You Do Take Offsite Backups, Right?

According to a story in The Register, a popular website for users of flight simulation gear has been felled, most likely fatally, after malicious hackers attacked both of the servers housing more than 12 years worth of content supplied by its 60,000 members.

Tom Allensworth, the founder of Avsim.com, said in a statement that that an attack on Tuesday left the site “effectively destroyed.” He added: “The method of the hack makes recovery difficult, if not impossible, to recover from. We are not able to predict when we will be back online, if we can come back at all.”

According to Allensworth, the data from the library and email server was backed up on a separate server that contained the website and forums and vice versa. Because Allensworth felt that this backup method was safe, data was never  stored offsite and offline, so when both servers were attacked, more than a decade of links, software modifications, and exchanges were permanently destroyed.

“Who would have predicted the simultaneous successful attacks on our system?” Allensworth wrote in one message. “Over 12 years of very secure operation and no successful attacks kind of indicated to me that our approach was at least working. On Tuesday, the 12th of May at about 10:00 p.m. EDT, we found out otherwise.”

Whether you are an individual, or a small, medium, or Fortune 100 business, you should be taking backups of your applications and data. In addition to the possibility of hackers destroying your data or encrypting it and asking for ransom to get the key, there are many other reasons for backups to be taken and stored offline, completely away from any possible network access, and offsite to prevent damage or destruction:

  • The need to go back to an earlier copy due to accidental or intentional data corruption
  • A virus infection of your systems
  • Damage to or destruction of the data center (or your home)
  • A criminal incident in your data center which prevents access to hardware, software, or data due to forensic needs
  • Software upgrade failure
  • Media failure (What happens if your RAID array goes berserk and destroys your data?)
  • Extended power failure of the data center, preventing access
  • Data ‘in the cloud’ at a provider which goes bankrupt or with which you have a dispute
  • Requirement to access historical data due to:
    • Rules and regulations (IRS, SOX, HIPAA etc)
    • Evidence discovery

It really doesn’t matter what medium you use to take backups as long are your backups are:

  • Electronically marked read only so that they cannot accidentally be overwritten
  • Transactionally consistent across your entire application (You cannot take backups of many types of files while your application is running and if you backup different parts of your application at different times, your data  could be out of sync)
  • Actually usable in the event of a problem (do you do restore tests?) 
  • Encrypted to prevent unauthorized access
  • Secured from loss or damage

Remember that you might need to backup the software required to access historical data since later revisions may not be able to read older formats!

In conclusion, no matter how highly available your system is, no matter how many systems you have, whether you use RAID or not, or think that your infrastructure is secure, you should be taking regular* backups of your data and safely storing it offline and offsite.

Ron LaPedis, MBCP, MBCI, CISSP-ISSAP, ISSMP
Principal
Seacliff Partners International, LLC

===============================

* Regular is different for every person, company, and application. It is defined by your RPO, or Recovery Point Objective – how much data you can afford to lose balanced against the cost of backing it up. If your RPO is short then you may use multiple backup methods and take off-line backups just for ultimate protection. See the table below for detailed information on some of the technologies available for taking backups.

Technologies to meet RTO / RPO requirements

Get a Trackback link

Trackbacks/Pingbacks

Post a Comment