World Backup Day 

Uploaded on 2023-03-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Friday, March 31 is World Backup Day when cyber security professionals unite to urge everyone to make backups. For several years, World Backup Day has been marked on the last day of March. The concept was developed in order to raise awareness of the importance of maintaining regular, secure data backups.

What are the types of data that are often overlooked, the loss of which can lead to serious consequences?  Here we focus on a types of data often overlooked but shouldn't be.These include backing up data from GitLab, GitHub, Bitbucket and Jira.

DevOps Backup 

If an organisation uses DevOps tools like Jira or version control systems like GitHub, GitLab, and Bitbucket, these data are essential intellectual property. Thousands of hours and dollars are invested in creating, supporting, and improving these projects. Around 70% of DevOps teams release code continuously, even once a day. 

For most organisations, losing such valuable data and the work of thousands of developers can be devastating, leading to unimaginable costs and even bankruptcy.

According to The GitLab 2022 Global DevSecOps Survey, concerns about security have never been higher with  43% of security professionals feel "somewhat" or "very" unprepared for the future. This is why it is important to  consider DevOps backup as a step towards building security ownership across the DevOps team. 

The  Constant Threat Of Ransomware

Backups are critical for businesses, particularly given the constant threat of ransomware. Research from Osirium found that despite 98% of respondents saying they were aware that backups are a target of ransomware attacks, over half (56%) do not keep offline backups and only 35% take extra precautions to protect access to backups and backup management systems.

"Unfortunately, some businesses have become reliant on automated, online backups. This is a huge risk, as in the event of a ransomware attack, the backup system will faithfully take copies of the infected data and render the backups useless" says James Nadal, Senior Content Manager at Osirium. "A multi-layered approach to managing these systems is needed by not only keeping offline backups, but protecting access to the backup management system and related backup files, which is critical to prevent infection." Nadal advises.

Reasons To Backup DevOps Data

Until recently, convincing teams and superiors that even if their code is hosted by reliable companies like GitHub, GitLab, or Atlassian, it could still be lost or unavailable, was one of the toughest jobs for a CISO. However, an Atlassian outage lasting two weeks which affected hundreds of organisations demonstrated that this problem needed to be fixed.

Companies now require a backup plan to minimize the impact of service outages and workflow interruptions.

In addition, ransomware poses a significant threat to DevOps, with an estimated attack attempt every 11 seconds this year. Cybersecurity Ventures predicts that cyber attacks will cost companies $10 trillion annually by 2025. 
Although awareness of attacks against cloud services and SaaS tools, including GitHub, GitLab, and Atlassian products, is increasing, companies need to implement solutions to mitigate attacks and minimise their effects.

Human mistakes, hardware failures, and software errors also contribute to the need for a backup plan.

Furthempre, having software to back up critical data, including source code, projects, and DevOps tools, is a requirement for respected security certifications such as SOC 2 or ISO 27001. Failing to comply with these regulations could result in legal issues, making it even more critical for companies to prioritise backup solutions.

The need for data protection, backup, and long-term retention is also enshrined in the shared responsibility models that all cloud service providers operate on, including GitHub, GitLab, and Atlassian. 

The technology vendor Crucial has done research on the ongoing cost of data breaches and their key findings include:

  • The US the data theft capital of the world, outranking South Korea, Canada, and Australia.
  • 75% of Americans were worried about having their personal, credit card or financial information stolen by hackers, while only 40% were afraid of being robbed.
  • California is the state with the largest cybercrime losses of $1.2B
  • Russia was the most targeted country in 2022, with more than 50,000,000 breaches in the first three quarters. 
  • France was the country with the second highest data breach density.
  • The UK experienced an 8.1% uplift in the cost of data breaches. 

DevOps Backup 

Most IT professionals haven’t got dedicated tools for DevOps backup. They use scripts or a traditional file backup of their local machines, although time-consuming, expensive and is no guarantee that data can be restored. To address this issue, automatic backup solutions for DevOps tools should incorporate industry-specific functionalities, such as full data coverage, the ability to make full, incremental, and differential copies. Additionally, these tools should include best-in-class security features such as encryption, SAML integration, and ransomware protection.

Most importantly, the backup solution should enable DevOps to restore data instantly to support everyday operations and provide Disaster Recovery and Business Continuity technologies in the event of major failures. This should include the possibility of cross-recovery for immediate data migration between service providers like GitLab, GitHub and Bitbucket. 

GiTProtect:     GitProtect:       Crucial:    Lifewire:     Image: Oakozhan

You Might Also Read: 

How To Optimize The DevSecOps Pipeline:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« ChatGPT Language Model Risks
Cyber Security Budgets Are Misspent »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Security Affairs

Security Affairs

Security Affairs is a blog covering all aspects of cyber security.

Octopus Cybercrime Community

Octopus Cybercrime Community

The Octopus Community is a platform for information sharing and cooperation on cybercrime and electronic evidence.

EdgeWave

EdgeWave

EdgeWave provides simple but highly effective data security and advanced threat protection in solutions that are affordable, scalable and easy to use.

PrivateCore

PrivateCore

We protect data-in-use from hackers trying to steal data such as encryption keys, certificates, intellectual property.

Appvisory

Appvisory

Appvisory by MediaTest Digital is the leading Mobile Application Management-Software in Europe and enables enterprises to work secure on smartphones and tablets.

MOXFIVE

MOXFIVE

MOXFIVE is a specialized technical advisory firm founded to bring clarity to the complexity of cyber attacks.

Tetrad Digital Integrity (TDI)

Tetrad Digital Integrity (TDI)

TDI is a world-class consulting firm offering cybersecurity services to government agencies and commercial clients around the world.

Cyber Skyline

Cyber Skyline

Cyber Skyline is a revolutionary cloud platform to practice, develop, and measure your team's technical cybersecurity skills.

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

Trapp Technology

Trapp Technology

Trapp Technology combines the very best cloud, Internet, IT managed services, and IT consulting to provide a true all-in-one IT solution for small to mid-sized businesses.

GTT Communications

GTT Communications

GTT are a global network provider that serves thousands of multinational and national enterprise, government and carrier customers with a portfolio of advanced connectivity and security services.

ELLIO Technology

ELLIO Technology

ELLIO Technology is a cybersecurity company that reduces alert overload, improves incident response, and helps security teams target serious attackers who pose a real threat.

DruvStar

DruvStar

DruvStar provides B2B cybersecurity around threat management to strengthen businesses across attack vectors.

Halcyon

Halcyon

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

PlanNet 21 Communications

PlanNet 21 Communications

PlanNet 21 Communications is Ireland most specialised technology solution provider.