Outline is our guide to IT topics related to data and data security. We present a brief outline of our ideas and experience here, please contact us on This e-mail address is being protected from spambots. You need JavaScript enabled to view it if you'd like to discuss any items with us further.

Cloud Backup - Great for a little data, not so great for lots of data

Data Stored in a cloudThere are currently many tools being given away, included in the box and sold on their own for backing data up to the cloud (Internet storage). Given the movement for on-line everything, why isn't this sufficient for all backup and data disaster recovery needs?

Simply put, it depends how much data you want to store, whether you are willing to organise it into special cloud backup folders and how quickly you might need to retrieve it. For a few hundred megabytes of data it is cheap, quick and easy. By the time you are storing tens of gigabytes it can be expensive, slow and hard to leave.

The UK Government regards 2 megabits per second (Mbps) as the minimum speed which allows you to use the internet reasonably effectively. Currently this broadband speed is available to around 86% of the population. (House of Lords Select Committee Committee on Communications, July 2012.)

A basic broadband connection with a speed of 2 Mbps download, 256 Kbps upload, and a clear internet can download around 900 MBytes per hour and upload 115 MBytes per hour. This assumes perfect 100% no-slowdown, no-interruption internet access at this speed.

If you wished to protect 10 GBytes (10,000 MBytes) of data, it would take a little over 3 full days (86 hours) to upload and a little over 11 hours to download. 100 GBytes would take the best part of a month to upload and nearly 5 days to retrieve. Would you be happy to put your business on hold for a week to retrieve your data?

If your broadband speed is faster than this basic level then these times could be reduced, but please remember, in a crisis, the connection you are using for data recovery may not be as quick as your normal daily office connection. Regardless of your broadband speed, upload/download speeds will also be affected by internet capacity and congestion.

Our testing on fast broadband connections suggests that 3-5 Mbps (300-500 KBytes/sec) is as much as we would want to plan on using over a number of hours despite the fact that our connection demonstrated burst speeds of over 40 Mbps.

If you need to protect less than 2 GB of data, free or bundled accounts are easy to find and easy to try. We use them for family sharing, swapping files between machines and so on.

If you need to protect up to 10 GB - 50 GB of data, cloud storage may work for you as long as you know what you are getting, have tested the practical upload and download speeds of your connection and have planned for any delays uploading and downloading the data.

For more than 50 GBytes, we recommend thinking carefully about whether bulk cloud data storage is right for you. If recovery speed is not critical or you would only need to recover small items a few at a time, and you are happy to pay a premium for someone else to manage your storage, the cloud could be a good solution. Watch out for monthly storage costs if your online storage starts to climb above 50 GB, 500 GB physical disks are less than £50 on the high-street.

The problem comes when you store a few GB online at first and 18 months later you suddenly realise your storage has grown so big it is no longer good value, no longer protecting your business properly, but too big and too slow to easily move somewhere else.

Active Rescue for Data: http://www.coexpansive.com/active-rescue-intro
Dropbox: http://www.dropbox.com/

Secure Email - You wouldn't write a payslip on a postcard

Padlock and envelopesIt is not commonly understood that most email travels in a manner open, readable and searchable by every internet switch and server that transfers it from sender to recipient.

Sending confidential information like this is a little like sending a payslip, or account statement, written on the back of a postcard rather than sealed in an envelope. It is likely that the postmen, the sorting office, and the person who picks your post up have no interest in reading all the postcards they handle but it's an uncomfortable thought all the same.

Major mail systems such as Lotus Notes and Microsoft Exchange can be set up to offer encrypted mail options, but it's not so hard to offer secure email on a desktop by desktop basis if only a few people in the office need this ability.

Not every message needs to be sent securely, but each may be optionally signed with a secure digital signature and/or encrypted. A digital signature provides authentication for the recipient, "I am certain this message was sent by the named sender and has not been tampered with since it was sent", encryption ensures that only the intended recipient can read it.

Secure email is unnecessary for the majority of email traffic, but the ability to switch it on when needed if exchanging draft accounts, pre-release results, bid or contract notes or other confidential information can be invaluable.

Wikipedia - Email Privacy: http://en.wikipedia.org/wiki/E-mail_privacy
Wikipedia - S/MIME: http://en.wikipedia.org/wiki/S/MIME

Password Management - One password to rule them all

Username and password log in formThese days we need PINs, codes and passwords for everything: email, banking, online shopping, SIM cards, Wi-Fi access, you name it and it needs a password. Some are numbers, some need to be at least 8 characters, some cannot contain spaces. There is no sane way to remember complex, secure passwords for all the systems you access that need them.

One bad way to deal with this is to try and use the same password for everything. Bad squared is the same easily guessable password everywhere. Bad cubed is putting sticky post-it notes with passwords written down near your PC.

A good answer is a password manager. You only need to remember one high-quality pass-phrase to access the password manager and the password manager stores the rest of your PINs, codes and passwords. Good password managers can automatically create new passwords when you need them and can respond to web requests so you don't need to re-type the passwords yourself.

Password managers do require a little effort to get them started and to use them on a regular basis, but the reward in having much higher quality passwords unique to every site, with only one phrase to remember, makes the effort easily worth while.

We like KeePass because it is free, open source and available on Windows, Mac, Linux, iPhone, Android and Windows Mobile so one key safe can be shared and used by all of these platforms using an all-platform file sharer such as Dropbox.

A good comparison of some of the other popular password managers can be found at the LifeHacker website.

KeePass: http://keepass.info/
LifeHacker: http://lifehacker.com/5529133/five-best-password-managers
Dropbox: http://www.dropbox.com/