Data Protection

From rsync and rsnapshot to Bacula and Déjà Dup, Linux has no shortage of backup applications. You can even find basic suggestions for a backup strategy such as Ubuntu’s, which include such basics as storing at least one backup off-site. However, these suggestions are usually incomplete and occasionally misleading. As my own backup strategies have evolved, I have found three strategic considerations that are often neglected but can greatly affect a backup’s accessibility, security, and reliability.

Choose an Appropriate Filesystem

Most external drives come with NTFS or exFAT filesystems, so the users of recent Linux distributions can use them out of the box. However, thanks to parted and its desktop counterparts, reformatting an external drive takes only a few minutes, and users have no shortage of filesystems to choose from (Figure 1).

Figure 1: The default filesystems available for example, in KDE Partition Manager.

For reliability, the standard ext4 filesystem is hard to beat, but for a backup accessible to others, you might want to choose another one unless you have a Linux technician within reach. FAT32 will work, but it is slow and inefficient by modern standards. NTFS, of course, is a Windows standard and has the advantage of Linux-like features like permissions, journalling, and encryption – although if accessibility is a priority, encryption is probably not the best choice. ExFAT is open standard and fast, and a backup using it should be accessible from most operating systems, but it has no built-in security. Which you prefer depends on your priorities. However, if you use multiple drives for backups, you might consider using more than one to spread the odds.

Encrypt and Split Backups

While cloud storage is popular, it depends on faith. Users are rarely in the position to evaluate cloud services and can only assume that the providers store data securely and privately. In some cases, that faith is justified, but in 2022, the Thales Cloud Security Report, found that 45 percent of businesses have experienced a cloud-based data breach or failed an audit in the past 12 months – an increase of 5 percent over 2021.

Short of avoiding cloud services or setting up a private, self-hosted server like those offered by Nextcloud, you can solve this problem by using the security principle known as least authority, which means that service providers should be given the least control possible over their customers’ data. This goal is accomplished at a minimum by storing only encrypted files in the cloud. Better still, Tahoe-LAFS (Least Authority File Store) divides uploads into pieces and defines how many pieces must be present to recover them. The pieces can reside on multiple servers and external drives, making a security breach almost impossible. For added security, Tahoe-LAFS can also administer the pieces anonymously using Tor. Like any software, Tahoe-LAFS has vulnerabilities and bugs, and it can't prevent the hardware that is storing your data from being stolen. All the same, Tahoe-LAFS offers the highest security in the cloud that is currently available.

Invest in Military-Grade External Drives

Hardware manufacturers usually display the cheapest external drives prominently. On Amazon, for instance, several pages of results pass by before quality drives are listed – which means that many buyers make a decision before they even reach these drives. If you are looking for reliable backups, these cheap drives (Figure 2) are a problem, because, at best, they are only slightly more reliable than flash drives, with neither being designed for long-term storage. The cases are thin plastic, and the USB port is exposed. As long as you do not move a cheap drive, it might remain workable. However, if you drop it or even move it carelessly, the drive can become disconnected from the case. Often, transferring the drive to another case can restore functionality, but some manufacturers such as Seagate sometimes use a proprietary connection to the case; once the connection is shaken loose, the drive becomes a permanent brick. As a result, you can quickly discover that what you thought was a reliable backup is itself unrecoverable without an expensive trip to a data recovery expert.

Figure 2: A cheap, generic external hard drive.

The difference between a cheap drive and military-grade external hard drive is like the difference between a phone without a case and one with one – only more so. A military-grade drive (Figure 3) is obvious immediately by its extra padding and sealed USB port, as well as its extra weight, which can be twice as heavy as a cheap drive. A military-grade drive looks like a bulky mutant. More importantly, its military-grade designation means that it can take far more rough handling than a cheap drive. Specifically, the drive has been tested and meets the MIL-STD-810G standard or – better still – the more recent and thorough MIL-STD-810H standard. To meet either standard, a drive must pass over 29 physical tests, including:

• Low pressure
• High temperature
• Low temperature
• Temperature shock
• Fluid contamination
• Solar radiation
• Rain
• Humidity
• Fungus
• Salt fog
• Sand and dust
• Explosive atmosphere
• Immersion
• Acceleration
• Vibration
• Acoustic noise
• Shock
• Pyroshock
• Acidic atmosphere
• Gunfire shock
• Temperature, humidity, vibration, and altitude
• Icing/freezing rain
• Ballistic shock
• Vibro-acoustic/temperature
• Freeze/thaw
• Time waveform replication
• Rail impact
• Multi-exciter
• Mechanical vibrations of shipboard equipment

Figure 3: A military-grade drive: Notice the extra protection in the case and the latch to seal the USB port.

Some drives are advertised as military grade without external testing, which may be acceptable. However, before relying on these drives, you should research the drive on Consumer Reports, any in-house documentation, and the Trusted Review site, which lists certified hardware. You may also be able to transfer a cheap drive to a more protective case and use a protective storage bag. However, drives that pass testing are the most reliable, such as those made by ADATA, LaCie, and Transcend. Typically, military-grade drives will cost $30-50 more per terabyte than the cheaper ones, but if your backups matter to you, the difference is a small price to pay.