Securing Backups

Backups are heinously important. Keeping good data backups can be the difference between a data loss incident being a day-long inconvenience or an organization-killing disaster. One thing that isn’t as often discussed, though, is securing those backups.

We’ve talked at length previously about the importance of backups against physical disasters like fires and floods. We’ve talked about the danger of users making a mistake and inadvertently deleting or modifying years of data. We’ve also talked about the dangers of Ransomware attacks. One item we haven’t discussed is the danger of your backups being stolen.

The social media app Parler recently was shut down by their host, Amazon Web Services, after being banned by Google and Apple from their respective app stores. It was reported that just a few hours before they went down, though, that archived user data was downloaded en mass from their servers. Whether or not that’s true, and whether or not the backups were actually the leak point, it does drive home a critical point.

More and more companies keep personally identifying information (PII) about their users as the legal and financial consequences of losing control of that data continues to grow. Whereas once upon a time, companies kept most backups on tape or some other physically disconnected media. Now we hear time and again about cyber criminals releasing huge amounts of PII data to the Internet at large from improperly provisioned Amazon S3 buckets or other electronic backup sets.

Ensuring your security around your backups is at least as strong as the security around your production data is a problem that many organizations struggle with. If you’re not sure how exposed you are, give us a call. We’re always more than happy to help our clients make sure their data is as safe as possible, both from disaster and theft.