The Dangers of Using Home-Grown Backup Systems


Guest

Guest

Mar 13, 2023


This is a Guest Post by W. Curtis Preston, Chief Technology Evangelist, Druva

The notion that a 200 million USD company would rely on a home-grown backup system to store other people’s sensitive data is mind-boggling, to say the least! And yet, it appears that the password management app LastPass did precisely just that. The result? They were hacked, and a backup copy of their customer database was stolen.

This is just the latest example of a hack that could have been prevented had the organization not been using its own backup system.

Let’s take a closer look at how home-grown backup systems are developed, and why they leave systems vulnerable to hacking.

Creating a Home-Grown Backup

On the surface, backups sound simple – copy data from one place to another and have some versioning in place so that you can restore older files.

With modern-day cloud storage and bandwidth, it seems that all you need is to write a shell script. Of course, the cloud storage has some security, so you’d need the shell script to authenticate itself – something that can be accomplished by simply hardcoding a username and password into the script. Now the backup system will run by itself round-the-clock and copy your valuable data to a secure space in the cloud. What could possibly go wrong?

How it Goes Wrong

Consider this scenario – your development environment has been compromised by the hack of another service your organization uses. The hackers were able to access your computing environment for a few days without the breach being detected. The quick fix to this problem? Changing all your passwords.  

But what about your home-grown backup script?  What if the hacker was able to scan the network, find and read your backup script, and scrape the username and password from it?  Even if you changed the password and updated the script, they’d be able to find it and read it. They would then be able to log into your cloud account as you and download backups of any data they want, such as your customer database.

Of course, ideally, such data should be encrypted. But the hard reality is that sometimes it simply isn’t.

This scenario above outlines how a hacker was able to access LastPass’s customer information. While the passwords and account names stored in the password vault were encrypted, a lot of other information was not.

The Need for Professional Backup and Recovery

The LastPass hack highlights the dangers of relying on a home-grown backup system. To truly ensure that their backups are secure, organizations need to use a professional cyber defense and recovery system. In fact, they need to ‘shift left’ and think not just in terms of data protection, but in terms of data resiliency. Data resiliency is about more than just creating a copy of data – it’s about proactively safeguarding your systems against new threats and making sure that your organization is always ready to recover quickly after an attack.

Implementing a data resiliency solution ensures that your data is both protected and recoverable, through backup and protection, replication, and disaster recovery. This is in the face of both ‘traditional’ threats (such as user error, system failure, site disaster) and next-gen threats (such as ransomware, supply chain attacks, insider threats).

Armed with such a data resiliency solution, you would no longer need to hardcode username and passwords in a backup script. So even if a hacker gained access to your data center for weeks, they wouldn’t be able to find anything that would help them penetrate your backups. Your backups would be stored offsite, encrypted, air-gapped and under separate management.

Sounds much more secure, right?

Organizational Credibility at Stake

Incidents like the LastPass hack are a cautionary tale for all of us, and a disaster for the organizations involved. Poor data security and resilience practices have collectively cost businesses billions of dollars in lost revenue every year, as well as reputation damage, ransom payments and data recovery organizations. Customers, and other stakeholders, increasingly judge companies based on how well they handle and can recover from such attacks.

In such a scenario, companies cannot afford to rely on home-grown backup systems. They need to make data security & resiliency a top priority and invest in robust solutions that guarantee the safety of their sensitive data, and even more importantly, that of their customers.


Guest
Guest
  • 242 Posts

Subscribe Now!

Get latest news and views related to startups, tech and business

You Might Also Like

Business
Dec. 8, 2022

Beat The Burden Of Medical Inflation With A Health Insurance

As disease rates rise and medical technology develops, treatment costs climb. It’s essential to understand that medical costs are not exclusively associated with hospitals. The cost of prescription drugs, diagnostic procedures, ambulance and operating room fees, consultations with doctors, and other costs are also constantly increasing. All of them could put a big strain on […]

Business
Dec. 8, 2022

3 Biggest Changes Of iOS 16.2 Update That Every iPhone User Should Know!

In its latest update Apple said that it is preparing for the iOS 16.2 update for iPhones across the world. Notably, like the previous release, there are a couple of changes coming for the iPhones.  iOS 16.2 Update Release Date So far, Apple has not announced a release date for iOS 16.2 update. Reportedly, the […]

Business
Dec. 8, 2022

300 Microsoft Employees Create Employee Union, First Time Ever: This Is How Microsoft Reacted

Around 300 workers at Microsoft Corp.’s ZeniMax Studios have commenced the process of forming a union which is said to be the first at the software giant in the US.  Here, Microsoft Corp.’s ZeniMax Studios known for popular video games including Skyrim and Fallout. Forming Union In Microsoft Corp Moreover, the quality assurance employees at […]

Business
Dec. 7, 2022

India Beats China In Air Travel Safety: Ranking Jumps From 102 To 48 In Global Aviation Safety

India’s air safety protocols and executions have improved drastically over the years, as validated by the findings of a specialized agency of the United Nations, the International Civil Aviation Organization or ICAO. The UN watchdog has upgraded India’s ranking in terms of aviation safety to the 48th position, jumping past the rankings of countries like […]

Recent Posts

Related Videos

   

Subscribe Now!

Get latest news and views related to startups, tech and business

who's online