RE: carbonite

["Dan Denton" <ddenton () remitpro com>]

This from their website:

> SIMPLE
Carbonite's online backup service works quietly and continuously in the
background protecting your files. If something goes wrong or you delete a
file by accident, we've still got a copy. Restoring files securely over the
internet takes just a few minutes.

> SECURE
Your data is stored safely at our secure remote backup centers. No one but
you can see your data, because your files are encrypted before they leave
your computer, with the same encryption that banks use.

Now, I would be at the very least leery that someone other than an
authorized agent of our company has a copy of possible sensitive data, on a
server for which no one knows the physical location, and for which we would
never know if additional copies have been made. Once someone has a copy,
they can take all the time they want decrypting it, if it's even encrypted
in the first place.  

This may be acceptable for a home user (still cringing at the thought), but
I would find it TOTALLY unacceptable for corporate data. 

Just my 2 cents...

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of fm16923 () bellsouth net
Sent: Thursday, June 21, 2007 12:09 PM
To: security-basics () securityfocus com
Subject: carbonite

I have some corporate users that are asking for consent to use carbonite
(carbonite.com) for maintaining backups of files etc. XM has been
advertising this as a consumer tool for business continuity/disaster
recovery etc. I have not seen or heard any pro's or cons about their
security set up or if it's actually hardened to where it's a realistic
alternative to traditional storage.

Are there any security industry endorsements?

Regards,

Fred Martin