Is your data safe with cheap “prosumer” backup services?

I read a blog post yesterday written by Chris Colotti that described a scenario that sounds horrible:  a backup service deleting a customer’s data with little to no notice.

A few disclaimers: Chris makes it perfectly clear he is speaking on behalf of himself & his wife’s business – not his employer, Cohesity. Cohesity and Spanning (the company who deleted his data) are competitors (in certain markets) of my employer, Druva.  Druva does not compete with Spanning in the “prosumer” space.

The following is a summary of what Chris described in his blog post:

He was using Spanning to back up his personal data and the data from his wife’s small business.  Unbeknownst to him, he crossed over into what Spanning referred to as “excessive usage.” According to their EULA, “it is Excessive Use if at any time the cost of Licensee’s Users’ storage consumption far exceeds the Fees for the Services as calculated by Spanning.”

He didn’t see the single email they sent him in October about this problem, mainly because it looked like all the user messages he got from them about backup success, etc. There was no scary subject line or anything else to make it stand out.  So he never saw it. In November they cancelled his account and deleted (“reaped” was the word they used) 36TB of his backups with no additional notification other than that one email.  This is despite him renewing his contract in between the notice (that he didn’t see) and when the data was deleted.  He didn’t even realize this had happened until he went to try to use the service to restore something – in February.  That’s when he found out his account had been cancelled in November.

A few observations

There aren’t any limits, but there is a limit.  The limit is when we deem you are no longer profitable to us.  You, of course, won’t have any idea what that limit is, but we reserve the right to delete your data when that happens.  That’s the weirdest limit I’ve ever heard of. Completely arbitrary and not trackable by the customer.

One email before complete deletion?  With no scary subject line?  Really? I would think that if you were going to fire a customer for being non-profitable, you would send them many, many emails – even a phone call or two – before you decide to deactivate their account and delete their data. There wasn’t even an email that says “Account deactivated/Deleted/Reaped/whatever? ” I think if he had found out when this actually happened in November, he might have been able to get his data back.  But he didn’t actually find out until February. As Chris mentions in his post, have you ever had a GoDaddy domain and see what happens if it’s about to expire?  Man, do they email you.

They took his renewal money after he was put in the penalty box, and still said nothing.  To me, that’s the worst part of the story.  It reminds me of something that happened to me years ago, but more on that later.

Even though this isn’t the point of the post, I will say that my employer, Druva, offers both per-user pricing and per-GB pricing.  Any capacity limits on a per-user account are clearly spelled out in the contract.  A customer that goes over those limits would receive far more notification than a single email, which would include phone calls, etc.  Our long-term hope would be that we would rectify the situation and keep them as a customer.  The idea of simply deleting a customer’s backup data after a single email – regardless how egregious the violation – is simply unconscionable.

Spanning still advertises services at $4/mth for “unlimited storage of all your G-Suite data.” It then again says “Unlimited storage” and “Unlimited versions.”  There is no asterisk w/a disclaimer.  Clearly it is not unlimited, but they say it is.  It sure looks like false advertising to me.

Are cheap prosumer backup services safe?

Most of the services like this that I’ve tried are gone.  Mozy, Carbonite, & Crashplan have all abandoned their cheap offerings like this, sometimes with as little notice as Chris got. Ten years ago Mozy significantly hiked their pricing to make their service unattractive to data-hungry guys like Chris.  And they gave you 30 days to get out.  I gave them a ration for that back in the day.  It was the same kind of nonsense that happened to Chris.  30 days is simply not enough time to move any significant amount of data to a new service over consumer-grade Internet.

I also remember when Mozy didn’t run for an entire year on my laptop, while they continued to charge my CC.  No error messages, no nothing.  Just bills. How much customer service do you think you’re going to get for $4/mth?  Talk bout a small fish in a small pond.

ibackup is still around, but they’re charging enough money to make money.  They would have charged Chris ~$700/mth for 36 TB.  I don’t see anything wrong with that kind of service.  What I’m wondering about are these $4-5/mth “unlimited” services.

Chris was grandfathered in on that $4 pricing. Are there still services out there that still offer this kind of pricing?  Are they unlimited or “unlimited?”  Do you feel safe keeping your important data there?

My personal opinion is that it’d be a fine place to put a backup.  But I would not want it to be the only backup. That’s my opinion and I’m sticking to it.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.