Over the last few months, as I’ve shared my views on cloud backup and online backup, I’ve been having an offline conversation on the same topics with my good friend Mitchell Allen of MorphoDesigns and ParserMonster. As a techie and confirmed tinkerer with online stuff, Mitch had some interesting strategies to share.
Mitch, please tell us a bit about your background.
Sharon, I first wish to thank you for inviting me to share my eccentric views on cloud storage and online backup. As a creative person, far too much of my output is entrusted to digital technology. I have written novelettes, designed board games and developed commercial software.
While I have been in love with computers since my eighth grade math teacher gave me a book about programming, my whole life has been a love affair with words and games, thanks to my dad.
Can you give us a short history of your pre-cloud backup adventures?
I’ve had a 40-year journey of content creation, storage, editing and archiving. My first backup was on paper tapes that I rolled up tightly and carried around in my book bag.
By the time I got to college in 1979, I was using IBM punch cards. You could always spot the computer science majors by the oblong cardboard boxes of cards they lugged around. The cooler people had magnetic tapes, but I never got to use them.
Eventually, I got into the personal computer revolution and began with cassette tape backups on a Commodore 64. The storage media evolved rapidly, once the IBM PC and clones came out. One of the constants was this: I always had more media than physical storage space!
Another issue was obsolescence. I still have a useless stack of ZIP disks. Whether the hardware became outdated or the amount of storage became a limiting factor, I always felt a need to upgrade my backup media.
Thirty-five years after my first paper tape, I uploaded my first file to the cloud. I had read about Mozy (), an online backup service. It seemed perfect, in theory. No physical storage requirements, no outdated media, no worries about lost disks or damaged drives. I was hooked.
I know you have tried a lot of services. What’s your current backup strategy? Why?
My current strategy centers around the idea of actually working in the cloud. I use Basecamp for project management, Evernote for keeping my ideas, personal blogs and websites for my stories, commercial sites for my products and RoboForm to keep track of passwords.
Since I do so much work in the cloud, and because of a dismal history of hardware failure, I rely on the cloud to backup client projects as well as my own. For example, syncing services like Google Drive (15 GB for 0 $/year) and Dropbox (2 GB for 0 $/year) make life simple. All I do is create project folders within their special folders and my work is more or less instantly backed up.
Dropbox is particularly good for this strategy, since it maintains every version of each file stored. (Free users can retrieve revisions up to 30 days old, while premium users have unlimited retention.)
The mechanics of the strategy seems chaotic, but each piece is part of the content preservation puzzle. Files are in different categories: current, inactive, business, personal, confidential, etc. Rather than obsess over where to put each file, I looked at the capacity of each service and matched it to the types of files I backup. I use a free utility called CryptSync to treat every file as confidential. Finally, I use what I call file traffic cops to automatically move my files from folder to folder as needed.
I know you really rate CryptSync – what do you love about it? What’s missing, if anything?
Here’s how it works:
I have working folders for active documents. Let’s call one Projects and another Great American Novel. I also have folders for inactive documents. Let’s call one Invoices. Finally, I have a single folder to receive downloaded content. That one is called Downloads.
Dropbox and Google Drive use a single folder to sync my laptop to the cloud (and other devices I may add later). On the hard drive, the sync folders are named Dropbox and Google Drive.
The main piece of the puzzle is CryptSync. I simply instruct it to pair up a working folder or inactive folder with a sync folder. CryptSync encrypts a copy of files in my working folder and sends it to the sync folder. The service takes over from there.
For example, in the Dropbox sync folder, I created a subfolder called !Vault. I tell CryptSync to send my files from Projects to !Vault. As I am working on files in Projects, CryptSync periodically monitors that folder for changes and deletions and updates the !Vault folder accordingly. Currently, I have three such folder pairs automatically syncing my most important work to the cloud.
The one thing that I would like to see added to CryptSync is a way to at least review the settings for a folder pair. I had to resort to screen shots to use as a reminder of how I wanted to set things up. (Update: this feature is now available).
How do your “traffic cops” fit into your backup cycle?
The traffic cops work to send files from the Downloads folder to an appropriate inactive folder, where CryptSync takes over. The main traffic cop is a wonderful piece of software from LifeHacker, called Belvedere. Another one is Karen’s Replicator.
Both of these programs are rules-based. I specify things like file name, extension, timestamps and size to determine where to physically move files out of the Downloads folder. One quick example: I regularly download invoices as PDFs emailed from my web hosting provider. Belvedere monitors the Downloads folders for a file that looks like INV*.pdf. If it finds such a file, it automatically moves it to the Invoices folder.
Karen’s Replicator, on the other hand, is useful for synchronizing everyday folders. One example is the Microsoft Office Templates folder. Technically, I could use either traffic cop for all such duties. I’m always experimenting and I may wind up choosing one over the other.
What issues if any have you faced?
Just as my offline storage methods had evolved, so too have my online strategies. The main reasons are similar to those that fueled offline change: obsolescence and capacity. Cloud storage brings another trade-off: what to backup!
Unlike offline backups, where whole disk imaging is a viable, if time-consuming option, the online services are generally restricted to file-by-file backups. Not only that, many of them are optimized for syncing and sharing, which tends to restrict the size of individual files.
Also, the ability to quickly backup or retrieve files has been an issue. Perhaps I’ve been spoiled by Dropbox, but SpiderOak ( GB for 0 $/year) takes forever to backup! I realize that it is also doing syncing and encrypting but, guess what? I can do that on my own.
A big issue is monitoring the process. At one point, I had SpiderOak syncing and backing up my Roaming folder, where all my software settings are stored. Unfortunately, I didn’t take into account the SpiderOak settings folder! I literally wound up with over one million little log files that took hours to delete. Another problem is rebooting the laptop and not noticing that one of the syncing apps hadn’t started up.
Finally, something you mentioned in your series on cloud backups: do I really want a half dozen programs running in the background, slowing down my computer for the sake of free storage? I dealt with this by halting my acquisition of services. I even disabled SpiderOak and uninstalled SkyDrive (5 GB for 0 $/year) .
What’s got you excited right now in the cloud backup space?
Amazon Web Services. I have not invested time into exploration yet, but to me, Amazon’s myriad offerings and attractive pricing have kept me interested.
What are the things that turn you off about current online backup offerings and how could they be solved?
You and I discussed Single Sign On. This is a feature offered by PrimaDesk, one of the early players in cloud aggregation. According to their Security page, they encrypt your login credentials. Sorry, no thanks!
To me, giving up even a portion of your control to a third party is unacceptable. You give them what they need to serve you and that’s it.SSO and its inherent weaknesses can be rendered moot simply by handling your own security.
Contrary to my initial excitement about Jolidrive and the concept of cloud aggregators, my current assessment is that I really don’t need what aggregators do. The big draw seems to be to have a single interface for all of those disparate drives. But, don’t I already have that with my file manager?
Another nice feature is the ability to index your files. Well, ha-ha, good luck, since they’re encrypted. I use another free utility to help me find files on my laptop (but not content within.) it’s called Everything.
How do you feel about encryption? Which service that you use is best for this?
Encryption is a double-edged sword. We only have the security experts’ word that AES and Blowfish are secure. Even if they are, the bigger problem is dealing with the safe storage of encryption keys. I have to say that RoboForm is my favorite service for managing passwords. Because I have integrated RoboForm with my laptop, it can provide the passwords to the encrypted files created by CryptSync. This, in turn, gives me the confidence to instruct CryptSync to use really strong passwords.
So you use all these services, but how do you make sure they are working?
The system tray is humming! Seriously, though, I work with files every single day. The automation makes it seem like a set-it-and-forget-it scheme, but I am continually monitoring, accessing and rearranging cloud folders. This current setup is just the latest iteration.
Have you ever had to restore a file from one of your backups?
Yes, I accidentally updated a client workbook while testing some code. I told myself not to hit save, but I forgot. I just had to log in to Dropbox, click on the trashcan icon to view deleted files and folders, click on the appropriate project folder and browse through the deleted files until I found the most recent backup.
What’s the elephant in the room with online backup and cloud storage?
With all the focus on encryption and zero-knowledge backups, the one thing I feel we as end users don’t consider more carefully is password management. Indeed, that is a subset of any backup strategy; if you lose all of your passwords, none of the backups will be accessible!
These areas must be considered:
- Strength of passwords
- Storage and retrieval of passwords for daily use
- Archival of passwords (backup of the storage and retrieval database)
- Access to the Password Archive (Master Password)
- Backup of the Master Password
- A memory jogger or fool-proof method for recovering Master Password during a disaster
The last is the elephant’s trunk. Let’s say you’ve suffered a major calamity while on the road with your laptop. Your hard drive is toast. All of your synced devices are back home. You absolutely positively have to get the client presentation by 9 am the next day. Oh, it’s 2:30 in the morning when the laptop died in the middle of Angry Birds…
All you have is the hotel’s business internet room, or the Starbucks across the highway. Clearly, you need to be able to do one or more of the following:
- Access a web mail account and retrieve your Master Password from a cleverly written email that you sent to yourself or kept in draft folder, then log in to password-protected site to access presentation.
- Access your own server and recover the client’s presentation from the backups
- Rebuild the presentation from scratch
The last option is only possible if you used an online service or if your servers have the capability to recompile such presentations from project files. At any rate, how many people are actually prepared to do one of those things during those panicky hours before the deadline?
I believe that, because of the stressful nature of disasters (no matter how minor they may seem in retrospect), we need a drop-dead simple way to work 100% in the cloud during an emergency. Such a setup needs to be secure and not subject to the so-called single point of failure.
Consistency, redundancy and a bit of obscurity help. I don’t care what others think about security by obscurity, if they have no idea that I’ve hidden the key under the bathroom soap dish, it works for me. If I always hide my key under the soap dish, I won’t panic when it’s time to get that key. Finally, if I place a key under the soap dish in each bathroom, well, let’s just say that redundancy has its benefits!
In all seriousness, people really need to think about the first minute after a disaster. I’m sure there are dozens of tutorials and best practices for disaster preparedness. But we must not forget to make it easy for ourselves to begin the recovery process.
Let me give you a contrived example. Let’s assume that I’ve decided that I will store a simple text file with a list of passwords, instructions, notifications and other pertinent information. What do I have to consider?
1. How to keep it safe from prying eyes
2. How to make it accessible from anywhere, any time
3. How to make sure it works
4. When disaster strikes, I hope I remember how to get to this file.
Encryption is the best way to keep a document safe from prying eyes. Now, this might mean I need to zip it up with a password. I could, but then, I need to be able to access the program that encrypted it! Instead, how about using an encrypted PDF or a password-protected web page on your server? Either of these options will satisfy the first two considerations. To make sure it works, just access the PDF or web page!
The final consideration will require some discipline. I can’t speak for anyone else, but every time I have ever set up some arcane security scheme and returned to it even just a month later, I can never remember some key step! My solution? A bi-weekly “fire-drill”. Google sends me a reminder every other week to go get my disaster kit. I made it simple enough that after a few such fire-drills the protocol will be internalized.