With all the security concerns about the cloud and Dropbox, is it worth ditching Dropbox and setting up your own personal cloud?
Millions of people are putting their files into cloud storage so they can access them wherever they go, or as a backup. But at the same time, security concerns about cloud services like Dropbox continue, whether they be government spying, hackers, or weaknesses in security.
So it's interesting to see that many major brands of Network Attached Storage (NAS) boxes let you create your own "personal cloud" or "private cloud". In particular, Western Digital launched its My Cloud personal storage by asking the question "Who wants to keep their precious content in some mysterious location?"
Similarly, Seagate has teamed with Tappit to offer a similar service with some of their NAS units and DLink has the mydlink portal for remotely accessing documents stored on NAS devices.
While many of these services are pitched at home use, the advertising sometimes shows them being used for business - for example, opening a presentation when you're out of the office:
Seagate says that the Seagate Business Storage NAS lets you create a "private cloud", with an "easy ten minute setup". According to the web site, "It helps protect your business-critical data and centralizes your files in a single location you can access from anywhere."
Cloud storage is really pooled storage in a central location that can be accessed across the Internet from almost any device. In theory, it's not really all that difficult from a technical point of view.
So are these private/personal clouds all they're cracked up to be, and is it worth setting one up for your files?
We decided to put one of the market leaders in storage to the test. We set up a Seagate Business Storage 4-bay NAS equipped with four 4TB drives configured in a RAID5 configuration. This gave us about 12TB of usable space with redundancy in case a drive fails. It took us about an hour to get everything up and running with a laptop, smartphone and tablet all accessing the device with different user accounts.
Each separate user we created had access to a private folder and a shared folder that everyone could access. This gave us a similar set up to many small businesses.
What can my private cloud do?
The best way to consider what a private cloud solution can achieve is to compare it with some of the more popular services that are already out there such as Dropbox, Google Drive and Microsoft SkyDrive. These three services allow you, while you are working on your computer, to store files in a specific location. When you switch to another computer, smartphone or tablet you can access the same files with all the changes automatically synchronised.
What about a private cloud? With Seagate's Global Access feature you can save files to a shared folder on the NAS. You can access those files over the Internet wherever you go, just like Dropbox, but unlike Dropbox, this system won't automatically keep up-to-date copies of those files on your computers as it doesn't do file syncing. It's like a file server - unless you're connected to it, you can't access the files. If you sit down at your laptop to do some work in a hotel room and you aren't online, you won't have access to the files. With Dropbox, often you will already have a copy of the file on your laptop (although on a phone, Dropbox only downloads a file when you want to view that file).
There is something to be aware of. To use this personal cloud feature to access your files remotely, you'll most likely need to do some more complex configuration on your network router. For example, you'll need to change router settings to allow remote access to the shared folder. This might mean editing firewall rules, routing rules for incoming connections or putting the NAS in a demilitarised zone – a part of your network that sits outside the secure "inner sanctum" that's protected by your router's firewall. In that regard, the established public cloud services like Dropbox are far easier to use.
There is also an app so you can access the files in your private cloud using your phone or tablet. We found this was very easy. We did this using an iPhone and an iPad and there is also an app for Android phones. Keep in mind it's not easy to edit any files on a phone or tablet this way - whether you are using Dropbox or Seagate's app. That's because the iPhone and iPad don’t make it easy to open files stored remotely in locally installed apps.
If you need to upload files to your private cloud, you can do this using a web browser on your laptop, or the phone app. All we needed to do was go to https://seagate.tappin.com/ and enter the email address and password used to create our Global Access account. We could then upload files to our personal or shared folders.
So does your own private cloud have the same remote access capabilities as the likes of Microsoft SkyDrive, Dropbox and Google Drive? In our view it gets close, but lacks some of the polish. If Seagate included a utility that allowed us to sync a local folder on our laptop to the NAS automatically, then it would be a much closer match to the leading cloud storage services.
How much does this cost?
A NAS device can cost you hundreds of dollars, but the big advantage is that you can have a lot of storage this way.
For example, the Seagate Business Storage 4-Bay 16TB NAS we tested has a street price of around $1,700 (the recommended retail price is closer to $2,250). You don't have to spend this much - you could spend around $700 on a 4TB unit. Other NAS devices start at just a couple of hundred dollars but you then need to add hard drives to that cost (some NAS boxes don't come with the drives included).
Adding storage to a NAS is relatively easy and, in most cases, can be done without even turning the NAS off. For example, if you start with a four 1TB drives you can remove one of the drives and replace it with a 2TB drive. Once the RAID updates itself with the new drive (this is an automatic process) you can then remove another 1TB and replace it with a 2TB drive. You repeat this until all of the disks are replaced. You need to do this one drive at a time so that all your data is safely updated to the new drives.
If your business is growing and you're likely to have more than a couple of users, then a NAS starts to get more attractive because you can add lots more storage (as long as you have enough drive bays).
In contrast, the likes of Dropbox and others give you between 2GB and 15GB of storage at no charge. In the case of Dropbox, you can increase this substantially by referring friends to the service.
The NAS sounds expensive by comparison, but the costs can add up quickly with cloud-based services like Dropbox once you need more data storage. For example, Dropbox charges businesses $795 per year for 5 users and $125 for each additional user per year. This gives unlimited storage capacity.
Although that may sound attractive, it's worth considering how you might move large volumes of data to that online facility. If you want to store large files that are many hundreds of megabytes in size, such as video or images, then your Internet connection's upload capacity might be a problem. When it comes to storing your files on a NAS that sits in your building, you're only limited by the speed of your internal network, not your Internet connection.
What about accessing the files? If you're in the same building, you don't have to be connected to the Internet to access your files - the box is in your building. That means you avoid the risk of your cloud provider going offline for some reason. Mind you, if you're accessing your files remotely, you won't be able to if your Internet connection connecting the NAS box to the outside world goes down.
Is this easy or hard to do?
How tricky is it to make this sort of system work? The good news is that NAS manufacturers have, over the years, made huge leaps forward when it comes to making it easier to set up their devices and access advanced features. But it does require some background knowledge and understanding of the terminology they use.
The key terms you need to get your head around are
Volume: a storage area on the NAS. In our case, the Seagate Business Storage NAS we used had four hard drives installed. These were set up to look like one large drive or volume.
Share: A folder created on the volume that we would assign specific access to. In our system, we had a public share that anyone on our network could access and private shares that could only be accessed by specific users.
User: This is a really an account (a combination of a username and password) that could access a share. You can also create groups that are collections of users. This makes it easy to assign access to a share as you can assign a group permission to access a share without having to enter lots of users.
When you set up a NAS, you create the volume first, the shares next and then the users. You then assign users their access to the shares.
Once you get your head around this, the actual set up process is reasonably easy.
Configuring the private cloud access will depend on the NAS you've chosen. With the Seagate unit I used, I needed to enable the Global Access option and then decide which users would be allowed to use the service.
This was easy – far easier than other NAS systems I've used in the past where none of this process was automated.
In my view, you will need to set some time aside and plan what you're going to do. But you don’t need to be a network engineer or technical guru to make this work.
How secure is this?
When you're considering whether or not to make your data accessible when you're out of the office, the first thing we think you need to consider is the risk and reward. Whenever you make data accessible outside your network you open up a potential risk - whether it's via your own personal cloud, or a public cloud service. Even large service providers like Amazon, Dropbox and Sony have seen data that they thought was secured, accessed by unauthorised parties.
We want to make this very clear - there are security risks to your data with both approaches. Weigh up this risk against the benefits of making your data accessible (assuming you take all possible security precautions). For example, if you travel, then being able to easily access your documents from a tablet or smartphone could be useful.
With Seagate's private cloud there are two ways your data is protected:
- The drive is encrypted, so if someone steals drive they can't read the data.
- An SSL certificate is used to encrypt the data when you're accessing it remotely.
We found that by default, the data stored in a share on the Seagate NAS we used was not encrypted but it could be by ticking a checkbox in the configuration screen. If you're going to share or access data online we'd strongly recommend turning encryption on.
Also note that we'd recommend against using public hotspots for accessing critical, private data. Most public hotspots offer no security - all of the data sent and received over the public hotspot is in the clear and can be easily intercepted.
Also remember, like any online service, your security is only as strong as your weakest password. Make sure that every user's password is strong. Some good rules of thumb for creating a strong password are:
• use a combination of uppercase and lower case letters
• include some numbers
• include symbols such as punctuation
• don’t use a word from the dictionary as the basis of your password
Dropbox, on the other hand, offers 256-bit AES encryption to store your data. SSL is used to create a secure tunnel for data transfers. In that sense, it offer similar security to the Seagate NAS we tested.
Also remember there are several dimensions to consider when thinking about security. The most obvious is whether an unwanted party can access your data remotely without you knowing. But there's also the risk of not being able to access your data when you most need it.
Almost every major cloud storage provider has suffered an unscheduled outage or technical fault that has resulted in either a potential security breach or a loss of access to data for customers. Just because some of these businesses are large and well resource it doesn’t mean they are immune from outages and human error.
Also keep in mind the security implications of sharing sensitive data online. This introduces all sorts of risks, whether it's people sharing files with people they shouldn't, or accidentally sharing a file without realising it contains sensitive information. Read this article for more on this.
Is this personal cloud giving me offsite backup, or not?
A good backup strategy has at least one copy of your important data stored offsite – away from your main workplace. So, does creating your own cloud give you this?
In a word – no.
Creating a private cloud solution using your NAS offers the ability to remotely access your files wherever you are. But it doesn’t reduce the risk of a disaster that might happen in the building where the NAS is kept. If you're looking at using a NAS as part of your back up arrangement, I'd suggest making an agreement with a friend to house an offsite backup for each other.
It could work like this. You both purchase NAS units and agree to host them for each other. That way, you both get the benefit of offsite backup and remote file access.
This is also where the established cloud-based storage services can still be useful.
Dropbox, for example, lets you easily retrieve past versions of your files. If you accidentally delete or overwrite a file, you can restore a previous version of the file. If you use the free version of Dropbox, you can retrieve up to 30 days of file history and there is no limit on what can be retrieved if you have a paid Dropbox account.
One of the benefits that a public cloud service like Dropbox offers is that your files are saved offsite. Although there are some risks and considerations that you need to consider when your data is held offshore, it's something to keep in mind.
Is this actually worth doing?
Given the effort required, the need for some technical know-how and how easy it is to use services like Dropbox, it's not easy to justify setting up your own private cloud solution.
Services like Dropbox, Google Drive and Microsoft SkyDrive are built upon millions of dollars of infrastructure by experts in storage, networking and security. Very few businesses are able to put those sorts of resources together to create that sort of service.
Let's look at a few of the key functions I'd expect from a cloud storage solution and see if a personal cloud using a NAS stacks up.
Being able to shift from a laptop to a desktop to a tablet and see a consistent view that's up to date of all my files is critical. The big, public cloud storage solutions all do this. Working with a NAS requires that I install another tool that synchronises my files from a folder on my computer to the NAS (Is this some capability/way of doing it you haven't mentioned earlier? Up till now I've been reading this as "syncing not possible"). It's not impossible but it means more fiddling.
Unless I keep my NAS at a friend or colleague's place, creating a private storage cloud doesn't satisfy my business need to keep critical data offsite.
This is a hard question to answer. On one hand, there's a big psychological factor that comes from being able to see where my data is stored. Having my data close by also means I don’t have to worry about the implications of data privacy laws about storing data overseas and whether an overseas authority can access my data (the PATRIOT Act gives some very wide-reaching powers to authorities in the United States for example).
However, data that is remotely accessed ought to be encrypted when stored and accessed. The Seagate Business Storage NAS we tested allowed us to encrypt both the contents of the device's hard drives and the data communications. While this was not hard to do, it was another set of steps.
Turning on encryption for the storage was simply a matter of ticking a checkbox but encrypting communications required the creation of an encryption key. It wasn't difficult but it was yet another thing we needed to do, and would ultimately need to maintain.
Cloud storage is very cheap. We can now access enough capacity to store thousands of documents or images. Even though the free version of Dropbox delivers just 2GB that's enough for thousands of files. For example, I work for several clients where I provide documentation and images. I can hold more than a year's data in the free storage. If I need more, I can pay for more capacity as I need it without the need to spend hundreds of dollars in equipment. In other words, there's no need to engage in a round of significant capital investment.
On the other hand, a decent NAS with capacity for four drives, so that you can configure it with some hardware redundancy, will cost several hundreds of dollars just to get started. And then you have to factor in the time it takes to set it up, maintain it and operate it.
When I weigh up those factors, it's hard to justify the cost of a NAS if I'm looking to it as an alternative to cloud-based storage.
We started this article by assuming that you have weighed up factors like security and you have decided you do want remote access to your files. So, if that's the case, is it worth setting up a personal cloud?
Personally, I can’t see why I would use a NAS as an alternative to public cloud-based storage for my business. Dropbox, Google Drive and Microsoft SkyDrive make it very easy and their costs are very manageable.
As we said, there are risks with public cloud solutions, and there are also risks doing it yourself with a NAS like the Seagate Business Storage. With Dropbox, experts in storage security handle all of the security settings automatically. With the NAS, you need to configure and maintain the security yourself. Cloud services keep a copy of your data offsite, whereas with a NAS your data is stored in your building which could be a less physically secure environment (unless you organise to keep another copy offsite).
Where a NAS such as Seagate's Business Storage excels is in giving you lots of local storage capacity that can be locally accessed and, assuming you've enabled at the security settings correctly, the ability to remotely access your files from a wide variety of devices. If you need lots of local storage, then this could be the way to go. But if all you want is remote data access, we'd suggest that public cloud services make file syncing to multiple devices easier than with a NAS.
As we've already flagged this is a big topic, so we'll have more coverage on this. If you have questions or comments they're more than welcome - let us know what followup articles you wat us to do by adding your comments below.