strike a compromise by implementing a single backup solution in addition to your cloud storage service, often an external drive directly attached to your computer.

But this raises an interesting point. Should you consider the storage service itself to be one of your backups? After all, copies of the files are stored off-site on a medium different from your external drive, which of course is a good thing. But it’s still a storage and syncing service, not a full-fledged backup service.

Some proponents of the 3-2-1 strategy certainly do include storage services as one of the backups. Others do not. True, these services can’t be trusted as your sole backup, but perhaps as one in an arsenal of many they’re not so bad. You’ll have to make that call, of course, but if you count your storage service, you should be looking at additional backup options as well, otherwise, all we’ve done here is walk around in circles. If nothing else, a backup strategy should avoid a single point of failure, and a cloud storage service is a single point, local files notwithstanding.

Regardless of how many types of backups you plan to implement or whether you count your cloud storage as one of those, you have several other options worth considering. You can back up your data to physical devices, you can back up your data to cloud backup services, or you can do both. Heck, some people even use multiple cloud storage services and call it good.

Physical Devices: The Default Backup Strategy

You’ll find plenty of horror stories about people trusting their files to the cloud and then losing those files forever. No doubt user error plays a role. We are human, after all. But the providers themselves might also be culpable, or the cybercriminals doing their darndest to take them out. It doesn’t matter. Once the files are gone, they’re gone. That’s why many of us already back up our files to other devices, often external drives.

There’s good reason we turn to external drives. They’re affordable, easy to implement, and can make backup and restore operations relatively painless. There are also lots of models to choose from, in terms of capacity and durability and speed. We even have beefy devices such as the ioSafe Solo G3-fireproof, waterproof, creepily quiet-and complete with up to $2500 in forensic recovery. For people really serious about their backups, most notably those protecting their businesses, we have NAS, dedicated network storage that can be set up in a RAID configuration, helping to reduce the risk of data loss in the event of disk failure.

In addition to those external hard disks, we can use CDs, DVDs, Blu-rays, flash drives, tape drives, or even other computers to back up our data. They all have their advantages, but also carry risks. They can fail or go bad or decay or in some way fall to pieces. A power surge, for example, can fry your peripherals just like your computer. Even if a device appears to be in working order, there’s no guarantee the backup file itself is not flawed. If that file is an entire system snapshot, you’ve lost everything.

Imagine this scenario. Somehow, a file in your Box folder gets deleted, but you don’t notice its gone until several months down the road, long after the file has been purged from the Box servers. Fortunately, you’re working on a Mac and have been performing regular Time Machine backups to an external drive. Unfortunately, that drive has only a 1-TB capacity, so all the older backups-the ones before that file mysteriously disappeared-have been deleted to make room for the newer backups, just as it is designed to do.

Here’s another scenario. You’ve connected an external drive to your computer and are backing up your OneDrive folder along with any other files you want to include. You visit a website infected with the latest zero-day malware. A virus works its way through your system and corrupts a number of files on your computer’s hard disk. Those files are then propagated to both the OneDrive servers and to your backup drive. Unfortunately, you don’t catch the virus until it’s too late to recover any older versions, just like the mysteriously deleted file.

As a way to help mitigate some of the risks that physical backups present, given the variety of disasters that can occur, some folks maintain two external backup drives, rotating them regularly to an off-site location. For example, they might bring the spare into work or drop it off at a relative’s house, always swapping them back and forth to keep each one relatively fresh.

This approach can certainly help in the event of theft or natural disaster (unless it’s of extreme magnitude), but there’s still the risk of propagating a corrupt file or inadvertent deletion. Here’s where using an alternative medium might come in handy. If in addition to an external backup drive you were to burn your files to DVDs at regular intervals and store those off-site, you might stand a better chance of recovering an older version of the file. You can keep adding DVDs rather than overwrite data on a hard disk. Of course, you’ll want to use archival type DVDs such as M-DISK. That way, at least, you won’t have to worry about the dye layer degrading, although you still have to worry about the DVDs being left next to the stove or within range of a dog looking for a chew toy.

Implementing a Cloud Backup Service

To get as much free space as possible from cloud storage services, some people juggle multiple accounts, often using one service to serve as a makeshift backup solution for the other services-or perhaps creating an even more complex configuration. That might work, if you can ensure that corrupt files or inadvertent deletions cannot be propagated across all services. Anything short of that, and those services together can still represent that telltale single point of failure. Multiple cloud storage services do not necessarily constitute a backup solution any more than one storage service does.

But there are cloud services out there designed to do all those things a backup solution is supposed to do. Services such as CrashPlan, Carbonite, Backblaze, ZipCloud, and Amazon Glacier all offer cloud-based services that let you back up your files to their data centers (or the ones they lease). You upload copies of your files via the Internet to their servers, where data is protected against loss, corruption, and security breaches. As long as you have a fast enough Internet connection, you can back up your files from wherever you located. And that includes the files you’re already syncing to Dropbox. In most cases, you simply include the service’s folder on your local hard drive as part of the backup process, assuming copies of the files are kept on your system.

The features you get from a backup service can vary a fair amount from one provider to the next. Some offer client applications and support automated backups. Some support multiple operating systems and offer mobile apps. Some provide granular file selectivity, let you include external drives in your backups, and maintain file versions. Some are faster at restoring files than others. Some are easier to use. Despite these differences, they all provide a way to safely and securely store your backups as long as you need them, with the backup process often occurring in the background in a non-intrusive way. And most of them, if not all, promise never ever ever to permanently delete a file without your explicit okay, swearing to archive your data forever, as long as you keep paying them to do so.

And, yes, you do have to pay. Unlike cloud storage services, which are tripping over themselves to give away their wares, backup services tend to be a little more conservative, expecting subscribers to give something in return for hosting their backups. That said, prices have come down considerably, with Amazon’s Glacier undercutting all the rest. At a penny a gigabyte, the service is practically nothing when compared to the old days of online storage. Of course, if you’re storing terabytes of data, your expenses can add up. You can also be charged for changing and restoring data. Like any product or service, cost considerations must be balanced against your needs and the services being offered.

Cost issues aside, cloud backup services solve the dilemma of storing your data off-site. Plus, your data might be replicated to centers far, far away. As a result, these services not only address the area-wide catastrophe scenario, but also provide that second format in your 3-2-1 strategy, should you be relying solely on a physical device. And given that they’re cloud services, you can access that data from just about anywhere at any time, being constrained, as always, by your Internet connection.

In fact, issues surrounding the Internet will likely be your biggest challenge with a backup service. If you’re trying to back up or restore a lot of data, it can take a long time. You need a fairly decent Internet connection to use a backup service effectively. With enough data, you need a superior connection. On top of that, your ISP might place limits on how much data you can upload or download. Even without the limits, it can take days to restore a backup if it’s large enough. (Some services will ship drives to you for backing up and restoring purposes.)

But it’s not just your Internet connection that can be an issue. Backup services have been known to throttle bandwidth if upload or download operations get too big. A large enough backup can take days or weeks. Maybe longer. Restoring data can be just as painful. You can also end up paying extra for the service if you delete and retrieve files too often.

You should be thinking of a backup service as more of a system for archiving data than simply as a place to store files on a day-to-day basis. Cloud storage services are better suited to everyday operations, where files change frequently and are synced and shared. A cloud backup service is in it for the long haul, making it more suited to participate as part of a backup strategy. That way, you know those Google Drive files will be relatively safe no matter what mishap might befall them.

Even so, as with any cloud service, things can take a turn for the worse with a cloud backup service. Imagine if you’re relying on only your storage service and backup service to serve as your backup strategy. That might seem a fairly safe approach when you consider all the built-in redundancy. However, suppose both of those providers are hosting the data in Amazon A3 data centers. Now suppose the unthinkable happens and those servers are somehow compromised in a way that also impacts the replicated backups. Your only hope at that point might be your external hard drive you attached to your computer last year and pretty much forgot about.

Dropbox Does Not a Backup Strategy Make

Clearly, no single backup method provides an absolute guarantee, which is why many backup proponents advocate the 3-2-1 strategy. It ensures against a single point of failure in your backup plan. It even ensures against two points of failure. Neither a cloud service nor a physical device is without risks. Together, at least, they provide a better chance.

If the 3-2-1 system seems too much, make certain you at least implement some sort of backup. Your synchronized Dropbox files are not the solution. Add an external backup drive. Burn some DVDs. Sign up for a cloud backup service. Do something. Once your files are gone, they’re gone forever.