Online backup services are enticing, but, how does one know if the data remains private — truly private? Michael Kassner takes a look at Mozy to see how it measures up.
Tony, a close friend who does web development and photography on the side, called the other day. His high-octane, water-cooled, multi-core HP server with a 2 terabyte RAID array was full. That took a bit to comprehend — my whole digital life doesn't fill up one 32 gigabyte flash drive.
And he was going to Mexico for a week — meaning untold additional high-def pictures. He wanted to know which 3 terabyte USB hard drive to get in order to free up space on the server. I stopped him right there, mentioning that he'd lose the redundancy offered by the RAID. His family would not be happy if the USB drive hiccuped and all their vacation snaps vanished.
"Oh, right. I forgot about that," he grudgingly admitted, "What do you think about those online backup and storage services?"
His response seemed quick — almost rehearsed. I knew what was coming next; yet, I bit. "Yes, they're a possibility, but not a cure-all. There are some privacy concerns." "Check into them for me — particularly Mozy. I've heard good things about their service," he said, knowing full well I owed him a favor.
I told Tony, "I'll see what I can do." "Great, almost forgot, I'm leaving in a week," he said quickly hanging up.
Because of Tony's abrupt departure, I didn't get a chance to tell him that one of the companies I deal with uses MozyPro for their backup and storage needs. And, as far as I know, there hasn't been a problem. I also read that Mozy is starting a service similar to Dropbox, which might be helpful — particularly while traveling.
"We never sift through your information in order to create a profile of you or target advertising."
To me that implies you have the ability to scan and read uploaded data, but choose not to. Further on, the policy states:
"Your information is always encrypted before being sent to our data centers and while stored there."
Would you please clarify Mozy's position on this? Is the data truly unreadable? Does it make a difference if clients user their own encryption key?Barzdukas: Mozy offers two options of encryption — a managed Blowfish key or a personal AES key. Though we have access to a customer's managed key, as our commitment states, we never use it to sift through a customer's data. This isn't a choice; it's a promise, and our business is built on our reputation for keeping it.
Now you may ask why we even need to make such a promise. We do it because we want to be crystal clear regarding our commitment to customers — we will not read or scan their data. If customers select to use personal-key encryption, they, and they alone, are able to decrypt their data. Either way, you can be assured Mozy is not reading your data.Kassner: I have a friend who is interested in using Mozy to back up personal pictures and sensitive web-development data. Besides encryption, what other security precautions does Mozy take? Barzdukas: We believe that Mozy's standards for security are on par with those of anyone in the online-backup industry. Besides the Mozy-generated key and personal key encryption options, customer data is transferred to Mozy's data centers via a SSL connection.
Mozy is ISO 27001 certified and SSAE 16 Type 2 audited. Mozy's security practices apply to both MozyPro and MozyHome customers. MozyHome and MS Windows clients can use Mozy 2xProtect to back up locally to a USB or external drive, in addition to online.Kassner: With privacy out of the way, I'd like to look at the specific products. You mentioned a Pro and a Home version. What are the differences? Barzdukas: MozyHome is for consumers and MozyPro is for businesses. The biggest difference is MozyPro comes with an Administrative Console that allows IT administrators to manage multiple machines from one location; and it comes with dedicated phone support.
Click to enlarge.
MozyHome is targeted to a single-user scenario. Support for MozyHome customers is via mozy.com and chat. The slide below compares the features.
This allows the customer to skip the initial upload over the Internet, dramatically decreasing the time required for this from weeks to days. The Mozy Data Shuttle is available from MozyPro resellers and Mozy directlyKassner: I'm curious about your new service — Stash. Can you explain how it works? Barzdukas: Stash is a file synchronization feature that provides Mozy users a simple way to keep data current across each of their devices. As soon as you place a file in your local Stash folder, it quickly becomes available online, and is synced with your other devices; no need to wait for a backup.
Even when you're away from your computer, you have access to Stash. You can access it anywhere through the Mozy app for iOS and Android. You can even securely access your Stash from a friend's or colleague's computer right through the browser.Kassner: Finally Gytis, there are many online backup services and they all seem similar. What makes Mozy products stand out? Barzdukas: The main things that set Mozy apart from the competition are:
- Mozy's backing by EMC and VMware.
- Mozy's security practices.
- Mozy Stash is unusual, in that single-folder synchronization models are not prevalent among enterprise online backup solutions.
Well, there you go, Tony. Once you get back from Mexico, you have a decision to make. I certainly hope you bring me something besides that same silly T-shirt.
Thank you Steve and Gytis, I'll make sure Tony understands that he owes you both a favor for providing answers on such short notice.