LinkBack URL
About LinkBacks
Firstly, no, I don't have MyCloud. But I came across this story (on the WAN show and took a look at what happened. This post is partly a "this is interesting" for the crowd here, but partly for guests that find this via search engine and don't understand backing up.
From what I can tell, WD MyCloud is a kind-of hybrid device that is a blend of a USB-type external drive box, a NAS and a cloud service. It seems to be a device that lets you store your data locally on the device (in 2TB and larger versions) but access it from multiple locations, on multiple devices (like phones) via a kind-of portal operated by WD. Which supposedly makes the whole thing easier, and safer because "experts" are managing/maintaing the portal.
Until WD got hacked. Oops.
At the time of writing, MyCloud has been down for about a week, and currently, there seems to be no timetable for when it might come back up. Also, "some data" has been lost, it seems, but it's unclear what, or even if it belongs to WD or customers.
The real kick in the nuts? Despite user data being stored locally, on the hard disk in the MyCloud box, which is probably in the same room as the user physically is, or at worst on their own LAN, to access that data, you have to log in (and presumably authenticate) to WD MyCloud. And their portal is down.
Yup, if I'm reading it right, users might be able to reach out and pick up the box containing their data, but can't access it because MyCloud is down. They're locked out of their own data. No doubt some of those users rely on that data to work, and earn their living.
Most of us here are at least fairly clued up about IT, and I'm sure the gotcha inherent in this whole principle is evident from about the point I mentioned portals and log-in. But MyCloud isn't really aimed at IT people, but rather at consumers that want quick and easy solutions, but may well not see the risk involved in that gotcha.
So provided they're using the MyCloud as a backup, meaning the data is actually on another device, like PC/laptop/iMac etc, and the copy on MyCloud is actually a backup, the situation is not too dire. But I've come across too many people over the years that hear of RAID, be it in a NAS, a standard PC or a server, and think that because it's on multiple drives in a RAID and there's redundancy, it's "backup up" just by storing it on that RAID device. No, it isn't.
I even came across someone recently storing their PC data on an external USB drive, thinking that because it was on a device sold as backup, that it was backed up by storing it there, not on the PC/laptop. And yes, the external USB drive died. I can't even really blame the user. They thought they were backed up by copying onto that external drive? Well yes, provided you COPY it there, rather than storing it there in the first instance without keeping it on your PC as well., they you are, to a point.
Hence the "salutory tale" bit in the title.
I'm sure I'm preaching to the choir with our members here, but if your data matters to you, BACK IT UP CAREFULLY. If it REALLY matters, i.e. is important, irreplaceable and/or would cause significant loss if you can't recover it, you REALLY need a proper backup strategy, and to be prepared to pay for it.
Consider the worst case. What are the implications of you losing some or all of your data? It might be annoying to lose your holiday pictures, but nowhere near as bad as losing your source of income or your business going bust.
If you can't afford to back up everything thoroughly, at least back up the bits that would cause large financial loss, and probably anything of serious sentimental value .... like pictures of the kids growing up. This is one major disadvantage to taking all our pictures on digital cameras, whether in smart phones or not. At least in the past, we had negatives if we lost the prints.
I'm not going to go into what constitutes a proper backup system. It's been done many times before, all over the web. Suffice it to say that if losing the data would hurt, back it up so that it is in at least THREE places. One might be your PC, laptop, iMac, phone or whatever but the other two must not be on the same physical device, or ... what if it gets lost or stolen?
Ideally, one entire copy, of at least the really important data, should be in a different physical location. You might back up your PC to an external drive (that's the second copy), AND THEN to another such drive that is kept in your office, or at a relative's house, etc. Or, depending on how much of it there is, in cloud storage. But if the data is important, you need to diligently follow two main rules :-
1) At least three copies, one of which is in a different location. And
2) Keep it up to date.
There is no point in having a backup if, when the time comes that you need it, it is hopelessly out of date.
Personally, I use a system that largely runs automatically, not least because I'm a lazy git and if it relies on somethng causing me lots of inconvenience, I'll get lazy and it'll get out of date. So, I threw money at it. I use paid-for backup software (Macrium Reflect, but there are a number of good solutions, including some pretty good ones that are free). Almost everything backs up to a NAS, which in turn is then externally backed up.
And critical files are then backed up to the cloud. But that raises another issue. Is your data at risk is someone gets hold of your backups? That probably depends what the data is, but suppose it includes your banking details, or private medical info that might mean you don't get a future job? And so on.
So, encrypt everything. The cloud service I use is pretty reputable, and everything is encrypted before it gets uploaded, and is stored in encrypted form on that service in a way in which, I'm told, not even that cloud hosting company can decrypt it, because they do not hold the decryption keys. But for peace of mind, I encrypt the data MYSELF, separately, before it goes through the encryption process to upload and store it. Even if that hosting company lied and does hold the keys, or if someone breaks into them like they did to WD MyCloud, all they're going to get is data which is separately and thoroughly encrypted. i.e. everything I upload is double-encrypted.
One final thought.
Nothing, and I mean NOTHING that you store on a computer is or probably ever will be 100% safe. Even that double-encryption, while pretty damn secure for now, likely won't be in the event of quantum computers happening. And who knows what the future holds, or even what nation-state intelligence services like the CIA or NSA have today? Fortunately, I'm not too worried about the CIA wanting copies of my kid's pics or my medical files.
So, if you don't want to risk losing it, BACK IT UP. And if you don't want to risk someone else getting hold of it, encrypt it properly.
Reply With Quote
Originally Posted by Percy1983
