DONATION Backup to the Cloud

Hello again DONATION advisors. Thanks to all of you who responded to my post yesterday about proposed backup and restore improvements.

Unfortunately, I thought of something else significant after making that post, which I’d also like to ask you about.

I considered this some time ago, and rejected it in favour of the email backups option I added, but I’m again considering adding an option to backup to “the cloud”, i.e. remote Internet-based storage. It might be on my own web server, or I might use a service like Amazon’s S3 (Simple Storage Service).

The idea would be that as an option, following every regular backup, an encrypted version of your backup would also be sent to the online storage. Obviously this would slow things down, depending on your Internet speed and the size of your database backups, but it would give an additional enormous level of security for your backups.

One big concern would be distinguishing everyone’s backups from everyone else’s. My thought is that the first time you went to use an online backup, a special guaranteed unique ID would be generated for you, and stored in your database. That key would be used to identify your backups online. It would also be transmitted to me (the first time) so that if you somehow lose everything on your computer and all local backups you have made, you can request the key from me, re-enter it into a new copy of the program, and then retrieve that online backup.

There are a couple of options for how the encryption could work. Obviously, it would have to be based on an encryption key.

One option is to just have you provide the key, and also store it in your database for re-use each time you do an online backup (or restore). That’s like how the current email backups work – you provide the key, and if you forget it, you are completely out of luck. It would be the same with this. (I would not suggest that you send me the key – I should have no access to your data.)

Another option would be for me to have a secret way of generating the key from your unique ID, and just use that generated encryption key.

Both methods are succeptible to cracking (though with significant difficulty!). If someone knew your unique ID, they could enter it into a copy of DONATION, and get back your encrypted database. At that point, with the first option (you provided the key), standard methods could be used to guess obviously bad keys (like “password”!) which some percentage of users always use. With the second option (I create the key in a secret way from your unique ID), a very skillful programmer might be able to reverse engineer my program to determine what my secret way was.

And of course, anyone with access to your current database could also get access to your backups stored online. But that doesn’t seem like a big concern, since they already have access to your current database!

There are also privacy concerns in terms of national legislation like the US Patriot Act, which as I understand it gives the US government the right to inspect any data that is stored in the USA, and to demand any required encryption keys from the data’s owner. Apparently there is somewhat similar legislation here in Canada, and Canadian privacy legislation may forbid the storage of such information in the USA. One option with Amazon’s storage is to store the data in their facility in Ireland. I’m guessing that could cause slightly longer transmission times, but might address this issue. Or perhaps users just aren’t that concerned – generally the IRS in the USA or the CRA in Canada would have the right to audit you, including seeing any donation information, anyways!

My web server is in Vancouver, so storing the data there (or in some Canadian cloud storage provider) would at least eliminate the Patriot Act concerns.

Because there is a cost to online data storage (though it’s quite minimal!) I don’t see retaining unlimited numbers of backups from each user online. Perhaps the last 3?

Any thoughts about all of these points, and the general idea? Many thanks!

14 thoughts on “DONATION Backup to the Cloud

  1. Hi Dan

    Having used your program for several years, my experience has been nothing but positive. Since I will be leaving my position in the early part of the new year, I will be transferring all information to the new treasurer. I believe we are paid until Sept, 2012(Bala United Church). I will pass this information on to our new treasurer since I believe it is something well worth exploring further.

    I thank you for your wonderful program and wish you well in the new year. YOU have been marvelous!!!!

  2. Maybe users can download “My DropBox” and just copy the date file there from time to time. That requires no work on your side and very little on the users side. The program will only update the stored version of the file if there is a change to the data.

  3. It seems that there is really no guaranteed failsafe method, as you have pointed out. Personally, I am satisfied with my backup procedure: I email the data to myself as well as saving the data file to a stick, overwriting the old data file. That guarantees the file on the stick is the latest one. With the email method, I could restore an older file if I missed seeing the latest email message containing the backup.

    I use Dropbox a lot, just for transferring files between computers; however, copying the file to Dropbox does not add the encryption and is subject to hacking, should someone get into your Dropbox. Just an aside, when I delete a file in Dropbox in my Linux computer, it does not show anymore as being in my Dropbox, but there is a backup of it in the Dropbox which is only visible in my Windows machine, although it can easily be deleted in my Windows machine.

    • What you are doing is great for sophisticated users. But if I could provide a completely idiot-proof (though I know none of my users are idiots!) automated online backup method, more users would be protected from losing everything, which unfortunately does happen periodically.

      Anything that requires an install by the user, like DropBox, probably isn’t going to happen except for a small minority of users.

  4. We have themicrosoft cloud provision already. Would it be possible to submit our backup data directly to our own site?

    • I’m afraid don’t understand what the “Microsoft cloud provision” is, Jill. Please email or phone me with more details.

      If it’s some sort of online backup solution, then of course you can specify the DONATION database file (and/or DONATION backup files you make on the local hard drive) to be part of your regularly scheduled online backups.

      I’m talking here about providing an extremely simple solution for users who are less sophisticated, and have not set up their own online backups.

  5. I Think cloud backup is a good idea if your customer base is to grow.
    I personally will continue to use the email backup as I already use a dedicated gmail account to deposit many other monthly reports and transaction records.. So placing Donation backups in the same place makes sense for me.. But, I think most people looking for a donation tracking program would consider the lack of cloud backup a negative.

    I don’t really have any input on the best place to host the data. The better the encryption, the better, obviously.

    I also am a huge Dropbox fan and would think there is a way to use that service, but it would, undoubtedly, require some setup on the part of the user and would not be as secure and foolproof as a dedicated server.

    Is it possible you could partner with a file storage vendor who would handle data protection/integrity and security and charge a small fee to the user? This might insulate you from liability and place the job of data security in the hands of someone who does this as a day to day business. Users who don’t want to pay could always continue to use the email backup.. Or a Dropbox option which you could document (detailed instructions). This allows you to advertise the availability of a cloud backup option and also insulates users who don’t use it from the cost that may creep into your overhead if you totally manage it yourself.

    Unless you are absolutely firm on your security issues and have them covered, I would not get into this. You have too much to lose and little to gain, so to speak.


  6. If it were made optional I would have no objection – but I would not use it. I’ve made sure all our computers have RAID functionality, so losing data to a hard drive failure isn’t an issue. Also, we back up regularly and store the backup off site so we’re protected in the event of a fire. Since that doesn’t leave us with any issues we’re not looking for a solution.

  7. Dan:
    As you know I work with a number of churches and many of them are also users of Donation. Recently, I have been asking about the use of cloud based computing, mainly for their bookkeeping but also for other applications which are out there now and in current use. I am somewhat surprised at the general distrust for cloud computing. They want the dataset in their possession and nowhere else. Today I asked three of them about Donation backups in the cloud with a loud resounding response of ‘not on your life, that is our name and address list.’ Might this cause some backlash? I don’t know but I thought I would mention the results of my totally unscientific survey with results within 100% deviation. Yes, they are all small churches but they are suburban based.
    For my own purposes an automatic backup offsite sure helps my short term memory and adds a level of safety for the dataset.

    • Thanks, Clyde. When you were asking those churches about that, did you make it clear that the data would be totally encrypted?

      This is really an interesting point, because there are a number of web-based church software vendors, and web-based fundraising systems, that are quite successful. Their data is probably less secure than a mere encrypted backup in the cloud would be! (I’m not saying outsiders could get at it, but the web-based software companies almost certainly could get at it.)

  8. Personally, I shy away from anything remote that I can’t control and that applies to any “Cloud”. For large files, the bandwidth required to transmit to/receive from the Cloud is often excessive, not to mention the on-line time required, transmission problems, etc., etc. I back up all my data files after each access to the local hard drive. I also synchronize all my data almost nightly to a separate external terabyte drive as well as my laptop. The procedures are “memorized” and automatic. Thus, I have all data on at least 3 separate storage media which are not in the same location in the building.
    In conclusion: no interest in “The Cloud”. Obviously I won’t object if it’s an option others wish to use.

    • One thing to keep in mind is that for most of my users, their database backups will be fairly small, probably only 1MB or less on average. With a high-speed Internet connection, uploading that would be quite quick.

      Whether people would want the service is another question.

  9. Pingback: DONATION version 3.41 Beta, with Internet Backup « Software4Nonprofits Blog

Comments are closed.