Time Machine debates: Backup security

Yesterday, we wrote about size considerations for Time Machine drives, and while that is one of the most discussed topics for new Time Machine users, many people also debate on the security and stability of backups. One concern has been that a thief could easily snatch an external Time Machine drive and have all the data on your computer. In addition to this, there are several security considerations to think about with respect to the three main types of Time Machine drives: internal, external, or networked.

Drive type overview: Internal, external, or networked

Internal Time Machine drives are only available on computers with an extra drive bay such as Mac Pro and other Pro desktops. All other models have only one internal drive and while there are ways to jam an internal drive in some computers in place of the CD drive, these jerry-rigged setups may do more harm than good. Connected via a Serial ATA connection, internal drives will be the fastest and most robust option for Time Machine. The second option is an external drive that is connected via USB, FireWire, or eSATA (External SATA--available through third-party expansion cards) connection. These will be inherently slower connections than internal drives, but will mount locally and be available to the computer in all other respects like an internal drive. The final option is a network attached storage device such as Apple's Time Capsule, which lets you back up from any location on the network, and while this is the slowest of the options, it does have some security benefits over the others.

With these drive types available for use with Time Machine, let's look at some of the data security threats and which options are best for tackling them. Keep in mind we are presenting these just as possibilities, and we are not assuming they happen on a regular basis.

User threats

Let's think of user threats as being any time another user besides the current one can gain unauthorized access to the current user's files. Provided the system is functioning correctly and permissions have not been altered on the Time Machine drive, internal and external drives should behave the same with regard to who has access. Since they are mounted locally, local permissions are set on the drive by the system and Time Machine preserves the account-specific permissions that will prevent other users from browsing your files.

Networked drives do not enforce the permissions attached to a file from the local computer, and instead will present all files copied to them in a way that's readable by all network users who can see the network drive. Time Machine stores files in a disk image on the network server, but if another user has access to the server then the image can be mounted and read by that user. There are ways to secure Time Machine disk images, which we discussed in a previous article, but some of the methods are not supported by Apple so proceed with them knowing that errors may occur.

Your best bet against other users (especially administrators) from finding ways into your files is to use FileVault for your account, which will encrypt both your account and the Time Machine backup. Although it can be inconvenient, FileVault is the only way to truly secure both your active files and the backups of them.

Nonuser threats

These threats are from people who don't have accounts on the system; basically, someone who will try to physically take your computer or Time Machine drive to access your data later on. Unfortunately, all drive types are vulnerable to this, but external drives are even more so because they can easily be yanked out of your computer and a thief can walk off with all your data in a convenient little package. Internal drives are unsafe as well, because while a Mac Pro is rather heavy, a determined thief can still lug off it. Perhaps the safest solution from thieves is a networked backup solution, because it can be tucked away somewhere safe (heck, even stuck in the attic or under the floorboards). There are ways to lock your drives and computers with cable locks, which we recommend you do even for hidden networked drives.

As with "User threats", for hardware thefts you will also be protected if you use FileVault.

Software risks

While there is no known malicious software that targets Time Machine drives, buggy software may do so, so be sure you trust applications before launching them and supplying your username and password to them. If you have not used a utility before, research user reviews of the software before trying it out. The real software risks for Time Machine oddly enough have been with Time Machine itself. While most of the bugs have been cleared out by now, the main problems people experience seem to be with backups not completing or starting, or the inability to access the drive. Unfortunately, these risks can be the case with any type of Time Machine drive, and are best tackled by keeping your system updated with the latest software.

Hardware risks

The final consideration for the stability of your Time Machine backups is the event of drive failure. All drives have the potential of failing, but external and networked drives are shipped in plastic casings that sometimes are not well ventilated which can cause them to run hotter than internal drives. This can increase the probability of drive failure and as such, be sure your external or networked Time Machine drives are placed in well, ventilated areas to reduce this probability as much as possible.

For external drives, be mindful of their connections because if a cord is yanked the drive may be corrupted and fail, potentially losing all your backups. Networked storage solutions do not have this problem, but locally mounted drives can suffer corrupt data, volumes, or partitions.

Resources