World Backup Day 

Uploaded on 2023-03-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Friday, March 31 is World Backup Day when cyber security professionals unite to urge everyone to make backups. For several years, World Backup Day has been marked on the last day of March. The concept was developed in order to raise awareness of the importance of maintaining regular, secure data backups.

What are the types of data that are often overlooked, the loss of which can lead to serious consequences?  Here we focus on a types of data often overlooked but shouldn't be.These include backing up data from GitLab, GitHub, Bitbucket and Jira.

DevOps Backup 

If an organisation uses DevOps tools like Jira or version control systems like GitHub, GitLab, and Bitbucket, these data are essential intellectual property. Thousands of hours and dollars are invested in creating, supporting, and improving these projects. Around 70% of DevOps teams release code continuously, even once a day. 

For most organisations, losing such valuable data and the work of thousands of developers can be devastating, leading to unimaginable costs and even bankruptcy.

According to The GitLab 2022 Global DevSecOps Survey, concerns about security have never been higher with  43% of security professionals feel "somewhat" or "very" unprepared for the future. This is why it is important to  consider DevOps backup as a step towards building security ownership across the DevOps team. 

The  Constant Threat Of Ransomware

Backups are critical for businesses, particularly given the constant threat of ransomware. Research from Osirium found that despite 98% of respondents saying they were aware that backups are a target of ransomware attacks, over half (56%) do not keep offline backups and only 35% take extra precautions to protect access to backups and backup management systems.

"Unfortunately, some businesses have become reliant on automated, online backups. This is a huge risk, as in the event of a ransomware attack, the backup system will faithfully take copies of the infected data and render the backups useless" says James Nadal, Senior Content Manager at Osirium. "A multi-layered approach to managing these systems is needed by not only keeping offline backups, but protecting access to the backup management system and related backup files, which is critical to prevent infection." Nadal advises.

Reasons To Backup DevOps Data

Until recently, convincing teams and superiors that even if their code is hosted by reliable companies like GitHub, GitLab, or Atlassian, it could still be lost or unavailable, was one of the toughest jobs for a CISO. However, an Atlassian outage lasting two weeks which affected hundreds of organisations demonstrated that this problem needed to be fixed.

Companies now require a backup plan to minimize the impact of service outages and workflow interruptions.

In addition, ransomware poses a significant threat to DevOps, with an estimated attack attempt every 11 seconds this year. Cybersecurity Ventures predicts that cyber attacks will cost companies $10 trillion annually by 2025. 
Although awareness of attacks against cloud services and SaaS tools, including GitHub, GitLab, and Atlassian products, is increasing, companies need to implement solutions to mitigate attacks and minimise their effects.

Human mistakes, hardware failures, and software errors also contribute to the need for a backup plan.

Furthempre, having software to back up critical data, including source code, projects, and DevOps tools, is a requirement for respected security certifications such as SOC 2 or ISO 27001. Failing to comply with these regulations could result in legal issues, making it even more critical for companies to prioritise backup solutions.

The need for data protection, backup, and long-term retention is also enshrined in the shared responsibility models that all cloud service providers operate on, including GitHub, GitLab, and Atlassian. 

The technology vendor Crucial has done research on the ongoing cost of data breaches and their key findings include:

  • The US the data theft capital of the world, outranking South Korea, Canada, and Australia.
  • 75% of Americans were worried about having their personal, credit card or financial information stolen by hackers, while only 40% were afraid of being robbed.
  • California is the state with the largest cybercrime losses of $1.2B
  • Russia was the most targeted country in 2022, with more than 50,000,000 breaches in the first three quarters. 
  • France was the country with the second highest data breach density.
  • The UK experienced an 8.1% uplift in the cost of data breaches. 

DevOps Backup 

Most IT professionals haven’t got dedicated tools for DevOps backup. They use scripts or a traditional file backup of their local machines, although time-consuming, expensive and is no guarantee that data can be restored. To address this issue, automatic backup solutions for DevOps tools should incorporate industry-specific functionalities, such as full data coverage, the ability to make full, incremental, and differential copies. Additionally, these tools should include best-in-class security features such as encryption, SAML integration, and ransomware protection.

Most importantly, the backup solution should enable DevOps to restore data instantly to support everyday operations and provide Disaster Recovery and Business Continuity technologies in the event of major failures. This should include the possibility of cross-recovery for immediate data migration between service providers like GitLab, GitHub and Bitbucket. 

GiTProtect:     GitProtect:       Crucial:    Lifewire:     Image: Oakozhan

You Might Also Read: 

How To Optimize The DevSecOps Pipeline:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« ChatGPT Language Model Risks
Cyber Security Budgets Are Misspent »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Rollbar

Rollbar

Rollbar is a full-stack error monitoring platform for web and mobile applications. We help developers find and fix bugs fast. Built by developers for developers.

Bulletproof Cyber

Bulletproof Cyber

Bulletproof offer a range of security services, from penetration testing and vulnerability assessments to 24/7 security monitoring, and consultancy.

Cybercrypt

Cybercrypt

Cybercrypt is a world leading system provider in robust cryptography. Protecting critical assets, applications and sensitive data.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Softcat

Softcat

Softcat offer a broad portfolio of IT services and solutions covering Hybrid Infrastructure, Cyber Security, Digital Workspace and IT Intelligence.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

iSPIRAL IT Solutions

iSPIRAL IT Solutions

iSPIRAL is a leading regulatory technology software provider delivering state-of-art AML, KYC, Risk and Compliance solutions.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Aura Information Security

Aura Information Security

Aura Information Security consists of a team of highly-skilled and renowned information security professionals spanning Australia and New Zealand.

DeltaSpike

DeltaSpike

DeltaSpike empowers individuals and organizations worldwide through its comprehensive cybersecurity solutions.

Qryptonic

Qryptonic

Qryptonic pioneers next-generation cybersecurity by leveraging the unparalleled capabilities of quantum computing to defend against evolving threats.