It’s no secret that I’m a huge fan of Synology. The company has always, always treated me well. In fact if more companies acted like Synology did, I think that we’d have a lot of very happy consumers out there. It’s also no secret that I simply do not trust “The Cloud” for securing personal data. As I’ve said before on the Speaking in Tech podcast I have significant doubts as to how much anyone will protect my data as much as I want them to. I know that Scott Lowe has also searched for ways on how to manage encrypted backups as well. The convoluted means by which you have to do this is infuriating. Today Synology announced a number of enhancements to their DSM 5.2 beta that I’m just chomping at the bit to try out that will hopefully put my personal paranoid fears to rest, once and for all. (Yeah, well, maybe not. But hopefully close!) Synology’s announcements cover four main points:
- Integration of Docker
- AppArmor and SMB 3 Encryption
- File Station connected to a private Cloud
- Encrypt data before pushing up to the Cloud
As much as I would love to go on about the Docker integration, it’s a bit outside my wheelhouse at the moment. I can’t wait to play with it, though, because it appears that you can set up service containers on the Synology NAS and management with Single-Sign On. Even I know that’s really cool. Sadly, though, I wouldn’t know where to begin with AppArmor and SMB3. But those last two – holy crap, I’m excited.
The Biggie: Cloud Syncing with Encryption
There are many reasons why I don’t trust Cloud backups. The first (and foremost) of which are that once you store your data on someone else’s device, you no longer have the ability to control who has access to it. This is particularly true of services like Dropbox and Box, who seem to only feel the need to react to public shaming rather than provide a coherent plan of data protection from the get-go. Don’t let the dates on those articles fool you. As recently as of this writing,
IBM’s Security team has found an unsettling flaw that can leave the Dropbox accounts of mobile users wide open to snooping by attackers.” (March 11, 2015)
Yes, Dropbox announced a fix but it appears they didn’t think there was any reason to worry in the first place. To me, I find that attitude disturbing. Don’t get me wrong, Dropbox and Box are still extremely and incredibly powerful tools and useful in their own right (I have accounts on both, just don’t keep anything on them for very long). I just don’t trust them to take responsibility for my data.
There is also the pesky problem of Fourth Amendment rights (also known as “Search and Seizure”). No Cloud provider is obligated to act as a representative of you or your data when governments demand access. In your own home (in the US at least), authorities need a warrant based upon probable cause. In fact, there is some question as to where the legal lines are drawn across borders, too. In any case, the best policy is to assume that when a Cloud provider holds your personal data, there is no such legal protection.
Now, before you raise the spectre of “If you have nothing to hide…” let me cut you off right there. I’ve already covered that myth before, and my position remains the same.
Synology has added in the capability of customizable cloud syncing with encryption. Now, this is not to say that encryption is the end-all, be-all of protecting your personal data. But If you’re not as paranoid as I am about leaving your stuff out for the world to hack, or if you plan on only temporarily keeping information stored elsewhere than your own backup Synology (as I do), this is extremely good news. No word yet on which encryption scheme they’ll be employing, but I’m hoping it’s robust enough for even skeptical people like me.
According to Synology, this is compatible with Amazon S3 and WebDAV storage systems, and can be set up as a one-way sync. This means you don’t have to send clear data in flight and then encrypt it at rest once it’s sitting on the remote storage device, allowing for potential man-in-the-middle attacks.
File-Based Backup Restoration and Version Control
One of the additional things that is very interesting is the ability to browse for, and restore, a single file. Previously the atomic unit for restoration was a shared folder. I’m particularly curious to see if this is something that can be done using the remote encrypted files as well. Additionally, Synology has included an automation rotation scheme for backup data and/or iSCSI LUN snapshots. That is, when you begin to run out of space the older backups/snapshots will be recycled into available space for newer ones.
What will be interesting about this is if you can set up an automated scheme for on-site backup rotation, where the oldest version (assuming you still want to keep it) gets encrypted and sent to an offsite Cloud backup location. I don’t know, but I can’t wait to find out. 🙂
Finding Out More Information
Synology is offering a giveaway to three beta testers in the program who provide the most valuable assistance and feedback. What giveaway? A DS214se, which is a nifty little media server (and, quite frankly, something I’m interesting in playing with.
They’ve also made some enhancements to their media station/multimedia server as part of the 5.2 and, while I don’t currently use that feature (I’ve got Plex running on my Synology instead), I’m curious to see how it looks/compares.
…in my copious free time, of course. 🙂
[Disclosure: No promotional consideration was paid to me in exchange for this blog. However, in the past Synology has provided evaluation units, so I thought that it appropriate to disclose this info just in case someone got persnickety.]