Having a backup is one of the cornerstones of a data security and disaster recovery strategy – but acquiring a backup is not where responsibilities end. Beyond backups, we have to consider how you configured your data storage – something some companies have recently discovered to their detriment.
Global accounting giant Ernst and Young made headlines recently when a cybersecurity probe revealed they left a four terabyte SQL server backup file publicly accessible on Microsoft Azure. The discovery was made by Netherlands-based Neo Security. The discovery was made by a HEAD request designed to retrieve metadata, revealing that data crawlers had access to the files in question.
“Finding a 4TB SQL backup exposed to the public internet is like finding the master blueprint and the physical keys to a vault, just sitting there,” the company’s report states. “With a note that says ‘free to a good home.’
Neo Security said the case was reminiscent of a similar breach it saw years ago when investigating a ransomware case following classic cloud bucket misconfiguration; In that instance, one of its engineers was caught being lazy during a database migration. Not wanting to deal with extra hassle, they simply set a bucket to public for five minutes, downloaded the full SQL database backup to migrate, and made it private again. That quick time window was enough time for attackers’ automated scans to pick up on the exposure. They downloaded the file for themselves, along with trade secrets and credentials.
Configuring your data is not to be underestimated
The above instances are emblematic of one of the biggest issues with the modern corporate cybersecurity environment. There’s a tendency to treat concerns as a checklist – the company has a data backup, therefore that’s a ticked box and no one has to worry any more. This is a rather short-sighted approach.
Data backups and data archives are a key aspect of your company’s future. They’re also highly reliant on being correctly configured and handled, in one-off cases like data migration operations, offloading into storage or restores from a backup as well as regular day-to-day operation.
Backup safely – with TECH-ARROW
TECH-ARROW’s contentACCESS Backup can be configured for on-premises, Cloud or hybrid set-ups, allowing for flexibility in configuring your data. For personal use, you can get a self-managed on-premises version of the archive for free on our store, giving you an unrivaled easy way to test the system and keep your personal data safe.
If you’re interested in keeping your enterprise data secure and setting up archiving or backup systems for your organization, you can contact us for more details on contentACCESS and advice how best to establish best-practices-compliant archiving and backups going forward.
Your Data In Your Hands – With TECH-ARROW
