News, news analysis, and commentary on the latest trends in cybersecurity technology.
A Comprehensive Backup Strategy Includes SaaS Data, Source Code
Backups aren't just limited to hard drives, databases and servers. This Tech Tip describes how organizations should expand their backup strategies.
System malfunction or failure? Get the backups. Ransomware attack? Restore from backup and avoid paying the ransom. Catastrophic scenario (such as a data center fire)? Hope those backups were offsite.
Backups make up a critical component of an organization’s disaster recovery and business continuity plan. But many organizations have not expanded their definition of what needs to be backed up beyond individual user directories, endpoint systems, and servers. In the modern enterprise environment of software-as-a-service applications and cloud services, there is more data that needs protecting.
Back Up Data in SaaS
As more organizations shift the bulk of their enterprise workloads to the cloud, data recovery becomes paramount. By 2030, the global SaaS market will top $702 billion, about three times what it is today, says Allied Market Research. And a report by Oracle and analyst firm ESG found that 49% of organizations who used SaaS experienced data loss. In a follow-up survey with cloud backup provider Rewind, over half of respondents say there would be a significant impact on business operations if they lost vital data in a SaaS tool.
"SaaS tools are now the default tool for modern businesses,” says Mike Potter, CEO of Rewind. "Businesses of all sizes need to realize that a significant amount of their critical business data sits in SaaS applications and take proactive steps to protect it."
Noting that more than 60% of the Fortune 500 use Jira software in the cloud, Rewind recently launched Backups for Jira, an automated backup and on-demand data recovery tool protecting a Jira Cloud instance and all associated data
Back Up Source Code
For many companies, their value is tied up with their source code. And when the source code is lost, a bulk of the business goes with it. Yes, source code needs to be part of a backup strategy.
Organizations should consider the threats to source code: malicious activity as well as human error/downtime. There was the ransomware attack which targeted source code repositories across platforms in 2019. And if the platform has an outage, as was the case when GitHub was unavailable for two hours in June 2020, the organization is affected.
Many developers rely on the working copy checked out on their development machines. Others may have a manual script to back up copies of the files. But those methods don’t account for revisions and change history, which is essential in modern source code management.
GitProtect.io offers a “Git Backup Guide“ with details on protecting source code hosted in GitHub, GitLab, or Bitbucket.
Backups of Backups
Backups also need to be backed up, as some ransomware groups target backups in their campaigns. The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency (CISA) have warned that malicious actors have added backup-specific tactics, such as encrypting or deleting system backups, to their arsenal—making restoration and recovery more difficult or infeasible for impacted organizations.
Backups should provide the isolation needed from cyberattacks and immutability from destructive threats, Index Engines says. Isolating backups of core infrastructure, critical files, and databases with an operational air gap ensures backups are out of reach of criminals.
offers an integral first step to keeping data out of reach. Locking down the data to ensure criminals can’t access and corrupt the backup ensures reliable data recovery.
“Organizations are overly confident that their backups have integrity and can be used to recover data when they are hit by a ransomware attack, Index Engines vice president Jim McGann said, noting that backups can be compromised.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024