What happens when you rely on Cloud Services - What about your (Ops)Backups?

• 23 August 2023
• security,
• ransomware,
• data loss,
• cloud,
• backups,
• desaster recovery

Do you practice backup best practice? #

Relying solely on one Cloud Provider for infrastructure or backups might not be ideal as they could potentially lose all your data.

This was the case with the Danish cloud provider, "CloudNordic," when they were hit with a ransomware infection in the early hours of August 18th, as reported by The Register.
The provider refused to pay the hackers' ransom, resulting in the loss of most of their customers' data.

It should be noted that the provider denies any occurrence of a data breach, yet admits to having no knowledge of how the hack was conducted at present. These two statements do not align well.

So what is the Key Takeaway? What can we learn from this? #

Regarding Trust #

Firstly, security is not a state, but rather a process. Therefore, it is not advisable to rely on third parties for ensuring the safety and security of your operations and data.

Regarding Backups #

But much more important - implement a backup strategy that does make sense. A simple rule of thumb is the 3-2-1 Backup Strategy.

• Keep (at least) 3 copies of your data.
• 2 local copies on different mediums (e.g. Computer and NAS/Server)
• 1 off-site copy (e.g. a external HDD in your moms house / a bank deposit box)

Regarding Desaster Recovery #

Backups are beneficial, but having a plan for restoring usable data after a catastrophic failure is superior. It is crucial to have a comprehensive strategy in place.

• Have a Desaster Recovery plan for your Ops before Disaster happens
• Validate your Backups (Software like Vorta/Borg or ZFS-Snapshots provide repair+integrity checks with convenience)
• Be sure to not only encrypt your data but being able to decrypt it too.
• Validate that restoring from Backup works
• Prepare not only for Data failure but for failing devices (and subsequent necessary setup) too

But always keep-it-simple-stupid. Overengineered, cool and fancy solutions do not help if the threshold to actually use them is too high due to their absurd complexity.

• Previous: On the Turing completeness of Mario - TAS Arbitrary Code Execution
• Next: Eastereggs in Footnotes - Citing the Unabomber in a Math paper