Over the weekend, we had a couple of network glitches that – unfortunately – took out Internet access for a large chunk of our campus for about an hour or two at a time. On Saturday, we had a problem where a pair of our network switches in HSC became unstable and needed to be restarted. On Sunday, we developed an issue with our DHCP server that actually started Friday evening. We don’t yet have a definitive explanation for either of these outages but we suspect the former was due to not having the latest software installed on the switches and the latter may have resulted from too much load on the server from our backup software.
Generally, outages of services aren’t usually couched as security problems unless there’s some indication of malicious intent. However, any problem that affects the availability of a critical service can be an information security issue, regardless of whether the cause was malicious or accidental. As a result, there are cybersecurity topics that most people wouldn’t ordinarily associate with the notion of security.
Here, I’m going to cut to the chase and say up front: use Crashplan. While you can pay to store your backups online, it is free to use in perpetuity as long as you can live with 1 backup per day stored to a disk you own (like an external USB drive). 1 backup a day might sound like a lot of data but Crashplan supports fancy features like compression and deduplication to keep space requirements in check.
One concern with services like Crashplan is that you are potentially giving some corporation access to your data. To partially address those concerns, Crashplan does offer you control over how you encrypt your data. The normal warning applies, though: if you lose your fancy encryption key, Crashplan won’t be able to help you restore your data so make sure to keep it safe.
If you still don’t trust Code42 (the makers of Crashplan), there is another nice option called Duplicati. Being free and open source software, it does give you a level of control and trust over your data that commercial solutions won’t. It won’t give you all the nice features of Crashplan but as far as FOSS backup solutions go, it’s about as easy as it gets.
The other approach, and this is analogous to what we’ve tried to do with our network gear, is to throw more hardware at the problem and introducing redundancy. For example, to protect against a hard drive crashing, you can buy a box with two hard drives in it and mirror the data to each drive. That way, if one drive crashes, you still have your data intact.
But this approach can get very complex and very expensive very quickly. For the most part, it is easier and cheaper to recover from a problem as opposed to preventing it in the first place.