Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

How to Use Cloud Storage Safely

Four rules to prevent disaster.

Cloud service providers often give us lots of storage we can use for cloud backup. How to use it safely, however, isn't always obvious.

Cloud Storage

Question: I now have 1 TB of Microsoft OneDrive storage. How should that affect my backup strategy? Most of my data files are now on OneDrive; do those need to be backed up? Can I use OneDrive space as my “external hard drive” for backups of my other files? How about for image backups? Can/should Macrium Reflect put a system image onto OneDrive? Other advice re wise and safe use of cloud storage?

The availability of “cloud” (or online) storage has greatly expanded our options for keeping data both safe and accessible.

While it’s expanded our cloud backup options, it’s also expanded our ability to get it wrong. It’s now easy to think you’re backed up when you’re not or to inadvertently expose yourself to additional risks.

Let’s review some rules about backing up and about cloud backup specifically.

Become a Patron of Ask Leo! and go ad-free!


Using cloud storage safely

Your cloud storage is only one “place”, so files living there and only there should also be backed up some other way. It’s important to consider what files you place in a cloud service in case you get hacked. Encrypting those files is one way to protect yourself. It’s important to keep backing up locally, as internet speeds are not fast enough to treat online services as replacements for external hard disks. Above all, make sure you secure your online accounts, be they cloud storage or anything else important.

Cloud storage vs cloud backup

First, let’s review our terms. We seem to use these two terms interchangeably when in reality, they’re two distinct things. The distinction matters.

  • Cloud storage is nothing more than an online service into which you can store and later retrieve files. Examples include OneDrive, Dropbox, and others, but can also include your favorite photo-sharing site, your own website, or just about any other online service that can hold files — even email.
  • Cloud backup specifically uses cloud storage as a place to keep backup copies of your data. You may work on your files on your computer, but some process makes copies of those files and stores them securely online.

Cloud backup solutions typically fall into one of two buckets:

  • Tools like Dropbox and OneDrive, which are primarily multi-computer file-replication and sharing utilities. They back up files almost as a side effect of their utility.
  • Dedicated backup services, which mimic traditional backup programs by backing up on a schedule but use online storage rather than an external drive.

1. Back up your cloud data

This is by far the single most important rule I can offer you. If you remember nothing else, remember this:

If it’s in only one place, it’s not backed up.

I don’t care where you keep your data — on your computer, in the cloud, or somewhere else — if you have only one copy,1 then by definition, your data is not backed up.

So when you say, “Most of my data files are now on OneDrive; do those need to be backed up?” the answer is a resounding YES. OneDrive is only one place. Just because the files are stored in the cloud doesn’t mean you won’t lose them; just that you may lose them for different reasons.

Yes, the service provider is most likely backing up its servers, but that does you no good if you accidentally delete a file, or worse, your online account gets hacked and the hacker deletes everything.

You must back up the data you keep in any online service, or you are at risk of losing all of it in an instant.

2. Be careful what files you place in the cloud, and how

The answer to “Can I use OneDrive space as my external hard drive for backups of my other files?” is a qualified “Yes.”

Cloud services are, in fact, great places to back up many files on your computer. In one operation, you get both backups (an additional copy of the data on your hard disk) and off-site backups (copies stored somewhere other than where your computer is located). That’s a very good use of cloud storage as cloud backup.

However, there’s a catch.

If your online account is compromised, it’s possible your files can become accessible to hackers or others. As I’ll discuss in a moment, that means the security of your online account is critical. It also means you may want to think twice about what files you place in the cloud.

Or you might want to consider how you place them there.

One good alternative is to encrypt the files you place in the cloud. You can do that yourself manually, or use a tool like Cryptomator to encrypt your files automatically.

3. Keep backing up locally

Unless you have an amazingly fast internet connection, the cloud is not a viable solution for image backups of your computer.

However, complete image backups of your computer are key to being able to recover quickly from a variety of disasters. You need to keep doing them.

Why aren’t cloud backup services ready for image backups? It’s simply an issue of size and time. Image backups are large — often hundreds of gigabytes. Even on a fast internet connection, it could take days or weeks to upload the backup to online storage. Image backups are created and updated faster than they can be uploaded to a cloud service.

So while cloud backup using cloud storage can be a very convenient and helpful addition to an overall backup strategy, it’s in no way a replacement for local backups, nor is it an appropriate place to put your image backups.

4. Secure that account

The security of any online account is important, but it becomes even more important for the account you use for cloud backup.

It’s too easy not to take your online account security seriously.

For any account into which you place important information — not only cloud backup, but email accounts, photo-sharing accounts, social media, and others — it’s critical that you use as many of the techniques at your disposal to keep it as secure as you can. That includes:

You get the idea. It’s basic internet security we should all be doing anyway, but it’s easy to overlook and easy to get wrong.

When it comes to important accounts, like an account you use for cloud backup, then those additional measures — like two-factor authentication — might also be called for.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Footnotes & References

1: Meaning only one instance of the file in only one place, without any duplicates anywhere.

19 comments on “How to Use Cloud Storage Safely”

  1. In the case of this user with 1TB of cloud storage and lets say backing up this data results in a compressed file of 500GB how does the cloud provider actually back this up ? And add to this the possibility that maybe 10,000,000 customers have signed up and are using this service with 1TB each ! I don’t see how this is done economically or even at all. I do not recommend the cloud to any of my customers because of the possiblity of total loss of the service and contents, permanently or temporarily for long periods. I would think that the cloud providers backup consists of raid 5 arrays with as many disks as possible in the array. And that is not a backup. And if you need some data back quickly how long does it take to work your way through the cloud company layers to get the restore done. And what happens if both your company AND the cloud company are in the same State and both get clobbered by some major catastrophy. I can see how it might actually take weeks (if ever) to get access to your data when there might be another 1,000,000 customers all trying urgently to do the same thing.
    So maybe the cloud provider has a duplicate site on the other side of the country (would love to see the link between them) so that means TWO huge sites AND TWO backup systems. With mans ability to oversell anything and everything I cannot see the cloud being a viable system at least for the forseeable future.
    In Christchurch during the large quake a few years ago a lot of people lost access to their computers when their buildings and offices were were made offlimits, or even condemned on the spot, because of potential danger. A simple 1TB disk bought in from home could have provided full access immediately rather than the long wait for a cloud supplier to get organised. In this instant the only holdup would be the provision of sufficient hardware to rebuild and that is and was also a major concern.
    The whole area of major disaster recovery (including company data) is not well thought out at all. You only had to watch Japans efforts during their major tsunami and the US’s handling of the New Orleans floods to realise that man just cannot cope with major disasters without such a level of planning that we are incapable of yet.

    • My understanding is that most online services – from email to storage to photo sharing to whatever – typically backup to high capacity tape. They DO back up. The unknowns are how often, and how many copies do they keep and for how long.

    • The “average” user does not use anywhere near their 1TB allocation.

      Remember back to Sept 2015 when Office 365 came out (same time as Office 2016) with “unlimited”, truly unlimited OneDrive space. That only lasted 1 year because a few users took MS literally and stored digital copies of the Tape/DVD movie and audio collections.
      MS treats consumer and business OneDrive very differently. Consumers cannot trust MS “backups”. We don’t have access to them. And if MS “loses” files, there is still a good chance they won’t do anything to help the user to recover them.

      Business OneDrive is better protected.

  2. Using tapes isn’t going to help much. It certainly doesn’t inspire me with confidence in using the cloud as backup storage. Using my figure of 10,000,000 potential users (and I do understand that this may not be a “real” figure) each storing 1TB or 500GB compressed (and hoping that the data isn’t already compressed like jpgs) this means that you can fit 3 users onto a single LTO-5 tape (3TB capacity with compression) and a maximum transfer rate of 504GB/hr so it takes 3 hours to write one tape for 3 users. That mean 10,000,000 users will take 10,000,000 hours to backup. Allow 1,000 tape machines that still means 10,000 hours to do one full backup. That’s 416 days for 1 backup. So how often do they do this and how many copies do they make ? And how long would it take to restore 1,000,000 users from tape ?
    Of course this assumes a lot of things and I am guessing that we are in the early days of cloud storage but I still wouldn’t rely on using the cloud to back up anything critical. Until high speed internet happens (bandwidths of terabits/hr into every business and home) AND the next couple of generations of high capacity storage media is in USE (rather than just being talked about) then the cloud is not a viable medium for medium to large business’s – other than maybe the first few to get into it early.
    If you, as a provider company of cloud storage, have say 10-20 clients all using the cloud then maybe the it might work for a while and be manageable but using my figure of 10,000,000 that makes 500,000 new cloud storage companies (less the few that now exist) required.
    So if you are using cloud storage as backup I would suggest you ask the companies just how they would cope with a major emergency, how often they backup, where the backups are stored, how long to restore if say 1/2 of their users need it doing at once, and any number of other questions. Other than a few specific cases where it may be a viable alternative (niche market) I contend that cloud storage, especially for backup purposes, is mostly hype.

  3. I have not done the extensive numerical analysis that CC presented abov, and it is sobering. However, at least in my case, the Cloud Backup (actually it is DropBox) is multi-purpose, and does the job. I maintain 5 computers at home, three are for my primary use, one general and one for my wife. Putting all of my data on a DropBox folder gives me some benefits (1) the assumed Cloud Backup, (2) my data available on any of my computers, even a public computer, and (3) I can back up my wife’s data at the same time that I back up my data onto an external drive.

    In the past I found it more convenient and faster to recover an inadvertently deleted folder from my DropBox account than using Macrium Reflect to restore it from the external drive. That may be different if we are talking about many Gigabytes. My primary backup is still the external drive, but DropBox offers the obvious benefits. As to global disaster, well, when that happens, I would have bigger things to worry about.

  4. I realise this is coming late to this discussion, but I use Google Docs quite heavily, and a sync client for Google Drive by a company named Insync. It seems to address most of the issues with Google Drive, not least that it syncs the full files to your local machine, converting them to either MS Office or Open Office format as it does so. I have used it for a while and found it both robust and consistent. In addition my local data is all backed up using Crashplan, although there are other cloud backup services that do equally well. So I have a local copy in MSO format, a Google Drive copy on Google’s servers, and a backup copy on Crashplan’s Australian servers. It all seems to work reliably and has saved my bacon a couple of times.

    I am not sure whether it is acceptable or not to mention commercial products and services by name, but I have no connection whatsoever with either Insync or Crashplan other than as a very satisfied customer paying their full asking price for what they offer. If this comment can be published perhaps it might encourage a few of your readers to consider a similar setup.

    Regards, Peter

  5. I use OneDrive to store files and have it set to keep copies on my computer so that they are always available, even when I’m offline. I regularly backup my computers to external drives using Macrium Reflect.
    Since I have a Microsoft account to use OneDrive, I’ve setup my account to use two factor authentication and I downloaded and printed an account recovery code for my account. I have also setup an alternate email account, also 2FA protected, and periodically log into it to keep it active. That email account doesn’t get used at all for anything else except account recovery purposes.
    It takes time and a little effort to do so, but I’m confident that I’ve locked the doors and can still get into my files no matter what. I also use LastPass and typically max out the characters for passwords.
    I’ve done what I can think of to secure my account. I figure Microsoft knows how to keep their servers secure to prevent mass data dumps.

  6. You say that OneDrive and Dropbox aren’t backups. That’s technically true, but your OneDrive and Dropbox keep a copy, both on your computer and in the Cloud. There are some risks, for example, if you accidentally delete a file on your computer, and don’t recover it from the Cloud server’s trash bin, it’s lost forever. I consider OneDrive my secondary backup and file server. I use Macrium Reflect on my main computer and Easeus Todo on the others for system and incremental backups. I have 5 computers and 4 Android devices, all accessing the same files. I use 2 of them daily so all of my personal files are on both machines as well as in the cloud. Additionally, I have OneDrive on my phone and tablet and have access to any file in OneDrive.

    I’ve been playing with pCloud. That’s another principle entirely. It creates a virtual drive of the files on their server and stores nothing on your computer. I’d be careful with pCloud and make sure that I had a copy of those files somewhere else.

  7. I am using pcloud as a backup. My active files are on OneDrive and Dropbox. Pcloud backs up those once a month. I also backup my google photos to pcloud periodically as well. I also have old computer backups on pcloud. I also backup my photos and old files to an external hard drive. As well as regular images. So I feel like most everything is in 3 places: original source, pcloud, and external drive.

    • pCloud is good but you have to be careful. By default, pCloud doesn’t sync the files. The files in the pCloud virtual drive don’t reside on your computer, they reside only on pCloud servers. It appears you are doing the right thing by also having a copy of your files on other servers which retain a copy on your computer. This caveat is for others who might see pCloud as an alternative to OneDrive or Dropbox.

  8. I use Mega as my cloud provider. It provides end-to-end encryption, versioning, and the ability to mirror multiple folders of your choice, not just a single folder. Any file that changes in any included folder is mirrored immediately.

    My desktop includes a 256GB SSHD for the Linux OS and two internal 1TB spinning drives plus one USB external 1TB and one USB external 3TB. I’m a backup fool. Daily data backups to the always connected 1TB external and weekly full backup, data and OS, to the 3TB which is then unplugged.

  9. “Leo”:
    Your advice about using OneDrive as a possible backup resource is useful. And so are your warnings about using it.
    The one thing you did not mention was how to “disconnect” OneDrive from automatically syncing the files to/from local HD and cloud. If sync left working, deleting a file in any location will eventually delete it everywhere. Not a desired feature for a backup. And syncing does not keep historical copies. Yes, OneDrive has a “version” feature, but it is not reliable. You never know when “backup” versions will be deleted.
    IMHO, the only way OneDrive can be used as a legitimate “backup” is if the user controls when “backups” are saved.

  10. Thank you for this item, Leo but I have a question. I sync my files to/with OneDrive, so they reside on the OneDrive server. I have an Ernest – Personal folder in File Explorer so my files are always accessible on all my computers (using the same Microsoft account). When I generate an image backup (with Macrium Reflect) on my primary desktop PC, do my files on OneDrive get backed up too? Or is there a specific process I should be performing to back up my system AND OneDrive? To be honest, I understand a lot about Networking and the Internet, but I still have much to learn about OneDrive et-al.

    Any insight you can offer is greatly appreciated,

    • Everything that’s actually ON YOUR COMPUTER is backed up.
      If your OneDrive files are on your computer, they’ll be backed up.
      That means you need to ensure that the “files on demand” feature is turned OFF.
      OneDrive Files on demand setting.

  11. Here’s how I use OneDrive:
    The Documents, Music, and Picture folders were moved to OneDrive. OneDrive is set to maintain copies of all files on my hard drive. So those files are now in two locations. I use Cryptomator for files that need extra security (financial, medical, tax records, etc.)
    I use Macrium Reflect to backup my computer daily. Because the OneDrive folder keeps files on the computer, they also get backed up.
    Once a month, I copy the contents of my Cryptomator vault unencrypted to an external hard drive that is encrypted with Bitlocker.
    Files are now backed up in at least 3 locations, one of which (OneDrive) is in a remote location. I went passwordless on my Microsoft account and have printed copies of my Microsoft account recovery code and Bitlocker keys that are kept in a safe. There is also an additional hard drive with a system image in that safe.
    I figure that a major disaster would have to happen for me to have a data loss issue.

  12. Thanks Leo for the excellent service. My cloud storage solution is using Syncback Pro and pCloud (US servers). Syncback backs up desired files unencrypted to 3 locally encrypted mounted drives (using the outdated truecrypt) that only gets mounted at the end of the day when I run SyncbackPro with automated system shutdown after back up completes and then pcloud encrypts each file itself with my supplied passcode before copying to pCloud. A restoration from pCloud is not as simple as attaching to an encrypted folder as you do but it works for me. I do still need to figure out (and maybe SyncbackPro will do this I don’t know) is how to unencrypt the SyncbackPro encrypted files other than one at a time if I ever need them. SyncbackPro might do that but I’ve never tried (a glowing knowledge hole in my backup plan for sure).

  13. Leo,

    Thank you for your response. I have turned off Files on Demand, so hopefully, all my files will be backed up with Macrium Reflect going forward.


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.