Be Paranoid About Your Data

Last week wasn’t a very good week.  Over the weekend the hard drive on my iMac failed and by failing Mac OS X said it couldn’t repair the drive so it came up read only mode.  So I did the sensible thing and copied the entire contents to my external Drobo (essentially striped RAID).

Then Monday morning the Drobo wouldn’t boot up.  It would just do a continuous boot and restart.  Not good, but at the end of the day all of our most important stuff, the source code for projects, is stored on a commercial source code hosting service.  In case of theft or disaster of my equipment I’m only down as long as it takes me to buy a new computer and download the repositories.

The Mac hard drive was replaced by Monday night and by Monday afternoon Drobo tech support had the Drobo back up and running.  They didn’t give a reason but I suspect that because the Mac had hard crashed a few times (due to the bad drive) it got into a state that it didn’t know how to recover from.  But it works and I didn’t lose any data.

Tuesday when things started to go back to normal we couldn’t reach our source code hosting service, Code Spaces.  On Twitter they said they were experiencing a DDOS attack and I didn’t worry to much about it.  They’re the experts, right?

By Wednesday they still weren’t back up.  A little concerned I went to their website and found the message that you never want to hear.  They accounts had been hacked and ALL of their repositories had been deleted.  Oh, and pretty much immediately they are ceasing operations as a company.  You can read more about it at http://www.codespaces.com and http://www.electronista.com/articles/14/06/18/hosting.company.returning.what.data.it.has.left.financially.crippled.by.attack/

So much for the offsite backups.  The fact that the backups could be accessed through their Amazon Web Services account should give anyone pause for concern.  Is your web services company really paranoid enough to protect your data?

I know more than a few people have given Xojo some grief that their security for Xojo Cloud is over the top.  Maybe it is, but then you hear stories like this and you start to wonder if maybe being overly paranoid is a good thing.

So here is my advice.  Have multiple sources of backups.  Keep one source in a safety deposit box and update it regularly.  Use a commercial host that you trust.  There’s no guarantee they they won’t be the next Code Spaces and get hacked but hopefully this incident was a warning to them to be more paranoid and strengthen their security procedures.

I know of developers that backup everything to a thumb drive on their keyring.  I’m not sure that’s entirely secure but if that makes them feel better so be it.  At least their source code is always with them.

While last week was not a good week at least I’m learning to be even more paranoid about my data.  Being paranoid about your data is a good thing.