login
backup strategy reloaded with mega.nz posted: Sun 2016-06-05 02:09:55 tags: tech, backups
It's been long enough since Barracuda terminated their Copy.com free cloud storage that I can't even find my own blog post noting the event. Nor can I find a post (THE post?) about general backup strategy, just a later post about hardening practices to ensure recovery in a ransomware scenario.

A comprehensive backup strategy needs to protect against loss or breach of a "primary working file repository". In Windows terminology, there are many places Windows itself will happily scatter files if the user lets it. Over the evolution of Windows, it has gotten better about concentrating users' files in their respective c:\Users\[Current User] folder. Unfortunately, at the same time, it has also encouraged accessories to litter the same folder with temporary files, perhaps the worst offenders being browsers that hide their cache folders in [Current User]\Application Data. Depending on your browsers, that may amount to gigabytes of data, perhaps more than your actually valuable real-work files. So there's a compelling reason to say no to Windows' predilection for scattering files outside of [Current User]\My Documents.

So let's say you've got all your pictures, music, and email client's mailbox files neatly corraled in My Docs. You've wrapped your head around shortcuts so instead of storing frequently-used files on the Desktop, you file them properly and create shortcuts to them on the Desktop instead. Now it's a cinch to copy of all your files to a thumbdrive, cloud storage, whatever. For most people, that's 80% of a good backup strategy, if they detach the backup and store it in a safe place away from the computer. Having an up-to-date backup does you no good if you leave the thumbdrive attached, and fire or a ransomware infection destroys your backup along with the original files.

Here's where cloud storage becomes attractive - you can have an offsite backup set without having to leave Mom and Dad's basement. But I don't trust cloud storage providers' claims of blind crypto, so my solution was to take crypto into my own hands, putting sensitive data in a TrueCrypt container file and sync the container into the cloud. Another concern was the scenario where a hacker gets the keys to your cloud storage and scrambles its contents, or perhaps worse, plants a malicious macro - do the compromised files get synced back to your computer? So syncing the backup repository, not the primary working file collection, also protects from that scenario.

The Mega client affords some fairly sophisticated include/exclude and folder-to-folder mapping, but none of that should be necessary. To limit reverse-sync and ransomware potential, you do want to go into the client Settings page and disable "Start on startup".

[copy.com did "delta sync" - does mega.nz?]

The strength of using local backup media (e.g. multi-terabyte USB drives available for under $100, or even thumbdrive if your dataset is small enough) is you can get sophisticated with incremental / differential strategies. In theory, your TrueCrypt container could be used incrementally too, but in practical use cases, managing the relatively limited container space will probably become burdensome quickly. For that reason, I wouldn't abandon local backups completely. Cloud backup, especially free offerings ala Copy.com or Mega.nz, should be viewed as secondary, last-ditch, when-all-else-fails recourse, not a first-line go-to in the event of catastrophe or breach.