World Backup Day 

Friday, March 31 is World Backup Day when cyber security professionals unite to urge everyone to make backups. For several years, World Backup Day has been marked on the last day of March. The concept was developed in order to raise awareness of the importance of maintaining regular, secure data backups.

What are the types of data that are often overlooked, the loss of which can lead to serious consequences?  Here we focus on a types of data often overlooked but shouldn't be.These include backing up data from GitLab, GitHub, Bitbucket and Jira.

DevOps Backup 

If an organisation uses DevOps tools like Jira or version control systems like GitHub, GitLab, and Bitbucket, these data are essential intellectual property. Thousands of hours and dollars are invested in creating, supporting, and improving these projects. Around 70% of DevOps teams release code continuously, even once a day. 

For most organisations, losing such valuable data and the work of thousands of developers can be devastating, leading to unimaginable costs and even bankruptcy.

According to The GitLab 2022 Global DevSecOps Survey, concerns about security have never been higher with  43% of security professionals feel "somewhat" or "very" unprepared for the future. This is why it is important to  consider DevOps backup as a step towards building security ownership across the DevOps team. 

The  Constant Threat Of Ransomware

Backups are critical for businesses, particularly given the constant threat of ransomware. Research from Osirium found that despite 98% of respondents saying they were aware that backups are a target of ransomware attacks, over half (56%) do not keep offline backups and only 35% take extra precautions to protect access to backups and backup management systems.

"Unfortunately, some businesses have become reliant on automated, online backups. This is a huge risk, as in the event of a ransomware attack, the backup system will faithfully take copies of the infected data and render the backups useless" says James Nadal, Senior Content Manager at Osirium. "A multi-layered approach to managing these systems is needed by not only keeping offline backups, but protecting access to the backup management system and related backup files, which is critical to prevent infection." Nadal advises.

Reasons To Backup DevOps Data

Until recently, convincing teams and superiors that even if their code is hosted by reliable companies like GitHub, GitLab, or Atlassian, it could still be lost or unavailable, was one of the toughest jobs for a CISO. However, an Atlassian outage lasting two weeks which affected hundreds of organisations demonstrated that this problem needed to be fixed.

Companies now require a backup plan to minimize the impact of service outages and workflow interruptions.

In addition, ransomware poses a significant threat to DevOps, with an estimated attack attempt every 11 seconds this year. Cybersecurity Ventures predicts that cyber attacks will cost companies $10 trillion annually by 2025. 
Although awareness of attacks against cloud services and SaaS tools, including GitHub, GitLab, and Atlassian products, is increasing, companies need to implement solutions to mitigate attacks and minimise their effects.

Human mistakes, hardware failures, and software errors also contribute to the need for a backup plan.

Furthempre, having software to back up critical data, including source code, projects, and DevOps tools, is a requirement for respected security certifications such as SOC 2 or ISO 27001. Failing to comply with these regulations could result in legal issues, making it even more critical for companies to prioritise backup solutions.

The need for data protection, backup, and long-term retention is also enshrined in the shared responsibility models that all cloud service providers operate on, including GitHub, GitLab, and Atlassian. 

The technology vendor Crucial has done research on the ongoing cost of data breaches and their key findings include:

  • The US the data theft capital of the world, outranking South Korea, Canada, and Australia.
  • 75% of Americans were worried about having their personal, credit card or financial information stolen by hackers, while only 40% were afraid of being robbed.
  • California is the state with the largest cybercrime losses of $1.2B
  • Russia was the most targeted country in 2022, with more than 50,000,000 breaches in the first three quarters. 
  • France was the country with the second highest data breach density.
  • The UK experienced an 8.1% uplift in the cost of data breaches. 

DevOps Backup 

Most IT professionals haven’t got dedicated tools for DevOps backup. They use scripts or a traditional file backup of their local machines, although time-consuming, expensive and is no guarantee that data can be restored. To address this issue, automatic backup solutions for DevOps tools should incorporate industry-specific functionalities, such as full data coverage, the ability to make full, incremental, and differential copies. Additionally, these tools should include best-in-class security features such as encryption, SAML integration, and ransomware protection.

Most importantly, the backup solution should enable DevOps to restore data instantly to support everyday operations and provide Disaster Recovery and Business Continuity technologies in the event of major failures. This should include the possibility of cross-recovery for immediate data migration between service providers like GitLab, GitHub and Bitbucket. 

GiTProtect:     GitProtect:       Crucial:    Lifewire:     Image: Oakozhan

You Might Also Read: 

How To Optimize The DevSecOps Pipeline:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« ChatGPT Language Model Risks
Cyber Security Budgets Are Misspent »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NXP Semiconductors

NXP Semiconductors

NXP is a world leader in secure connectivity solutions for embedded applications and the Internet of Things.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

Government CSIRT - Chile

Government CSIRT - Chile

Government CSIRT is the Computer Security Incident Response Team for State networks and government cyberspace in Chile.

Applied Science and Technology Research Institute Company Limited (ASTRI)

Applied Science and Technology Research Institute Company Limited (ASTRI)

ASTRI's mission is to enhance Hong Kong’s competitiveness in technology-based industries through applied research in areas including Security & Data Sciences which encompasses cybersecurity.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

Pyxsoft PowerWAF

Pyxsoft PowerWAF

Pyxsoft PowerWAF responds to the problem of business cybersecurity. We protect our clients' websites and data against attacks and exploitation of all kinds of vulnerabilities.

NOW Insurance

NOW Insurance

NOW Insurance provides small business owners and other professional classes with a seamless purchasing experience for general liability, professional liability, and cybersecurity insurance coverage.

CloudBolt Software

CloudBolt Software

CloudBolt provide solutions for your toughest cloud challenges. From automation, to cost and security, and hybrid IT governance — we have you covered.

Securd

Securd

Securd takes opportunities away from your cyber adversaries. Cloud-delivered zero-trust DNS firewall and web filtering protection keep your business network and remote employees safe.

UK Cyber Security Association (UKCSA)

UK Cyber Security Association (UKCSA)

The UK Cyber Security Association (UKCSA) is a membership organisation for individuals and organisations who actively work in the cyber security industry.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Prelude

Prelude

Prelude offer the first autonomous platform built to attack, defend and train critical assets through continuous red-teaming.

Ballistic Ventures

Ballistic Ventures

Ballistic Ventures is a new kind of venture capital firm, built by and for cybersecurity entrepreneurs and investors.

ZeroGPT

ZeroGPT

ZeroGPT.com stands at the forefront of AI detection tools, specializing in the precise identification of ChatGPT-generated text.