There are several questions that I need to ask anyone who claims to provide backups as a service (Baas?):<p>1) Client-side encryption?<p>2) If the answer to 1) is "yes", are the keys managed on the client-side as well?<p>3) What algorithms do you use for encryption and key derivation? They're not home-grown, are they?<p>4) Ideally, the keys that are used to manage my account on the web should be totally unrelated to the keys that are used to encrypt my backups. Otherwise it becomes trivial for the service provider to capture my password the next time I log in, and use that to decrypt my backups.<p>5) In order to minimize damages when a client is compromised, clients should not be able to access/restore files backed up by other clients, except with a key that is stored elsewhere.<p>6) For the same reason as above, clients should not be able to modify or delete files that were previously backed up, except with a key that is stored elsewhere. In other words, snapshots should be read-only.<p>7) Ideally, clients should not even be able to access/restore files that were previously backed up by itself, except with a key that is stored elsewhere. This prevents previous versions of files (or deleted files) from becoming exposed in case of compromise. But this is probably too much to ask of the typical backup service...<p>8) Filesystem permissions and other basic metadata (e.g. mtime) should be backed up and restored, too.<p>9) Proper and fully configurable handling of symlinks, please.<p>10) Your TOS, AUP, and privacy policy should be readily accessible from your home page, and customers should be notified of any changes at least a couple of weeks in advance.<p>My favorite solution so far is to <i>pull</i> backups from another machine that I control, using rsync/rsnapshot over ssh. The snapshots are then encrypted and <i>pushed</i> to their final resting place, such as S3, which knows nothing about the rest of my infrastructure. It's a bit of a hassle to set up correctly, but I'm in control of all the keys, a compromised client cannot access anything (restores are pushed from the server), the intermediate server can be destroyed if necessary, and the final storage provider (Amazon) cannot decrypt anything even if someone held a gun to their head.<p>Unfortunately, I have yet to find a one-stop backup solution that achieves the above. I'm not even sure if it would be possible without risking serious inconvenience. Tarsnap comes close, but AFAIK it makes it too easy for a compromised client to pull down everything I ever backed up.