World Backup Day 

Uploaded on 2023-03-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Friday, March 31 is World Backup Day when cyber security professionals unite to urge everyone to make backups. For several years, World Backup Day has been marked on the last day of March. The concept was developed in order to raise awareness of the importance of maintaining regular, secure data backups.

What are the types of data that are often overlooked, the loss of which can lead to serious consequences?  Here we focus on a types of data often overlooked but shouldn't be.These include backing up data from GitLab, GitHub, Bitbucket and Jira.

DevOps Backup 

If an organisation uses DevOps tools like Jira or version control systems like GitHub, GitLab, and Bitbucket, these data are essential intellectual property. Thousands of hours and dollars are invested in creating, supporting, and improving these projects. Around 70% of DevOps teams release code continuously, even once a day. 

For most organisations, losing such valuable data and the work of thousands of developers can be devastating, leading to unimaginable costs and even bankruptcy.

According to The GitLab 2022 Global DevSecOps Survey, concerns about security have never been higher with  43% of security professionals feel "somewhat" or "very" unprepared for the future. This is why it is important to  consider DevOps backup as a step towards building security ownership across the DevOps team. 

The  Constant Threat Of Ransomware

Backups are critical for businesses, particularly given the constant threat of ransomware. Research from Osirium found that despite 98% of respondents saying they were aware that backups are a target of ransomware attacks, over half (56%) do not keep offline backups and only 35% take extra precautions to protect access to backups and backup management systems.

"Unfortunately, some businesses have become reliant on automated, online backups. This is a huge risk, as in the event of a ransomware attack, the backup system will faithfully take copies of the infected data and render the backups useless" says James Nadal, Senior Content Manager at Osirium. "A multi-layered approach to managing these systems is needed by not only keeping offline backups, but protecting access to the backup management system and related backup files, which is critical to prevent infection." Nadal advises.

Reasons To Backup DevOps Data

Until recently, convincing teams and superiors that even if their code is hosted by reliable companies like GitHub, GitLab, or Atlassian, it could still be lost or unavailable, was one of the toughest jobs for a CISO. However, an Atlassian outage lasting two weeks which affected hundreds of organisations demonstrated that this problem needed to be fixed.

Companies now require a backup plan to minimize the impact of service outages and workflow interruptions.

In addition, ransomware poses a significant threat to DevOps, with an estimated attack attempt every 11 seconds this year. Cybersecurity Ventures predicts that cyber attacks will cost companies $10 trillion annually by 2025. 
Although awareness of attacks against cloud services and SaaS tools, including GitHub, GitLab, and Atlassian products, is increasing, companies need to implement solutions to mitigate attacks and minimise their effects.

Human mistakes, hardware failures, and software errors also contribute to the need for a backup plan.

Furthempre, having software to back up critical data, including source code, projects, and DevOps tools, is a requirement for respected security certifications such as SOC 2 or ISO 27001. Failing to comply with these regulations could result in legal issues, making it even more critical for companies to prioritise backup solutions.

The need for data protection, backup, and long-term retention is also enshrined in the shared responsibility models that all cloud service providers operate on, including GitHub, GitLab, and Atlassian. 

The technology vendor Crucial has done research on the ongoing cost of data breaches and their key findings include:

  • The US the data theft capital of the world, outranking South Korea, Canada, and Australia.
  • 75% of Americans were worried about having their personal, credit card or financial information stolen by hackers, while only 40% were afraid of being robbed.
  • California is the state with the largest cybercrime losses of $1.2B
  • Russia was the most targeted country in 2022, with more than 50,000,000 breaches in the first three quarters. 
  • France was the country with the second highest data breach density.
  • The UK experienced an 8.1% uplift in the cost of data breaches. 

DevOps Backup 

Most IT professionals haven’t got dedicated tools for DevOps backup. They use scripts or a traditional file backup of their local machines, although time-consuming, expensive and is no guarantee that data can be restored. To address this issue, automatic backup solutions for DevOps tools should incorporate industry-specific functionalities, such as full data coverage, the ability to make full, incremental, and differential copies. Additionally, these tools should include best-in-class security features such as encryption, SAML integration, and ransomware protection.

Most importantly, the backup solution should enable DevOps to restore data instantly to support everyday operations and provide Disaster Recovery and Business Continuity technologies in the event of major failures. This should include the possibility of cross-recovery for immediate data migration between service providers like GitLab, GitHub and Bitbucket. 

GiTProtect:     GitProtect:       Crucial:    Lifewire:     Image: Oakozhan

You Might Also Read: 

How To Optimize The DevSecOps Pipeline:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« ChatGPT Language Model Risks
Cyber Security Budgets Are Misspent »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Tempest

Tempest

TEMPEST is a leading provider of IT products and services including solutions for network and application security.

iSolutions

iSolutions

iSolutions is an official reseller and engineering company of leading products and solutions for cybersecurity and information protection, optimization, visualization and control of applications

Defscope

Defscope

Defscope is an Azerbaijani company entirely focused on cybersecurity offering training, security consulting, and other professional services.

ACSG Corp

ACSG Corp

ACSG Corp is a Critical Infrastructure Protection Company with a multi-disciplinary focus on building analytics software for various industry sectors.

Intel

Intel

Intel products are engineered with built-in security technologies to help protect potential attack surfaces.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

PolySwarm

PolySwarm

PolySwarm is a crowdsourced threat intelligence marketplace that provides a more effective way to detect, analyze and respond to the latest threats.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Resonance Security

Resonance Security

Resonance offers powerful cybersecurity aggregation software that makes protecting against full spectrum cybersecurity threats effortless no matter what your technical level, budget, or scope.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.