Viewing a single comment thread. View all comments

Fieos t1_iwhzqr0 wrote

Okay, sure.

- Source 20+ year IT veteran specializing in the private cloud computing areas of business continuity, disaster recovery, and cyber-threat resiliency.

People often think, "I have backup... I'm good."

How do you know if your backups aren't also compromised? Are you scanning for metadata changes in your archive? If your infrastructure was targeted, do you have a recovery plan for all your data center services? DNS/NTP/LDAP/SMTP/PKI/etc?

Do your business processes aligned to report and communicate internally (and possibly externally) in the event of a security breach? If you are compromised and recovering to an alternate restore target... do you have your VIPs configured to handle the new locale?

Do you have all your binaries for a site rebuild onsite in a vault and are all your runbooks current? Have you actually even tested restores?

Say you are recovering from backup and everything else is good? What is your throughput to get your data back on disk?

If your data is encrypted by a third party, what's the plan? If the data is already outside of the environment... what's the plan?

None of this is simple at scale.

2

nvrmor t1_iwi0d0v wrote

yeah but what if you just used a backup?

−1