Information Security Expert Says InfoSec Must Evolve

Wolfgang Goerlich, Advisory CISO, explains the current state of information security, and why he thinks many environments are focusing on the wrong things. We speak about ransomware, extortionware, and phishing, even giving examples where we know we have personally been phished! He explains how this illustrates his point that we need more emphasis in different areas of information security.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

Are You Vulnerable to an Attack Like Kaseya One on Kaseya? (Restore it All Podcast #112)

Mr. Backup and Prasanna discuss the Kaseya attack that happened over the July 4th weekend of 2021. First, we talk about how bad actors use long weekends for attacks, then discuss various things you can/should do to ensure that your environment would not be vulnerable to such an attack. We talk about the kinds of questions that even an unskilled person can ask to help mitigate this risk, including (especially) the all-important questions about backups. We also talk about the need for establishing a “bat-phone” type connection between your environment and any providers you may be using. We have a short talk about the impact that all these attacks are having on ransomware costs, and how you can use your DR site to test patches.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

Tape Drive Designer Schools Mr. Backup on Tape (Restore it All Podcast #111)

Joe Jurneke has been designing the innards of magnetic devices since 1973, and now he’s here to answer our questions. He started with disk, and moved over to tape over thirty years ago, and is now retired – but consults with the tape industry from time to time. We talk in detail about how tape drives work they way they do, their reliability and more. We take down a couple of myths from the guy that was there, even correcting a misunderstanding Mr. Backup has had for many years. If the phrase “magneto crystalline anisotropy” has been used on any other podcast, we’d be surprised. This is a good one you won’t want to miss.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

Why you need a copy of Modern Data Protection (Restore it All Podcast #110)

We cover my latest book, Modern Data Protection, by O’Reilly & Associates on this podcast. I give an overview of the book, which covers the “Why, What, Where, and How” of backup, archive, and disaster recovery. After giving an overview of the book, I talk about why I wrote, and what it’s like to write a book for O’Reilly. Prasanna acted as a tech editor on the book, so he offered his unique perspective as well.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

Can OVH properly redesign their backup infrastructure? (Restore it All Podcast #109)

Prasanna and Curtis discuss whether or not can (or will) OVH properly redesign their backup infrastructure to prevent another incident like what happened in March, where many customers lost their sites forever. As we discussed in our previous podcast, OVH had a backup service already that people paid for, and it was not up to the task. OVH”s CEO made an 8-minute video where he discussed some of the things they were going to do to make things better, and we discuss what he said. We talk about their idea of a centralized region just for backups, and whether or not that’s a good idea. We also talk about how big of a job they have in front of them. We applaud what we see, but have many concerns that the brief video do not address. We also talk about how this plan is supposed to take five years, and what do OVH customers do in the meantime?

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

ComplyTrust: Remembering those you need to forget (Restore it All Podcast #108)

We talk to Mike Johnson of ComplyTrust, who says they “remember those you are supposed to forget.” We talk about the data management challenges created by data subject access requests (DSARs), right-of-erasure (ROE, AKA right to be forgotten, or RTBF) requests, and the fact that we have many parts of the datacenter that are much better at remembering than forgetting. Backups are a particular challenge, but Mike brings up other challenges, such as mergers and acquisitions, and salespeople importing old data. ComplyTrust SaaS offering has a unique solution to this problem by remembering (on your behalf) those you are supposed to forget, and continually checking to see that they stay forgotten.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

OVH’s Backup Service Didn’t Work (Restore it All Podcast #107)

This week we discuss further lessons from the OVH fire, which starts with an admission by the CEO that some customers who paid for the backup service lost their backups in the fire. It then morphs into a discussion about designing resilient systems, starting with the concept of designing for failure. You have to protect against both physical and logical damage to your apps and data. We talk about using both cloud-native apps that have resiliency built in, vs having to add resiliency to your own app. Most importantly, know how your app/data is protected, and don’t tolerate wishy-washy terminology in your service agreements. Above all, test, test, test!

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

How do You Prove Your Backup Service is Real? (Restore it All Podcast #106)

This week we discuss a topic brought up by the OVH fire. It appears some people actually had a contractual backup service that wasn’t doing it’s job. How do you verify that a service you’re paying for is real, and is doing what it claims to be doing? Especially how do you make sure they are storing data offsite? We’ve got some ideas.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

Datacenter manager Dan Frith discusses the OVH Fire (Restore it All Podcast #105)

Datacenter manager Dan Frith (@penguinpunk) joins us on the podcast for our first discussion of the #OVHFire. A massive fire destroyed a datacenter of a large cloud provider in Europe, and millions of websites disappeared. We talk about the lessons we can learn from this event.

Dan talks about how outsourcing the servers doesn’t outsource the responsibility for data protection. I make the point that this fire shows what happens when you completely rely on a single entity for both production and data protection. We end up talking about the 3-2-1 rule and how it applies in this scenario.

I also give a discount code during the podcast for my new O’Reilly book Modern Data Protection, which is now available for purchase. If you use the URL below and the code I give on the podcast, you can get 35% of the retail price.

https://shop.aer.io/oreilly/p/Modern_Data_Protection_Ensuring_Recoverability_of_/9781492094050-9149

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.

Dave Russell answers our questions about Veeam (Restore it All Podcast #104)

It only took us 100 episodes, but we finally got Dave Russell, VP of Enterprise Strategy at Veeam, as our guest on the podcast. Dave and Curtis go way back, and this was a great discussion. We cover the proper use of tape, and what it was like for Dave when he went to Veeam. Another big discussion point was Dave clearing up misconceptions (some of which may have come from this podcast) about what Insight Partners acquiring Veeam really meant. We then get into a great discussion about how Veeam works, ending that discussion with Dave explaining what Veeam is doing to address concerns about Windows and ransomware.

----- Signature and Disclaimer -----

Written by W. Curtis Preston (@wcpreston). For those of you unfamiliar with my work, I've specialized in backup & recovery since 1993. I've written the O'Reilly books on backup and have worked with a number of native and commercial tools. I am now Chief Technical Evangelist at Druva, the leading provider of cloud-based data protection and data management tools for endpoints, infrastructure, and cloud applications. These posts reflect my own opinion and are not necessarily the opinion of my employer.