Storage

Mozy online backup service: Privacy does matter

Online backup services are enticing, but, how does one know if the data remains private -- truly private? Michael Kassner takes a look at Mozy to see how it measures up.

Tony, a close friend who does web development and photography on the side, called the other day. His high-octane, water-cooled, multi-core HP server with a 2 terabyte RAID array was full. That took a bit to comprehend — my whole digital life doesn't fill up one 32 gigabyte flash drive.

And he was going to Mexico for a week — meaning untold additional high-def pictures. He wanted to know which 3 terabyte USB hard drive to get in order to free up space on the server. I stopped him right there, mentioning that he'd lose the redundancy offered by the RAID. His family would not be happy if the USB drive hiccuped and all their vacation snaps vanished.

"Oh, right. I forgot about that," he grudgingly admitted, "What do you think about those online backup and storage services?"

His response seemed quick — almost rehearsed. I knew what was coming next; yet, I bit. "Yes, they're a possibility, but not a cure-all. There are some privacy concerns." "Check into them for me — particularly Mozy. I've heard good things about their service," he said, knowing full well I owed him a favor.

I told Tony, "I'll see what I can do." "Great, almost forgot, I'm leaving in a week," he said quickly hanging up.

Because of Tony's abrupt departure, I didn't get a chance to tell him that one of the companies I deal with uses MozyPro for their backup and storage needs. And, as far as I know, there hasn't been a problem. I also read that Mozy is starting a service similar to Dropbox, which might be helpful — particularly while traveling.

I contacted Steve Jensen, Public-Relations Manager for Mozy, who in-turn connected me with Gytis Barzdukas, Director of Product Management. I asked Gytis the following questions.

Kassner: Mozy has a relationship with EMC Corporation and VMware — what are the specifics? Barzdukas: Mozy is backed by VMware and EMC Corporation. VMware operates the Mozy service on behalf of EMC after employees and assets supporting Mozy were transferred last year. Kassner: I also read something about Decho Corporation; where does it fit in? The reason I ask is the privacy policy for Mozy is published under that name. Barzdukas: A little history: Mozy evolved from a privately-owned company to 100 percent owned by EMC. The Mozy brand belongs to an EMC subsidiary named Decho Corporation — hence documents, like the Mozy privacy policy, refer to Decho. Kassner: One concern for companies and individuals alike is the privacy bestowed on data entrusted to online backup services. I noticed that Mozy has a privacy policy and a privacy commitment. Why the two documents and what are the differences? Barzdukas: The privacy policy explains our practices regarding the collection and protection of personal data supplied to us, or collected by Mozy through our users' interaction with our websites and services. That is to say, it's about what we do with information about you.

The privacy commitment is our pledge to our customers to protect the information they back up with us. That is to say, it's about what we do with information from you.

Kassner: From what I've read of the privacy policy and commitment, they appear to make sense. I do have one concern after reading this:

"We never sift through your information in order to create a profile of you or target advertising."

To me that implies you have the ability to scan and read uploaded data, but choose not to. Further on, the policy states:

"Your information is always encrypted before being sent to our data centers and while stored there."

Would you please clarify Mozy's position on this? Is the data truly unreadable? Does it make a difference if clients user their own encryption key?

Barzdukas: Mozy offers two options of encryption — a managed Blowfish key or a personal AES key. Though we have access to a customer's managed key, as our commitment states, we never use it to sift through a customer's data. This isn't a choice; it's a promise, and our business is built on our reputation for keeping it.

Now you may ask why we even need to make such a promise. We do it because we want to be crystal clear regarding our commitment to customers — we will not read or scan their data. If customers select to use personal-key encryption, they, and they alone, are able to decrypt their data. Either way, you can be assured Mozy is not reading your data.

Kassner: I have a friend who is interested in using Mozy to back up personal pictures and sensitive web-development data. Besides encryption, what other security precautions does Mozy take? Barzdukas: We believe that Mozy's standards for security are on par with those of anyone in the online-backup industry. Besides the Mozy-generated key and personal key encryption options, customer data is transferred to Mozy's data centers via a SSL connection.

Mozy is ISO 27001 certified and SSAE 16 Type 2 audited. Mozy's security practices apply to both MozyPro and MozyHome customers. MozyHome and MS Windows clients can use Mozy 2xProtect to back up locally to a USB or external drive, in addition to online.

Kassner: With privacy out of the way, I'd like to look at the specific products. You mentioned a Pro and a Home version. What are the differences? Barzdukas: MozyHome is for consumers and MozyPro is for businesses. The biggest difference is MozyPro comes with an Administrative Console that allows IT administrators to manage multiple machines from one location; and it comes with dedicated phone support.

Click to enlarge.

MozyHome is targeted to a single-user scenario. Support for MozyHome customers is via mozy.com and chat. The slide below compares the features.

Kassner: My friend has close to two terabytes of data. That amount would take forever to upload using his 1.5 Mb/sec DSL line. I read Mozy has something called Data Shuttle; would that help? Barzdukas: Data Shuttle is designed specifically for customers with large amounts of data. Data Shuttle is a door-to-door service; with Mozy providing two-terabyte hard drives. The customer then transfers the data to the devices, repackages the shuttles, and returns them to Mozy — via pre-paid overnight shipping.

This allows the customer to skip the initial upload over the Internet, dramatically decreasing the time required for this from weeks to days. The Mozy Data Shuttle is available from MozyPro resellers and Mozy directly

Kassner: I'm curious about your new service — Stash. Can you explain how it works? Barzdukas: Stash is a file synchronization feature that provides Mozy users a simple way to keep data current across each of their devices. As soon as you place a file in your local Stash folder, it quickly becomes available online, and is synced with your other devices; no need to wait for a backup.

Even when you're away from your computer, you have access to Stash. You can access it anywhere through the Mozy app for iOS and Android. You can even securely access your Stash from a friend's or colleague's computer right through the browser.

Kassner: Finally Gytis, there are many online backup services and they all seem similar. What makes Mozy products stand out? Barzdukas: The main things that set Mozy apart from the competition are:
  • Mozy's backing by EMC and VMware.
  • Mozy's security practices.
  • Mozy Stash is unusual, in that single-folder synchronization models are not prevalent among enterprise online backup solutions.
Final thoughts

Well, there you go, Tony. Once you get back from Mexico, you have a decision to make. I certainly hope you bring me something besides that same silly T-shirt.

Thank you Steve and Gytis, I'll make sure Tony understands that he owes you both a favor for providing answers on such short notice.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

Editor's Picks