Patches, backups, and DRP

Greetings from the road. Even on a train with no wifi, I manage to get myself on the net. But on to business.

You'll be surprised how many of the Internet services you rely on daily (especially startups) use the equivalent of shoe strings and band aids to make sure your data can handle a systems problem. If confidence in corporate infrastructure were based on openness and transparency, oh my... what panic would ensue.

I've talked here and there with those responsible. I'd get reasons like, "I'm up to my neck in other crap to fix," or "It's just too much work, where will I begin?" or "If we patch that we're not sure what will happen to it after reboots." Pathetic excuses for any outside armchair observer, but after my initial shock, I'd totally sympathize. Valid obstacles for the overworked IT admin.

Unfortunately, patch maintenance, backing up your valuable files and data, and a disaster recovery  (DRP) take some time and consistent effort to happen successfully.

The month of October has been deemed Cyber Security Awareness Month by the SANS ISC. Every day the past month they have posted short helpful tips in formulating a readiness plan for incidents. Taking this small-steps approach, even if things seem totally clusterF'd with a mountainous list of to-do's, you can chip away at the problems and prevent or reduce reactionary workload in the [near] future.

Here are some things to consider:

  • Are you even backing up? AND: Have you tested a recovery?
  • Are key systems redundant? (e.g. source control machine, main databases, email data stores, recovery artifacts like installers and static files.)
  • Are you regularly being updated via security sites of latest discoveries and patches?
Even on a personal level, I think of things that I would dread losing. It's that quintessential question: If your house was on fire, what's the first thing you'd take out of the house?

If you answered, "the fire" then bonus points for thinking out of the box. But most people think of photographs and unique documents. So here are some consumer-level ideas that can help you garner a disaster-recovery-plan mindset:

  • A redundant array backup drive for your home computers for large backups like video and music (e.g. Drobo or other external solution).
  • Automated backups of your important e-documents (or the whole drive if you have a Mac with Leopard OSX and a Timecapsule).
  • If you're unixy, understand the beauty of rsync. It's a life saver!
  • Keep personal email centralized via IMAP and don't POP it.
  • Consider an offsite secure file storage solution for your important files (like Wuala).
  • Turn on automated updates so you catch security patches.
  • Subscribe to security watchdog sites.
Again, when reading these cursory examples, it seems like common sense. But it is amazing how few people actually devote a little effort to backing up data. I've known professional photographers who have lost years of old work because everything sat on one hard drive. I've lost years of old emails in failed systems.

Now the last thing I want to do is be a scaremonger and let fear drive your security. And I know that it won't happen until you want it to happen- no amount of common sense will move you to action. Don't do it for the what-ifs, but do it for the proactive efficiency of best IT practice. Do it to introduce a bar of quality to your work. Caffeinated coders are lazy. And laziness implies not working more later. Work a little now, little steps here and there, to save yourself from work later.

Share |

Posted on October 30, 2008 by Dennis Mojado

Filed under #code | 0 Comments |  Digg it

« Good enough, or... | Main | Benefits of Certific... »


Comments:

Post a Comment:
  • HTML Syntax: Allowed