Offline Backup Data Storage

Offline Backup Data Storage1. Offline Backup Data Storage

There are several important factors to consider when choosing an offline backup strategy for data storage: acquisition cost, intended use, size, features, styling, useful life, operational time and expense required, power consumption, potential risks and threats, security, legal compliance, convenience, speed, reliability, durability, manufacturer reputation and support, warranty, storage space, storage environment, obsolescence, and environmental impact.

For personal, home, small business, legal, financial, crypto coins, medical, confidential, and Remote Online Notarization (RON) records, here are some low-cost solutions that require minimal time and space to set up and operate.

2. 3-2-1 Backup Strategy

The well-known robust 3-2-1 backup strategy recommends using redundancy and decentralization to protect data by keeping at least 3 copies of important and irreplaceable files, stored on at least 2 different types of storage media, with at least 1 copy stored offsite, to prevent a cyber attack, single point of failure, or single cause of failure, from causing a great loss, damage, or downtime.

In case a corrupted file, human error, malfunction, malware, or ransomware spreads and affects all online copies, it is a best practice to also store one or more backup copies isolated in offline storage, with a copy on immutable read-only storage that cannot be changed by an operator, hacker, error, malfunction, or malware.  Adding an air-gapped offline backup creates a more resilient 3-2-1-1 backup strategy.

The 3-2-1-1-0 golden rule backup strategy also includes error checking to verify there are zero errors in the backup data at the time of backup and restoration. Use backup software that includes file verification.

3. Storage Drive and Media Choices

3.1 Flash Memory versus Magnetic Hard Disk Drives

3.1.1 SSD versus HDD

If you do not store a multi-terabyte collection of photos, images, videos, movies, music, audio, or other large-sized files, you do not need the lower cost per gigabyte storage of magnetic hard disk drives (HDD) or magnetic tape drives.

The cost advantage argument is now disappearing as prices for new 1 TB SSDs continue to fall, with recent storage cost at 6 cents per GB for both SSD and HDD. [See price chart below.]

The average home user or small business does not use more than 500 GB or 1 TB of file storage.  Only media creators, media servers, big data applications, data centers, and movie and music collectors use multi-terabyte storage and Network Attached Storage (NAS). NAS systems cost hundreds of dollars and are not discussed here.

offline backup media choices

Many computer users no longer use magnetic hard disk drives for daily use.  Magnetic tape drives are too expensive to purchase for small storage needs, but still are used in some large businesses and data centers.

New computers have solid state drives (SSD), using flash memory, installed at the factory. I have replaced all hard disk drives (HDD) on older PCs with Samsung® SSD and Samsung FIT Plus® USB 3.1 (Universal Serial Bus) flash drives.

SSD storage capacities and speeds have increased, and costs have greatly decreased, making the cost per gigabyte affordable for the average user. They are fast, rugged, light weight, silent, low power, and reliable, with no moving parts.

Samsung SSDs have a high lifetime total TeraBytes Written (TBW) rating that most users will never reach, so they will not wear out by reaching the maximum flash memory Program/Erase (P/E) cycles, by storing files that are read-mostly, with few writes. After 6 years of small business use, my Samsung 850 Pro SSD has only used 20% of its rated TBW life.

JEDEC® industry standard JESD218 requires a client SSD, that has been used with a typical workload, and has reach its end-of-life TBW rating, to retain data when powered off, for at least 1 year, when stored at 30°C (86°F).  But, by reducing the storage temperature to 20°C (68°F), the data retention time is about 5 years. Storing flash memory in a refrigerator at 5°C (41°F) extends data retention time to about 20 years.

A new MLC drive can retain data for 10 years, if written only for monthly backups, then powered off and stored at room temperature.  When powered on, the SSD controller will automatically refresh the stored charge on flash memory cells to prevent data degradation.

Storage Tip: Use SSD models that include at least a 512 MB DRAM cache.  This boosts performance and lengthens the life of the SSD by reducing flash write cycles.  Some cheaper DRAM-less SSD models have a shorter 3-year warranty, rather than 5 years.

Hard disk drives are more fragile, heavier, use more power, and more susceptible to damage from bumping, dropping, vibration, water, spills, smoke, dust, temperature, high altitude, magnetic fields, and electromagnetic pulse (EMP). They require defragmenting of files for maximum performance.

3.1.2 USB Flash Drives

Samsung USB 3.1 mini flash drive FIT+ 128GB

For offline backup data storage, and nearline backup, my primary digital media choice is Samsung FIT+ USB flash drives.  They are available in storage capacities of up to 256 GB, have a 5-year warranty, and are very small (thumbnail sized), waterproof, shock-proof, temperature-proof, magnet-proof, and X-ray-proof, within the limits stated in their product specifications.

Samsung T7 Shield portable SSDSome other vendors offer flash drives of 512 GB or larger capacities.  But, a Samsung T7 Shield SSD ruggedized external high-speed USB 3.1 SSD is a better choice for larger capacity portable offline backup storage needs.  Beware that large capacity drives may be using QLC memory, not TLC memory.

Upgrade Note: The price of internal NVMe® SSDs has been falling sharply, making it attractive to place an internal NVMe SSD into an SSK® M.2 NVMe USB 3.2 Gen 2 (10 Gbps) aluminum enclosure adapter ($19), with UASP TRIM and SMART support, to create an external SSD, with faster speed, more storage capacity, SSD features, and longer endurance, as an upgrade from an ordinary or premium USB flash drive. It will be limited by the USB port speed, use at least USB 3.0, but it will be very fast for making backups.

SSD controllers support wear leveling, TRIM, DRAM cache, secure erase, firmware updates, and SMART status to monitor drive health.  Low-end flash drives are smaller, slower, and use simpler flash drive controllers that do not include these SSD features.

For a higher cost, there are some premium and high-end flash drives with SSD-like speed and features.

A Samsung Fit Plus USB mini flash drive will not wear out quickly by simply doing periodic daily, weekly, monthly or less-frequent backups of mostly static files, with few new or revised files to write.

3.1.3 Premium and Industrial Flash Drives, Memory Cards

An average home user does not need a more expensive premium, professional, industrial-grade, or enterprise-grade flash drive for short-term offline backup if only doing limited writes.  But, if you have a write-intensive workload, or want more robust fault-tolerant long-term storage of important personal or business records and photos, upgrade to a more reliable grade of professional or industrial flash memory for a longer useful operating life.

If you are doing more frequent hourly or daily file saves or backups of many gigabytes of write-intensive new or revised files (dynamic data), logs, transactions, daily records, raw data, CAD, compiling, drive images, databases, creative work, high-resolution photos, video editing, or security videos, use an SSD, premium or industrial flash drive, or memory card with MLC (multi-level cell) flash memory for longer drive life, rather than the less-expensive, less-durable TLC (triple-level cell), or QLC (quad-level cell) memory.

The Kingston® flash memory guide states, using 20 nm technology, SLC works for up to 30,000 write cycles, MLC up to 3,000 write cycles, and TLC up to 500 write cycles. For endurance estimates, if no manufacturer information is available, I use 600 P/E cycles for TLC, and 300 P/E cycles for QLC.

Some premium flash drives [Corsair® Flash Voyager® GTX, Kingston DataTraveler® Max, Patriot® Supersonic Rage Pro, AXE® Speedy+] support UASP (USB Attached SCSI Protocol) with faster transfers, SCSI commands, command queuing, out-of-order completion, TRIM (UNMAP), and SMART status.

Mushkin® Impact, Transcend® JetFlash® (endurance series) 720, 750, 780, Verbatim® Store ‘n’ Go® Vx400, and Patriot Supersonic Rage 2, flash drives use MLC.  Some old product reviews state that Corsair Flash Voyager GTX uses MLC and wear leveling.

I did not find any premium USB flash drives using MLC from Samsung, SanDisk®, or Kingston.  Kingston states that their industrial flash storage devices use advanced wear leveling technology.

Samsung PRO Plus 128GB micro SDXC

Samsung Pro Plus® memory card uses MLC memory and has a 10-year warranty.

Kingston Industrial microSD card, with a 3-year warranty, is rated up to 1,920 TBW with 30,000 P/E cycles, using TLC in pSLC (pseudo SLC) mode.  Features include bad block management, strong ECC engine, power failure protection, wear leveling, auto-refresh read distribution protection, dynamic data refresh, SiP (system in package), garbage collection, and health monitoring. See article Kingston industrial flash memory card features.

There are also more expensive, long-life, rugged industrial-grade flash drives using SLC (single-level cell), pSLC, MLC, or industrial TLC, available for fault-tolerant high-reliability use in embedded, manufacturing, aviation, automotive, medical, harsh environment, extended temperature range, and military applications.

Some industrial-grade flash drives include Transcend JetFlash 270M (MLC, 32 GB max, 31 TBW), Transcend JetFlash 740K (MLC in SLC mode, 16 GB max, 150 TBW), Transcend JetFlash 282T (high-quality 3D NAND, 3K P/E cycles guaranteed, 512 GB max, 340 TBW), Transcend JetFlash 180I (3D NAND in SLC mode, 16 GB max, 1,146 TBW), and Transcend JetFlash 170 (SLC, 2 GB max, 62.5 TBW, slow USB 2.0).

The Transcend JetFlash 270M uses MLC.  JetFlash 282T uses the latest 112-layer technology 3D NAND for larger storage capacity applications. Both models include built-in ECC (error correction code), wear leveling, bad-block management, garbage collection, read disturbance protection, 1500 G shock resistance, and a storage temperature range of -40F to +185F.

Flash drives are generally available for use in different temperature ranges: commercial 0 to +70C (+32 to +158F), wide -25 to +85C (-13 to  185F), extended -40 to +85 (-40 to  185F), automotive -40 to +105C (-40 to  221F).

Industrial-grade products cost more per GB and are usually sold by IT resellers and distributors that serve business, medical, manufacturing, and government customers, not consumers.  Check CDW®, Insight®, and Provantage®.

Note: Check the manufacturer’s website for current product specifications. Product designs, components, quality, or warranties, may change or vary over time due to new versions, new technology, or component availability.

3.1.4 Multi-Tier Flash Storage Policy

Flash drives are available in quality grades and price ranges of
1. scam/counterfeit/junk grade, 2. generic low grade, unknown brands, 3. name brand consumer grade, 4. premium/professional grade, 5. industrial grade, and 6. federal/FIPS/military grade.

Note: Federal Information Processing Standards (FIPS) categorize information into low, moderate, or high impact, based on three security objectives of confidentiality, integrity, and availability (CIA). Greater security measures are required by FIPS where there is a potential of greater harmful impact if a vulnerability is exploited by a threat or risk.

Note: The worst type is a flash drive with malware or spyware pre-installed that causes damage to your system or steals your information. Disable auto-run and check flash drives with anti-malware software before use.

Storage Tip:  Configure part of your memory as a RAM drive for editing audio, video, photos, images, and slides to extend flash memory life.  I use a RAM drive as my browser cache, a download folder, and as temporary storage for motion-sensor security videos pending review.  RAM is very fast and does not wear out.

System RAM Tip:  Use at least 16 GB RAM in your computer so the CPU can store more instructions and data in RAM and reduce reads and writes to the SSD or flash drives.  I use an Intel Core i7 CPU with 12 MB of fast on-chip CPU cache, which reduces reads and writes to RAM.

Windows Write Cache Tip: If your computer has reliable battery or UPS backup power, and is running steadily without any unexpected crashes, an administrator can enable write caching under SSD properties to reduce flash write cycles.

The operating system will temporarily store write data in the fast RAM cache rather than writing immediately to the slower SSD. The data in the RAM cache will be automatically written to the SSD later in an efficient manner.

Write caching can also be enabled on USB flash drives, with high caution to always use safe eject to flush the cache and dismount the volume before removing the drive.

You can create a multi-tier flash memory storage policy to optimize storage based on file write frequency. Match your workload to a suitable flash device type. Check the product specifications before purchase as part of your well-informed due diligence.

solid-state memory storage tiersTier 1. For storage tier 1, use name brand SSD, premium, professional, or industrial grade flash drives with MLC or TLC, and wear leveling, for frequent write-intensive workloads that update daily, hourly, or more frequently. Leave at least 10% unused for spare blocks.

Higher-grade SSD and flash drives with MLC and fault-tolerant features are also more suitable for long-term high-reliability data storage of important files, records, secure notes, password vaults, key files, private keys, PGP keys, crypto wallets, encrypted files, and 2FA seed and recovery words.

Samsung Pro series SSDs generally use MLC, for a higher price, and EVO series uses TLC, for a lower price.  QLC SSDs are usually the lowest price per GB, designed for bulk storage needs, not high performance.

Some QLC drives include an MLC, SLC, or Intel Optane® cache for faster performance and longer life when used as a working drive.

Tier 2. For storage tier 2, use name brand TLC flash memory for less-frequent or smaller-sized daily, weekly, monthly, quarterly, six-month, or annual backups.

Tier 3. For storage tier 3, use name brand TLC or QLC for quarterly, six-month or annual backups, or archives of permanent records, eBooks, reference manuals, educational courses, or audio, music, video, movie, photo, or image libraries that rarely or never change.

Wear leveling is not a concern for less-frequent tier 2 and 3 backups.  If the rated device life is 600 P/E cycles, and you do weekly full-drive backups, on average, it would not wear out for 600/52=11.5 years!  Most backups are only adding a few new or revised files, not writing the full drive.

3.1.5 Use New, Name Brand Flash Drives

Note: never use junk, low-quality, cheap, generic, or worn-out flash drives, memory cards, HDDs, SSDs, or optical discs for offline backup of important files.  Replace old slow USB 2.0 (up to 50 MB/s) drives and PCs with much faster USB 3.2 (up to 500 MB/s or faster).  For physical durability, and heat dissipation, use rugged flash drives in a metal body, not plastic, and a 5-year warranty. Some ruggedized models have a rubber coating or jacket to absorb shock.

Beware of and avoid low-priced junk, false-sized fake, scam, and counterfeit flash drives.  Buy major name brand products directly from the manufacturer’s website or from a trusted reputable vendor with a money-back return policy for defects.  Run a diagnostic memory test during incoming inspections to identify fake drives and defects.  A manual spot check of a few files or GB is not sufficient.  Many scam drives have a small amount of working flash memory, but not the full amount advertised.

Since October 2023, I now use free ValiDrive software to test incoming flash drives for validity.  It was written by security pro Steve Gibson of Gibson Research Corporation (GRC), who produces Security Now, a weekly two-hour online program and podcast on cybersecurity, with technology host Leo Laporte.

For simplified bulk storage with fewer devices, merge older small capacity flash drives onto fewer, newer, faster, larger capacity flash drives.  With affordable prices, I don’t use flash drives smaller than 64 or 128 GB, and these will migrate to higher capacity drives over time.  Higher capacity drives are usually faster, with newer flash technology and USB ports as well.

At end of life, an old working flash drive should be data sanitized using wiper, shredder, or eraser software that overwrites the entire drive with random data. Keep a record of drive sanitization. After it is sanitized, it may be donated to someone for further use, or to a charity such as Recycle USB, or Flash Drives For Freedom.

It may also be repurposed for storing useful tools, utilities, and diagnostics, rather than data files.  If the flash drive is broken, dispose of it properly as electronic waste.

Note: Deleting files and quick formatting is not sufficient for drive sanitization. The old data remains on the drive until it is overwritten with random data. Confidential files should be stored in encrypted form.

3.2 Optical Discs for Immutable Offline Backup and Archives

A secondary offline backup media choice is optical disc, Verbatim DataLifePlus® archival-grade laser-writeable DVD® (Digital Versatile Disc).  They are affordable, but they only hold a limited amount of data compared to current large capacity USB flash drives and SSDs. Optical discs are useful for offline backup archives of important personal, home, and business records.

Backups are made of warm storage Most Recently Used (MRU) active files that are currently being created or revised, recently used, or were accessed within the last 12 to 24 months. They should be stored nearby so they can be made quickly available to minimize downtime and stress if the operational copy is destroyed, damaged, corrupted, deleted, lost, blocked, or unavailable.

Archives are made of cold storage Least Recently Used (LRU) files that are no longer active, not accessed in the last 12 to 24 months, not likely to be needed again soon, but not scheduled for deletion. They can be stored on slower, reliable, read-only media, at a secure location that is less accessible, or further away, since quick availability is not important for older inactive files. Some archived files will be stored permanently and other files will be eventually deleted after an expiration date, year, or age, or when no longer needed or required by law.

Verbatim DataLifePlus DVD spindleA single-layer DVD holds 4.7 GB, and a double-layer DVD holds 8.5 GB.  They are Write Once Read Mostly (WORM) media, not re-writeable. This provides data integrity and prevents editing or tampering with files once they are recorded on the DVD.

If you have large optical storage requirements, you can buy a Blu-ray Disc® burner drive for about $100 that also supports M-DISC® (Millennial disc), with a much longer claimed archival life of 1,000 years.  Archival-grade Blu-ray discs or M-discs can store 25 to 100 GB of data.  Since the discs are single-use, write once, not reusable, they are not eco-friendly, and the cost of optical discs adds up over time if used frequently.

My primary use is for making year-end archives of  important records.  I decided to use archival-grade DVD discs, since my older model optical drives do not support burning Blu-ray discs, or M-discs.

Verbatim DataLifePlus optical disc storage media uses an advanced dark blue AZO recording dye to provide a high level of performance, reliability, drive compatibility, better protection against Ultra-violet (UV) light degradation, and long archival life.  I expect these optical discs to last 20 years or more, if properly stored, but still do periodic data integrity checks and replace them or add new discs to archive newer files.

For maximum useful storage life, ISO® Standard 18925:2013 recommends that optical discs be stored at steady temperatures from 14°F to 73°F, with the temperature never exceeding 90°F.  The relative humidity (RH) should be between 20% to 50%, never below 10%.  This means they should be stored in a cool, dry, controlled environment, not under harsh or fluctuating temperature and humidity conditions.  They are not affected by magnetic fields or EMP.

SentrySafe CHW20221 openI make two copies of offline backup DVDs for redundancy, stored in a Sentry®Safe fireproof safe, inside plastic jewel cases for physical protection, in a controlled environment, with no ultraviolet light exposure, and desiccant packets to absorb moisture.

See Longevity of Recordable CDs, DVDs and Blu-rays technical report from Canadian Conservation Institute (CCI).

New computers no longer include optical drives, but I use an external USB 3.0 DVD drive, only connected temporarily when needed for doing offline backup, or for installing old software distributed on optical disc.

I prefer not to use fragile mechanical disk or tape drives with motors and other moving parts that wear out or break, so the DVD or Blu-ray optical drive will be phased out over time.  But, for now, it provides an alternate immutable offline backup storage media to supplement SSDs, flash drives, and micro SD flash memory cards, which could be rewritten to deliberately or accidentally alter, add, or delete records.

4. Selectable Write-Protect Read-Only Mode

Full-size SD memory cards, Netac® U335S, U336, and some Kanguru® flash drives have a built-in manual slide switch to select write-protect read-only mode.

Some hardware-encrypted flash drives have a software-controlled read-only mode.  Read-only mode settings may be used to protect important files and backup copies from hackers, accidental writing, altering, and deleting.

MEGA Limited cloud storage offers a Backup storage folder where uploaded files are read-only to prevent editing or tampering.

5. File Size and Write Frequency Analysis

I analyzed my small business files using Agent Ransack file search utility. About 96% of my files are small files, under 1 MB, and very few are written frequently. Most files are written once as business records, receipts, monthly statements, policies, or reference information.  My normal workload and scheduled backups will not wear out a Samsung SSD or flash drive.

The largest files I have are the Microsoft Windows® operating system and some large programs I use. The software is only written occasionally on my operating storage SSD, when it is installed or updated. I have cloud-synchronized backup PCs for hardware redundancy, so, I do not make system image backups. I rarely need to reinstall Windows and apps and prefer to do a fresh install rather than restore an old system image.

If I migrate to a newer or larger SSD, I use free DiskGenius® to create drive partitions and a clone copy of the system image of the old drive. I use three drive partitions: 1. Operating System and apps, 2. Data files, and 3. Media files.

USB flash drives can also be partitioned, if desired, such as a primary partition and a backup partition holding a duplicate copy, created automatically, on a chosen schedule by backup software, such as nighty incremental backups while you sleep.

6. File Security Classifications

Files may be rated with low, medium, high, very high, or extra high security classifications.  Some users may feel comfortable storing all backup files in third-party cloud storage, if the files are encrypted.  Some users prefer not to store very high or extra high security files, such as a master passwords, password vaults, encryption keys, key files, PGP® private keys, crypto coin private keys, two-factor authentication (2FA) codes, or account seed or recovery codes, with a third party, even if they are encrypted.

Although the cloud storage vendor, government, or a hacker may not be able to decrypt the files today, without knowing the decryption key, quantum computers being developed may be powerful enough to crack today’s encryption in a short time by brute force attack.  As a security precaution or policy against harvest now, decrypt later attacks, you can choose to keep very high or extra high security files solely under your possession and control, in local high-security offline backup encrypted storage.  Do not keep all copies at a single location.

PQC post quantum cryptographySubmitted Post-Quantum Cryptography (PQC) algorithms are currently undergoing a review and approval process by the National Institute of Standards and Technology (NIST)®.  After three rounds of elimination, NIST recommends two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). In addition, the signature schemes FALCON and SPHINCS+ will also be standardized.

Four PQC candidates are under review in the fourth round: BIKEClassic McElieceHQC, and SIKE.  Monitor NIST announcements for the finalists.

Look for password managers, backup software, encryption software, and cloud storage vendors that offer PQC encryption choices and upgrade to PQC, when available.

You may want to store extra high security files in a separate PQC encrypted partition on the SSD or a removable PQC encrypted flash drive.  Today’s classical encryption, including Microsoft BitLocker®, mostly use the Advanced Encryption Standard (AES).  Modern Intel® CPUs support AES instructions for fast hardware processing.

Upgrade from AES 128-bit to AES 256-bit, and from (Secure Hash Algorithm) SHA 256 to SHA 384 or SHA 512, where available, for target hardening post quantum security.

It is also beneficial to use high-grade, high-reliability, fault-tolerant Tier 1 flash storage for important files to avoid data loss due to bit rot, electrical noise, shock, vibration, water, temperature, etc.

7. Nearline Backup versus Offline Backup

Because they are small and rugged, FIT+ flash drives, industrial flash drives, and micro SD memory cards, can be stored in more nearline and offline small space storage locations. Nearline backup storage provides quick access for daily, weekly, or monthly backups. Nearline backup media may be stored nearby for convenience in an office desk drawer, file cabinet, briefcase, lockbox, wallet, keychain, or phone wallet.

It can be brought online within a few minutes. Requiring a human operator to retrieve and insert removable media, connect a cable, power it on, enter a strong password, or apply a fingerprint, provides another layer of air-gap security, rather than using nearline storage that can be brought online on demand by software control, without requiring manual operator intervention.

For better security, and lower risk from a single-room fire, theft, or disaster, the backup storage media should be physically separated, not stored in the same room or risk zone as the operating storage.  Storage locations at opposite ends of a building or property may be sufficient in many risk scenarios.

Sabrent 4-port USB 3.0 hubOffline backup storage, used for less-frequent monthly, quarterly, six-month, or annual backups, or archival storage, should be stored a further distance away from operating storage, in a different risk zone, taking more time to retrieve, in a fireproof safe, storage container, basement, garage, toolbox, vehicle, storage shed, utility room, secret hiding place, workplace (if allowed), friend or family member’s home, underground vault, locker, or safe deposit box.

Storage Tip: Flash memory retains data much longer at cold temperatures than at hot temperatures. So, flash drives may be stored in a sealed container in a refrigerator at 40°F for much longer shelf life than at 70°F in an office. Let the flash drive warm up gradually to room temperature before use.  Flash drives write better at hot temperatures. So, you can use a warm or hot room or vehicle for writing files.

A USB 3.0 hub, with individual power switches, such as Sabrent® HB-UM43 (see photo), may be used to turn off power to a flash drive, or an external SSD or HDD, after a backup is completed. When powered off, the drive cannot be read, written, or remotely accessed by a remote hacker. It is air-gapped since it cannot communicate with another device. The backup operator must be physically present to manually turn on the power switch. Note: To avoid data corruption, do not unplug or turn off the power while the drive is in use. It is helpful to use a flash drive model with an LED activity indicator.

For air-gap security, power should be turned off for extra-high security flash drives containing password vaults, 2FA vaults, recovery codes, key files, private keys, encrypted files, and crypto wallets.

If the auto-lock feature is available, a removable hardware-encrypted USB 3.0 flash drive, such as Kingston IronKey® Locker+ 50, or software-encrypted storage drive using VeraCrypt, should be set to auto-lock after a timeout period of inactivity, in case the operator does not dismount, remove, or power off the drive after completing the backup.

8. Examples of Risk Zones

A separation distance of 60 miles provides protection against local disasters, and is still within a short driving distance for same-day access.  Note: For each Region, Amazon® cloud storage uses location clusters of at least 3 isolated data centers (Availability Zones). Each data center is within 60 miles, using encrypted connections for synchronization. There are Amazon Regions on all populated continents.

The impacted area extent of a risk zone varies by risk type.

1. About 50% of house fires are kitchen fires that do not destroy the home office or entire home.  A burglar might steal a computer from an office, but not have enough time to also steal backup drives in a fireproof safe located in a separate locked room. If the homeowner is present, they can defend against a kitchen fire or attempted burglary, confining the damage to one room.

2. Large wildfires can grow to 500,000 acres (32-mile diameter) or more and destroy hundreds of homes, businesses, and infrastructure, forcing evacuations.  Follow wildfire mitigation best practices to reduce risk.  Keep several backup copies outside of a wildfire zone, in another city, state, or country.

3. The debris field from the 1980 Mt. St. Helen’s volcano eruption, and the meteor crater in Arizona, made by a 150-foot wide meteor, both covered about a 20-mile radius.

4. In 2022, an undersea volcano erupted near Tonga in the Pacific Ocean. Lava flow cut the single undersea internet cable to Fiji. The volcanic ash cloud disrupted cell phone and satellite communications and grounded aircraft. The enormous eruption caused a tsunami to flood the island.

Then the volcanic ash fell on the island, turning it gray, and killing farmers crops and vegetation.  It took weeks to restore internet and phone communications, with help from neighboring military forces.

Have a primary and secondary internet service provider (ISP) to maintain cloud storage and internet access.

5. A typical tornado damage path is about one or two miles long, with a width of around 50 yards.  During a hurricane, hurricane-force winds can extend outward about 25 to 150 miles, with slower tropical storm-force winds as far as 300 miles from the center of a large hurricane.

risk zone extent6. An earthquake can destroy an entire city, with building collapses, landslides, road obstruction and destruction, fires, and utility outages. The main risk is from building collapse, falling objects, and debris. The damage zone may extend 50 to 100 miles by land from the epicenter. A tsunami can travel across an ocean.

For earthquake hardening, protect your computer and storage drives from vibrations, falling down and falling objects. Anchor notebook PCs, external drives, and routers with Velcro strips. Use metal straps to attach a TV, clocks, picture frames, bookcases, and tall furniture to a wall.

A fireproof safe acts as a hard shell to provide protection from falling items, pets, insects, and rodents. An SSD or flash drive can withstand earthquake shock, vibrations, and dust that will destroy a fragile HDD. Ruggedized drives, encased in a protective rubber sleeve, absorb shock and vibrations.

Anti-Vibration Tip: Glue a piece of soft foam to the bottom of an external USB enclosure to absorb vibrations.

7. In a 1962 test, a thermonuclear weapon was detonated 250 miles above Johnston Island in the Pacific Ocean. The EMP from the blast disrupted electric lighting and a microwave link, cutting off phone communication in Kauai, Hawaii, over 800 miles away.

Choose a cloud storage data center, at least 1,000 miles away, that includes protection from EMP.  Some locations are underground. Use SSDs, flash drives, and optical discs that are not affected by EMP, not magnetic hard disk drives. As a Faraday shield, I keep my backup drives inside a metal cookie can, inside a fireproof safe.

8. Hazardous materials (hazmat) events might affect a room or building, neighborhood or city. Include emergency planning for dealing with carbon monoxide, natural gas leaks, smoke, dust, cleaners, chemicals, poisons, flammable liquids, and other hazardous materials that may cause injury or disrupt your work place.

9. Thunderstorms and lightning may cause wind and water damage and power outages in the storm zone.  Lightning may strike as far as 10 miles from any rainfall.  Large hailstorms can break windows.  Keep the computer and backup drives away from windows or use storm shutters or curtains.

Use a good quality surge protector to reduce the risk of interference, noise, and power line glitches from affecting your computer or data. A surge protector will not protect against a nearby lightning strike. I use notebook PCs, with built-in battery backup. I unplug the power strip if there is a thunderstorm in the area. If the power goes out, I can continue working on battery power.

10. In a pandemic, many people in multiple global locations may become sick, quarantined, or die, from the same cause.  Design a written online backup policy that can continue to operate automatically, by computer control, without needing a human operator.

Also, design a written nearline and offline backup policy that can be followed by a temporary or permanent replacement operator in case the primary operator is unavailable, sick, injured, disabled, incapacitated, or deceased.

Enroll in email or text emergency alerts and breaking news for your area to be kept aware of public safety announcements. Keep a battery-operated radio nearby for emergency news in case of a power outage.

If you have to leave your office any time or evacuate, log out of your computer. Use a long, strong, unique login password (80-bit entropy) to prevent access or tampering.

9. Offline Backup Storage in a Vehicle

Because FIT+ flash drives, industrial flash drives, and micro SD flash memory cards, are rugged, they can be stored in a vehicle subjected to hot and cold temperatures, moisture, road bumps, and vibrations. If the vehicle is normally housed in an unheated garage, the temperature extremes will be moderated from outdoor conditions.

Samsung FIT+ flash drives are rated for a storage temperature range of -50℉ to 158℉.  Flash memory retains data longer at cool temperatures, so cold weather is not a problem.  In hot weather, flash drives should be shielded from direct sunlight.

Eco-Fused memory card case wallet

For comparison, Western Digital® My Passport® and WD Elements® portable hard disk drives have a limited storage temperature range of -4℉ to 149℉, not suitable for storing in a vehicle with road vibrations, bumps, moisture, dirt, magnets, and cold winter weather.

To provide more physical security, organization, loss prevention, shade, dirt protection, and cushioning from road vibrations, store the flash drives, or micro SD memory cards, inside a zippered Eco-Fused® memory card storage wallet, along with a wisedry® color-coded silica gel desiccant packet.

wisedry silica gel desiccant packetsThen store the media wallet inside a small foam-lined Master Lock® Safe Space® 5900D portable safe with a 4-digit combination lock. [store the random lock combination in a password manager]  Do not use a year or birthday for the combination.

Two ruggedized portable USB 3.1 SSDs, such as hardware-encrypted Samsung T7 Shield, will also fit inside the safe.  Attach the safe securely to the vehicle body using the built-in braided metal cable loop, inside the trunk of a locked vehicle, with an intruder alarm system.

Master Lock 5900D portable safeTo save money, you can omit the vehicle safe, and store the flash drives in a vehicle first aid kit, or a toolbox, not in the glove compartment or center console where a thief would look first.

In case a car thief steals the vehicle, the portable safe, or the flash drive, the files should be stored using strong AES 256 encryption, using free VeraCrypt software, with a long, strong, unique 16-character or longer random password.  Save the password in a free password manager, such as Bitwarden® or KeePassXC.

For secure notes, free plugin nppcrypt can be added to free Notepad++ software. Select AES 256 encryption.  Add a different long strong password to protect each secure text file.

10. Security Layers and Geo-dispersal

For target hardening against criminals, multiple security layers are used for offline backup storage including a motion-sensor light, intruder alarm, locked trunk, locked safe, lockdown floor bolts or cable, data encryption, strong passwords and lock combinations, and two-factor authentication, where available.  Keep passwords and 2FA seed and recovery codes in separate encrypted vaults.

To mitigate the potential risk of a malfunction, theft, damage, attack, outage, or disaster at a centralized single location, multiple backup copies are geo-dispersed (decentralized) across separate risk zones, servers, rooms, safes, buildings, vehicles, cities, regions, floodplains, seismic zones, power grids, ISPs, countries, and continents.

Some data centers are located in underground mines or bunkers.  Microsoft has tested an undersea data center off Scotland.  Nautilus is operating floating data centers on docked river barges in several countries.  South Africa is a little-known growing location for data centers.

Online Offline Backup Diagram

11. Contingency Plan and Recovery Procedure

In an emergency, such as a fire, wildfire, flood, explosion, riot, attack, earthquake, storm, hurricane, storm surge, or tornado, if you are forced to evacuate your home or office, your recent offline backup copy of important files is already stored securely in your fireproof safe or vehicle safe. A small business can follow a contingency plan to set up an alternate emergency office somewhere and continue to operate the business without much downtime or a reduction in service.

I have a power inverter in my vehicle that can be used to power a notebook computer, printer, cell phone charger, and USB LED lamp for an emergency mobile field office.

When the emergency is over, the business can follow a recovery plan to return to normal business operations by quickly restoring many gigabytes of offline backup files to a new or existing computer, if needed, without waiting hours or days to slowly download many gigabytes or terabytes from remote encrypted cloud storage.

Cloud storage should still be used for hourly or daily remote offsite backup, and could be used to download any recent files that were not included in the latest offline backup to the flash drives.  Choose a cloud storage provider such as MEGA, Proton Drive®, or Filen with end-to-end encryption, 2FA, and file versioning, to recover older versions of files, if needed.

Tip: Use our referral link to add 10 GB bonus storage when you open a new Filen free or paid cloud storage account. Filen referral link for 10 GB bonus storage. This will increase a free account from 10 GB to 20 GB, and you can earn up to 30 GB additional free storage, for 50 GB total free storage, by referring 3 other new customers.

If the operating storage drive and backup cloud storage both become affected by corrupted files, malware, or ransomware, the offline backup storage copies in a fireproof safe or vehicle safe would not be affected, because they are isolated and air-gapped on removable media, not connected to the infected computer or network.

To reduce ransomware risk, I use antimalware software that also includes anti-ransomware and spyware defensive protection.

12. Offline Backup Media Cost Comparison

1. Samsung 970 EVO Plus 500 GB NVMe high-speed internal SSD.  $40, $0.08/GB
2. Samsung 870 EVO 500 GB SATA internal SSD, $40.  $0.08/GB
3. Samsung T7 Shield 1 TB portable USB 3.1 NVMe SSD.  $80, $0.08/GB
4. Western Digital WD Black performance 500 GB SATA internal HDD.  $40, $0.08/GB
5. Samsung Pro Plus 256 GB professional micro SD memory card.  $23, $0.09/GB
6. Samsung Fit Plus 256 GB USB 3.1 flash drive.  $36, $0.14/GB
7. Verbatim DataLifePlus archival grade, single-layer DVD-R, write once, 4.7 GB per disc, 50 pack.  $16.50, $0.07/GB
8. Verbatim DataLifePlus archival grade, double-layer DVD+R, write once, 8.5 GB per disc, 50 pack.  $65, $0.15/GB
9. Verbatim DataLifePlus archival grade, single-layer Blu-ray, BD-R, write once, 25 GB per disc, 50 pack.  $52.50, $0.04/GB
10. Verbatim DataLifePlus archival grade, double-layer Blu-ray, BD-R DL, write once, 50 GB per disc, 25 pack.  $82, $0.07/GB
11. Verbatim Store ‘n’ Go Vx400 128 GB USB 3.0 MLC professional flash drive. $27.39, $0.21/GB
12. Transcend JetFlash 720 32 GB USB 3.1 MLC professional flash drive. $32.85, $1.03/GB
13. Transcend JetFlash 750 64 GB USB 3.1 MLC professional flash drive. $28.54, $0.45/GB
14. Transcend JetFlash 780 64 GB USB 3.1 MLC professional flash drive. $26.12, $0.41/GB
15. Transcend JetFlash 270M 32 GB USB 3.1 MLC industrial flash drive. $20.94, $0.65/GB
16. Transcend JetFlash 180I 16 GB USB 3.0 pSLC industrial flash drive. $17.95, $1.12/GB
17. Transcend JetFlash 282T 64 GB USB 3.1 3D industrial flash drive. $11.39, $0.18/GB
18. Transcend JetFlash 282T 128 GB USB 3.1 3D industrial flash drive. $17.09, $0.13/GB
19. Transcend JetFlash 282T 256 GB USB 3.1 3D industrial flash drive. $28.49, $0.11/GB
20. Transcend JetFlash 282T 512 GB USB 3.1 3D industrial flash drive. $47.49, $0.09/GB
21. Kingston SDCIT2 32 GB pSLC industrial micro SD memory card.  $22.99, $0.72/GB

Note: one terabyte SSDs now offer the same cost per gigabyte as hard disk drives.

[Amazon prices, items 1-10, 2023-04-14, professional-grade items 11, 13, 14 added 2023-11-27]
[CDW prices, items 15-16, industrial flash drives, added 2023-11-28]
[CDW prices, items 17-20, 282T industrial flash drives, added 2023-12-07]
[OEM PC World price, item 12, professional-grade flash drive, added 2023-12-03]
[Kingston price, item 21, industrial-grade micro SD memory card, added 2023-12-03]

Samsung SSD WD HDD cost per GB

13. Drive Formatting

On the Windows operating system, I use NTFS® drive formatting for all removable and external drives used for backups. It has more robust features that support file journaling, fault tolerance, error recovery, a mirror (backup) copy of the boot sector and Master File Table (MFT), file permissions, large file support, and encryption, than FAT32, or exFAT formats.

14. Offline Backup Advantages

Offline backup copies are inexpensive since they do not require any computers or monthly cloud storage fees to maintain.
They are eco-friendly and do not require any electricity for computers and networking hardware to store data.  Reusable data storage media may be used until worn out.
file folder with lockThey are convenient since they can keep backup copies nearby for quick access and quick file restoration for minimum downtime.

They require very little storage space in a safe, if small FIT Plus flash drives, thumb-sized drives, or micro SD memory cards are used.
They are light weight and rugged and can be mailed at low cost to a trusted person as an offsite backup.
SSDs and flash drives are more rugged than hard disk drives, so they will not be damaged by bumping, dropping, vibration, dust, or moisture during transportation, or if you move to a new location.
They can be kept physically secure in a locked room, in a locked safe, with motion-sensors, an intruder alarm system, and video surveillance.
They can be hidden in a secret location, safe from fire and water, and not easily or quickly found by a thief.
They can be kept cryptographically secure, using free file encryption software, or by using hardware-encrypted flash drives or SSDs.
They provide more data availability in case the operating storage device, backup cloud storage service, internet, router, network, or power are not operational.

The cost is affordable, only requiring the startup cost for a few rugged SSDs, high-quality flash drives, micro SD memory cards, archival DVDs, a fireproof safe, and a vehicle safe. There is an ongoing operation cost of time required to periodically retrieve and connect offline media to make and check the backups.

You can choose the backup and archive frequency such as daily, weekly, monthly, quarterly, semi-annually, or annually.  It is cheap insurance to prevent a data disaster, lost photos, emotional stress, and potential business downtime, impairment, or failure, due to a loss of important or irreplaceable files, passwords, or crypto keys.

15. Schedule Offline Backup and File Verification

Schedule reminders on your calendar to make periodic backups and archives.  Better yet, use software that includes a scheduling feature.  I use SyncBack software with file copy verification using hash values enabled to run predefined jobs on a planned schedule.  I insert an offline flash drive, click Run Backup,  and it makes and verifies the backup copies, using my operating storage SSD as the data source.

Backup Scheduling Tip:  Hackers may attack over a weekend, hoping you will not discover the breach until Monday morning.  So, weekly offline backups on Friday evening will store your files safely, out of reach from remote attacks.  If you download monthly bank, credit card, and investment statements, do your monthly backups soon after that.  If you add annual files, such as tax returns, accounting records, annual reports, database updates, subscriptions, registrations, or license renewals, be sure to make a backup at that time.

January Full Backup: In January, after all of your December and year-end electronic statements and records have arrived, make and verify two fresh full backups of all files. That way, the annual January full backups are never more than 12 months old. The risk of long-term data rot caused by flash memory cell charge trickle leakage is not a problem, since the flash cells are fully re-charged at least once per year.  Use MLC flash memory for longer-term data retention time than TLC.

Storage Drive Buying Tip: Look for sales to buy new storage drives on World Backup Day, March 31st, during back-to-school season, and Black Friday, in November, the day after Thanksgiving, through Cyber Monday. Use those dates as reminders to buy new drives when needed, and to make and verify backups. You do not need the very latest, fastest storage technology for backup drives, so you may be able to buy during closeout sales of discontinued older models when they are replaced by newer faster models.

Follow a written data center policy to operate as an active, secure, well-managed data center for quality control, and lower risk, not as insecure, unmanaged passive backup storage, neglected, with gradually deteriorating, corrupted, or unverified files stored casually for years.

hash check file verificationDo not rely on hope that your backup copies are good.  Use software such as free ExactFile, TeraCopy, or SyncBackPro to create and store a hash value for each file.  To ensure the stored copies are intact, run file verification periodically, every 6 or 12 months, to compare the current calculated hash value for each file with its stored expected hash value to check file data integrity.

Follow the 3-2-1-1-0 zero-error policy of error detection and correction. If a hash compare error occurs, replace the bad file with a known-good copy, showing the correct hash value, retrieved from another backup copy.

As flash memory ages, after many write cycles, the error rate during file verification is likely to go up.  This indicates the drive is wearing out, nearing the end of its useful life, and should soon be replaced.  Run a media test periodically, such as Windows chkdsk, to check for errors and retire any bad clusters.  Monitor the drive SMART parameters for warnings of drive health problems.  Drives with ECC will be able to correct simple data errors automatically, providing a longer useful drive operating life.

Hard Disk Sentinel Professional includes advanced features to monitor drive health and performance, rewrite files to refresh the stored charge in flash memory to reverse the normal gradual discharge (bit rot), surface testing to find and replace defective blocks, and drive sanitization before end-of-life disposal or recycling.

SyncBack creates a detailed log of the the volume names, serial numbers, files, and backup date, for record keeping evidence.  The paid version, SyncBackPro, offers more features, including file versioning, file verification, scheduling, and AES 256-bit encryption, so VeraCrypt software is not needed to create encrypted backups.

I also use SyncBack to make automatic local incremental backup copies every n hours to two Transcend JetFlash 282T, or Samsung FIT Plus mini flash drives, that I leave normally installed in my computer. This is a convenient local redundant online backup in case my remote cloud storage service is offline, or not working. I use notebook PCs with built-in battery backup, so I can make or check backups during a power outage or internet outage.

16. Conclusion

There is a potential risk that the latest stored versions of online copies of files may become corrupted or unavailable due to a disaster, user error, malfunction, malware, or aggressive ransomware.

Offline backup protects against catastrophic risk due to a single cause, as part of a robust fault-tolerant backup strategy, and keeps some backup copies conveniently nearby for high availability, quick retrieval, and fast recovery, if needed.

Image Credits, Manufacturer Photos
1. Samsung T7 Shield USB 3.1 portable SSD
2. Verbatim DataLifePlus archival DVD, AZO dye
3. Kingston IronKey Locker+ 50, hardware-encrypted USB 3.2 flash drive
4. Samsung FIT Plus USB 3.1 flash drive
5. Samsung Pro+ micro SD flash memory card
6. SentrySafe fireproof, waterproof digital media chest safe, CHW20221
7. Sabrent HB-UM3 4-port USB 3.0 hub, individual power switches, LED power status indicators
8. Eco-Fused 22-slot memory card case, wallet
9. wisedry color-coded silica gel desiccant packets
10. Master Lock 5900D portable combination safe with cable loop

® indicates a Registered Trademark with the US Patent and Trademark Office (USPTO)

[updated 2023-12-07] added Transcend Jetflash 282T 3D NAND flash drive prices, new listing at CDW

© Copyright 2023  ABC Legal Docs, LLC  All rights reserved.  Do not copy.  Citations welcome.  Terms of Use apply.

Please add a valuable comment or question, not spam, to our Colorado Notary Blog. Please share on social media. Our Terms of Use and Blog Comment Policy apply.

Protected by Security by CleanTalk