Protecting your thoughts

July 29, 2018 Leave a comment

There’s a German song, “Die Gedanken sind frei” (“Thoughts are free”), where the first verse runs as follows:

Die Gedanken sind frei, wer kann sie erraten,
sie fliegen vorbei wie nächtliche Schatten.
Kein Mensch kann sie wissen, kein Jäger sie schießen
mit Pulver und Blei: Die Gedanken sind frei!

If, like me, you can’t read German, you might find yourself referring to the Wikipedia page for Die Gedanken sind frei and see this translates to:

Thoughts are free, who can guess them?
They fly by like nocturnal shadows.
No person can know them, no hunter can shoot them
with powder and lead: Thoughts are free!

Or perhaps, if you want the simpler version of where I’m going with this post, let’s go for this bit from Harry Potter and the Chamber of Secrets*:

“Ginny!” said Mr. Weasley, flabbergasted. “Haven’t I taught you anything? What have I always told you? Never trust anything that can think for itself if you can’t see where it keeps its brain?”

Years ago, a colleague at the time refused to write any notes on paper, instead using OneNote. His rationale had been simple: his bag had been stolen once, and in it, his notebook. The theft of his work laptop was an inconvenience resolved by having it replaced, but the notes he’d taken were lost for good. So switching to OneNote meant that his notes would be stored in the cloud as well as the local copy on his laptop, meaning they were safe.

Around the time I heard that, I was looking for a note taking system that would seamlessly sync between computers, I looked at several different products. The problem wasn’t so much a case of finding a product that would sync between a couple of computers (say, a laptop and a desktop), but one that would also make those notes available on my mobile devices as well – both iOS and Android.

For a while I settled on OneNote – it inherits, from Microsoft Word, a rich formatting system that certainly helped me take notes, and it’s also quite intuitive in following indentation and other formatting. However, for various reasons, I eventually found myself having to switch from OneNote to Evernote. Let me tell you: I’m a reluctant user for Evernote. The interface can at best be described as average, and the text formatting options that are available are mediocre at best. It’s like the team at Evernote have either never heard of designing for user interaction, or simply don’t give a damn. (Certainly no-one at Evernote ever uses tables, since its table system is appalling.)

But because it syncs over a plain Web based channel, without any trickery like OneNote (i.e., where it requires access to a OneDrive to sync), Evernote was the multi platform note taking system I needed, even though it wasn’t particularly the multi platform note taking system I wanted. (And despite my complaining in the paragraph above, I’m actually a paid user. If I’m a paid user, why don’t I complain about the interface? Well, I have, but I learnt that being a paid user of Evernote simply entitles you to get your requests ignored faster.)

Ultimately, I now use a mix of OneNote and Evernote, each for different things. However, there was something that was irking me for some time with OneNote which took me a while to track down – and made me stop and think a little about how protected my data actually was.

There’s no export in OneNote. There’s no Save Local, or Save a Copy. You can seemingly, at best print to PDF, and that’s about as reliable in terms of preserving content as printing from a web-page. At least, not if you’re using Office 365. If your Office install comes from a recognised ‘Work’ or ‘School’ subscription, you can export to your heart’s content, but not from a personal, “install on up to 5 computers” Office 365 subscription.

So while, if you hunt around online, there’s references to being able to backup OneNote, they’re not going to help you on a personal subscription, since Microsoft so irrevocably joined OneNote in Office 365 personal/home to the Cloud that you can’t back it up at all. If you go hunting, you can see there’s a kludge to install OneNote from Office 2016 and get the save functionality restored – but how long will such a gap be left open? (And that’s seemingly only available Windows users.)

Abstract Futuristic Cyberspace With A Hacked Array Of Binary Dat

Here’s the export option visible for OneNote 2016:

OneNote 2016
OneNote 2016

And here it is, not available for the Windows Store App/Office 365 native installed OneNote:

OneNote Hobbled
OneNote Hobbled Version

(From now on, I think I might call the Office 2016 OneNote as Full OneNote, with the Windows Store/Office 365 OneNote being Hobbled OneNote.)

On the other hand, Evernote has a pretty straight forward inclusion to Export functionality in its desktop apps:

Evernote Export
Evernote Export

Now, despite what I’ve said so far, this isn’t actually a OneNote vs Evernote blog post, it’s more along the lines of:

Congratulations, you’re using a cloud service to make your life easier: what happens when something goes wrong?

In Data Protection: Ensuring Data Availability, I talk of the need for businesses to have data protection advocates (though now days I’d be more inclined to refer to them as a data protection architects) – and one of the roles of a DPA should literally be to walk the floors of the business thinking “How is that protected?” It used to be that I envisaged this role looking for servers under desks (something amazingly common in the 90s and early 00s, at least). and other bits of miscellaneous equipment that wasn’t being protected – now though, the data protection architect is just as likely going to need to peek at people’s desktops and see what services they’re interacting with.

Now, full OneNote has a feature that should reassure a nervous data protection architect here:

One Note 2016 Auto Backup
One Note 2016 Auto Backup

A truism of end user data protection of course is that if you rely on users to run their own data protection, you’re setting yourself up for failure. The default for OneNote is a weekly backup – mine is set to daily, and you can dial it down to as low as a minute if you really want to.

Evernote, on the other hand, doesn’t have an auto-backup option: instead, it suggests in this article that you regularly export (see sentence above), or backup its data directories. Of course, given the Evernote storage structure sees all notes stored in a single database , you’ll want to be making sure you’ve got Evernote closed at the time of a filesystem backup, otherwise you’ll have a crash-consistent copy. And, of course, that assumes users laptops and desktops get backed up, but that’s still not a common thing. In fact, despite the ongoing tendency for users to store important data on their local computers, it remains depressingly uncommon.

All this worrying about backing up Evernote or OneNote (or for that matter, any other note system you use) is overkill, right? After all, you’ll have your local copy and your copy in the cloud. If you think I’m perhaps being excessively paranoid, remember that other truism of data protection: nothing corrupts faster than a mirror.

Synchronisation of your notes between the cloud service and your local computer (or computers) only protects you from certain failures. For instance, it protects you from:

  • The cloud service provider going out of business (you’ll have a local copy)
  • The cloud service provider suffering an infrastructure failure (you’ll have a local copy)
  • Your local computer failing (you’ll have a remote copy)

Maybe there’s one or two other outlier protections in addition to the above, but consider some examples of what it won’t protect you from:

  • Your kid grabbing your phone and playing a “swipe game” that’s actually deleting notes
  • A prankster co-worker who moves all your notes to the trash (and you don’t notice, or empty the trash before you do)
  • Something that corrupts your notes maliciously (if you think I’m being paranoid there, spend a little time thinking about the evolution of malware – application specific corruption is only a matter of time)
  • A random bug introduced into a particular client version that causes it to delete or corrupt notes on its first sync (just look at the number of postings online about Outlook contacts or calendar entries being clobbered on first sync from a new device…)
  • Any form of glitch that causes you to clobber a very important note.

When we think of data protection for workloads in the cloud, we tend to think the big picture: how do I ensure the business can protect its Salesforce instance? How can I make sure that SAP HANA environment in Azure is protected? Do I use snapshots or backup and recovery (or both) for my IaaS workloads?

Dial it back and think now for a moment: how do you protect your thoughts? How does your business do it?

It’s the little things we tend to miss when we’re planning those big picture views around data protection, disaster recovery and business continuity. I still chuckle when I think back to the first practice business continuity exercise I took part in, back in the 90s, when less than 30 minutes into it we were aware it was turning into a complete shmozzle because no-one had thought of the importance of making sure the DNS servers came up first. (It was at this point, in fact, I realised the importance of system maps and business function dependency tables – again, an important topic in my book.)

The sheer utility of cloud synchronisation note tools makes them practically ubiquitous in most organisations. Unless you’re in a particularly secure workplace, you could probably walk the floor (particularly in IT at least) and see a fair percentage of staff using tools such as Evernote or OneNote to make notes: short scratchings, procedures, meeting minutes, personal development plans, snippets of useful information – you name it, you’ll find it.

What happens if one user loses his or her notes due to some random corruption or unexpected event? It may not be a big issue to anyone other than the staff member. Unless, of course, their notes were important to some function – the nature of notes is we tend to record the important things so we don’t forget them: what happens if something causes us to forget them? Or what happens if some new ransomware comes out that not only attacks local files, but also corrupts the contents of Evernote and OneNote databases? (Remember: Nothing corrupts faster than a mirror.)

I don’t profess to have the answers in this post. (Although maybe, if your business uses the right version of OneNote you might think about what I’ve said and ensure there’s an AD policy that forces backups to take place.) But we do have to keep in mind that the data protection ballgame keeps shifting. The data protection policies your business created 3 or 5 years ago on the last major update or roll-out are likely to be completely ot of date, unless everything else in your environment has stayed locked to that time. What you thought you had to protect against 3 years ago might now seem trivial, but just like security, the surface area that you need to consider has grown and evolved.

That means you, too, need to grow and evolve your data protection strategy as well – at the macro and micro level. Your business may not have considered cloud note sharing systems like OneNote or Evernote when your data protection strategy was last developed, but that doesn’t mean you have to wait for the next platform refresh to start thinking about it. For work, and maybe personally, too.

And always remember Mr Weasley’s advice: if something thinks for itself and you can’t see its brain, don’t trust it.


* I’m not suggesting the quotes from “Harry Potter and the Chamber of Secrets”, and  “Die Gedanken sind frei” have the same meaning. But they’re both relevant.

Related posts:

  1. The scandalous truth about Clouds
  2. Who should handle your database backups?
  3. Backing up to Recover: PSS, BBB and VBA
  4. What to do on world backup day

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.