Secure Offsite Backup


Encrypted Filesystem Options


The open filesystem and access methods at make any number of encryption schemes possible - here are some that we especially like: Windows Backup Agent

The Windows Backup Agent has an option to encrypt, in place, all of your remotely stored file.

This method is described in our advanced usage documentation for the Backup Agent.

The files that are stored at using this option will be encrypted using the AES 256 bit encryption option of the Zip compression tool.



Duplicity is an rsync-like tool that takes the unencrypted files on your local end and transmits them to us, while performing a GPG encryption transformation on them. The data remains unencrypted on your end, and is encrypted on our end. Further, because it uses librsync, the transfers are very fast, efficient "changes only" uploads (a la rsync).


Encrypted Containers

The second solution consists of creating a file-backed (volume backed) filesystem on your system, and periodically unmounting it and rsyncing it to us. Simple as that.

So, if you are using Windows or Linux, you just download the excellent (and free) tool TrueCrypt and create a volume (which consists of a single large file) of equal (or smaller) size of your account. Then you just use that as a local mount point, either running items directly off of it, or just mirroring content to it, and then once a day or week or month, you unmount that filesystem and rsync that one single X GB file to us.

Or if you use Mac OSX, you can just use the built-in disk utility to create a encrypted disk image. Again, the suggested usage is to use the disk image normally, and periodically unmount it and rsync it to your filesystem.



Because both "image" methods (truecrypt and OSX disk image) use btree indexes, they _can_ be efficiently "rsunc" to us in a changes-only-transfer kind of way, even though they are just big files of random data.

The advantage of duplicity is that it is extremely simple and easy to setup and use, whereas the encrypted image method is a little more complicated, and you need to remember to unmount them to transfer, etc.

But the advantage of the encrypted disk images is that now your files can be encrypted on your local end as well, which is very nice.

Finally, it should be noted that any encryption protocol that you successfully use on a local disk will work properly targeted to your storage. Encrypting single files with GPG, creating other disk images, etc. - you have the freedom and flexibility of using whatever tools you choose.

We will, of course, provide full support for whichever method (or combination of methods) you choose.