I google drive backup a safe backup solution?

Abraham Deutsch
Abraham Deutsch used Ask the Experts™
on
I google drive backup a safe backup solution?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
AlexSenior Infrastructure Analyst

Commented:
Please tell me this isn't for an enterprise solution.

What are you backing up? Just your work or other things too?

More info please.
Abraham DeutschIT professional
Top Expert 2016

Author

Commented:
Just for work,
small business with like 50GB of data,
What concerns me is a crypto attack
AlexSenior Infrastructure Analyst

Commented:
You'd be better off with some decent backups then, using something to sync over to an external hard drive would be quicker, more cost effective and you could take it home every day.

Don't leave it attached to the network/server/machine etc
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Abraham DeutschIT professional
Top Expert 2016

Author

Commented:
In general I use is a NAS on site and off site but since this is a small company I thought to go with something cheaper,
I've came across online third party vendors to protect google drive, and experience with any of this solutions?
John TsioumprisSoftware & Systems Engineer

Commented:
As long you don't have a direct connection with your Google Drive (some applications showed it as a network drive in the past if i am not mistaken) ...i don't think you have everything to worry....Crypto is always for connected resources (Workstations, Servers,NAS...) if you upload/download files via Web Interface then you should be fine...
Want an extra layer of protection ...since your volume is small (50GB) ...just search for free/paid Cloud storage providers...probably with some compression/splitting you would always have a backup of the backup...
John TsioumprisSoftware & Systems Engineer

Commented:
Given the New info of the NAS...you can also use it for safe keeping..just turn off Samba Sharing and use only FTP/SSH or what it provides with username/password protection...not visible on the network...cannot be attacked.
Distinguished Expert 2017

Commented:
consider cloud dedicated backup with versioning
https://www.idrive.com/
50 GB can fit on a USB stick.  Get multiple cheap sticks for each day of the week and swap them for copies.  Make sure they're unplugged each day and checked on another system.

A NAS is overkill and a waste on something this small.
Top Expert 2013

Commented:
or a simple usb drive of 1-2 TB will hold your backups for a month
You need at least 2 of those if you want a safe, off-line backup.
Abraham DeutschIT professional
Top Expert 2016

Author

Commented:
@John Tsioumpris
I need to looking how the build in google drive backup works if it keeps versioning is not it will sync up the crypt file and replace the good once

@arnold
I know personally of a attacked the end user had idrive and the attackers deleted his backups.  I see it all over the internet story’s where thy delete backups, on the NAS I use for backups I take away permission on the backup folder from everyone and create a user and only this user has permission to the backup folder. I don’t use this user for anything else so no computer will have the password of this user. I lock the web login with 2 step authentication so no one can change the permission. on top of this I have snapshots and a offsite backup.

A USB is not a reliable solution since I cannot rely or even ask staff in an office to play around with USB stick
Distinguished Expert 2017

Commented:
A targeted attack whee inside info is known, can only be using offline tapes ...
Separation, segmentation, etc

Multi destination backup that lacks delete rights
I.e. Account that can only write, no deletes, no reads.
Like any, the attacker has the initiative, securing the data becomes e ER more complex, layered.
To guaranty that the backups don't get deleted or encrypted, you need to take one copy offline and switch in tout once in a while.  No matter how you set up permissions, if you can write to a disk, you can write to a file and encrypt it or add to it, or bypass whatever restriction is there.  

The only sure way is to keep an offline backup.  You just have to train personnel to learn to swap disks, or use a backup program that will prompt the user to swap out the disks for offline backup.  If you can't do that, you can't guaranty that the backup can't be overwritten.
Top Expert 2013

Commented:
it is not an usb stick i suggested, but an USB disk
like this seagate :  https://www.amazon.com/Seagate-Backup-Desktop-External-STDT3000100/dp/B00HFRWWAM
Software & Systems Engineer
Commented:
I think we are over complicating things
Google Drive is safe if we keep it "unlinked" and "unattached" to your workstation...i reckon that pretty much everyone has somehow connected the Google apps so lets put it aside for the moment....you never know if the next variant of these crypto attackers becomes wiser.
Now your other options are:
1. Online Cloud backup...you have plenty of options out there and as i wrote probably you could get away for  free... Just pick a provider (or two) that has 2 Factor Authentication....this would be a bit cumbersome but at least you will sleep peacefully that pretty much none will manage to get in your files.
2 NAS...just stip the Windows Networking option and leave it only with FTP as an option for accessing...if youd don't map it or something similar and you don't keep credentials stored in the system...again it would be pretty difficult for someone to get access....imagine this : some crypto ..gets in the system....it scans your drives...disaster...it scans your mapped/network drives...disaster....it scans...it scans...but FTP is out of the Network...yes it holds an IP if it switches to low level scanning..but it should find a port to connect... - here a small pause...just change the default port of FTP to something obscure   e.g from 21 -> 18234 - assuming it found the IP...assuming it found the port...needs username/password - another small pause...you could have users with different level of access and of course usernames/passwords should be different from your workstation/s - so it would be next to impossible to get in....unless we are talking about the heist of the century
Top Expert 2013

Commented:
if you have multiple usb drives, they can only corrupt one...
Abraham DeutschIT professional
Top Expert 2016

Author

Commented:
@John

"Google Drive is safe if we keep it "unlinked" and "unattached" to your workstation" any idea is I use the build backup feature in google drive will that  unlinked" and "unattached or would I need to use a third party application to do the backups to google drive?
Distinguished Expert 2017

Commented:
https://thenextweb.com/security/2019/08/16/google-study-says-people-are-still-using-old-passwords-after-being-compromised/

Anything is as safe as you make it. The reason an offline device is the most secure is because it is offline.

Anything online is susceptible to compromise including through the user's own use.
Abraham DeutschIT professional
Top Expert 2016

Author

Commented:
Thank you

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial