Is it better to back up my business's data on a traditional external HD or in the cloud? Pros? Cons?

There's no reason to not belts & suspenders (depending on your total data size). Back in the day (2004), I used to sell 'cloud' backup at $30/GB. We are now well sub $1/GB.

The cloud pros are the easiest to spot: if you suffer a fire - you back room will be affected as well. Manual backups are like oil changes, then rarely happen on schedule.

Cloud cons may exist (you just nee to check into it) - 1) is the data encrypted over the wire & in storage 2) how long will it take to get your data back if you need it all, right *now*.

For what it's worth, I've used cloud services for 7+ years without issue. Just my $.02.

I'm still a bit nervous about committing critical data to the cloud. I'm worried about that clear day when the clouds have all disappeared and with them, my data.

While I'm not usually a belt and suspenders type of person, I don't care to have critial data too far off site or in the care of others. I'd rather have a network drive tucked away in the back room quietly doing daily back-ups.

Rules for a ("Mission Critical") Backup is always - 3 copies, 2 Different Media. There is no "issues" if one of the copies/media is the cloud.

The "problems" of having a backup at a place where you do not have direct access or control, and the efficacy of having multi-TB worth of data, data retrieval speeds, fail-proof-ness of the remote storage media all have to be considered.

The Backup rule "3 Copies, 2 Media" has to be rigorously followed,

I use both.

I have bought inexpensive external hard disk enclosures and taken an old but reliable HD and put them in the external enclosures. I have a back up program that does a back up at night to the external drive.

I also subscribe to Carbonite which is a cloud based program that is constantly doing back-ups but it doesn't seem to bother the system or internet performance. I have been using for every one of my computers for 2 years. I have had to restore from Carbonite once and it was every easy. The subscription costs $56 every year.

If I have a fire or theft of my computer equipment the cloud based solutions helps. The external hard drive approach gives me additional piece of mind because it takes about 5 seconds to unplug it and run. I have about $50 invested in this solution because I already owned the hard drives.

What happens to your business if data is not available for this
amount of time. Once you know that then work backwards as to how much risk you can afford to eliminate.

Both have their advantages and disadvantages and most of them have already been covered in other responses. However, there are a few that have not been mentioned.

Carbonite was mentioned as a backup company but you must pay a fee for each computer. Should your main computer crash, it can be problematic to download the backed up data to another one. Some companies support several computers under a single license and some offer file sharing as well. Some are user friendly and others are not. Some cloud providers do not backup Outlook or other e-mail providers automatically. You have to manually back them up to a separate file which is very hard to remember to do. Security is a vital issue. As is proven with great regularity, no system is safe from skilled and determined hackers but you do need to research on the actual levels of encryption and security. This is particularly essential if you store customer data that may require meeting PCI or HIPAA security rules. You also need to remember that backups only include files and not programs so you need to protect your original programs if they are physical media. You also need to be careful as to who has permissions to login to backup service providers to prevent potential tampering.

External hard drives are certainly cost effective but being a machine they can also fail. I once was consulting with a small company that used an external hard drive for back-up. The owner did usually take it home to update the home computer on certain program files but not a complete system backup. However, I was concerned with that single solution. I suggested using an unused office computer as an extra backup which we did. Good thing because the main computer was sabotaged by a very angry terminated employee and the external hard drive crashed less than 48 hours later.

I think all the comments here are very helpful. Remember though, once you select a backup method, you have to test when feasible to make sure it works.

I agree with Andrew that it may make sense to use both. I do.

Dennis also wisely pointed out that however you back up your data, you MUST periodically test it to make sure it has maintained its integrity and you're not just backing up worthless data. So often overlooked once a backup process is in place, but a vital step.

One must always consider the "what if" ... what if the cloud provider tanks - what rights do you have to your data - what is the time-line to deliver the back-up - what will you do in the meantime - what format will the data be preserved in if they should provide that option??

Many questions when all the eggs are in one basket. I'd opt to mirror with another service or technology especially if the responsibility falls in my lap - when the event occurs I'd rather have the options at hand and exude preparedness as my MO!

I would say in the cloud with a few considerations.

1. Encrypt the data before leaving the premises. There are several technologies you could use.
2. Ensure that the back-up strategies of the company are sound. What happens if they lose your data from a recovery standpoint.
3. Retain the right to audit their services on a regular basis. You might never use this, but it's nice to have in the contract.

Quite a few people are scared of the cloud, I look at it as a value added service, but without the trust of a traditional dedicated solution either on your site or one third parties site.

I hope this helps. If you want specific technologies for the encryption let me know. There are free and commercial options, but do not trust the third party to encrypt; that is how people got into trouble with the Dropbox fiasco.

Yes, to all of the above. My value-add to this discussion is a recent document that came to my attention within the context of a very minor, even a trivial civil suit here in New York City in which the opposition demanded delivery of all hard disks used in the Plaintiff's business. Bear in mind that no crime had even been committed or charged, it's a silly family law case. Yet even in such a case, the litigators unaware of the business and technology issues, cast such a wide "discovery" net that a small business can be irreparably harmed in even a civil suit unrelated to the business itself.. Imagine what's possible if a larger firm, or a highly aggressive / blunt instrument litigator were to make a cynically motivated and immediate demand all of your hard disks for both personal and business systems.

While his sounds insane, even for New York, I've actually seen first-hand the NOTICE FOR DISCOVERY AND INSPECTION filed by NYC law offices of Eleanor Grosz, ESQ. I had to reread it three times before telling my friend that I thought they might actually be serious. While I'm certain that, in this case, the lawyers have no real idea of what Privacy means, or of the impact on a business of making blanket discovery requests, the effect on a small business is like that of a random herd of cattle running through its technology infrastructure.

Small unschooled legal practices, and event the courts are very far behind the technology curve, yet do not hesitate to make blanket discovery requests that may utterly disregard the privacy of the customers of a business.Yet even to get a court order barring such an action could cost you many thousands of dollars. Until the legal profession and the Justice System catch up to modern technology, we may need to expect the worst, while planning for the best. To that end I suggest encryption of all data, and to consider that a Cloud provider should have your back and protect your firm from frivolous discovery requests.

When I think of the best of what the Cloud has to offer in terms of real advocacy and action towards Privacy, I think of how Google chose to exit the China market, even at substantial cost. Don't Be Evil, is a mission statement component that Cloud firms need to internalize if not out of a sense of responsibility, but as a necessary aspect of their very survival.

Even though your data may not be directly under your control in the Cloud, this can actually work in your favor. A vendor like Google or Amazon has no time or inclination to deal with a bunch of frivolous requests for discovery data. In the same way that Amazon beats with a stick and exits a market where the State is naive enough to think it might collect sales tax on Amazon Affiliates in that State, I believe Cloud vendors will vigorously defend the privacy and legal rights of their customers. At the scale of a Cloud vendor, such litigation and such precedent--read Don't Mess With US--will quickly telegraph to the legal community a bloody nose most firms will not won't to experience again. So as an additional consideration, I would ask if a Cloud provider is actually better protection against Fishing Expeditions in the Discovery Phase of litigation.

Brian raised a very interesting point about legal discovery. I will have to read his link. Interesting, very interesting. That should almost be a topic on it own?

Brian raised a very interesting point about legal discovery. I will have to read his link. Interesting, very interesting. That should almost be a topic on it own?

Convenience versus risk
Hard disc = probably safe and accessible
Cloud = accessible almost everywhere, Probably Safe

I would recommend 2 back ups in the cloud - If 1 supplier goes bang, you still have a copy of your file
AND
1 backup on HD - if your network goes bang you can still access your files
BUT the more copies the more vulnerable
SO encrypt the really important stuff

I Agree Andrew´s comments. We should use both. However, let me to reflex about "The Cloud". We Know there is not a "cloud" really. The "cloud" has a lot of homes. They are the big servers around the world.
Did you see "Firewall" with Harrison Ford? -Excellent Movie!. He was a Computer Security Specialist. We could see how the bad guys took out 100 million and they didn´t touch a bill. It is only an example of our today world.
We are living in the "cloud", everything: citizen register, social security, bank statements, cars information, school information and so. We have to take it easy. There are backups from the backups. I think we have to take advantage of our techonological world and... KIS... Thanks&Regards

Lot of good stuff here. I'd tend to look at:

- What is the business trying to achieve (safety / security, speeed of recovery, compliance
- what legislation / regulations does the business need to comply with
- Level of involvement / automation requireed

Then it is a case of building a 2x or 3x back-up model, of which HD, cloud, or other alternatives might be suitable. It may be a HD a HD at a 2nd compay site, a cloud solution or a mix of these and others. It depends on what the organisation is and how technologically advanced it is.

The next step is to put the processes in place so the bac-ups actually work.

Finally regularly test the back-ups to make sure they are working and restorable.

Cloud Storage should be a strong consideration. The key components to that solution should be speed to backup, encription of the data being backed up, immediate recovery if needed. The last, and most important piece, is immediate automatic backup. In speaking to many companies who lost their businesses to the floods and terrible tornadoes, much of their backup was housed in the same building where their businesses were located and all their business data was lost. Not to recommend products, but there's a solution out there that does these things and provides secure wipe out technology on a laptop if it is stolen and can track the location of the laptop. Feel free to ping me for more details.

Even though you can implement cloud computing without virtualization, the industry uses cloud computing and virtualization interchangeably. If you want to consider an efficient solution to backups, there is one on the rise called ArkSync. ArkSync provides you with a complete solution designed to reduce any server downtime with the use of a specialized backup and virtual server appliance. In addition to offering offsite storage at an affordable monthly cost, ArkSync also allows near real-time backups as frequent as every hour. It takes a total image of your servers with all the applications already installed so in case of a failure, your business is back up and running within hours and not days!

PROS:
• Saves you potentially $100,000 - $1,000,000 (according to ICSA Lab's Virus Prevalence Survey, the average company spends between $100,000 and $1,000,000 in total ramifications per year for desktop-oriented disasters.)
• Can backup desktops as well for those that don't save data to your server
• Very low down time if your servers go down
• 256-bit AES encryption
• Windows server support for 32 and 64-bit OS’s
• Disk based backup
• File & folder restores
• System restores
• Recover using drag & drop functionality
• VSS aware
• Sync to external drive options
• Multiple restore points local & offsite
• Offsite data replication
• Redundant server hardware
• Full image level recovery
• Unlimited file level restore
• Easier management of your IT infrastructure

CONS:
• The ArkSync image-based backups can only retain information for one month (a more refined backup can also be done archiving data for 7 years but involves a much higher cost.)
• Uses daily 20% bandwidth

Let me know if I can provide you the source where this information was taken from. Hope this is helpful.

Really good question and some thoughtful and useful discussion.

Thanks for the input.