Why you should base your backup strategy on standards not startups
Today, Dropbox updated their blog post announcing end of support for part of their service which backup services use for their back-up solutions.
Dropbox Blog: From September 28th, 2017: API v1 endpoints are no longer accessible.
Also recently, Crashplan, a popular backup solution for Mac users decided to discontinue offering its service to consumers in August 2017 in favour of focusing on the business market.
When this happens, it leaves you with limited options, yet it's entirely avoidable and possible to manage this risk.
Here's a carefully managed video explaining Crashplans decision to end their consumer product for some perspective:
In short: Making bets on startups (even seemingly well established ones) for your backup strategy is a risky one. There's no such thing as lifetime backup. An alternative is to stick with services offering standards based solutions (ssh, rsync, zfs etc) and spread the risk with multiple providers.
Often the solutions offered by startups or proprietary vendors will only work work with their service.
Security is about managing risk, and you're at greater risk if you choose a non-standards based solution.
You're locked into the risk of the product eventually becoming incompatible, or worse, turned off entirely. If they close-down you're stuck with limited options and a more painful experience to move your data- if you can.
What does this mean? What is a standards based solution?
It is common for developers to write backup systems layered on-top of other services to provide a shiny wrapper around a backup service. In order to "talk" to Dropbox, these tools must communicate (for example) to Dropbox over an application programming interface (API). When this API changes or gets turned off in favour of a new version, applications which use it must be updated to communicate using the new API.
The above is what is happening with the Dropbox API: Version 1 of the Dropbox API will be turned off From September 28th. This means any programs / services written using version 1 of the API which haven't been updated will no longer work.
This is not unique to Dropbox, for example, many backup systems use Amazon's AWS platform as their underlying storage system for example. Similarly many online services (e.g. photo backup services) will have chosen Dropbox as their ultimate back-end store. Unfortunately, what this means is that when Dropbox or fundamentally change how their product works, all spin off services must be updated also.
Why would Dropbox and support for their V1 API?
It's cumbersome and costly for an organisation to maintain two versions of an API, and from a programming perspective it allows old design ideas to be learnt from, and to start-a-fresh with a new version, hopefully with an improve implementation (performance/cost). If Dropbox was to continue supporting two, three four versions of an API they would be held back.
What are standards based solutions
If you're a small business or individual looking for a standards based solution more immune to the unpredictable , turbulent world of startups, look for services which allow you (or the service your using) to access your data over the SSH protocol which, is a pretty boring internet standard for logging into remote computers. Look for programs which are based on Rsync. Find a program which works well for you if user interface is important- but check that the details that the underlying systems are based on standards. It will make your backup strategy a lot more resilient to changes in the market.
Duplicati is just one example which allows you to do this, which has a friendly user interface and allows encrypted backups.
Please share your experiences and recommendations.