How safe are the clouds?
In the last week, Carbonite, a large backup vendor, was reported to have lost data for a significant number of users. In articles like this and this, journalists and users have been asking, rightly so, “How safe is data in the cloud?” If companies providing Cloud Computing are charging money to manage others’ data, we should expect them to do a better job than the average user or company. But how much safety can we reasonably expect?
As someone who uses Cloud-based services each day, I follow these discussions with interest. How much safety do I expect from using the Cloud? I expect to have full access to every bit of data I have at all times. No not having access to some of my data and not the rest, requesting a restore and waiting for an email when it’s ready, no waiting for a DVD in the mail. In a nutshell, complete and instant access. But is this a reasonable expectation for all data managed through Cloud Computing?
In my view, no. “Cloud Computing” is a type of technology, just as a “car” is a type of vehicle. While a Volvo and a Pinto are both cars, few would argue that they can expect the same level of safety. Before I buy a car, I ask basic questions to find out how many airbags there are or whether there is traction control because I know each car is different.
Cloud Computing is exactly the same. Problems that affect one Cloud Computing solution may not affect another. I reasonably expected complete and instant access because I did my homework.
Below is a basic set of questions I use to determine how safe my data is. I’ve included answers for Syncplicity as well for those curious.
1. How is the data stored?
You want at least three geo-replicated copies. If you have three copies, if something fails, during the time it takes an automated system or a human person to fix the problem, you still have multiple copies elsewhere for safety. A secondary failure happening after a first is surprisingly likely. Geo-replication means the data is stored in multiple data centers. Natural disasters, power outages, and network failures can all disable a data center. These types of problems, while rare, also typically take days to resolve.
What Syncplicity does: For a higher level of data safety, Syncplicity keeps four geo-replicated copies of all data.
2. Are verifications being done on the data?
Storing data is easy. It’s making sure you can get it back, one month, one year, or one decade later that’s hard. If you’ve ever burned a CD and found you couldn’t read it back later, you’ve experienced bit rot. You want to find out how your provider verifies your data hasn’t suffered bit rot and is still accessible.
What Syncplicity does: Syncplicity works with active data so our systems are constantly writing and reading the data stored. On each read, a verification test is performed to ensure that the data is accessible and the same as what was stored so you can be assured that your data is always available to you when you need it.
3. How is the data managed?
You want to make sure that your data is encrypted, there is strong security and access controls, and a strong privacy policy. One thing to look out for is that the privacy and data disclosure policies of many companies cover contact information, but specifically exclude your actual data. Thus, while they aren’t allowed to give your home address to anyone, they could give them your tax return. This is just plain wrong, but something to watch for.
What Syncplicity does: Data stored in Syncplicity is transferred and stored fully encrypted with the same technologies used by banks and the military for classified information. Specifically, data is transferred over 128bit SSL and stored using the Advanced Encryption Standard (AES). Syncplicity’s Privacy Policy is also one of the strongest in the industry. We make it a point to explicitly extend our privacy policy to cover all stored data. Viral Tarpara and I discussed what this all means in more detail in Understanding Privacy in Cloud Computing.
4. What happens if the company disappears tomorrow?You’ll want to make sure they have a good story as to how to get your data if they go out of business or the service fails in a prolonged manner.
What Syncplicity does: Syncplicity provides data management rather than pure data storage. In the case that Syncplicity disappears tomorrow, you still have full access to your data on each computer, device, or web application that you use. What you lose is the accessibility and management functions such as access to previous versions and revision history, access to your data from your cell phone, and simple sharing.
As luck would have it, my own laptop died a horrible death this week and my faith in the clouds and Syncplicity got put to the test. I’m happy to report that all of the cloud-based services I used, from hosted e-mail to online code repositories to Syncplicity, passed with flying colors.
I generally encrypt all my sensitive files myself so that I have full control and know that no matter where they are being stored or who by, I am the one who knows the key. Most software packages support this, if they don’t then you can use a program such as 7zip to do it. Ultimately, the safest thing is to encrypt everything yourself in addition to whatever encryption services other people provide.
This was a very reassuring blog post, especialyl when it comes to storing our data in different locations 
The convenience and usefulness of this service has led me to become far more dependent on it than I would ever have expected. Its not until I’m blocked access from school that I realise how much I need your service, so keep up the great work!
(C2KNI http://www.ck2ni.net block access to syncplicity because it is, “personal data storage and backup” – I dunno, most schools just block porn and things but obviously northern ireland considers useful services a threat, perhaps you could e-mail C2KNI and clarify what your site does and how it might help me get my homeworks in on time!)
I can not see any download link of syncplicity client. Is it removed?? or am i missing something.
I might believe syncplicity is “safe” if I believed that their staff is problem free. Just look at the support forums to see how responsive they are to support requests. I’ve been emailing them for two weeks with no response, and I’m actually a paying customer. With support response like that, it’s no wonder people might start wondering about the safety of their data.
I’m about to reverse charges with my credit card company and cancel my account due to their lack of any type of response on support issues.
They have time to make blog posts, but not see to customer’s issues. Great work!
@Nav Just click Sign Up and create a Syncplicity account, Nav (you can get a 2GB account for free). Once you’re logged into My Syncplicity (your personal Syncplicity portal), you’ll be able to download the client for either Macs or PCs.
@Eric Smith Eric, sorry about the delay in getting back to your support request. The request has been assigned to one of our engineers who addressed the issue you’ve outlined just last Friday. I’ll be making sure our support staff keeps everyone up-to-date on the progress each ticket is making behind the scenes. Thanks for your patience here!
Ondrej, I also posted an issue almost a month ago about renamed files/folder causing all sorts of trouble with Syncplicity, with no reply. Other users have also had the problem. Not only that, but it runs contrary to your FAQ which contains a false claim. Some info on this would be appreciated.
All looks good, but no win 2000 support.. I use multiple platforms and still use 2000 on a few machines.. GetDropBox works with all platforms.
I have signed up for a free account for the time being and appreciate the generosity of the space provided. Can some speak to the security concerns posted earlier, if we can’t supply an encryption key then how can we be guaranteed our data is safe, what measures are in place that do not allow snooping.
Sorry, the comment form is closed at this time.
Other services like Mozy and Carbonite allow customers to use their own encryption key. Syncplicity, however, doesn’t offer this. Therefore, users simply have to trust that Syncplicity employees won’t unencrypt and snoop on their data. I know Syncplicity will say something like ‘we have strict processes in place to prevent this’ but we know how human nature can be. I’m not comfortable knowing that sensitive or private data that I encrypt and transfer to Syncplicity can be unencrypted and viewed by staff there because they hold the key.