The Backup Wrap-Up

Emergency Episode: The PyPI Software Supply Chain Attack You Need to Know About

Thu, 26 Mar 2026 04:00:00 -0700

A PyPI software supply chain attack hit LiteLLM — a library pulled into developer environments 97 million times a month — and if you use it, you may already be compromised. This wasn't a fake package or a typo-squatting trick. Attackers stole real credentials, published malicious code as the real thing, and walked out with SSH keys, cloud credentials, Kubernetes tokens, API keys, and more — all encrypted and sent home before anyone knew what happened.

I'm doing something I've never done before: an emergency episode, recorded and published immediately because this is that serious. I brought in Dr. Mike Saylor, co-author of our book Learning Ransomware Response and Recovery, and my co-host Prasanna Malaiyandi to break down exactly what happened, how to find out if you were hit, and what you need to do to protect yourself going forward.

We open with a story from 1982 that perfectly captures what this attack really is — getting poisoned by something you trusted completely. That framing matters. This wasn't a failure of the library. It was a failure of the supply chain. And it can happen again.

Chapters:

00:00:00 - Intro: Why this is an emergency episode

00:01:35 - Meet the guests: Dr. Mike Saylor and Prasanna Malaiyandi

00:02:31 - The Tylenol poisoning analogy and what it means for software supply chains

00:05:51 - What LiteLLM is and what the malware actually did to your environment

00:09:04 - Dependencies explained: why you're affected even if you didn't install LiteLLM directly

00:12:24 - How to find out if you were hit: the first things to check right now

00:14:23 - IOCs and TTPs: what to look for in your logs and on your systems

00:19:07 - Network indicators: unusual traffic and what it tells you

00:22:12 - How security teams can find out if developers installed it without telling anyone

00:30:38 - Action items for the future: inventory, pinning, and hash verification

00:36:55 - Sandboxing new downloads before they touch your environment

00:37:59 - Immutable backups: why this attack makes the case for them

00:40:33 - Modern authentication: MFA, its limits, and why passkeys matter

00:46:53 - Where to get threat intel so you hear about attacks like this faster

00:53:23 - Wrap-up

If you installed or upgraded LiteLLM on or after March 24, 2026 without a pinned version, stop what you're doing and listen to this episode first.

The story:

https://futuresearch.ai/blog/litellm-pypi-supply-chain-attack/

https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/

https://snyk.io/articles/poisoned-security-scanner-backdooring-litellm/

https://www.wiz.io/blog/threes-a-crowd-teampcp-trojanizes-litellm-in-continuation-of-campaign

https://checkmarx.com/zero-post/python-pypi-supply-chain-attack-colorama/

https://www.upwind.io/feed/litellm-pypi-supply-chain-attack-malicious-release

https://docs.litellm.ai/blog/security-update-march-2026

https://www.helpnetsecurity.com/2026/03/25/teampcp-supply-chain-attacks/

https://www.darktrace.com/resources/the-cisos-guide-to-cyber-ai

https://securitylabs.datadoghq.com/articles/litellm-compromised-pypi-teampcp-supply-chain-campaign/

Resources:

https://www.stopransomware.com

https://www.cisa.gov

https://www.cve.org/

Fileless Malware: The Attack That Lives in Memory

Mon, 23 Mar 2026 04:00:00 -0700

Fileless malware is one of the most dangerous attack types out there — it never writes to your hard drive, lives entirely in RAM, and can steal your credentials before your antivirus has any idea it's there. In this episode, I bring in Dr. Mike Saylor — my co-author on Learning Ransomware Response & Recovery — to break down exactly how this attack works, why it's so hard to detect, and what you can actually do to protect yourself.

Mike walks us through how fileless malware hides in memory, how bad guys maintain their foothold even after a reboot by modifying registry keys or rewriting the operating system itself, and why the ArcGIS attack is a perfect real-world example — attackers sitting undetected inside a network for two years. We also get into MFA, specifically why a lot of MFA setups are done wrong, why passkeys are the better answer, and when it's time to bring in an EDR or XDR tool.

Fair warning: the action items here are a bit more advanced than our usual stuff. Think of this as the 401k conversation — don't have it before you've built your emergency fund. But this is stuff you absolutely need to know.

00:01:26 - Welcome & intro

00:04:43 - What is fileless malware?

00:09:16 - How fileless malware achieves persistence (ArcGIS case study)

00:15:02 - Can fileless malware spread beyond one machine?

00:16:43 - Defending yourself: MFA done right

00:20:38 - Why passkeys beat MFA

00:23:00 - EDR and XDR explained

00:28:03 - How modern EDR tools detect fileless malware

00:30:01 - Wrap-up and action items

Living Off the Land Attack: Hackers Using Your Own Tools Against You

Mon, 16 Mar 2026 04:00:00 -0700

A living off the land attack is one of the sneakiest techniques in a ransomware operator's playbook — and in this episode, Dr. Mike Saylor breaks down exactly what it is, how it works, and what your organization can actually do about it.

Instead of bringing their own tools into your environment (which might trip your alarms), attackers just use what's already there. PowerShell. WMI. RDP. The same tools your admins run every single day. To your monitoring systems, it looks completely normal. That's the whole point.

Mike and Curtis cover why attackers prefer your tools over their own, how recon can quietly run for 30 to 90 days before the attack goes loud, and what defenders can actually do about it — removing admin privileges, system hardening, golden images, application whitelisting, and free tools like Nmap and Wireshark. There's also a match.com story involving organized crime and a wooden casket on someone's front porch that you really don't want to miss.

0:00 - Intro

1:21 - Welcome and Book Announcement

3:28 - What Is a Living Off the Land Attack?

5:38 - Real-World Example: Conti Ransomware and WMI

8:12 - Why Attackers Use Your Tools Instead of Their Own

13:05 - Admin Privileges: Best Practice vs. Reality

17:31 - The Louvre Heist Analogy

20:08 - Recon Phase: Low and Slow

24:16 - What Defenders Can Do

25:55 - RDP and Remote Access

29:48 - The Recon Timeline: 30-90 Days

30:48 - PowerShell and System Hardening

34:10 - Network Discovery Tools (Nmap and Wireshark)

37:37 - Application Whitelisting and Geo IP Blocking

42:08 - Action Items and Wrap-Up

New Research Exposes Password Manager Vulnerabilities in LastPass, Bitwarden & Dashlane

Mon, 09 Mar 2026 04:00:00 -0700

Password manager vulnerabilities aren't just about bad code — and a new research paper out of Zurich just proved it. Researchers analyzed three of the most popular password managers and found fundamental design flaws baked into the very architecture that's supposed to keep your credentials safe. Curtis and Prasanna break it all down and tell you what to do about it.

If you've ever been that person who asks "but what if the password manager gets hacked?" — this episode is for you. And if you haven't been asking that question, you probably should start. A research team looked at LastPass, Bitwarden, and Dashlane — products with a combined 60 million users representing roughly 23% of the password manager market — and what they found wasn't sloppy programming. It was something harder to fix: architectural problems at the core of how encrypted vaults work.

Curtis walks through how the zero-knowledge encryption model works, why the vault recovery process creates an inherent trust problem, and why the researchers were able to exploit that trust by impersonating the server during vault recovery. Prasanna adds another layer — the field-level encryption issues inside the vaults themselves, where there's no strong verification that data hasn't been manipulated. It's not theoretical. It's a real attack surface.

The good news? Curtis still believes password managers are the right tool for today — better than sticky notes on a monitor (yes, he saw that in real life) and better than reusing passwords. But he's also clear that passkeys are the right direction for the future, even if the current implementation is still a little rough around the edges.

https://eprint.iacr.org/2026/058.pdf

https://www.theregister.com/2026/02/16/password_managers/

https://www.forbes.com/sites/daveywinder/2026/01/23/lastpass-issues-critical-warning-for-users---password-attacks-underway/

What Is an Initial Access Broker — and Why Should You Care?

Mon, 02 Mar 2026 04:00:00 -0700

What is an initial access broker — and why does it matter to your organization? In this episode, W. Curtis Preston and Prasanna Malaiyandi are joined by Dr. Mike Saylor of Black Swan Cybersecurity to break down the role of the initial access broker in today's ransomware attacks.

Most people picture ransomware as a single bad guy with a keyboard. The reality is way scarier. There's an entire criminal supply chain out there, and the initial access broker is the specialist at the front of it. These are the people who do nothing but break in — stealing credentials, exploiting vulnerabilities, hijacking sessions — and then sell that access to other criminals who do the dirty work. Dr. Mike Saylor walks us through a real case study from 2024 where an employee's personal Gmail account — with a Google Docs folder literally named "passwords" — became the entry point for a corporate ransomware attack months later. This stuff is real, it's happening constantly, and most organizations have no idea how exposed they are.

We cover what IABs target, how they package and sell access, what "coincidental passwords" are and why they're so dangerous, and what practical steps you can take today to make your organization a harder target.

Chapters:

00:00 - Intro: What Is an Initial Access Broker?

02:12 - Welcome, Introductions, and a Little Judging

03:33 - Defining the Initial Access Broker

04:31 - Real Case Study: How Bob's Gmail Became a Corporate Breach

07:16 - How IABs Package and Sell Access

10:32 - How Stolen Credentials Get Bundled and Priced

29:48 - RDP, VPN Vulnerabilities, and What IABs Are Hunting

32:54 - Web Shells Explained

35:08 - Session Hijacking and Man-in-the-Middle Attacks

36:16 - Would Eliminating IABs Stop Ransomware?

36:49 - How the Cybercriminal Ecosystem Evolved to Create IABs

39:51 - Practical Takeaways: What You Can Do Right Now

40:45 - The Numbers: 37 Billion Records and the ShinyHunters Breach

Ransomware as a Service: How Anyone Can Buy a Cyberattack

Mon, 23 Feb 2026 04:00:00 -0700

Ransomware as a service has turned cybercrime into a franchise business — and in this episode, Dr. Mike Saylor and I break down exactly how it works, who's buying, and why the buyer might end up as the patsy.

If you thought ransomware was just a lone hacker writing code in a basement, this episode is going to change how you think about it. Ransomware as a service means that today, literally anyone — no technical skills required — can pay someone to launch a ransomware attack on their behalf. You hand over the money, tell them what you want, and sit back and watch your crypto wallet. That's it. No portal. No dashboard. No login. Just a chat on the dark web through the TOR network and a prayer that they actually do what you paid for.

Dr. Mike Saylor walks us through the full criminal ecosystem — from the initial access brokers who collect and sell validated email addresses, to the botnet operators who rent out millions of compromised computers by the hour, to the affiliate programs that tie it all together. We cover the franchise model, the "no honor among thieves" reality of these transactions, and why the person who buys into ransomware as a service might just end up as law enforcement's fall guy.

This is one of those episodes where the more you learn, the more you realize how much the threat picture has changed — and why your backups are more important than ever.

Chapters:

00:00:00 - Episode Intro

00:01:17 - Introductions & Welcome

00:03:25 - Setting the Stage: CryptoLocker and the Birth of a Criminal Industry

00:07:17 - Defining Ransomware as a Service: The Franchise Model

00:10:36 - The Amazon/AWS Analogy and How Botnets Power the Attacks

00:17:10 - No Portal, No Dashboard: How Dark Web Transactions Actually Work

00:19:17 - Why Do RaaS Operators Offer the Service? The Lottery Ticket Theory

00:21:59 - The Affiliate Model: How the Criminal Ecosystem Specializes

00:26:33 - How Many RaaS Groups Exist — and Who's Buying?

00:29:36 - RaaS as Subterfuge: The Conti Group and the Costa Rica Attack

00:30:49 - Who Are These Criminals, Really?

The CryptoLocker Virus and the Birth of Modern Ransomware

Mon, 16 Feb 2026 04:00:00 -0700

The cryptolocker virus was the attack that turned ransomware from a nuisance into a full-blown criminal industry — and in this episode of The Backup Wrap-up, we break down exactly how that happened. W. Curtis Preston (Mr. Backup) sits down with co-host Prasanna Malaiyandi and cybersecurity expert Dr. Mike Saylor to trace the full evolution of ransomware and explain why CryptoLocker was the turning point.

If you've ever wondered how ransomware went from fake pop-up messages to billion-dollar criminal enterprises, this is the episode for you. We start with the earliest days — scareware attacks that did nothing more than frighten you into paying — and walk through the progression of encryption methods that made ransomware increasingly dangerous. Dr. Mike Saylor breaks down the difference between symmetric and asymmetric encryption in plain language, and explains why the move to public-private key pairs made it so much harder for victims to recover without paying up.

Then we get into the cryptolocker virus itself: how it spread through fake FedEx emails, why it kick-started phishing awareness training, what Operation Tovar did to shut it down, and — just as interesting — what the bad guys learned from its failures. We cover the role of the Zeus botnet, how Bitcoin became the payment method of choice, and why ransoms started out at just a few hundred bucks. We also talk about what happened next: the rise of data exfiltration, double extortion, and even triple extortion where attackers go after the victims of the victims.

Plus, we take a side trip into the LastPass breach and pour one out for the guy who lost his crypto fortune in a landfill.

Whether you're in IT, security, or just want to understand how ransomware works, this episode gives you the full picture.

Chapters:

00:00:00 — Intro

00:01:22 — Welcome and Introductions

00:04:11 — The Three Generations of Ransomware

00:05:01 — Scareware: Fake Attacks That Did Nothing

00:05:42 — Ciphers and Decoder Ring Encryption

00:06:38 — Symmetric Encryption Explained

00:09:25 — Asymmetric (Public-Private Key) Encryption

00:12:46 — Why Asymmetric Encryption Made Ransomware Stronger

00:15:44 — What Was the CryptoLocker Virus?

00:16:25 — Lessons CryptoLocker Taught Victims and Criminals

00:18:03 — Operation Tovar Takes Down CryptoLocker

00:19:54 — Bitcoin, Ransom Amounts, and Getting Paid

00:23:20 — Botnets Explained: Networks of Zombie Computers

00:26:22 — Recap: Three Phases of Ransomware

00:27:09 — Double Extortion and Data Exfiltration

00:28:01 — The LastPass Connection

00:28:47 — The Lost Crypto Hard Drive

A Brief History of Ransomware

Mon, 09 Feb 2026 04:00:00 -0700

A history of ransomware is more than just dates and names—it's the story of how criminals evolved from mailing infected floppy disks in 1989 to running billion-dollar enterprises that cripple entire organizations. On this episode of The Backup Wrap-up, I sit down with Dr. Mike Saylor, my co-author on "Learning Ransomware Response and Recovery," to trace this evolution from the AIDS Trojan to today's sophisticated double extortion attacks.

We talk about how ransomware went from requiring physical distribution to scaling globally through the internet, how cryptocurrency made anonymous payment possible, and why the shift from tape to disk backups created vulnerabilities that attackers now exploit first. You'll learn about the wild west days when IT focused on building systems without understanding how bad guys attack, the emergence of ransomware-as-a-service that democratized cybercrime, and why modern attacks target your backups before encrypting your production systems.

If you've ever wondered why backup immutability matters or how we got to a point where ransomware is inevitable rather than hypothetical, this episode connects those dots. Dr. Mike and I also discuss why having backups is still critical even with double extortion threats, and what you need to know about defending your backup systems in today's threat environment.

Chapter Markers:

00:00:00 - Introduction

00:01:19 - Welcome and Guest Introduction

00:02:19 - Curtis's First Ransomware Memory

00:03:40 - The AIDS Trojan: First Ransomware (1989)

00:04:42 - The Wild West Era: Late 1990s Security

00:08:05 - Y2K and Budget Shifts

00:11:26 - The Transition from Tape to Disk Backups

00:15:45 - How Disk Backups Created Vulnerabilities

00:19:30 - The Rise of Cryptolocker and Bitcoin

00:23:15 - Ransomware as a Service Emerges

00:27:40 - WannaCry and NotPetya

00:31:20 - Double Extortion: The Game Changer

00:35:10 - Why Backups Still Matter

00:37:55 - Should You Just Pay the Ransom?

00:40:01 - Defending Your Backup System

How Ransomware Works: The Five Objectives of Every Attack

Mon, 02 Feb 2026 04:00:00 -0700

Understanding how ransomware works is critical for anyone responsible for protecting their organization's data. In this episode of The Backup Wrap-up, we examine the five core objectives that drive nearly every ransomware attack - from initial access through the final ransom note delivery.

I'm joined by my co-author Dr. Mike Saylor as we kick off what's going to be a comprehensive series on our new book, "Learning Ransomware Response and Recovery." We start at the beginning: how do these attackers even get in? Mike breaks down the role of initial access brokers (IABs) - the bad guys who specialize in harvesting and selling credentials. We talk about why email phishing remains the cheapest and most statistically reliable attack vector, even with all our defenses.

From there, we walk through lateral movement and reconnaissance. Once attackers are inside your network, they're not sitting idle. They're mapping your environment, identifying your crown jewels, and figuring out where your backups live. The "phone home" phase establishes command and control, letting attackers coordinate their activities and receive instructions.

We dig into data exfiltration and the rise of double extortion. It's not enough anymore to just encrypt your data - attackers are stealing it first, threatening to publish it even if you can restore from backups. Mike shares some fascinating details about how sophisticated ransomware can be, including variants that examine file headers rather than just extensions to find valuable targets.

The encryption phase itself is resource-intensive, and Mike explains why you might actually notice your computer acting weird if you're paying attention. Your mouse hesitates, typing lags, the network slows down - these are all potential warning signs.

Finally, we cover how ransom notes are delivered today. Spoiler: it's not the old-school desktop background takeover anymore. Modern ransomware drops text files in every folder it touches, making sure you can't miss the message.

This episode sets the foundation for understanding how ransomware works, which is the first step in defending against it and recovering when prevention fails.

Disk Backup Security - Disk Make Things Worse?

Mon, 26 Jan 2026 04:00:00 -0700

Disk backup security is the weak link that ransomware attackers exploit every day—and most backup admins don't even realize it. In this episode, Curtis and Prasanna examine how the move from tape to disk-based backups created an unintended security gap that threat actors now target as their first priority.

The transition to disk brought real benefits: deduplication made storage affordable, replication eliminated the "man in a van" for offsite copies, and backup verification became practical. But disk backup security wasn't part of the original architecture. When backups lived on tape, physical access was required to destroy them. Disk backups sitting in E:\backups can be wiped out with a single command.

Threat actors figured this out fast. After gaining initial access, the first thing they do is identify and eliminate your backups. No backups means no recovery—which means you pay the ransom.

Curtis and Prasanna discuss the history of how we got here, why backups are now the number one target, and practical solutions including obfuscation, getting backups out of user space, and implementing truly immutable storage. The standard is simple: if you can't delete the backups, they can't delete the backups.

TIMESTAMPS:

0:00 - Episode intro

1:24 - Welcome & introductions

4:04 - Tape explained for the modern audience

9:07 - Why tape got faster (and problematic)

10:54 - The shoe-shining problem

12:27 - Deduplication changes everything

15:35 - Benefits of disk-based backup

20:29 - THE PROBLEM: RM -r / DEL .

23:43 - Backups are the #1 ransomware target

26:26 - Immutability as the solution

27:32 - Book: Learning Ransomware Response & Recovery

What Is Ransomware and Why Should You Care?

Mon, 19 Jan 2026 04:00:00 -0700

What is ransomware, and why does it remain the number one threat to businesses of all sizes? In this episode of The Backup Wrap-up, W. Curtis Preston and Prasanna Malaiyandi break down the fundamentals of ransomware attacks and explain why the question "what is ransomware" still gets searched tens of thousands of times each month.

We cover the two main types of ransomware attacks: traditional encryption-based attacks where hackers lock your data and demand payment, and the newer double extortion model where attackers steal your sensitive information before encrypting it—then threaten to publish everything if you don't pay.

Our hosts share real-world examples including the Sony hack, the Costa Rica government attack, and the massive Jaguar Land Rover breach that cost over $2.5 billion. Whether you're a Fortune 500 company or a small dental office, this episode explains what is ransomware, why you're a target, and why preparation is your best defense.

Backup TCO: The Costs Nobody Talks About

Mon, 12 Jan 2026 04:00:00 -0700

What's your real backup TCO? Most organizations focus on software licenses, hardware, and cloud storage when budgeting for backup infrastructure. But those are just the visible costs. The true backup TCO includes something far more expensive: the humans managing it all.

In this episode, Curtis and Prasanna break down the complete picture of backup costs. They explore why soft costs—the labor, the troubleshooting, the daily monitoring—often exceed what you're paying for technology. With studies showing over half of environments spend more than 10 hours weekly on backup management, those labor dollars add up fast.

The discussion covers cloud storage pitfalls (especially with object lock and retention policies), why automation is your best friend, and whether SaaS-based backup might actually save you money. Curtis shares his infamous 1993 story about losing a production database – the origin story of Mr. Backup himself. If you're looking to get a handle on your backup TCO, this is the episode for you.

Why Ransomware Attacks on Backups Should Terrify You

Mon, 05 Jan 2026 04:00:00 -0700

Ransomware attacks on backups have reached epidemic levels, with 96% of attacks now targeting backup infrastructure. In this episode of The Backup Wrap-up, Curtis Preston and Prasanna Malaiyandi break down the alarming statistics and explain why cybercriminals have made your recovery systems their primary target.

The math is simple: if attackers destroy your backups, you're far more likely to pay the ransom. And with only 25% of organizations feeling prepared for ransomware attacks on backups, the gap between threat and readiness is massive.

Curtis and Prasanna discuss two studies revealing these numbers, explore why less than 7% of companies recover within a day, and outline practical defenses including true immutability, separate identity management systems, and MFA. If you're not protecting your backup infrastructure from ransomware attacks on backups, you're leaving yourself wide open.

Building Your Cyber Security Team: Blue Teams, Red Teams, and Cyber Insurance

Mon, 22 Dec 2025 04:00:00 -0700

Building a cyber security team isn't optional anymore; it's the difference between recovering from ransomware and going out of business. In this episode, Curtis and Prasanna explain why hardening your backup infrastructure is only half the battle. You need professionals who know how to configure XDR systems without drowning you in false positives, blue teams to defend your environment, and red teams to test whether your defenses actually work. They cover the role of MSSPs, incident response planning, cyber insurance requirements, and why attempting ransomware response on your own is like those old TV warnings: "Don't try this at home." If you've been following their series on backup basics and system hardening, this episode ties it all together with the human element that makes or breaks your recovery plan.

Building a resilient backup system

Mon, 15 Dec 2025 04:00:00 -0700

Want to know how to build an resilient backup system that protects from ransomware attacks? In this episode, Curtis and Prasanna go beyond the basics to discuss four critical security features every modern backup system needs. Building on feedback from their previous episode about backup fundamentals, they cover multi-factor authentication (and why SMS doesn't cut it anymore), secure remote access methods, role-based access control, and when to bring in managed security service providers. The hosts explain why the person with full backup system access is literally the most powerful person in your company from a data destruction standpoint. If ransomware is your number one recovery scenario—and it is—then these security hardening techniques aren't optional. They're survival skills for your backup infrastructure.

10 Must-Have Features of Any Backup System

Mon, 08 Dec 2025 04:00:00 -0700

Every backup system needs certain design elements to actually work when disaster strikes. In this episode of The Backup Wrap-up, W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi break down the 10 non-negotiable components your backup system must have. They cover the 3-2-1 rule, automated scheduling, recovery testing, defined RTOs and RPOs, backup security, SaaS protection, documentation, retention policies, monitoring, and endpoint backup. If your backup system is missing any of these elements, you're taking risks you can't afford. Curtis and Prasanna share war stories from real disasters and explain why no one cares if you can back up - they only care if you can restore. This fast-paced episode gives you the checklist every IT professional needs to evaluate their current backup approach.

The Death of the 3-2-1 Rule: Enter 3-2-1-1-0

Mon, 01 Dec 2025 04:00:00 -0700

The 3-2-1 rule is dead. Long live 3-2-1-1-0. For decades, the 3-2-1 rule has been the gold standard for backup strategies - three copies of your data, on two different media, with one copy somewhere else. But ransomware killed it. Not because the fundamentals were wrong, but because threat actors learned to target backups specifically. In this episode, Curtis and Prasanna explain why the traditional 3-2-1 rule isn't enough anymore and what the evolution to 3-2-1-1-0 means for your backup strategy. The extra "1" stands for one immutable, air-gapped copy that attackers can't delete or encrypt. The "0" means zero failures - your backups must actually work when you need them. You'll learn why SaaS platforms don't meet the 3-2-1 rule, how to think about immutability in the cloud era, and why this upgrade isn't optional if you want to survive a ransomware attack.

Our interview with Peter Krogh, the one who coined the term:

https://www.backupwrapup.com/peter-krogh-who-coined-the-3-2-1-rule-on-our-podcast/

How to Set Realistic Recovery Point Objective (RPO) Goals

Mon, 24 Nov 2025 04:00:00 -0700

Want to know how much data you're really willing to lose? We're breaking down recovery point objective RPO - the agreement about how much data loss you can accept, measured in time. Most organizations have RPOs that are pure fantasy, claiming they can only lose an hour of data when they're backing up once a day. Curtis and Prasanna discuss why RPO matters, how ransomware scenarios can force you to accept more data loss than planned, and the difference between your stated RPO and your actual backup frequency. Learn practical strategies for rightsizing your backup schedule, using database transaction logs to minimize data loss, leveraging snapshot-based backup technologies, and protecting your SaaS applications like Microsoft 365 and Salesforce. From incremental backups to continuous data protection, discover how modern backup technology can help you meet your recovery point objective RPO targets without overwhelming your infrastructure.

Recovery Time Objective vs Reality: Closing the Gap

Mon, 17 Nov 2025 04:00:00 -0700

Most IT teams can't meet their recovery time objective—and they don't even know it. In this episode of The Backup Wrap-up, Curtis and Prasanna explain why your RTO is probably fantasy, who should actually be setting it (hint: not you), and what recovery time actual really means. We cover the critical difference between objectives and reality, why testing is non-negotiable, and how to have honest conversations with business leadership about what's achievable. Learn about DR drills, chaos engineering, tabletop exercises, and why measuring your actual recovery times is the only way to close the gap. Stop feeling like a failure and start building realistic, tested recovery plans that actually work when disaster strikes.

Microsoft 365 backup is NOT an option - It's mandatory

Mon, 10 Nov 2025 04:00:00 -0700

Many organizations believe that Microsoft 365 backup is handled by Microsoft. That's a dangerous misconception. In this episode, W. Curtis Preston (Mr. Backup) and Microsoft 365 expert Vanessa Toves explain why you own your data and are responsible for protecting it—not Microsoft. They discuss the limitations of the recycle bin, why retention policies aren't backups, and what can go wrong when organizations assume SaaS means hands-off data protection. Whether you're running a Fortune 500 company or a small business, if you're using Microsoft 365, you need a proper backup solution. Learn why the shared responsibility model means you're on the hook for your data, and what you can do to protect it. This conversation will change how you think about cloud data protection.

Detect Ransomware Before It Destroys Your Business

Mon, 27 Oct 2025 04:00:00 -0700

Ransomware detection is more complex than most organizations realize. In this episode, cybersecurity expert Mike Saylor breaks down the real-world signs of ransomware attacks—from users complaining about slow computers to smart devices acting strangely. We explore polymorphic malware that changes based on its target, the risks posed by managed service providers using shared credentials, and why milliseconds matter in ransomware detection and response. Mike explains the difference between EDR, XDR, SIEM, and SOAR tools, helping you understand which security solutions you actually need. We also discuss why 24/7 monitoring is non-negotiable and how even small businesses can afford proper ransomware detection capabilities. If you're trying to protect your organization without breaking the bank, this episode offers practical guidance on building your security stack and knowing when to call in expert help.

The ArcGIS Hack That Turned Backups Into a Malware Repository

Mon, 20 Oct 2025 04:00:00 -0700

This episode examines a sophisticated ArcGIS hack that remained undetected for 12 months. The threat group Flax Typhoon compromised an ArcGIS server by exploiting weak credentials and deploying a malicious Java extension that functioned as a web shell. The attack highlights critical failures in traditional security approaches: the malware was backed up along with legitimate data, signature-based detection tools completely missed the custom code, and the lack of multi-factor authentication made the initial breach possible. Curtis and Prasanna discuss why behavioral detection is now mandatory, how password length trumps complexity, and the importance of cyber hygiene practices like regular system audits and extension management. They also cover ReliaQuest's recommendations for preventing similar attacks, including automated response playbooks and monitoring for anomalous behavior. If you're running public-facing applications or managing any IT infrastructure, this episode provides actionable lessons you can't afford to ignore.

https://reliaquest.com/blog/threat-spotlight-inside-flax-typhoons-arcgis-compromise

Deepfake Attacks: The Growing Threat to Enterprise Security

Mon, 06 Oct 2025 04:00:00 -0700

Deepfake attacks are exploding, and your company is probably not ready. In this episode of The Backup Wrap-up, we dive into how cybercriminals are using AI to clone voices and create fake videos to authorize fraudulent wire transfers and reset credentials. With nearly 50% of businesses already experiencing deepfake attacks, this isn't a future problem – it's happening right now. We break down the two main attack vectors: authorization fraud (where fake CEOs trick employees into wiring money) and credential theft (where attackers reset passwords and MFA tokens). More importantly, we give you actionable defense strategies: multi-channel verification protocols, callback procedures for sensitive transactions, employee training programs, and break-glass scenarios. You'll learn what not to rely on (spoiler: caller ID is worthless) and why policy and procedure matter more than technology alone. This is a must-listen for anyone responsible for security or financial controls.

Cyber Attack Notification - Final Lessons from Mr. Robot Season One

Mon, 29 Sep 2025 04:00:00 -0700

When cyber attack notification goes wrong, companies face a disaster worse than the original breach. This episode dives deep into the critical mistakes organizations make when communicating about security incidents - and why transparency beats secrecy every time.

We examine real-world failures like LastPass and Rackspace, where poor communication strategies amplified the damage from their cyber attacks. From legal requirements in California and GDPR to the new one-hour notification rules in China, we cover what regulations demand and why going beyond compliance makes business sense.

Learn how to create effective status pages, manage customer expectations during recovery, and avoid the death-by-a-thousand-cuts approach that destroys trust. We share practical strategies for early and frequent communication that can actually strengthen customer relationships during crisis situations.

Insider Threats and the Power of Least Privilege Access

Mon, 22 Sep 2025 04:00:00 -0700

Insider threats represent one of the most dangerous cybersecurity risks facing organizations today - and they're way more common than you think. In this episode of The Backup Wrap-up, we explore the three main types of insider threats: compromised employees who get extorted or have their credentials stolen, disgruntled workers who want revenge after getting fired, and outside attackers who infiltrate your company to become malicious insiders. We break down real-world scenarios and discuss how to protect against them using least privilege principles, monitoring systems, and immutable backups. You'll learn why 31% of insider threat incidents could have been prevented if someone had spoken up, and why immutable backups are your last line of defense when an insider goes rogue. This is a must-listen for anyone responsible for data protection and cybersecurity.

Advanced Persistent Threats Explained Through Mr. Robot

Mon, 15 Sep 2025 04:00:00 -0700

Advanced persistent threats represent one of the most dangerous cyber security challenges facing organizations today. These long-term, stealthy attacks allow hackers to maintain undetected access to networks for extended periods. In this episode, we analyze multiple APT scenarios from Mr. Robot, including the Evil Corp hack, Ollie's compromised laptop, and the Dark Army's infiltration of Allsafe. We explore how threat actors establish footholds, maintain persistence, and operate across different network segments. From raspberry pi devices hidden in executive washrooms to compromised thermostats communicating with other facilities, we examine the various ways APTs can manifest. Our discussion covers detection methods, the importance of monitoring new devices, and why proper incident response goes far beyond simple malware scans. Learn the red flags to watch for and why machine learning tools are becoming critical for identifying suspicious network behavior.

Cybersecurity Situational Awareness Lessons from Mr. Robot

Mon, 08 Sep 2025 04:00:00 -0700

This episode of The Backup Wrap-up examines cybersecurity situational awareness through the lens of Mr. Robot's prison break episode. Curtis and Prasanna analyze the technical accuracy of USB stick attacks, Bluetooth car hacking, and social engineering tactics. The hosts discuss real-world defenses including USB port management, network segmentation, and employee training. They explore WPA2 encryption vulnerabilities and why upgrading to WPA3 matters for wireless security. The conversation covers practical cybersecurity situational awareness lessons, from recognizing physical security threats to monitoring network traffic patterns. Curtis shares war stories about malware-infected conference USB sticks, and both hosts examine how poor cybersecurity situational awareness enabled the fictional attacks. This episode provides actionable insights for IT professionals looking to strengthen their organization's security posture against USB-based threats, Bluetooth exploits, and social engineering campaigns.

Honeypot Server Best Practices - From Mr. Robot to Reality

Mon, 01 Sep 2025 04:00:00 -0700

Learn the ins and outs of honeypot server deployment and management in this episode of The Backup Wrap-up. We break down the cybersecurity concept using examples from Mr. Robot episodes 1.6 and 1.7, showing how these deceptive systems can catch both external attackers and insider threats.

A honeypot server works by creating an enticing target that looks valuable but contains no real business data. The key is making it accessible through common exploits and monitoring every access attempt. Curtis and Prasanna discuss real-world implementation strategies, from naming conventions to network placement, and explain why the honeypot only works if attackers don't know it exists. They also cover the critical importance of remote log storage for forensic analysis and how these systems can reveal attack patterns and entry points during incident response.

Privilege Escalation Explained: Mr. Robot Cybersecurity Lessons

Mon, 25 Aug 2025 04:00:00 -0700

Privilege escalation attacks represent one of the most dangerous cybersecurity threats facing organizations today. In this episode of The Backup Wrap-Up, we analyze how threat actors use initial access to gain higher privileges and compromise entire networks. Through examples from Mr. Robot, we explore both vertical privilege escalation (exploiting vulnerabilities for admin access) and horizontal attacks (spreading through shared systems). Learn why backup administrators often become prime targets for privilege escalation and how proper security controls can prevent these attacks. We discuss real-world cases including the Target breach via HVAC systems and recent ransomware campaigns using social engineering for privilege escalation. Discover how IoT devices create attack vectors, why physical security remains crucial, and how immutable backups protect against privilege escalation attempts. Perfect for IT professionals seeking to understand and defend against these sophisticated attack methods.

Mentioned in the episode:

https://www.backupwrapup.com/tape-drive-designer-schools-mr-backup-on-tape/

https://www.backupwrapup.com/red-team-cyber-security-strategies/

Pre-order Learning Ransomware Response & Recovery: https://www.amazon.com/Learning-Ransomware-Response-Recovery-Stopping/dp/1098169581

Mr Robot Lessons: Cybersecurity in the Workplace

Mon, 18 Aug 2025 04:00:00 -0700

This episode examines cybersecurity in the workplace through the lens of Mr. Robot's "Exploits" episode, where social engineering takes center stage. Curtis Preston and Prasanna break down how Elliot infiltrates Steel Mountain data center using badge cloning, psychological manipulation, and fake identities.

The hosts analyze real-world implications of these attacks, from coffee shop badge theft to exploiting lonely employees. They discuss critical gaps in physical security protocols and explain why cybersecurity in the workplace fails when organizations rely on single points of security. Key topics include visitor badge systems, tailgating prevention, security camera monitoring, and building a culture where employees feel empowered to challenge unauthorized access. The episode reveals how most workplace breaches happen through human exploitation rather than technical hacking, making employee training and robust security protocols critical for protecting sensitive data and systems.

Social Engineering Attacks: Lessons from Mr. Robot Episode 3

Mon, 11 Aug 2025 04:00:00 -0700

Social engineering attacks are becoming more sophisticated, and this episode of The Backup Wrap-up explores real-world tactics through our Mr. Robot series analysis. Curtis and Prasanna examine how social engineering works, from Instagram stalking to phone compromise, and discuss actual ransomware groups like Scattered Spider who use social engineering to impersonate employees and reset passwords. We break down the hospital hacking scene, revealing how underfunded IT departments create vulnerabilities that social engineering attacks exploit. The episode also covers email security, backup system risks, and the Sony hack parallels shown in the series. Learn how to protect your organization from social engineering by understanding what information to keep private, how to properly fund cybersecurity, and why your backup systems need protection from social engineering tactics.

Reconnaissance in Cyber Security: Lessons from Mr. Robot ep 1.1

Mon, 04 Aug 2025 04:00:00 -0700

Reconnaissance in cyber security isn't just about scanning networks; it's about understanding your entire attack surface, including the human element. In this episode, Curtis and Prasanna analyze Mr. Robot season one, episode two, (AKA ep 1.1) to explore how sophisticated threat actors conduct reconnaissance before major attacks.

Learn how F Society mapped Evil Corp's infrastructure, identified backup locations like Steel Mountain, and used human intelligence to target vulnerable employees. We discuss the reality that attackers will spend months researching your organization, mapping your networks, and identifying weaknesses in both your technology and your people.

The hosts break down practical reconnaissance techniques, from social engineering tactics (like the CD attack on Angela and Ollie) to digital network mapping. You'll discover why backup systems are prime targets for reconnaissance and how proper network segregation can limit blast radius when - not if - you're compromised.

Social Engineering Lessons from Mr. Robot Episode 1

Mon, 28 Jul 2025 04:00:00 -0700

Learn how social engineering attacks really work by analyzing the cybersecurity lessons from Mr. Robot's pilot episode. Curtis Preston and Prasanna Malaiyandi break down real-world social engineering tactics used by cybercriminals to manipulate victims into revealing sensitive information.

This episode covers social engineering phone scams targeting even cybersecurity professionals, the dangers of AI-powered voice cloning in modern attacks, and practical defense strategies. Discover why security questions should never be answered truthfully, how to verify suspicious calls claiming to be from banks or family members, and the importance of "trust but verify" principles.

The hosts also examine insider threats in cybersecurity firms, discuss the role of OSINT (Open Source Intelligence) in attacks, and explain honeypot detection systems. Plus, learn about proper backup storage security and why offsite, air-gapped backups remain critical for ransomware protection. Get actionable tips to protect yourself and your organization from increasingly sophisticated social engineering schemes.

Disclaimer: The Backup Wrap-up is not affiliated with the Mr. Robot show nor the network on which it airs. But we think you should go watch it!

Insider Threat Prevention: Protecting Your Backups from Within

Mon, 21 Jul 2025 04:00:00 -0700

The insider threat represents one of the most dangerous and overlooked cybersecurity challenges facing organizations today. In this episode of The Backup Wrap-up, W. Curtis Preston and Prasanna explore the three distinct types of insider threats that can devastate your organization from within.

From malicious employees seeking revenge to careless workers who fall for social engineering, insider threats come in many forms. The hosts examine real-world cases including the Coinbase breach through compromised contractors, Apple's lawsuit against an employee who stole Vision Pro secrets, and the infamous logic bomb attack that destroyed an entire company's data.

Learn practical strategies for implementing least privilege access, immutable backup protection, and multi-person authentication controls. Discover why 83% of companies experienced some form of insider threat attack in 2024, and get actionable advice on security training, vendor management, and incident response planning to protect your organization's most critical assets.

Mission Impossible Movie Teaches Real Cyber Security Lessons

Mon, 14 Jul 2025 04:00:00 -0700

This episode explores surprising cyber security lessons hidden within Mission: Impossible's latest blockbuster. We analyze how Hollywood's depiction of AI threats, immutable backups, and air-gapped storage actually reflects real-world data protection challenges.

Curtis and Prasanna dissect the movie's central premise: an AI entity altering digital reality, making it impossible to distinguish truth from fiction. The solution? An underwater Doomsday Vault containing an immutable, offline backup of the original source code. We discuss how this fictional scenario mirrors actual cybersecurity best practices, from 3-2-1 backup strategies to cryptographic hash verification.

Key topics include the spectrum of immutability, why truly offline storage matters for ransomware protection, and how insider threats can compromise even the most secure systems. We also cover practical applications like object storage, SHA-256 hashing, and the human vulnerabilities that often undermine technical security measures. Whether you're a backup professional or just curious about data protection, this episode proves that sometimes the best cyber security lessons come from the most unexpected places.

The EU Cloud Exit - Backup Strategies for Digital Sovereignty

Mon, 07 Jul 2025 04:00:00 -0700

The EU cloud exit movement is reshaping how European organizations think about data storage and sovereignty. Companies across Europe are moving away from US-based cloud providers like Microsoft 365, AWS, and Google Workspace due to concerns about the Cloud Act and data privacy regulations.

In this episode, Curtis and Prasanna explore the backup implications of this major shift. They discuss the challenges of replacing comprehensive platforms like Microsoft 365 with multiple EU-based providers, the complexities of bringing services back in-house, and why the 3-2-1 backup rule becomes even more critical during these transitions.

Whether organizations choose local providers or decide to self-host their infrastructure, data protection remains paramount. The hosts share real-world examples of failed backup strategies, including the Rackspace Exchange disaster and OVH's data center fire, to illustrate why third-party backup solutions are necessary regardless of your hosting choice.

What Is an Air Gap Backup? Real Protection vs Marketing

Mon, 30 Jun 2025 04:00:00 -0700

Air gap has become one of the most overused and misunderstood terms in backup and recovery. In this episode, W. Curtis Preston and Prasanna explore what air gap really means, tracing its origins from the days when everyone used tape storage to modern virtual implementations. They discuss how true air gap required physical separation - tapes stored offsite at facilities like Iron Mountain - and why this gold standard is nearly impossible to achieve with today's connected backup systems.

The conversation covers modern alternatives including immutable storage, IAM-based protection, and simulated air gaps that disconnect network connections when not actively replicating. Curtis and Prasanna explain why ransomware has made air gap more important than ever, and provide practical guidance for evaluating vendor claims about air gap capabilities in cloud and hybrid environments.

Largest Data Breach in History: What You Need to Know

Mon, 23 Jun 2025 04:00:00 -0700

The largest data breach in recent memory has exposed 16 billion login credentials across multiple databases, and we're here to help you understand what it means for your security. This massive exposure involves data stolen primarily through infostealer malware rather than a single company breach.

Join W. Curtis Preston, Dr. Mike Saylor, and Prasanna Malaiyandi as they break down this complex security incident. Learn why this largest data breach is actually a compilation of stolen credentials from various sources, how infostealer malware works, and why your browsing habits might be putting you at risk. The team discusses practical security measures including proper browser hygiene, multi-factor authentication best practices, and password management strategies. Mike shares eye-opening insights about session security and why having multiple browser tabs open during sensitive activities could compromise your accounts. Get actionable advice on protecting yourself from the fallout of this massive credential exposure.

How do you make a snapshot backup?

Mon, 16 Jun 2025 04:00:00 -0700

This episode breaks down snapshot backup fundamentals, covering the key differences between traditional storage snapshots and cloud-based approaches. Curtis and Prasanna explain copy-on-write versus redirect-on-write methods, performance implications, and why some snapshot systems can degrade performance by up to 50%.

Learn about NetApp's redirect-on-write innovation, VMware's unique approach, and how AWS "snapshots" are actually more like traditional backups. The hosts discuss critical concepts like read-only snapshot properties, storage space management, and the importance of copying snapshots to create true backups that follow the 3-2-1 rule.

Whether you're managing traditional storage arrays or cloud infrastructure, this episode provides practical guidance on turning snapshots into effective backup strategies. Topics include performance optimization, immutable storage considerations, and real-world implementation challenges that every IT professional faces.

Human error: Why We Backup

Mon, 09 Jun 2025 04:00:00 -0700

Human error has replaced hardware failures as the primary driver of data loss and restore operations in modern IT environments. This episode explores real-world examples of how both end users and administrators create the need for backup and recovery operations through accidental deletions, configuration mistakes, and poor processes. W. Curtis Preston shares war stories from his decades in the industry, including incidents involving accidental directory deletions, source code stored in temporary folders, and tape library disasters. The discussion covers how technology improvements like RAID and solid-state drives have made hardware more reliable, shifting the focus to human-related incidents. The hosts also examine insider threats and the importance of implementing proper controls around privileged access. Learn why understanding human error patterns is critical for designing effective backup and recovery strategies that account for the reality of how data actually gets lost.

How to Extract ROI from Backups

Mon, 02 Jun 2025 04:00:00 -0700

Learn how to extract measurable ROI from your backups beyond traditional disaster recovery. Curtis and Prasanna explore proven strategies for extracting business value from backup infrastructure through test and development environments, security monitoring, compliance checking, and AI-powered analytics. Discover why the shift from tape to disk storage created new opportunities for ROI from backups, including instant restore capabilities and data mining applications. The hosts share real-world examples of organizations using backup data for threat detection, regulatory compliance, and business intelligence. From Veeam's AI integration to copy data management techniques, this episode reveals practical approaches to transform backup systems from cost centers into value generators. Whether you're struggling to justify backup expenses or seeking ways to leverage existing investments, these ROI from backups strategies can help extract maximum value from your stored data.

World Backup Day: Take the Pledge to Protect Your Data

Mon, 19 May 2025 04:00:00 -0700

World Backup Day falls on March 31st - the day before April Fool's Day because not backing up your data is no joke. In this episode, hosts W. Curtis Preston and Prasanna Malaiyandi discuss alarming statistics about data loss and why proper backup strategies are essential for business survival.

The hosts break down the famous 3-2-1 backup rule and how it applies to both consumers and enterprises. They examine the growing threat of ransomware, including double extortion attacks where criminals not only encrypt your data but threaten to publish it. With 94% of companies that suffer major data loss failing to recover, and 70% of small businesses closing within a year of significant data loss, World Backup Day serves as a crucial reminder to implement robust backup strategies that include immutable storage and protection for often-overlooked SaaS applications.

Stories from this episode:

https://www.forbes.com/sites/tomcoughlin/2025/03/31/march-31-is-world-backup-day/

https://objectfirst.com/blog/world-backup-day-2025/

https://www.backupwrapup.com/peter-krogh-who-coined-the-3-2-1-rule-on-our-podcast/

Ransomware Targets VMware ESXi: Melissa Palmer Explains the Threat

Mon, 05 May 2025 04:00:00 -0700

You've found The Backup Wrap-up, your go-to podcast for all things backup, recovery, and cyber-recovery. In this episode, we tackle one of the scariest threats out there - ransomware targeting VMware ESXi environments. I'm joined by Prasanna Malaiyandi and our special guest Melissa Palmer, also known as @vmiss, who's an independent technology analyst and ransomware resiliency architect. We get into why virtualization environments are such juicy targets for attackers, how they're specifically going after vCenter and ESXi hosts, and why your backup strategy is probably missing some critical components. If you've got a virtualized environment, you need to listen to this. Melissa brings her unique perspective from both the virtualization and security worlds to help you protect your most critical infrastructure. So buckle up - this is an episode you can't afford to miss if you want to keep your VMware environment safe from ransomware attacks.

Breaking Down the VeeamOn Announcements for Backup Admins

Mon, 28 Apr 2025 04:00:00 -0700

In this episode of The Backup Wrap-up, W. Curtis Preston breaks down the key VeeamON announcements from the VeeamON 2025 conference in San Diego. He highlights Veeam's focus on security and ransomware defense, including their new CrowdStrike integration and data resilience maturity model developed with McKinsey and MIT.

Curtis shares his excitement about Veeam's long-awaited Linux-based software appliance, which addresses a critical security vulnerability in Windows-based backup systems. He also discusses other major VeeamON announcements like their Anthropic partnership for AI-powered backup content search, Microsoft Intra ID support, and the ability to recover backups to Azure in under five minutes. Whether you're a Veeam customer or just interested in backup technology trends, this episode provides valuable insights into these significant VeeamOn announcements.

DOGE and GSA Claim $1M Savings by Ditching Old Tape Tech

Mon, 21 Apr 2025 04:00:00 -0700

DOGE and GSA recently made headlines with a tweet claiming $1 million annual savings by converting 14,000 magnetic tapes to "permanent modern digital records." In this episode, W. Curtis Preston and Prasanna Malaiyandi analyze whether this claim is possible – although they cannot actually validate it due to lack of information. They discuss that DOGE and GSA's claim is possible given the significant costs of maintaining legacy systems, the migration process would also likely take months and involve substantial upfront expenses. Curtis also shares a humorous story about accidentally pressing an emergency power button during a critical mainframe recovery.

Why Tape Backup for Small Business Makes Sense Against Ransomware

Mon, 14 Apr 2025 04:00:00 -0700

Tape backup for small business might sound like old tech, but Mag Store's new Thunderbolt-compatible tape drive could change that perception. In this episode, we discuss how this new offering potentially opens tape technology to a wider market of SMBs and content creators looking for ransomware protection and cost-effective long-term storage.

Curtis and Prasanna dive into the specifics of when tape backup makes financial sense for small business data protection, particularly for companies generating large amounts of data or concerned about cloud security. They explore the $6,000 upfront investment against the long-term benefits of $90 tape cartridges that hold 45TB compressed. Perfect for SMBs with on-premises data or YouTube creators needing affordable archive solutions that are truly air-gapped from ransomware threats.

How Forever Incremental Backup Changed the World

Mon, 07 Apr 2025 04:00:00 -0700

In this episode of The Backup Wrap-Up, Curtis and Prasanna explore how forever incremental backup technology revolutionized the data protection industry. They discuss the evolution from traditional backup methods to modern approaches that eliminate the need for regular full backups, dramatically reducing network traffic, storage requirements, and backup windows.

The hosts examine the technical foundations of forever incremental backups, from block-level incremental tracking to backend storage innovations that make multiple recovery points possible without redundant data transfers. They compare older approaches like synthetic fulls with true forever incremental implementations, highlighting the critical differences and benefits. Whether you're still using legacy backup tools or evaluating modern solutions, this episode provides essential insights into why forever incremental has become the standard for efficient, reliable backup systems.

Cloud vs Tape Throwdown: Which is Better for Archiving?

Mon, 31 Mar 2025 04:00:00 -0700

In this episode of The Backup Wrap-Up, we look at the cloud vs tape debate for active archives. The conversation was sparked by a LinkedIn post claiming tape libraries are the only robots not making things easier in 2025, suggesting cloud is superior to tape for active archives.

We challenge this premise by pointing out that cloud vs tape is a false dichotomy since many cloud storage vendors use tape for their lowest-cost tiers. We examine key considerations including cost (where tape wins by orders of magnitude), data integrity (where tape actually outperforms disk), and access times (where expectations should align with use cases). For organizations running on-premises infrastructure, we also highlight the often-overlooked egress costs and transfer times associated with cloud storage. Whether you're managing secondary storage or planning an archive strategy, this candid discussion cuts through the marketing hype.

Here's the LinkedIn post that sparked the discussion:

https://www.linkedin.com/feed/update/urn:li:activity:7300167312144322561/

Here's a recent episode about how tape is not dead:

https://www.backupwrapup.com/is-tape-backup-dead-why-it-still-matters/

Disaster Recovery Lessons from 9/11 and Beyond

Mon, 24 Mar 2025 04:00:00 -0700

In this eye-opening episode of The Backup Wrap-up, W. Curtis Preston and Prasanna Malaiyandi unpack crucial disaster recovery lessons from major events like 9/11. They discuss how companies lost both primary and backup data centers when both World Trade Center towers fell, highlighting why geographic separation is non-negotiable. The hosts break down the technical aspects of disaster recovery, comparing hot sites versus cold sites, and the realities of synchronous versus asynchronous replication across distances.

Beyond the technical, Curtis and Prasanna share often-overlooked disaster recovery lessons about human factors—where recovery teams will sleep, eat, and work during extended outages when infrastructure is destroyed. They examine a real case from a hurricane-stricken island where teams converted conference rooms to sleeping quarters and relied on satellite communications. Whether you're planning for natural disasters, power outages, or ransomware attacks, these disaster recovery lessons will help ensure your organization can recover when—not if—disaster strikes.

How to Choose the Best Password Manager: Security Features That Matter

Mon, 17 Mar 2025 04:00:00 -0700

In this episode of The Backup Wrap-up, Curtis and Prasanna discuss how to choose the best password manager in light of recent security breaches. They examine the LastPass hack that resulted in $150 million of stolen cryptocurrency and what that teaches us about password manager security.

The hosts break down the critical security features to look for in the best password manager, including encryption strength, iteration counts, multi-factor authentication options, and passkey support. They emphasize that even with the LastPass breach, using a password manager is still far safer than not using one at all.

This episode provides practical guidance on evaluating password manager security beyond the standard feature comparisons, with specific recommendations for cryptocurrency users and insights into the technical aspects of password vault protection.

Here are some references for today's episode:

https://www.rubrik.com/blog/company/25/rubrik-information-security-team-update

https://www.bleepingcomputer.com/news/security/ransomware-gang-encrypted-network-from-a-webcam-to-bypass-edr/

https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/

https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/

Is Tape Backup Dead? Why This Technology Still Matters

Mon, 10 Mar 2025 04:00:00 -0700

Tape backup isn't dead – but it's glory days are gone. In this episode, W. Curtis Preston and Prasanna Malaiyandi discuss why tape backup remains relevant despite its diminished role in operational backups. They reveal how cloud giants have become the biggest consumers of tape technology while explaining common misconceptions about tape's performance.

The hosts break down four core advantages tape backup still maintains: unbeatable cost (one to two orders of magnitude cheaper than alternatives), superior speed for bulk transfers, better data integrity with lower bit error rates, and built-in protection against ransomware through true immutability. Whether you're considering your disaster recovery strategy or looking for cost-effective long-term storage, this episode offers valuable insights into why tape backup continues to play a crucial role in modern data protection architectures.

Here are some related episodes we talk about in the show:

https://www.backupwrapup.com/ovhs-backup-service-didnt-work/

https://www.backupwrapup.com/back-in-my-day-backups-were-really-hard/

https://www.backupwrapup.com/tape-drive-designer-schools-mr-backup-on-tape/

Hide Your Backup Disk from Ransomware

Mon, 03 Mar 2025 04:00:00 -0700

In this episode of The Backup Wrap-up, W. Curtis Preston and Prasanna Malaiyandi discuss critical strategies for securing your backup disk against cyber threats. They explain why the default configuration of storing backups in easily accessible directories makes your backup disk vulnerable to threat actors who specifically target backup systems before launching attacks.

The conversation covers several effective methods to protect your backup disk, including using proprietary protocols like OST and Boost, implementing Virtual Tape Libraries (VTLs), leveraging dedicated backup appliances, and utilizing object storage both on-premises and in the cloud. Curtis emphasizes that keeping your backup disk out of user space is essential for maintaining security against increasingly sophisticated attackers.

This episode provides practical advice for anyone using disk-based backup systems who wants to ensure their backup disk remains secure and recoverable when needed most.

Your 4-Hour Recovery Time Objective is Fantasy

Mon, 24 Feb 2025 04:00:00 -0700

Ever wonder why your recovery time objective seems impossible to meet? In this episode, we challenge the common assumption that a four-hour RTO is achievable for most organizations. Host W. Curtis Preston and guest Prasanna Malaiyandi discuss why these aggressive recovery time objectives often exist only on paper.

From ransomware attacks to natural disasters, we examine the real-world factors that make rapid recovery more complex than most realize. We break down the differences between recovery time objectives (RTOs) and actual recovery times (RTAs), exploring why organizations need to be more realistic about their recovery capabilities. Whether you're managing backups, planning disaster recovery, or responsible for business continuity, this episode will help you understand what's actually possible when disaster strikes.

Check out these older episodes about how a real disaster unfolds:

https://www.backupwrapup.com/real-life-hurricane-disaster-recover-story/

https://www.backupwrapup.com/disaster-recovery-after-a-hurricane-a-first-hand-account/

Passwords vs Passkeys: The Future of Backup Security

Mon, 17 Feb 2025 04:00:00 -0700

In this eye-opening episode about passwords vs passkeys, W. Curtis Preston and Prasanna Malaiyandi expose why traditional password protection isn't enough for your backup systems anymore. They break down the evolution from basic passwords to MFA, and explain why passkeys and FIDO compliance represent the next level in security.

Learn why hackers target backup systems first, how they exploit password vulnerabilities, and why even multi-factor authentication has its weak points. Discover why there hasn't been a single successful attack against FIDO-compliant systems, and why you should be pushing your backup vendors to support passkeys. Whether you're using a traditional backup system or a SaaS solution, this episode gives you the knowledge you need to better protect your last line of defense.

We talked about this previous episode: https://www.backupwrapup.com/how-do-you-authenticate-with-all-new-hardware/

No one cares about your backup window!

Mon, 10 Feb 2025 04:00:00 -0700

Understanding your backup window is crucial for effective data protection, but there's a twist - it's not just about backup speed. In this episode, we explore why focusing solely on backup speed misses the point entirely. The real measure of success? Your recovery capabilities.

Join W. Curtis Preston and Prasanna Malaiyandi as they share war stories about backup windows gone wrong, including a memorable tale involving tape drives that could write but couldn't read. Learn why traditional backup windows have evolved, how modern technologies have changed the game, and most importantly, why your recovery testing matters more than your backup speed. We also dive into deduplication taxes, recovery groups, and why instant recovery capabilities might be your best friend in a crisis.

This is the recovery failure we alluded to w/our friend Stuart Liddle: https://www.backupwrapup.com/laptop-restore-nightmare-900gb/

Artificial Intelligence: The Future of Backup?

Mon, 03 Feb 2025 04:00:00 -0700

Artificial intelligence in backup isn't just marketing hype - it's changing how we protect our data. In this episode, W. Curtis Preston and Prasanna Malaiyandi break down the practical applications of AI in backup systems, from intelligent scheduling to ransomware detection.

Learn how artificial intelligence helps with capacity planning, especially with deduplication systems where predicting storage needs gets tricky. We discuss AI's role in asset discovery, anomaly detection, and even creating better disaster recovery plans. Plus, find out why backing up AI models themselves might become your next big challenge. This no-nonsense look at AI in backup cuts through the confusion and focuses on what really matters - making your backups better.

Disaster Recovery Testing: The Execution Phase

Mon, 27 Jan 2025 04:00:00 -0700

In part two of our disaster recovery testing series, we explore the critical steps of executing a DR test. From coordinating teams and documenting issues to maintaining communication channels during the test, this episode covers everything you need to know about running an effective DR test.

Host W. Curtis Preston and co-host Prasanna Malaiyandi share practical advice from their extensive experience with disaster recovery testing. They discuss the importance of having backup communication methods, maintaining detailed documentation, and conducting thorough post-test analysis. Learn why testing your DR plan regularly is crucial and how to build a recovery mindset across your organization.

Whether you're planning your first DR test or looking to improve your existing testing procedures, this episode provides valuable insights to help ensure your disaster recovery testing success.

Choosing the Best Cloud Backup for Your Small Business

Mon, 20 Jan 2025 04:00:00 -0700

Looking for the best cloud backup for small business? This episode cuts straight to what matters. Host W. Curtis Preston and Prasanna Malaiyandi share their expert insights on choosing the right cloud backup solution for your small business needs.

They break down the critical features every small business should look for in a cloud backup service, including true immutability, proper implementation of the 3-2-1 rule, and transparent pricing. The discussion covers why cloud backup makes sense for small businesses, how to avoid common pitfalls, and what questions to ask potential providers. Whether you're currently shopping for a backup solution or want to verify your existing setup, this episode provides practical, actionable advice from industry veterans who understand what small businesses really need.

Laptop Restore Nightmare: 900GB Recovery Story

Mon, 13 Jan 2025 04:00:00 -0700

A personal laptop restore that should have taken days stretched into weeks, highlighting critical lessons about backup and recovery. When our guest's laptop hard drive failed, he thought replacing it with an SSD and restoring from Carbonite would be straightforward. Instead, he faced constant system crashes, hardware challenges, and a restore speed that would make a snail look fast. (Carbonite did not cause the crashes.) Listen as we break down this laptop restore saga, including why the system kept crashing five times per day, how Carbonite handled the interruptions, and whether paying $100 for a physical drive shipment might have been worth it. Perfect for anyone who wants to learn from someone else's restore challenges before facing their own.

Other episodes we talk about in this episode:

https://www.backupwrapup.com/how-to-properly-back-up-your-iphone-icloud-is-not-a-backup/

https://www.backupwrapup.com/videos/carbonite-lost-7500-customers-backup-data/

https://www.backupwrapup.com/carbonite-lawsuit-cloud-backup-cautionary-tale/

Making the Case for Your Backup IT Budget

Mon, 06 Jan 2025 04:00:00 -0700

Getting the right backup IT budget can feel like pulling teeth, but it doesn't have to be that way. In this episode of The Backup Wrap-up, W. Curtis Preston and Prasanna Malaiyandi share real-world strategies for securing the backup IT budget you need to protect your organization.

Learn how to partner with the security and GRC teams to make your case stronger. Find out why ransomware has changed the game when it comes to backup IT budget discussions, and hear practical tips for documenting your needs. Whether you're struggling with outdated systems or fighting for resources, this episode gives you the ammunition you need to get proper funding for your backup infrastructure.

Here's a link to the Stoli story if you're interested: https://therecord.media/stoli-group-usa-bankruptcy-filing-ransomware

DR Case Study: A first hand-account

Mon, 23 Dec 2024 04:00:00 -0700

(For frequent listeners, I made a mistake with last week's episode. THIS is the episode I meant to publish last week. I know it has the same description. Sorry about that.)

This disaster recovery case study takes you inside a real DR scenario when a hurricane devastated an island's data center. Our guest shares his firsthand experience managing recovery efforts with limited resources, no mainland connection, and countless unexpected challenges. (This is the on-the-ground account of the story we told last week with "Harry Potter.")

Listen as we explore how basic DR assumptions fell apart, from authentication dependencies to satellite communication limits. Learn why sleeping on air mattresses and eating chicken and rice became part of this disaster recovery case study, and discover critical lessons about DR planning, testing, and documentation that could save your organization. This episode reveals the reality of disaster recovery when everything - including trees - gets stripped away.

NetBackup Disaster: When Nature Strikes Back

Mon, 16 Dec 2024 04:00:00 -0700

When a hurricane struck an island data center, one backup admin faced a NetBackup disaster that tested years of experience and planning. This episode reveals the real-world challenges of recovering from a catastrophic event that flooded one data center and disrupted access to Iron Mountain's offsite storage facility.

Listen as our guest, a 20-year veteran backup administrator, shares his firsthand account of managing this NetBackup disaster. Learn about the critical decisions made during the three-week recovery process, the unexpected challenges they faced, and the valuable lessons learned about backup infrastructure, replication strategies, and disaster recovery planning.

(This is part one of two parts. Next week you will hear from the person on the ground during this disaster.)

Free NetBackup Reader: S2|DATA's Game-Changing Tool

Mon, 02 Dec 2024 04:00:00 -0700

S2|DATA has released a free NetBackup reader that gives users complete control over their backup data without requiring a full NetBackup environment. This standalone application allows anyone to quickly catalog and restore data from NetBackup disk images, even if they no longer maintain their NetBackup infrastructure.

CEO Brendan Sullivan joins the show to explain why they created this free tool and how it helps organizations maintain access to their legacy backup data. We discuss the challenges of vendor lock-in, the importance of data ownership, and why companies shouldn't have to keep paying for access to their own information. We also cover how S2|DATA offers a range of services for accessing all legacy backup data, not just NetBackup.

Whether you're considering moving away from a backup product or simply want easier access to your backup data, this episode explains how this free NetBackup reader can help you take control of your data destiny.

You can read about it here: https://s2data.com/libertas-free-backup-reader/

Disaster Recovery Test Gone Wrong

Mon, 25 Nov 2024 04:00:00 -0700

In this eye-opening episode, we examine a real-world disaster recovery test gone wrong from Kodiak Island, Alaska. Our guest Paul Van Dyke shares his story of intentionally taking down an entire server environment over a weekend, armed with only backup tapes and determination. This disaster recovery test example showcases both what not to do and valuable lessons learned.

Paul walks us through his bold 2001 decision to reorganize storage across five servers by completely wiping them all at once. What was supposed to be a weekend project turned into a five-day marathon, including sleeping on his office floor to swap backup tapes. While he eventually succeeded in restoring everything, this disaster recovery test example demonstrates why proper testing and planning are crucial for any major infrastructure changes.

Join us for this candid conversation about backup testing, restoration planning, and the unique challenges of managing IT infrastructure on a remote Alaskan island. Learn from Paul's experience so you don't have to learn these lessons the hard way!

Disaster Recovery Testing: Start Small Before Going Big

Mon, 18 Nov 2024 04:00:00 -0700

Ready to level up your disaster recovery testing game? This episode covers everything from basic restore testing to full-scale DR scenarios. Curtis and Prasanna share real-world experiences and practical advice for implementing effective disaster recovery testing strategies.

Learn why starting small is crucial, how to define clear success criteria, and ways to test without risking your production environment. We discuss different infrastructure types, from physical servers to cloud platforms, and explain how each requires its own testing approach. Plus, get insights on creating effective runbooks and ensuring your team can execute recovery procedures without depending on specific individuals.

Whether you're planning your first DR test or looking to improve existing procedures, this episode provides actionable guidance for building confidence in your recovery capabilities.

BTW if you want to watch/listen to the Alaska DR story, I'm actually going to repost it next week.

Detecting Ransomware Before It's Too Late

Mon, 11 Nov 2024 04:00:00 -0700

continue

=====================DESCRIPTION===============

Detecting ransomware requires more than just good antivirus software - it demands a comprehensive approach using multiple tools and techniques. In this episode of The Backup Wrap-up, security expert Mike Saylor breaks down the essential components of ransomware detection, from endpoint protection to network monitoring.

Learn about the latest detection tools like XDR, EDR, and SOAR, and discover why many organizations might benefit from working with a managed security service provider. We discuss real-world examples of ransomware detection, including unusual signs that might indicate an attack in progress. Whether you're managing IT for a small business or an enterprise organization, this episode provides practical insights into detecting ransomware before it's too late.

RTO vs RPO: The Foundations of Backup Design

Mon, 04 Nov 2024 04:00:00 -0700

In this essential episode of The Backup Wrap-up, we dive deep into RTO vs RPO – the foundational concepts that drive backup and recovery system design. Curtis and Prasanna break down why these aren't just technical metrics, but crucial business decisions that should come from your stakeholders.

Learn why different applications need different RTOs and RPOs, how these metrics influence your backup frequency and system design, and why getting them wrong can cost your company millions. We'll show you how to have productive conversations with stakeholders about recovery objectives, and why the common answer of "zero downtime" isn't always the right one. Whether you're new to backup or a seasoned pro, this episode will reshape how you think about recovery objectives.

Backup from Hell: SMB vs 400TB

Mon, 28 Oct 2024 04:00:00 -0700

Experience the backup from hell in this eye-opening episode of The Backup Wrap-up. What started as a straightforward 40TB backup spiraled into a months-long battle with 400TB of data, failing tape drives, and directories containing hundreds millions of files.

Host W. Curtis Preston shares his first-hand account of tackling this backup from hell, including the challenges of dealing with SMB protocol limitations, tape drive failures, and the infamous "million file problem." Learn why backing up 99 million files in a single directory isn't just challenging - it's nearly impossible over standard protocols.

Discover the solutions that finally worked, from switching to disk-based backup to implementing local tar backups. Whether you're a backup admin or IT professional, this episode offers valuable insights into handling extreme backup scenarios.

Election Integrity 101: What Every Voter Should Know

Mon, 21 Oct 2024 04:00:00 -0700

In this important episode, we tackle the crucial topic of election integrity. As a seasoned poll worker and site manager, I take you behind the scenes of our voting process, revealing the numerous safeguards and checks in place to ensure fair and accurate elections. We debunk common myths, explain the importance of paper ballots, and discuss how mail-in voting actually works. You'll learn about the rigorous signature verification process, the role of election observers, and why it's nearly impossible to commit large-scale voter fraud. Whether you're skeptical about our electoral system or simply curious, this episode provides valuable insights into how we maintain election integrity. Don't miss this chance to understand the nuts and bolts of our democratic process and why you can trust in the security of your vote.

The Dark Side of Backup System Consolidation

Mon, 14 Oct 2024 04:00:00 -0700

In this eye-opening episode of The Backup Wrap-up, we look at the dangers of the consolidating backup market, a trend that's reshaping the industry. We talk about recent major acquisitions like Cohesity's purchase of Veritas and Salesforce's takeover of OwnBackup, examining the implications for customers and the market at large.

After covering each acquisition, we talk about the often-overlooked risks of keeping legacy backup systems operational post-consolidation, including security vulnerabilities and ongoing costs. We also address the challenges of data accessibility and the potential legal ramifications of retaining old backups. Whether you're a seasoned IT professional or new to the world of data protection, this episode offers valuable insights into navigating the complex landscape of backup market consolidation.

Rogue Administrator Nightmare: Lessons from a Real-Life Attack

Mon, 07 Oct 2024 04:00:00 -0700

In this episode of The Backup Wrap-up that proves Curtis right :) we look into the shocking case of a rogue administrator who held an entire company's IT infrastructure hostage. We explore how Daniel Rhyne, a core infrastructure engineer, managed to lock out his colleagues and demand a $750,000 ransom. This real-world example highlights the critical importance of safeguarding against insider threats.

We look into practical strategies to prevent such incidents, including implementing least privilege access, enforcing "four eyes" principles for critical changes, and maintaining robust logging and auditing systems. The discussion also covers recovery options and the vital role of off-site immutable backups in mitigating damage from rogue administrators. Whether you're an IT professional or business leader, this episode provides essential insights into protecting your organization from the potentially devastating actions of trusted insiders gone rogue.

Business Impact Analysis: Your Key to Resilient Operations

Mon, 30 Sep 2024 04:00:00 -0700

In this episode of The Backup Wrap-up, we explore the critical process of a business impact analysis (BIA) and its importance for organizations of all sizes. Our expert guest, Dr. Mike Saylor, shares valuable insights on conducting effective BIAs, including why it's best to have a third party perform them. We discuss how business impact analysis informs disaster recovery plans, aligns IT with business needs, and helps justify crucial investments in resilient systems. You'll learn about the steps involved in a BIA, from stakeholder identification to financial impact assessment, and understand how this process can save your organization time, money, and headaches in the long run. Whether you're an IT professional or a business leader, this episode provides essential knowledge for protecting your organization's critical functions and ensuring business continuity.

Building a Resilient Ransomware Backup Strategy

Mon, 23 Sep 2024 04:00:00 -0700

In this essential episode of The Backup Wrap-up, we delve into the critical components of a robust ransomware backup strategy. We explore the concept of dwell time and its implications on backup retention periods, emphasizing the need for longer-term storage solutions. Our discussion covers the importance of frequent backups and designing systems with multiple recovery options. We examine the benefits of cutting-edge technologies like snapshots, replication, and cloud-based recovery solutions in crafting an effective ransomware backup strategy. The episode also tackles the nuances of database versus file system recovery and provides insights on evaluating the importance of encrypted data. Whether you're an IT professional or a business owner, this episode offers valuable guidance on fortifying your ransomware backup strategy to protect your critical data assets.

Detecting Ransomware Before It's Too Late

Mon, 16 Sep 2024 04:00:00 -0700

In this eye-opening episode of The Backup Wrap-up, we delve into the critical topic of detecting ransomware. Joined by cybersecurity expert Dr. Mike Sailor, we explore the subtle signs that could indicate a ransomware attack in progress. From slight performance degradation to unusual network behavior, we cover the early warning signs that every IT professional and digital asset owner should be aware of.

Our discussion goes beyond just identifying threats. We examine the role of advanced security tools like SIEM and XDR in early ransomware detection, and why integrating these with endpoint protection is crucial for an effective defense strategy. We also stress the importance of having a solid incident response plan and the benefits of virtualization in recovery efforts. Whether you're looking to bolster your organization's cybersecurity or simply protect your personal data, this episode provides invaluable insights into detecting ransomware before it's too late.

Tabletop Exercises: Your Secret Weapon Against Cyberattacks

Mon, 09 Sep 2024 04:00:00 -0700

In this eye-opening episode of The Backup Wrap-up, we delve into the world of tabletop exercises and their crucial role in cybersecurity preparedness. Our guest expert, Mike Saylor from Black Swan Security, guides us through the ins and outs of planning and executing effective tabletop exercises. We explore why these simulations are essential for organizations of all sizes, and how they can dramatically improve incident response capabilities.

Listeners will gain valuable insights into selecting the right scenarios, involving key stakeholders, and creating a safe environment for learning. We also discuss common pitfalls to avoid and the importance of regular practice. Whether you're new to tabletop exercises or looking to enhance your existing program, this episode provides practical advice for strengthening your organization's cyber resilience. Don't miss this opportunity to level up your incident response game!

Fostering a Culture of Cybersecurity with Training

Mon, 02 Sep 2024 04:00:00 -0700

In this important episode of The Backup Wrap-Up, we delve into the world of cybersecurity training. We explore why effective training is crucial in today's digital landscape and how to implement a comprehensive program that goes beyond just ticking boxes. From creating robust cybersecurity policies to conducting engaging, frequent training sessions, we cover it all.

Learn why rewarding vigilance is more effective than punishing mistakes, and how to foster a security-aware culture in your organization. We discuss the importance of relevant, interactive training methods, including simulated phishing tests, and how to train users to spot suspicious activity beyond just phishing attempts. Whether you're an IT professional or a business owner, this episode provides valuable insights to enhance your cybersecurity training efforts and strengthen your organization's digital defenses.

Incident Response Plan 101: From BIA to Execution

Mon, 26 Aug 2024 04:00:00 -0700

In this very dense episode of The Backup Wrap-up, we delve into the critical world of incident response plans, from the business impact analysis (BIA) to finalizing its creation. Our expert guest, Dr. Mike Saylor, CEO of Blackswan Security, shares invaluable insights on crafting and implementing effective incident response strategies. We explore the key components of a robust plan, from conducting a business impact analysis to creating scenario-specific playbooks.

Learn why having an incident response plan is crucial in today's cyber threat landscape and how to design one that works for your organization. We discuss the importance of regular updates, secure storage, and testing through tabletop exercises. Whether you're an IT professional or a business leader, this episode provides practical advice on preparing for and managing potential security incidents. Don't miss this essential guide to strengthening your organization's cyber resilience through comprehensive incident response planning.

Reducing Your Cyberattack Blast Radius: Expert Tips

Mon, 19 Aug 2024 04:00:00 -0700

In this eye-opening episode of The Backup Wrap-up, we delve into the critical concept of minimizing the cyberattack blast radius. Joined by cybersecurity expert Dr. Mike Saylor, we explore practical strategies to significantly reduce the impact of a breach on your organization.

We start by discussing the principle of least privilege access and its role in containing a cyberattack's blast radius. Next, we examine the importance of network segmentation in limiting the spread of an attack. The conversation then shifts to the often-overlooked aspect of controlling outbound traffic to prevent data exfiltration.

Throughout the episode, we provide actionable insights and best practices that IT professionals and business owners can implement to enhance their cybersecurity posture. By focusing on minimizing the cyberattack blast radius, organizations can better protect their digital assets and mitigate potential damages in the event of a breach.

Ransomware Forensics: Preserving Digital Evidence

Mon, 12 Aug 2024 04:00:00 -0700

In this episode of The Backup Wrap-Up, we delve into the crucial world of ransomware forensics with cybersecurity expert Mike Saylor. We explore the essential steps and tools used in forensic analysis during a cyber attack, highlighting the importance of preserving evidence and navigating the complexities of both traditional and mobile device forensics.

From log preservation to forensic imaging, we discuss how organizations can prepare for and respond to ransomware incidents. Mike shares insights on the different forensic tools available, their applications, and the challenges faced in modern cybersecurity investigations. We also touch on the importance of having a forensic response plan in place before an attack occurs.

Whether you're an IT professional or simply interested in cybersecurity, this episode offers valuable knowledge about the forensic processes that help unravel cyber attacks and protect valuable data. Tune in to enhance your understanding of ransomware forensics and strengthen your organization's cyber defenses.

The Cyber Insurance Playbook: What You Need to Know

Mon, 05 Aug 2024 04:00:00 -0700

Dive into the world of cyber insurance with our latest episode featuring expert Mike Saylor. We explore the evolving landscape of cyber insurance policies and their crucial role in today's digital security strategies. Learn why cyber insurance is more than just a financial safeguard and how it can be a proactive tool in your cybersecurity arsenal.

Mike shares invaluable insights on maximizing your cyber insurance benefits, from understanding policy nuances to leveraging your insurer's expertise. We discuss common misconceptions, the importance of pre-incident preparation, and strategies for effective incident response. Whether you're a small business owner or a corporate executive, this episode provides essential knowledge to navigate the complex terrain of cyber insurance and protect your digital assets.

Advanced Ransomware Prevention

Mon, 29 Jul 2024 04:00:00 -0700

In this important episode of "The Backup Wrap-Up," we continue our discussion on ransomware, and dive deeper into the world of ransomware prevention. We assume you've done the basics (password & patch management, and MFA), and want to do more. As cyber threats continue to evolve, it's more important than ever to stay ahead of potential attacks. We discuss a range of strategies to protect your organization, from application whitelisting to securing service accounts.

Among other things, our conversation covers the importance of restricting risky network protocols, implementing multi-factor authentication, and employing reputable anti-malware software. We also explore the benefits of penetration testing and red team exercises. Additionally, we emphasize the significance of establishing relationships with blue teams and law enforcement resources before an attack occurs.

Join us as we provide actionable insights on ransomware prevention, helping you build a robust defense against this pervasive cyber threat. Whether you're an IT professional or a business owner, this episode is packed with valuable information to enhance your cybersecurity posture.

IT Security Audit Essentials: Protect Your Network

Mon, 15 Jul 2024 04:00:00 -0700

In this episode of The Backup Wrap-Up, we delve into the critical world of IT security audits. We explore why these audits are essential for maintaining a robust cybersecurity posture and how they can help organizations identify and address potential vulnerabilities. Our discussion covers key elements of surviving an IT security audit, including user education, application whitelisting, and securing remote access protocols. We also touch on the importance of regular security assessments and proactive measures to stay ahead of cyber threats. Whether you're an IT professional or a business owner, this episode provides valuable insights into conducting thorough IT security audits and implementing best practices to protect your digital assets. Tune in to learn how you can strengthen your organization's defenses and become a cybersecurity hero.

How to Stop Ransomware: 3 Essential Strategies

Mon, 08 Jul 2024 04:00:00 -0700

Discover how to stop ransomware in its tracks with this informative episode of The Backup Wrap-up. Hosts W. Curtis Preston and Prasanna Malaiyandi look into three crucial strategies that can prevent 90% or more of ransomware attacks. Learn why patch management is your first line of defense and how to implement it effectively. Explore the world of password security and discover why a robust password management system is essential. Finally, uncover the power of multi-factor authentication in thwarting unauthorized access. Don't miss this opportunity to strengthen your cybersecurity defenses and stay one step ahead of cybercriminals.

Immutable Backups: Your Ultimate Defense Against Ransomware

Mon, 01 Jul 2024 04:00:00 -0700

In this episode, we delve into the world of immutable backups, a crucial component of modern data protection strategies. We explore why immutable backups have become increasingly important in the face of sophisticated cyber threats, especially ransomware attacks that target backup systems. The episode covers the evolution from tape backups to disk-based systems and cloud solutions, highlighting how this shift has introduced new security challenges.

We discuss the spectrum of immutability in backup systems, from basic file system protections to fully immutable cloud storage options. The conversation touches on various implementations of immutable backups, their strengths, and potential vulnerabilities. We also address the importance of multi-factor authentication and awareness of emerging threats like AI-based voice impersonation.

Protect Backups from Ransomware: Expert Strategies

Mon, 24 Jun 2024 04:00:00 -0700

In this crucial episode, we delve into how to protect backups from ransomware, a critical concern for IT professionals and business owners alike. We explore why backup systems are prime targets for cybercriminals and the devastating consequences of a successful attack. Our discussion covers essential strategies to fortify your backups, including implementing immutable storage, using local accounts instead of Active Directory, and employing network segmentation. We also emphasize the importance of robust monitoring systems and regular patching. By understanding the risks and implementing these protective measures, you can significantly enhance your organization's resilience against ransomware attacks. Don't miss this vital information on how to protect backups from ransomware and secure your data's last line of defense.

Ransomware 101: What is ransomware?

Mon, 17 Jun 2024 04:00:00 -0700

This episode about what is ransomware is the first in a new series on the topic. The episode explores what it is, how it works, and why it has become such a significant threat to businesses and individuals alike. We discuss the evolution of ransomware attacks, from simple data encryption to sophisticated extortion schemes involving data exfiltration and direct attacks on backup systems. Our conversation highlights the importance of prevention and detection measures, such as robust access controls, limiting internet-facing systems, and monitoring for data exfiltration. We also emphasize the critical role of backup and recovery strategies, including offline and immutable backups, in mitigating the impact of ransomware attacks. Throughout the episode, we provide insights into the complex ransomware threat landscape and offer practical advice for organizations looking to protect their data and systems from this ever-evolving threat.

XDR vs SIEM: Do you need to choose?

Mon, 10 Jun 2024 04:00:00 -0700

In this episode, we explore the differences between XDR and SIEM, two crucial tools in the world of security monitoring. Our guest, Dez Rock, CEO of SIEMonster, shares her fascinating journey from professional hacker to building an affordable, scalable SIEM solution that encompasses SOAR and XDR capabilities. We discuss the importance of evaluating security tools based on their true capabilities rather than just market perception, and Dez provides real-world examples of how SIEMonster's SIEM/XDR tool automatically detected and shut down a ransomware attack at a large hospital client. Tune in to learn about the evolving security landscape, the pros and cons of XDR vs SIEM, and how you may not have to choose! Whether you're an IT professional or simply interested in the latest cybersecurity trends, this episode offers valuable insights into the future of security monitoring.

Strengthening Your Cybersecurity Blue Team: Pro Tips

Mon, 03 Jun 2024 04:00:00 -0700

In this episode, we explore the essential strategies and best practices for building and optimizing a blue team cybersecurity approach. Our guest, Mike Saylor, shares his expertise on how organizations can effectively prepare for and respond to cyber incidents. From establishing relationships with law enforcement to conducting tabletop exercises and understanding cyber insurance policies, Mike provides valuable insights to help companies strengthen their cybersecurity posture.

Throughout the episode, we discuss the importance of focusing on detection and response capabilities, not just prevention, and how a well-prepared blue team can make all the difference in the face of a cyber threat. Mike also shares real-world stories that illustrate the key lessons and takeaways for organizations looking to enhance their cybersecurity efforts. Tune in to learn how you can better protect your company from cyber threats with a robust blue team approach.

Thinking Like a Hacker: Red Team Cyber Security Strategies

Mon, 27 May 2024 04:00:00 -0700

In this popular episode from last year, we explore the fascinating world of red team cyber security with Dwayne Laflotte, a seasoned expert in offensive cybersecurity. Dwayne shares his wealth of knowledge and experience, diving into the tactics and strategies employed by red teams to identify vulnerabilities and strengthen an organization's defenses. From exploiting backup systems to the importance of least privilege and strong passwords, this episode is a must-listen for anyone interested in bolstering their cybersecurity posture.

Dwayne provides captivating examples of how red team cyber security professionals think outside the box to breach networks, emphasizing the need for constant vigilance and adaptability in the face of evolving threats. He also highlights the critical role of collaboration between red and blue teams, stressing the importance of a multi-layered approach to cybersecurity. Packed with practical insights and actionable advice, this episode is an invaluable resource for IT professionals and business leaders alike.

Google Cloud Disaster Recovery: Lessons from UniSuper's Close Call

Mon, 20 May 2024 04:00:00 -0700

In this episode, we delve into the critical importance of Google Cloud disaster recovery planning through the lens of UniSuper's recent brush with catastrophe. When Google accidentally deleted UniSuper's entire VMware environment, the Australian pension provider faced the terrifying prospect of losing access to $125 billion in assets and the data of over 600,000 members.

Hosts W. Curtis Preston and Prasanna Malaiyandi dissect the incident, highlighting how UniSuper's adherence to the 3-2-1 backup rule and use of third-party backup solutions ultimately saved the day. They explore the key lessons learned from this Google Cloud disaster, including the importance of having isolated data copies, clear communication during outages, and a robust recovery strategy. This real-world case study serves as a stark reminder of the risks associated with relying solely on cloud providers for data protection and the necessity of comprehensive Google Cloud disaster recovery planning.

Electronic Discovery tools that extract from backups

Mon, 13 May 2024 04:00:00 -0700

In this episode, we explore the world of electronic discovery tools and how they're transforming the legal landscape. Our guest, Brendan Sullivan, shares his expertise on the challenges companies face when dealing with legacy data and the importance of using the right tools for eDiscovery. Learn how purpose-built software can greatly enhance efficiency, accuracy, and defensibility in the eDiscovery process. Brendan also discusses the growing need for data remediation and migration services, as well as the role of computer forensics and eDiscovery platforms in building strong legal cases. Whether you're a legal professional looking to streamline your workflow or simply interested in the intersection of technology and law, this episode is a must-listen.

Cloud Disaster Recovery: Lessons from Failures

Mon, 06 May 2024 04:00:00 -0700

Capping our series on cloud disasters is this one on cloud disaster recovery. In this episode, we review the lessons we learned from discussing 10 cloud disasters. We talk about the critical strategies and techniques to ensure your data is protected and recoverable in the event of a disaster in the cloud. From the basic 3-2-1 rule to the pitfalls of solely trusting your cloud provider for proper disaster recovery, we dive into real-world examples and expert insights to help you build a robust cloud disaster recovery plan for your cloud data.

Discover the importance of regular testing, the role of third-party backup solutions, and the key considerations for choosing a reliable cloud provider. Whether you're a small business or a large enterprise, this episode provides actionable advice to enhance your cloud disaster recovery posture and maintain business continuity in the face of unexpected disruptions. Tune in now and learn how to safeguard your valuable data in the cloud era.

Life Uncontained YouTube Channel Loses Month of Footage in Crash

Mon, 29 Apr 2024 04:00:00 -0700

In this episode, we discuss the devastating crash experienced by the popular YouTube channel "Life Uncontained," which resulted in the loss of a month's worth of irreplaceable video footage. The Life Uncontained crash serves as a stark reminder of the importance of proper backup strategies for protecting valuable digital assets. We delve into the lessons learned from this unfortunate incident and explore the best practices for safeguarding your data from hardware failures and other potential disasters. From the 3-2-1 backup rule to the use of multiple storage media, we cover the essential steps you can take to minimize the risk of catastrophic data loss. Whether you're a content creator, business owner, or simply someone who values their digital memories, this episode provides crucial insights into the world of data protection and backup. Don't miss this opportunity to learn from the "Life Uncontained" story and fortify your own backup plan.

https://www.youtube.com/watch?v=fQsTs3C0T-c&ab_channel=LifeUncontained

The Disastrous Dedoose Crash: Lessons Learned

Mon, 22 Apr 2024 04:00:00 -0700

In 2014, the cloud-based research platform Dedoose suffered a catastrophic crash, losing customer data and backups simultaneously. We examine the causes of the Dedoose crash, its impact on users, and crucial lessons for anyone relying on SaaS. Learn how subpar backup practices, like monthly-only backups and overwriting previous versions, can lead to disaster. Hear how Dedoose responded and key steps to prevent your own cloud data calamity.

Links from this episode:

https://www.informationweek.com/it-infrastructure/social-science-site-using-azure-loses-data#close-modal

https://www.insidehighered.com/news/2014/05/16/dedoose-crash-shows-dangers-handing-data-cloud-services

https://www.latimes.com/business/technology/la-fi-tn-dedoose-crash-academic-cloud-20140512-story.html

https://www.chronicle.com/blogs/wiredcampus/hazards-of-the-cloud-data-storage-services-crash-sets-back-researchers

https://web.archive.org/web/20230927112141/https://www.dedoose.com/blog/dedoose-update-significant-data-recovery-successful-how-to-save-a-project-locally

https://web.archive.org/web/20140512214308/http://blog.dedoose.com/2014/05/dedooses-black-eye-crash-and-recovery-efforts/

https://www.dedoose.com/about/security

StorageCraft Outage: Lessons from a Cloud Backup Disaster

Mon, 15 Apr 2024 04:00:00 -0700

In this episode, we examine the StorageCraft outage that erased customer backup data during a botched cloud migration. We compare StorageCraft's response to Carbonite's in a similar incident and discuss the critical lessons for backup vendors and customers. Learn the importance of meticulous migration processes, potential backup resiliency strategies, and what to do if your cloud backups disappear. Don't miss these vital insights to avoid cloud backup disasters and ensure your data is always recoverable.

Stories covering this outage:

https://www.crn.com/slide-shows/storage/arcserve-ceo-storagecraft-backup-data-loss-not-acceptable

https://www.techtarget.com/searchdisasterrecovery/news/252515647/StorageCraft-DRaaS-outage-highlights-layered-protection-need

https://www.reddit.com/r/msp/comments/tgggey/just_got_a_call_from_storagecraft_cloud_data_is/

https://blocksandfiles.com/2022/03/22/arcserve-storagecraft-operation-has-lost-customer-data/

https://www.channele2e.com/news/arcserve-storagecraft-draas-suffers-cloud-data-protection-issues

Rackspace Ransomware Attack: Lessons Learned

Mon, 08 Apr 2024 04:00:00 -0700

In this episode, we examine the Rackspace ransomware attack that crippled the company's hosted exchange environment, affecting thousands of customers. We discuss the timeline of events, the importance of timely patching, and the challenges Rackspace faced in restoring customer data. Learn about the value of comprehensive disaster recovery plans and third-party backups in protecting your organization from similar attacks. Don't miss this opportunity to gain valuable insights from one of the most significant ransomware incidents in recent years.

The Carbonite Lawsuit: A Cloud Backup Cautionary Tale

Mon, 01 Apr 2024 04:00:00 -0700

In this episode, we uncover the troubled history of Carbonite, a once prominent cloud backup provider plagued by lawsuits. In one Carbonite lawsuit they were the plaintiff, in another they were the defendant. From using inadequate storage arrays to failing to protect customer data, Carbonite's story serves as a warning for backup customers. Learn the importance of thoroughly vetting backup vendors and the risks of blindly trusting marketing claims. Don't miss this deep dive into Carbonite's multi-million dollar legal battles and valuable lessons for anyone relying on cloud backup services.

Salesforce.com's Permission Slip-Up (Another Cloud Disaster)

Mon, 25 Mar 2024 04:00:00 -0700

In this episode of The Backup Wrap-Up, Curtis and his co-host dive into the chaos caused by Salesforce's accidental "modify all" permission change in 2019. They explore the fallout from this real-world SaaS disaster, including how Salesforce scrambled to restore proper permissions and the frustration felt by impacted customers.

Curtis and his co-host discuss the crucial role third-party backups could have played in mitigating the impact of this incident, and why relying solely on a SaaS vendor's recovery capabilities can leave organizations vulnerable. They also share practical advice on how listeners can avoid similar cloud disasters by implementing a comprehensive backup strategy for their SaaS applications.

Whether you're a Salesforce user, a SaaS enthusiast, or simply interested in the world of data protection, this episode offers valuable insights and entertaining anecdotes that will help you become a Cyber Recovery Hero. Tune in to learn, laugh, and discover how to safeguard your organization's critical data in the cloud.

Links

Original SF post: https://issues.salesforce.com/issue/a028c00000qQ53kAAC/user-profiles-and-permission-sets-related-to-pardot-licensed-orgs-were-modified-by-salesforce
Second post: https://salesforce.stackexchange.com/questions/262830/salesforce-bug-enabled-modify-all
Big deal: https://appomni.com/blog_post/2019-blog-modify-all/
SF follow up: https://help.salesforce.com/s/articleView?id=000384056&type=1

KPMG Blunder Proves Microsoft 365 Needs Backup (Cloud Disasters)

Mon, 18 Mar 2024 04:00:00 -0700

In this shocking episode of The Backup Wrap-up, we delve into the jaw-dropping data loss disaster that struck global consulting giant KPMG at the height of the 2020 pandemic. With one errant click, a Microsoft 365 admin accidentally wiped out months of critical Teams chat data for a staggering 145,000 employees.

Join host W. Curtis Preston as he unravels this extraordinary tale of digital destruction and explores the crucial lessons it holds for organizations relying on Microsoft 365 and other SaaS platforms. Curtis breaks down the differences between retention policies and actual backups, exposes common misconceptions about cloud provider data protection responsibilities, and highlights the potential legal and compliance nightmares that can arise from such catastrophic data loss.

If you're using Microsoft 365 or any SaaS application, you can't afford to miss this vital wake-up call. Tune in to discover why a robust third-party backup strategy is essential, no matter how big your company or how reliable your cloud provider seems. Learn from KPMG's misfortune and ensure your organization's critical data is always protected, in the cloud and beyond.

Don't become the next cautionary tale – listen now and secure your SaaS data before it's too late!

OVHCloud Dumpster Fire (Cloud Disasters)

Mon, 11 Mar 2024 04:00:00 -0700

In this important episode of the Backup Wrap-up, W. Curtis Preston, AKA Mr. Backup, takes you on a deep dive into the shocking story of the OVHCloud data center fire of 2021. This catastrophic event left hundreds of customers scrambling to recover their precious data (often without backups), exposing the startling truth about OVHCloud's data center and backup practices and the devastating consequences of misplaced trust in cloud providers.

As usual, Curtis is joined by co-host Prasanna Malaiyandi as they unravel the complex web of controversial decisions, legal battles, and hard lessons learned from this disastrous incident. They explore the factors contributing to the fire's severity, the staggering extent of the data loss, and the eye-opening revelations about OVHCloud's backup infrastructure.

But this episode is more than just a cautionary tale. Curtis and Prasanna delve into the crucial questions every organization must ask their cloud provider to ensure their data is truly secure. They share invaluable insights and actionable advice to help you avoid falling victim to a similar fate.

Whether you're an IT professional responsible for safeguarding your company's data or an individual looking to protect your digital life, this episode is a must-listen. You'll come away with a deeper understanding of the risks associated with cloud storage, the importance of robust backup strategies, and the steps you can take to become a cyber-recovery hero.

Don't miss this opportunity to learn from one of the most significant cloud disasters in recent history. Tune in now and discover how you can keep your data out of the fire and emerge as an unsung hero in the world of backup and recovery.

Articles covering this story:

https://www.datacenterdynamics.com/en/news/ovh-fire-octave-klaba-says-ups-systems-were-ablaze/

https://www.datacenterdynamics.com/en/news/fire-could-cost-ovhcloud-105-million-ipo-filing-reveals/

https://www.datacenterdynamics.com/en/news/ovhcloud-ordered-to-pay-250k-to-two-customers-who-lost-data-in-strasbourg-data-center-fire/

https://www.datacenterdynamics.com/en/news/ovhcloud-fire-report-sbg2-data-center-had-wooden-ceilings-no-extinguisher-and-no-power-cut-out/

Election worker episode:

https://www.backupwrapup.com/election-poll-site-manager-explains-us-election-systems/

Cloud disasters: Musey deletes their own company!

Mon, 04 Mar 2024 04:00:00 -0700

In this episode, we uncover the little-known but cautionary tale of Musey, a startup building an interior design app that catastrophically lost everything when an admin accidentally deleted their entire Google Workspace account.

We dive deep into:

How a single slip-up by an admin led to over $1.5 million of intellectual property stored in Google Drive getting instantly wiped out
Musey's desperate attempts to get their data back by contacting Google and even filing a lawsuit
How not even the cloud giants like Google have an obligation to restore customer data lost due to error or malfeasance
Why you absolutley need independent backups of cloud data instead of blindly trusting sync and retention policies

The devastating story of Musey serves as a sobering reminder that human error can still trump even the most resilient cloud platforms. Don’t miss this rare peek behind the curtain at a colossal cloud failure that very few people know about.

Story: https://www.theregister.com/2019/07/05/musey_v_google_lawsuit/

Lawsuit filed: https://regmedia.co.uk/2019/07/05/musey_v_google.pdf

Lawsuit pulled: https://dockets.justia.com/docket/california/candce/4:2019cv03864/344456

Museyapp.com 6/6/19 says “buy this domain”:

https://web.archive.org/web/20190606022957/http://www.museyapp.com/

Cloud catastrophes: Codespaces.com deleted out of existence

Mon, 26 Feb 2024 04:00:00 -0700

In 2014, software-as-a-service company Code Spaces disappeared overnight after a devastating cyber attack. Thousands of coders lost access to their work when insufficient cloud backups failed under pressure. The company was forced to go out of business.

Learn the tragic tale of how Code Spaces ignored standard data protection rules, putting their business and clients at risk. We’ll unpack what went wrong with their cloud architecture and backup systems, allowing a single hacker to destroy their SaaS company.

Understand why you still need backup - even native cloud redundancy isn't enough. Our hosts explore the hard lessons from this cloud catastrophe and equip you with actionable advice around security, access controls, preparation, and backup policies. Safeguard your slice of the cloud and avoid the mistakes that ultimately shuttered Code Spaces.

Articles covering this story:

Crafting the Perfect Disaster Recovery Runbook

Mon, 19 Feb 2024 04:00:00 -0700

In this information-packed episode, backup guru W. Curtis Preston and expert guest Prasanna Malaiyandi explore the elements of crafting an effective disaster recovery (DR) runbook. They discuss how a properly structured runbook eliminates confusion during crises by clearly outlining responsibilities and contacts. From making runbooks accessible and absorbed to keeping them actionable with constant updates and tests, they share the 8 critical factors for DR success. Tune in to transform your backup admins into confident cyber recovery heroes with battle-tested runbooks.

To DRaaS or Not to DRaaS? Comparing Disaster Recovery Approaches

Mon, 12 Feb 2024 04:00:00 -0700

Disaster lurks around every corner - ransomware, natural disasters, human errors. Are you thinking about all the data and systems at risk. Is your organization prepared?

In this episode, Curtis and Prasanna pull back the curtain on the disaster recovery decision - to build or to buy? They unpack the tradeoffs around cost, complexity, control, and even cybersecurity. Whether you're an anxious IT leader losing sleep over business continuity or just disaster recovery curious, you won't want to miss this episode.

Will your DR strategy survive? Tune in now to find out!

Hot, Warm, and Cold: DR Site Strategies

Mon, 05 Feb 2024 04:00:00 -0700

Creating an effective DR strategy means understanding the critical differences between hot, warm, and cold recovery sites. Join backup guru W. Curtis Preston and his cohost Prasanna Malaiyandi for the latest Backup Wrap-Up as they outline real-world strategies to match your RTO, RPO, and budget. You’ll learn the unique benefits and challenges of using both primary for hot sites, and backup replication to cost-effectively create warm recovery sites.

They also tackle the complexities of cloud DR for VMware environments. Can you do DR of VMware to AWS? What conversion hurdles do you need to plan for? Tune in to find out.

Whether you're a scrappy SMB or an enterprise with serious SLAs, this tactical episode delivers actionable advice to advance your resilience game. Learn how to leverage the cloud's economies of scale and keep business running no matter what gets thrown your way.

The backup wrap up turns unappreciated backup admins into cyber recovery heroes.

Disaster Recovery Site: Build, Buy, or Cloud?

Mon, 29 Jan 2024 04:00:00 -0700

When disaster strikes, you better have a solid plan for where you’ll recover your operations. Join me, W. Curtis Preston, and Prasanna Malaiyandi, as we explore the nitty-gritty details of your three main options for a disaster recovery site.

We’ll dig into the pros, cons, risks, and costs associated with rolling your own DR site, hiring a third-party service, or leveraging the public cloud. Each path has its twists and turns. How do you keep a secondary site in sync? What if a regional disaster takes down your DR provider? Can the cloud flex to meet your recovery needs? Tune in for straight-shooting answers.

This episode tackles the tough questions so you can make informed, bulletproof decisions on housing your failover infrastructure. As always, I’m drawing from decades of experience as a recovering backup admin, and I've designed this podcast just for pros like yourself.

Batten down the hatches and prepare to take notes - it’s time to build a life raft for your data!

For those interested in The Gobox Studio, here you go! https://goboxstudio.com/

Disaster Recovery 101: Laying the Groundwork for a Good DR Plan

Mon, 22 Jan 2024 04:00:00 -0700

Staying resilient in the face of disaster is crucial for any organization today. In this episode, we dive deep into crafting robust disaster recovery plans that help you outmaneuver outages.

We discuss critical groundwork like taking inventory across environments and analyzing risk to determine what to prioritize recovering when the worst happens. Whether it's ransomware, natural disasters, or other threats taking systems down, smart preparation makes all the difference.

Key highlights include:

Figuring out what scenarios are most likely to impact your business based on risk profiles
Making sure you have visibility into all areas – whether data centers, cloud, SaaS, or endpoints
Tackling basic protections first before advanced options
Understanding regional risks that may be unique to your geography
Thinking through tests that validate your ability to recover when needed

The right disaster recovery means being able to get back to business rapidly. By learning from unfortunate events others have endured, you can architect resilience that lets you bounce back better no matter the scenario.

Disaster Recovery 101 - Back to the Fundamentals

Mon, 15 Jan 2024 04:00:00 -0700

Are your backups collecting virtual dust rather than readying you for the next unavoidable disaster? Get back to basics on crafting an ironclad disaster recovery plan. We outline the essential infrastructure, applications, staffing, and execution steps often glossed over by the check-the-box enterprise crowd.

Going beyond mere data recovery, we detail considerations around standing up replacement infrastructure, understanding system interdependencies, and restoring functionality faster with increased automation. Cloud's scaling and affordability make DR exercises less daunting these days if configured properly on the front-end.

With major outages increasingly likely, the principles detailed could dictate whether your business emerges unscathed or shutters for good. We share tips for pragmatic preparation reflecting our scar tissue from failures past when lackadaisical DR rigor proved painful. Ever try troubleshooting recovery steps in the midst of a raging hurricane...or gotten that dreaded 2AM offline alert while welcoming your newborn? We have!

Major takeaways:

Start recovery documentation with manual steps, increase automation later
Test often - the cloud enables cost-effective exercising at scale
Availability outshines recovery - build resilient systems and staff cross-training
Know precise RTOs and RPOs aligned to business priority and appetite

Stay tuned as we separate the mavens from the mayhem when adverse events strike. Get your data DR ducks in order now before things migrate south!

News articles from this episode:

https://www.bleepingcomputer.com/news/security/50k-wordpress-sites-exposed-to-rce-attacks-by-critical-bug-in-backup-plugin/

https://jorgedelacruz.uk/2023/12/06/veeam-whats-new-in-veeam-backup-and-replication-v12-1-major-new-features/

Backup Fails at Archive: Billion-Dollar eDiscovery Disasters

Mon, 08 Jan 2024 04:00:00 -0700

In this episode, Curtis and Prasanna do a deep dive on the differences between data backup and data archiving. They thoroughly explain that while backup focuses on restoring systems and files to a prior point in time, archiving is all about being able to search and retrieve specific information for legal or regulatory purposes.

Key reasons you'll want to tune in:

Learn exactly why companies archive data and how regulatory compliance and legal eDiscovery requests require specialized archive capabilities.
Understand the dangers of using your backup system as an archive for eDiscovery - lacking full search and exposing too much irrelevant data risks your legal case.
Hear multiple real-world horror stories of companies failing legal cases due to lacking proper archives - to the tune of billions of dollars lost.
Get clear examples of how continuous, comprehensive archiving captures all versions of files, emails, and data - including deleted and intermediate items.
Get a life-line for those of you who are still using your backup system as an archive

If you need to implement archiving or fix broken archive approaches that risk legal noncompliance, this episode delivers an excellent primer on how archive differs from backup and what genuine archive systems can do.

https://support.google.com/drive/thread/245861992?sjid=15540859157109248518-NC

https://support.google.com/drive/answer/14286582?sjid=8199341837463411967-NA

https://blog.23andme.com/articles/addressing-data-security-concerns

https://www.backupwrapup.com/what-is-archive-and-retrieve-backup-to-basics/

https://www.sullivanstrickler.com

Backup to Basics: Traditional Data Sources

Mon, 01 Jan 2024 04:00:00 -0700

We’re going back to basics in 2024! Our hosts revisit their smash hit episode from last year all about protecting those traditional data sources like physical servers, VMs, laptops, desktops, and mobile devices. From on-prem to mobile, should it all get backed up? How and why? Tune in as Curtis and Prasanna rehash their spirited debate over backup best practices across your infrastructure and walk through real-world examples of what can go wrong. It’s chock full of fundamental wisdom for data protection pros getting started and veterans alike. Whether you’re making big cloud migrations or maintaining legacy systems, don’t miss this special re-release dedicated to the building blocks of backup as we start the year on a backup to basics kick.

Get Ready Before You Get Got: Ransomware Response Planning

Mon, 25 Dec 2023 04:00:00 -0700

This timely episode features an in-depth discussion between cybersecurity expert Melissa Palmer (@vmiss) and hosts W. Curtis Preston and Prasanna Malaiyandi on the crucial role preparation and planning play in effectively responding to and recovering from the inevitable ransomware attack.

They stress that flying by the seat of your pants without an incident response plan when ransomware hits leads to chaotic, inefficient efforts and substantially higher costs. Melissa outlines pragmatic steps organizations should take before an attack to develop and test response playbooks, have partnerships in place with response firms, coordinate across internal teams, bolster detection capabilities, and harden backup/recovery mechanisms.

Curtis and Prasanna dive into real-world ransomware response scenarios to highlight the complexity organizations face in assessing the scope of damage from attacks and recalibrating restoration priorities. Melissa offers tips on creating robust processes to rebuild compromised environments quickly. They discuss table-top exercises as cost-efficient ways to uncover plan gaps and get stakeholders aligned on roles and timeline expectations.

With Melissa's depth of experience assisting ransomware victims, she provides unique insights into preparation best practices often neglected until the worst happens. For IT/security leaders looking to build organizational resilience against ransomware threats, this engaging episode delivers actionable advice on architecting defense-in-depth capabilities tailored to your business requirements.

Join us for a great episode!

To Change or Not to Change Your Backup System

Mon, 18 Dec 2023 04:00:00 -0700

Changing your organization's backup system is no easy task - it requires careful evaluation of requirements, risks, and capabilities. Many admins get stuck with backup environments they've outgrown or that lag on modern demands.

On this episode, backup guru W. Curtis Preston and his cohost Prasanna Malaiyandi lend their expertise to help you determine if and when migrating your backup solution makes sense. You'll learn:

Key indicators that your current system is no longer fitting your needs
How to clearly define backup requirements and alignment to recovery objectives
Ways to evaluate ease of use, security, and other qualitative factors
Guidance on integrating specialized systems only when necessary
The importance of prioritizing immutable storage and rapid recovery
Change management best practices that curb instability

With ransomware threats growing, the bar for backup keeps rising. Tune in as our two hosts cover everything you need to make backup system change decisions that balance innovation, budget, and risk - avoiding needless switches while still meeting evolving data protection demands. You'll gain real-world clarity that turns unappreciated backup admins into cyber recovery heroes.

Why you should care about Copy Data Management

Mon, 11 Dec 2023 04:00:00 -0700

After diving into the details of the recent Okta breach enabled by password manager vulnerabilities, Curtis and Prasanna tackle the growing issue of copy data sprawl. They define copy data management – the practice of tracking and governing all duplicated production data for backup, DR, development, analytics etc. What problems result from copy proliferation? How feasible is a single consolidated platform? What regulatory and cost implications exist? Tune in as our hosts break down best practices for cataloging, securing, reducing, and better leveraging your organization’s data copies. Specific topics covered include:

Password manager risks exposed in Okta hack
Copy data management 101
Storage cost, compliance, security issues
Tools and solutions landscape
Backup reuse considerations and cautions
Cloud vs. data center copy management

Join Curtis and Prasanna for another engaging combination of news commentary, frameworks, debates, warnings, and recommendations – this week with a data protection slant. Whether you’re a backup admin or IT leader grappling with copy sprawl, this insightful episode has something for you!

Articles discussed in this week's episode:

https://sec.okta.com/harfiles

https://arstechnica.com/information-technology/2023/11/no-okta-senior-management-not-an-errant-employee-caused-you-to-get-hacked/

https://finance.yahoo.com/news/druva-expands-multi-cloud-protection-140000597.htmlhttps://finance.yahoo.com/news/druva-expands-multi-cloud-protection-140000597.html

Snap, Replicate, & Protect: Leveraging Near CDP

Mon, 04 Dec 2023 04:00:00 -0700

Tired of backup windows and 24-hour recovery point objectives? Then it's time to learn about how snapshots and replication work together to create near-continuous data protection, or near-CDP.

In this episode, backup experts W. Curtis Preston and Prasanna Malaiyandi dive into leveraging snapshots for instant point-in-time recovery and replication for an offsite copy. By combining these technologies, you can achieve recovery point objectives measured in minutes rather than hours or days.

Listen in to understand what near CDP is, how it differs from backup and true CDP, and the key capabilities it enables. Discover when to take crash-consistent vs application-consistent snapshots. Learn how near CDP integrates with backup software and how you can use replicated snapshots for automated recovery testing.

If you need tighter RPOs and near-instant RTOs for your mission-critical systems, you can’t afford to miss this explanation of how snap and replicate delivers a high-frequency, budget-friendly data protection option. Tune in to become a hero by enabling your organization to recover quickly from data corruption, ransomware, and other threats!

Reborn and Reimagined: Don't Write Off Tape Just Yet

Mon, 27 Nov 2023 04:00:00 -0700

Ransomware attacks and data breaches dominate the headlines, but is your data protection strategy truly secure? This must-listen episode dives deep on an unsung hero of cyber resilience - tape.

Tape may have been written off by some as a legacy technology, yet it offers unparalleled air gap protection that no hacker can penetrate. Top experts from Fujifilm and IBM (sponsors of this episode) reveal the major advances that make modern tape more scalable, reliable, and cost-effective than ever before.

Learn how the pioneering capabilities of the newest LTO-9 drives and 50TB tape cartridges can economically safeguard tens or hundreds of petabytes. Hear the shocking sustainability advantage, with tape generating 97% less CO2 emissions and using drastically less power than comparable disk solutions.

With powerful integrated encryption, quantum-safe algorithms on the horizon, and clever optimizations to tame growing data volumes, tape has been reborn as the undisputed information lifeline every organization needs. Don't let your backups remain exposed - get the insider intel on fortifying your last line of defense with tried and tested tape.

Stories referenced in the episode:

https://blocksandfiles.com/2023/11/03/backblaze-shard-stash-cache/

https://blocksandfiles.com/2023/11/06/cohesity-smartfiles-becomes-snowflake-analytics-playground/

Virtually Air Gapped: Assessing Cloud Data Protection

Mon, 20 Nov 2023 04:00:00 -0700

What does "air gap" really mean when it comes to backups? Curtis takes us back to the early days of offsite tape backups with Iron Mountain to explore the principles behind physical air gaps. We learn about barcode tracking, unmarked vans, and multi-factor delete authorization. How do modern "virtual air gaps" in the cloud compare? Are backup vendors misusing important security terms? Join us as we separate marketing hype from real backup protection and learn timeless lessons around alerting, access controls, and immutable data. After this episode, you'll know how to assess if your backups are following air gap principles - no matter what technology you use.

Snapshots vs. Backups: Understanding the Difference

Mon, 13 Nov 2023 04:00:00 -0700

In this episode of The Backup Wrap-Up, host W. Curtis Preston discusses the importance of understanding the difference between snapshots and backups. He emphasizes that storage snapshots should not be considered as true backups. The episode also covers the recent 1Password and Okta hack, highlighting the frustration of such incidents, especially for those who advocate for password managers and cloud technologies. Tune in to learn more about the risks and implications of relying solely on snapshots and the importance of proper backup strategies.

CDP: The Next Great Thing in DR?

Mon, 06 Nov 2023 04:00:00 -0700

In this episode of the Backup Wrap-Up, W. Curtis Preston and Prasanna Malaiyandi discuss Continuous Data Protection (CDP) and its potential as the next great thing in disaster recovery. They explore the concept of meeting an RTO and RPO of zero and question why CDP isn't used for all backups in DR. Tune in to learn more about CDP and its role in backup and disaster recovery.

Article mentioned in the story:

https://www.theregister.com/2023/10/10/ransomware_attacks_register_record_speeds

The Role of Replication in Modern Data Protection systems

Mon, 30 Oct 2023 04:00:00 -0700

In this episode, W. Curtis Preston, aka Mr. Backup, and Prasanna Malaiyandi discuss the fundamental technology of replication in data protection systems. They explore what replication is, how it differs from other methods, and why it's not used for everything. They also delve into the differences between synchronous and asynchronous replication and why it matters. The hosts also share news of a backup company called Alcion, which recently raised funding with support from Veeam, a backup company investing in Alcion's focus on Microsoft 365 backups for SMB customers. They also discuss a report from ESG about how cloud backup has evolved. The episode provides insights into the world of data protection and highlights the importance of replication in safeguarding valuable data.

Articles discussed in this episode:

https://www.techtarget.com/searchdatabackup/news/366552363/Veeam-leads-funding-round-for-SaaS-backup-provider-Alcion

https://www.techtarget.com/searchdatabackup/feature/Cloud-backup-and-disaster-recovery-evolve-toward-maturity

Is it a backup or just a copy?

Mon, 23 Oct 2023 04:00:00 -0700

In this episode of the Backup Wrap-Up, host W. Curtis Preston discusses the importance of distinguishing between a copy and a backup to ensure the protection of valuable data. He also explores key backup concepts such as multiplexing, incremental backups, block-level incremental backups, and source-side deduplication. The episode kicks off with a discussion on the recent MGM hack, highlighting the significant impact it had on the hotel chain and the potential for personal information leaks. Tune in to learn how to safeguard your data effectively and become a backup hero.

Articles mentioned in the episode:

https://www.reddit.com/r/vegas/comments/16hxwj0/explain_like_i_am_5_mgm_hacking/

https://www.reversinglabs.com/blog/what-we-know-about-blackcat-and-the-mgm-hack

The importance of backing up cloud resources

Mon, 16 Oct 2023 04:00:00 -0700

In this episode of the Backup Wrap-up, we continue our Backup to Basics series by discussing the importance of protecting cloud infrastructure, including Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). We then dive into the differences between these various cloud services and highlight the need to back up various components of each. We also discuss a recent incident where a Danish hosting company lost a significant amount of customer data due to a ransomware attack, emphasizing the ongoing threat of ransomware and the vulnerability of service providers. Tune in to learn more about safeguarding your data in the cloud.

Links to articles mentioned in the post:

https://www.bleepingcomputer.com/news/security/hosting-firm-says-it-lost-all-customer-data-after-ransomware-attack/

https://www.pcmag.com/how-to/how-to-back-up-restore-your-documents-in-windows-10

The Importance of Backing Up IOT Devices

Mon, 09 Oct 2023 04:00:00 -0700

In this episode of the Backup Wrap-Up, host W. Curtis Preston and co-host Prasanna Malaiyandi explore the topic of data protection in the Internet of Things (IoT) era. With the increasing number of IoT devices in our homes and organizations, it is crucial to understand how to back up and secure the data generated by these devices. They discuss the importance of knowing which devices create important data and where that data is being stored.

They also discuss IBM's release of a 150 terabyte tape, which showcases advancements in data storage capacity, and a TechTarget ESG survey about the use of the cloud in data protection.

Tune in to this informative episode for insights on safeguarding your IoT data.

Hybrid Cloud Storage: Back it up or not?

Mon, 02 Oct 2023 04:00:00 -0700

In this episode of the Backup Wrap-Up, host W. Curtis Preston, also known as Mr. Backup, and his co-host Prasanna Malaiyandi, discuss the importance (or not) of backing up data in hybrid cloud storage systems, with a possibly surprising answer. The episode begins with backup-related news, followed by a deep dive into a single area or lesson that can help protect against ransomware. The news segment includes a story about Toyota, where multiple manufacturing plants shut down during their production process. Tune in for the answer to the question about backing up hybrid storage systems, and to learn more about data backup and disaster recovery systems.

Restore it All is Changing Its Name

Wed, 27 Sep 2023 04:00:00 -0700

This is a very short episode to explain our name change and a few other minor changes to the format. The show you know and love is getting better! (Prasanna and I aren't going anywhere.)

The Merging Worlds of Information Security and Data Protection

Mon, 25 Sep 2023 04:00:00 -0700

In this episode of the Restore It All podcast, W. Curtis Preston, a.k.a. Mr. Backup, and Prasanna Malaiyandi are joined by Chris Groot and Stefan Voss from N-Able, a company specializing in backup, data protection and security systems. Nable focuses on serving the needs of managed service providers to deliver excellent service to small and medium-sized businesses. They discuss the importance of catering to the "Fortune 5 million," which includes businesses with 20 to 2000 employees, highlighting the significant role that small businesses play in our economy. Tune in to learn more about Nable's approach to the cloud data protection space and their goal of making backup admins indispensable.

Why it's process, then people, then technology

Mon, 18 Sep 2023 04:00:00 -0700

In this episode of Backup Central's Restore It All podcast, the host welcomes cyber expert Rick Mishka to discuss the three aspects of IT: process, people, and technology. They explore the misconception that a new piece of gear or software is always the solution to every problem, particularly in preventing data exfiltration. Rick also shares insights into his short-form podcast, Cyber Pros, where he covers cybersecurity topics in just nine minutes. Tune in to gain valuable perspectives on backup, DR, and data protection.

The Unforeseen U-turn: Inside Microsoft 365's Backup Revolution

Mon, 11 Sep 2023 04:00:00 -0700

In this episode of Restore it All, our hosts Curtis and Prasanna delve deep into the recent significant developments in the world of data backups, with a special spotlight on Microsoft 365's about-face on native user backups. They dissect Microsoft's sudden realization of its potential revenue streams and the ramifications of its new direction.

The duo also discusses the intricacies of Microsoft's new backup APIs, sharing insights into the former approaches and the strategic changes aimed at enhancing backup efficiency. They traverse the landscapes of various vendors like AWS and Salesforce, drawing parallels and noting divergences in their backup strategies.

Tune in as Curtis and Prasanna ponder the pros and cons of entrusting your backup with the same vendor, emphasizing the importance of not putting all eggs in one basket. The episode beckons listeners to contemplate crucial questions concerning data storage, protection, and ransomware attacks, urging for a meticulous evaluation of Microsoft's new offerings.

As they navigate these shifts, the hosts can't help but say, "I told you so," emphasizing the dire need for backing up SaaS services. The conversation leaves listeners with pertinent questions and considerations, beckoning them to anticipate the forthcoming nuances in backup offerings from giants like Microsoft and Salesforce.

Join us for an episode packed with expert analysis, predictions, and a little bit of gloating, as the world of data backup takes a turn no one saw coming but was perhaps desperately needed.

Are password managers no longer an option?

Mon, 28 Aug 2023 04:00:00 -0700

In this episode, we look at the latest Ransomware Trends Report from Veeam, which gives us a view into the sobering world of ransomware attacks and the critical lessons they teach us about cyber defense. Join W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi, as they break down the key insights from the report. We explore the ruthless tactics of ransomware operators, the eye-opening stats on recovery time, and the evolving strategies of cyber insurers. From the importance of robust password management and multi-factor authentication to the strategies for safeguarding your backup server, we lay out a battle plan to protect your digital fortress. Tune in to discover why ransomware isn't just a threat—it's a wake-up call for businesses everywhere to bolster their defenses and emerge stronger against the rising tide of cyber threats. Your data's future might just depend on it.

Identity Orchestration: Simplifying Multi-Cloud Identity Management

Mon, 21 Aug 2023 04:00:00 -0700

In this episode, W. Curtis Preston and Prasanna Malaiyandi are joined by Eric Olden, the CEO of Strata Identity. With over 25 years of experience in the cybersecurity industry, Eric sheds light on the concept of Identity Orchestration and how it addresses the complexities of modern identity management in multi-cloud environments. He discusses the evolution of technology consumption, the philosophy of "bought not sold," and the creation of a new product category in the world of identity management. Eric explains how Strata Identity's platform acts as an abstraction layer, allowing organizations to seamlessly integrate and switch between different identity providers without rewriting applications. He also shares insights on modernization, just-in-time provisioning, and the benefits of the open free IDQL standard. Don't miss this engaging discussion about identity orchestration and its role in simplifying the management of identities across diverse cloud ecosystems.

Red team leader shares how to think like a hacker

Mon, 14 Aug 2023 04:00:00 -0700

Our guest this week is a specialist at offensive cybersecurity; that is, they keep you safe by attacking you and showing you your vulnerabilities. They're a red team. We've got the leader of their red team, Duanne Laflotte, to help us understand how hackers think – and what we can do to stop them. He confirmed some of the recommendations we often make (Ahem: password managers good), but showed us some defenses aren't that helpful. A particularly relevant part to our backup audience is what he told us about the vulnerabilities of our backup system. At least one of them Mr. Backup had never thought of. Duanne is fun and scary all at the same time. I know this will be one of our top episodes this year.

Blue team stories from the cyber attack trenches

Mon, 07 Aug 2023 04:00:00 -0700

Nothing tells the story like a good story, right? This week we have Mike Saylor, the CEO of Black Swan, a cybersecurity company. Boy, has he been in the trenches. He tells some great stories about responding to cyber attacks. They're great stories and he's a great storyteller. We also learn about FBI Infragard, a partnership between the FBI and the private sector. We hope you enjoy the episode.

Should you disclose your cyber attack?

Mon, 31 Jul 2023 04:00:00 -0700

This week the SEC has made a new rule that publicly traded companies must disclose any cyber attacks within four days. What if you're not a publicly traded company in the US? Should you reveal what happened to you? We bring in a wireless cyber security expert, Scott Schober of Berkeley Varitronics Systems, to talk about this topic. Closely related is also what should you do when you personally make a big mistake. Should you tell your boss? What if you're a boss and someone makes a mistake? How should you respond? We get into all of this and more in the week's exciting episode.

Backup security is abysmal, says backup security expert

Mon, 24 Jul 2023 04:00:00 -0700

During this recording, Mr. Backup asked our guest how many backup systems that he had looked at had at least one critical security flaw, he said pretty much 100%. Holy. Cow. Doron Pinhas runs a company called Continuity Software, that does security assessments of storage and backup and recovery systems. They got the permission of some of their customers to anonymize and publish their findings, and the results were abysmal. (You can read the report yourself here.) He said it was extremely rare to find a backup environment that was properly configured from a security standpoint. He then went on to explain the kinds of things they look for, and how you can secure your storage and backup and recovery environments. He also explained how such environments are typically overlooked by most security scans! He said they have a lot of resources on their website to help you, and they also have automated tools that will ensure you stay secure once you zipped things up. If I were you, I'd check out those resources right now!

Your backup product is probably lying to you

Mon, 17 Jul 2023 04:00:00 -0700

Krista Macomber, analyst from the Futurum Group, joins us this week to talk about a number of things, but one thing really bubbled up to the top: co-opting of marketing terms. That is, it's probably using terms to describe their product, because they think you want to hear them. Two big ones these days are "air gapped" and "immutable." Krista and Mr. Backup talk about what these terms really mean – and whether or not your product should be using them to describe their product. You may not get any answers from this episode, but your darn sure will get some questions to back to your backup vendor with.

Former Green Beret advises us on Cyber Security

Mon, 10 Jul 2023 04:00:00 -0700

Today we are proud to have as our guest, Zach Fuller, a founding partner of the Silent Sector, a cybersecurity firm -- and a former Green Beret who served in combat. We talk a little about how his service made him the person he is today, and how it lead him ultimately into helping people protect their own data. We talk about his top few things he wishes people would do to secure their environments (in addition to Mr. Backup's usual suggestions of password management, MFA, and patch management). we found Zach a very engaging person, and we know you'll learn a lot.

How to foster a culture of recovery in your organization

Mon, 26 Jun 2023 04:00:00 -0700

Our guest this week (Jim Love from the Hashtag Trending podcast and IT World Canada) touched on something we thought was profound. He felt that some organizations had what he called a "culture of recovery," meaning that they took recovery into account in all aspects of the org. He explained how he fostered this in companies where he worked, and how you can do the same. We also covered generative AI, and he shared several other tips from his many years in the business. Learn the old ways!

How to PROPERLY back up your iPhone (iCloud is not a backup!)

Mon, 19 Jun 2023 04:00:00 -0700

iCloud is not a backup; it is a synchronization tool. If you delete things on your phone, it deletes them in iCloud. iCloud is not a backup. In fact, if you have storage optimization turned on, the high-resolution verion of your photos is stored in only one place. If you delete it, it's gone forever. Mr. Backup tries tries three different ways to back up your iPhone, and finally settled on idrive.

iDrive was the only solution we found that worked for both iPhone and Android (including if you turned on optimized storage). If you'd like to try it, make sure to use the link below.

Listeners to the podcast get 90% off their first year using the following link (We will also get a referral fee):

https://www.idrive.com/idrive/o/p/backupcentral/partner90

Cyber expert not happy with state of cybersecurity today

Mon, 12 Jun 2023 04:00:00 -0700

This week we talk with Eric Jeffery, a cybersecurity SE and host of the Cyber Security Grey Beard podcast, and he is just a little miffed about how organizations are responding to cyber attacks today. It's not so much about how they respond to the attack itself; it's how they communicate what happened to the public – if at all. He's submitting what happened at the LA Unified School District as his case in point. He's a bit fired up, so this will be a fun one.

How do you authenticate with all new hardware?

Mon, 05 Jun 2023 04:00:00 -0700

Imagine you're a small business or household that just lost everything in a fire, and your phones, ipads, and laptops went up in flames too. Where do you start? You've got a cloud-based password manager (e.g. Dashlane, OnePassword, KeyPass) and MFA system (e.g. Google Authenticator, Authy). How do you authenticate yourself with these systems if you have all new hardware? That's what we're talking about in this episode.

We reference this great previous episode about being prepared for disasters:

https://www.backupcentral.com/how-to-prepare-for-an-emergency-at-home-and-work/

You could lose access to iCloud account data forever!

Mon, 22 May 2023 04:00:00 -0700

There was a shocking article by Joanna Stern of the Wall Street Journal about how you are a simple bar trick away from losing access to all your photos (and some money) forever. All they need to do is steal your iPhone after seeing you type in your passcode, and they can lock you out of your account forever. 1. This is why we back up stuff and 2. There is a way to stop this. I'm not yet sure how vulnerable Android folks are to the same problem. If I've piqued your interest, this is the episode for you.

Here are two YouTube videos where the WSJ talks about this:

https://www.youtube.com/watch?v=QUYODQB_2wQ

https://www.youtube.com/watch?v=tCfb9Wizq9Q

How to back up and recover a database (Backup to Basics series)

Mon, 15 May 2023 04:00:00 -0700

Have we got a packed episode for you. This week in our continued Backup to Basics series, we dive deep into the various options for backing up and recovering databases, along with the pros and cons of each. Want to figure out the best way to back up your traditional or modern database? This is your episode. As usual, Mr. Backup and Prasanna also manage to make it fun. This is a great episode and we think you'll enjoy it.

Flash expert schools Mr. Backup

Mon, 08 May 2023 04:00:00 -0700

A few weeks ago, Mr. Backup (W. Curtis Preston) said he didn't understand why people used flash for backups. He said it was overkill. A few days later, Howard Marks of Vast (friend of the pod) took issue with that statement, and asked for the chance to defend Vast's title, so to speak. Howard is a friend of the pod and we were happy to say yes. We also take the opportunity to get an update on Vast, and discuss their data reduction techniques in more detail. Bonus points if you get the cover art reference.

What are SIEM, SOAR, EDR, XDR? Are they available as a service?

Tue, 02 May 2023 04:00:00 -0700

Are you doing all you can to stop ransomware attacks before they happen, or kill them the moment they show up? Have you looked into this and found yourself swimming in alphabet soup (SIEM, SOAR, EDR, XDR)? Have you looked at some of these tools and found them to be prohibitively expensive or too complex? This is the episode for you. We have Dez Rock, CEO of SIEMonster, a SIEM/SOAR/XDR as a service company. She helps us weed our way through these acronyms, and then tells us about how SIEMonster (pronounced sea-monster) is bringing this important technology to companies of all sizes.

What can you learn from the LastPass hack?

Mon, 24 Apr 2023 04:00:00 -0700

Last year LastPass suffered two hacks that left their customer's data exposed. What can you learn from this event, even if you're not a LastPass customer? We use this hack as an example of what your company should do (or not do) if it ever suffers such a hack. We also talk about password managers, and what this hack means to those who use them. You do use one, right? This is a great episode, chock full of information. We hope you enjoy it.

Backing up databases, Part 1 (Backup to basics)

Mon, 17 Apr 2023 04:00:00 -0700

It was a dark and stormy night in 1993 when paris (the database server) went down. It would be a night the new backup admin would never forget because he couldn't restore the database from backup. The only bright side of that very sad story is that it launched a career. Yes, that's the night W. Curtis Preston started his path toward Mr. Backup. Hear him tell the story in his own words, in the middle of the backup to basics series about backing up databases. Avoid the mistake that could have (but did not) cost him his job and enjoy a good episode while you're at it!

What computers should you back up? (Backup to Basics Series)

Mon, 10 Apr 2023 04:00:00 -0700

Are you backing up all the things you should be backing up? In this latest episode of our Backup to Basics series, Mr. Backup & Prasanna look at the list of the traditional things we think about backing up: servers, databases, laptops, mobile devices, file servers, virtualization servers, etc. The big question tackled in this episode is what of these things should you be backing up? Mr. Backup, of course, takes a pretty hard line about backup, but he may surprise you on some of his exceptions. We hope you enjoy the episode.

Can you apply least privilege to private data?

Mon, 03 Apr 2023 04:00:00 -0700

You know how we tell you to limit the amount of privilege each admin gets, in order to limit the blast radius if their account is compromised? What if you could apply that concept to applications that use private data to accomplish their task? We blindly give everything we have on each person to just about any app that needs anything. But if you had an app that only needs first name and email address, why not just give it that? And if it asks for more than that, what if you had a way to give it masked data, since it doesn't really need it anyway? That's how I would describe Sky Flow, a privacy as a service company, after interviewing its Head of Marketing, Sean Falconer. Fascinating new approach to the problem of personal data sprawl.

Six vulnerabilities your password manager might have

Mon, 27 Mar 2023 04:00:00 -0700

I was shocked to learn that my favorite password manager had a few known vulnerabilities, and you might be shocked too! We found this great research paper from the University of York, and invited one of the co-authors on to discuss it. Siamek Shahandasthi, an Associate Professor from the University of York, explained all the vulnerabilities discussed in the paper, and why each is important. I was able to verify that at least one is still found in my current password manager. How many are in yours? Let's pressure the companies to address these, shall we?

Check out the paper yourself here: https://eprints.whiterose.ac.uk/158056/8/Revisiting_Security_Vulnerabilities_in_Commercial_Password_Managers_2.pdf

What is deduplication and how does it work? (Backup to Basics series)

Mon, 20 Mar 2023 04:00:00 -0700

In our latest episode of the Backup to Basics series, we talk about what I think is the most important invention in my career: deduplication. Without dedupe, much of what we do in backup and recovery, and disaster recovery, would simply not be possible. Without dedupe there really is no disk backup market; there is no cloud backup market. I'd be out of a job! What is dedupe, anyway, and how does it work? What are the different kinds of dedupe and does that matter? You should learn a lot about this important topic.

Preparing an incident response plan for ransomware

Mon, 13 Mar 2023 04:00:00 -0700

An incident response plan is the key to successfully surviving a ransomware attack, and it's a bit like Dramamine. The time to get one is too late to get one. @Vmiss (Melissa Palmer) joins us again to talk about this important topic. We talk about the important role cyber insurance companies can play in helping you find an IR team and helping you develop a plan. (They can actually force you to do so in order to get coverage.) @vmiss was a blast to talk to again, and we're sure you'll enjoy this episode.

What to do with your network in a ransomware attack

Mon, 06 Mar 2023 04:00:00 -0700

We have talked about this a lot on the pod, and now we have someone that can explain what you actually do with your network when you get a ransomware attack. It's Tom Hollingsworth from Gestalt IT, and we're excited to have him on the pod. Some of his recommendations of course, require some configuration in advance. We talk about VLANs, SEIM and access management tools, and why many networking admins are terrified of the "reject all" concept that would actually make your network much more resilient in an attack. There is some really good stuff in this episode.

Could your backup system achieve Sheltered Harbor certification?

Mon, 27 Feb 2023 04:00:00 -0700

Sheltered Harbor is a non-profit organization dedicated to making sure financial organizations are able to recover after a cyber attack. Even if you're not a financial institution, there is a lot to learn hear. They've done a lot of work to make this standard practical in the real world. If nothing else, you can review what they ask orgs to do and see if you can apply it to your own environment. We once again have Eric Bursley to guide us through the topic. Even Mr. Backup learned something!

Do you need a managed security service provider (MSSP)?

Mon, 20 Feb 2023 04:00:00 -0700

Today we're visited by Scott McCrady, the CEO of Solcyber, a leading managed security service provider. He says they're changing the model of how small and medium-sized companies secure their infrastructure against attacks, without any of the typical upfront cost or ongoing maintenance hassles of traditional methods. Have you tried securing your environment, only to suffer "alert fatigue?" Scott feels your pain and has fixed this by doing all of that as a service, which you pay for like a typical SaaS offering. Just a per-user fee per month - one SKU. It's a new way to secure your infrastructure.

@vmiss warns about ransomware attacks on VMware

Mon, 13 Feb 2023 04:00:00 -0700

How great is it to discuss your favorite topics, learn something new, and have a great time all at the same time? That's what this episode is like. @vmiss (AKA Melissa Palmer) came on the pod for the first time this week. I've read a lot of her content and tweets over the years, and it was great to finally put a face to the name. She knows her stuff when it comes to security, since she was actually working in it before she got into VMware. It was a great conversation I think you'll learn a lot from.

Block ransomware from writing to your Windows Veeam backup server

Mon, 06 Feb 2023 04:00:00 -0700

We've talked a bit on this podcast about ransomware groups targeting Windows-based backup servers, and Veeam specifically. There's a new product on the market targeted at this problem, and it's called Blocky for Veeam from Grau Data. Today we have the founder & CEO of Grau Data, Herbert Grau, and their head of North American operations, David Cerf. What we didn't know until recording this episode is that these are the same people that used to make the gigantic Grau tape libraries that is used covet back in the 90s! They got out of the hardware business and have been making software ever since. Blocky for Veeam is a new application of another battle-tested product. Fascinating story, and one that will have other applications in the future.

Don't be like LastPass

Mon, 30 Jan 2023 04:00:00 -0700

LastPass made some serious blunders: how they responded to the hack in August, code they created before August, and how they configured their backup system. All of that came to a head at the end of 2023 when the hackers from August used stolen credentials to download a backed up copy of customer information. Most of it was encrypted, but they still gained a lot of information. Many are calling for customers to leave the product. However, even if you're not a lastpass customer, there are lessons to be learned here. Learn those lessons and don't be like LastPass.

Mr. Backup reflects on 30-year career

Mon, 23 Jan 2023 04:00:00 -0700

Today (Jan 23) marks 30 years to the day that W. Curtis Preston joined the backup industry. Fresh out of the US Navy and wanting to make a name for himself, he joined MBNA, a 35-billion dollar credit card company as "the backup guy." Within seven years he would write the industry's first book dedicated to backup, and since that time, he's gone on to be the world's leading expert in backup and recovery. What were backups like in 1993? How have things changed over the years? And how did he apapt to all of those changes? Prasanna takes the lead as host for this episode, asking Curtis a number of very insightful questions. Be sure to join us for this very special episode.

Protecting backups from ransomware (Backup to Basics)

Mon, 16 Jan 2023 04:00:00 -0700

The latest in our Backup to Basics series is about making sure hackers don't delete, encrypt, or exfiltrate your backups as part of a ransomware attack. (Our Backup to Basics series reviews topics from Curtis' latest book Modern Data Protection, which you can download at druva.com/e-book.) We talk about how and why hackers are specifically targeting your backup system to either disable it or use it as a source for exfiltration. Then we talk about a number of things you can do to defend your backup system against these attacks. This is our most important episode in a while.

Backup team completes two-year project in three months

Mon, 09 Jan 2023 04:00:00 -0700

Hear the incredible story of Albert Uy, who was handed a two-year project that had already wasted 18 months. They told him he had four months to complete it. He looked at that timeline and told them there was only one way he could do, by switching horses in mid-stream. Not only did they finish it in time; they finished it early. Albert has also managed backup teams for many years, so before we cover this project story, we talk about backup has progressed over the years. We also talk about how much easier his job got once he started using Druva has his backup solution.

Best of 2022 - Backups, Security, and Ransomware

Mon, 02 Jan 2023 04:00:00 -0700

Nothing but the best for our listeners! Curtis and Prasanna review their favorite episodes from 2022, from the time Curtis had to restore Backup Central to the shocking outage at Rackspace ( which is still ongoing!). This is your chance to catch up on what you missed last year as we prepare for a new year! Here are links to all the episodes discussed. Happy New Year!

Mr. Backup Forced to Restore Backup Central

Restore Test Failed to Bad Documentation

Security expert rips Okta for their response to hack

How to prevent ransomware, slow its spread, and respond if you get it

How to prepare for an emergency (at home and work)

Backup practitioner tells stories from the trenches

Top 5 security mistakes you're making in the cloud

International lawyer discusses e-discovery in US & other countries

Shocking RackSpace Hosted Exchange Ransomware Attack

Mon, 19 Dec 2022 04:00:00 -0700

Tomorrow marks two weeks from when the RackSpace outage started on Dec 2, 2022. They confirmed it was via a ransomware attack and it is not. going. well. We're going to do a deeper dive into this once it is all over, but this is a first-blush look at what is happening and RackSpace's reaction to it. When we recorded this episode, their reaction was not looking good. I'm sad to say it's gotten even worse. Check it out!

Understanding Backup Levels (Backup to Basics Series)

Mon, 12 Dec 2022 04:00:00 -0700

Ok, so maybe not the most interesting topic. ;) But we promise you, this episode has a great story that involves Mr. Backup being kidnapped by a client, basically because he had a backup level issue. Learn about full backups, incrementals, cumulative incrementals, differentials, numbered levels, tower of hanoi backups, and why all this matters. It turns out it matters a lot more these days for structured backups than filesystem backups, which have typically gone to an incremental forever setup.

Risk Management Advice from an industry expert

Mon, 05 Dec 2022 04:00:00 -0700

This episode we have Boris Agranovich, who has been a risk manager for decades, and speaks SIX languages (Russian, Ukrainian, Hebrew, Dutch, English, and Spanish). How amazing is that? He started the Global Risk Community, the largest online community for risk managers, and it's doing very well. We talk about the differences between what we do (as IT risk managers) and what he does, where he's managing risk for the entire organization. Fascinating guy with a unique perspective.

What is archive and retrieve? (Backup to Basics)

Mon, 28 Nov 2022 04:00:00 -0700

Archive is NOT backup, and hopefully this episode will help you understand how/why that is the case. In this continued romp through W. Curtis Preston's Modern Data Protection, we explore the definition of archive, and how different it is from backup. You should have no trouble understanding the difference between the two after listening to this episode. As usual, Mr. Backup fills in the definition with interesting stories of what happens when you confuse backup and archive. Enjoy!

What is backup and restore? (Backup to Basics Series)

Mon, 21 Nov 2022 04:00:00 -0700

As we continue our "Backup to Basics" series, we touch on one of the most important questions of all: what is backup and restore? (And how does it different than archive and retrieve?) The answer to these questions are both simple and nuanced. It's important to have a solid understanding of backup and restore in order to understand how archive is different.

Reminder: You can download a complimentary copy of Mr. Backup's latest book, Modern Data Protection here: https://druva.com/ebook.

Divining Requirements out of the Organization

Mon, 14 Nov 2022 04:00:00 -0700

This episode follows the previous one in a very interesting way. We have a guest, Eric Bursley, whose job is to divine business and technical requirements from a vendor perspective at Presidio, an IT solutions provider. He consults with customers and helps them get from "I want" to "I need." This was a fascinating conversation that took a turn into (surprise) ransomware. Eric is a fan of the pod and knows his stuff.

As mentioned in the podcast, here is a link to the music video that is the theme song of the podcast:

https://www.youtube.com/watch?v=fPoE7nlgYe4

The episode where we meet the voice behind the song: https://player.captivate.fm/episode/b60b207b-2dfc-4b38-b5ea-1cd4c6231025

Getting approval for a new backup design (Backup to Basics Series)

Mon, 31 Oct 2022 04:00:00 -0700

We say it all the time: your backup requirements must be based on business/organizational needs. If you keep that mind, not only will your organization be better off, it'll be easier to get approval for the new backup system you want. This episode of our Backup to Basics series goes right to that core idea, and we get advice directly from one of our favorite guests: Jeff Rochlin. He is now the Head of Technical Operations at the LA Studio of Framestore, a visual effects company. In his 30+ year career he has designed and implemented dozens of systems (at least one of them with Mr. Backup). He shares with us his tips on how to design the system AND how to get it approved.

If you'd like to see what Jeff and Curtis do for fun, check out their other podcast, The Things That Entertain Us.

When to use public or private cloud AND how to protect it

Mon, 24 Oct 2022 04:00:00 -0700

If you have sometimes wondered if your apps should be in a public cloud, private cloud, or in your own datacenter, have we got the episode for you. And we'll also talk about how to protect those apps regardless of where they reside. We looked hard for an unbiased cloud expert, and I think we hit gold. We found Sagi Brody, the CTO of Opti9, an MSP that supports both public and private clouds, as well as on-premises backup infrastructure! We talk extensively about which types of things are appropriate (from a cost and risk perspective) to go into the public cloud, private cloud, SaaS apps, and even your own datacenter. It was an informative and entertaining conversation that we're sure you will enjoy.

Why do we even back up? (Backup to Basics Series)

Mon, 17 Oct 2022 04:00:00 -0700

We get right to the heart of the matter in this next episode of our Backup to Basics series. (See what we did there?). Why do we even back up? It is expensive, time consuming, and no one seems to want to be in charge of it, so we do we even do it anyway. This episode is based on Chapter 1 of W. Curtis Preston's latest O'Reilly book, Modern Data Protection, which you can download for free courtesy of Curtis' employer, Druva. Curtis believes there are three categories of reasons: human disasters, mechanical failures, and natural disasters. We talk about the odds of each of these happening, and how that's changed over the years.

The episode also starts with Mr. Backup telling the story of how he got into backup in the first place, as well as telling the story of the first time he lost data. It's the whole reason he ended up dedicating his career to backup, and he learned a lot of things from that failure.

Here are the links to other episodes we discuss in this episode of the pod.

Real Life Hurricane Disaster Recovery Story

Disaster Recovery after a hurricane - a First Hand Account

Stop Ransomware Attacks in Seconds. (Includes the Derecho story)

International lawyer discusses e-discovery in US & other countries

Mon, 10 Oct 2022 04:00:00 -0700

This week are we pleased to announce we have Joe Dehner, specialist in International Law, to discuss the legal side of e-discovery and all the things that go with it. For the first time on Restore it All, we have a lawyer discussing legal things! (Usually we just tell you we're not lawyers!) My favorite part was listening to him tell stories from actual cases that make the various points we discuss. I also enjoyed when we talk about the e-discovery boogey man, adverse inference. If you have heard me talk about this before, it's usually around the context of backup and archive – and how they are different! Hear it from the horse's mouth, so to speak.

Your cyber insurance doesn't want to pay for your hack

Mon, 03 Oct 2022 04:00:00 -0700

This is a trend that's happening around the globe, and the news we got from Lloyd's of London Insurance in August is just the latest example. They're looking to exclude payments for "catastropic" and "state-sponsored" attacks. We talk about what that means. We also discuss how a plaintiff lost a recent lawsuit against their insurance company, getting $100K when what they wanted was $600K. It was how their policy was written. We also talk about a new show (streaming on Peacock in the US) called "The Undeclared War" that is technically fictional but seems all too real. We finish up with a discussion of how we see the roll of cyber insurance in this scary world of ransomware. Saddle up and listen up!

Learning lessons from the Uber and LA USD cyberattacks

Mon, 26 Sep 2022 04:00:00 -0700

The Uber attack is huge. The initial penetration teaches about MFA, and how they were able to escalate their privileges from there is simply wrong, wrong, wrong. What can you learn from this? Well, we have a cybersecurity expert, and host of the Tech and Main podcast, on the pod this week to help us figure that out. We had planned to just talk about the Uber attack, but he also wanted to talk about what happened to the LA Unified School District. Do you have kids in school, or know someone employed in K-12 education? Shaun St. Hill makes a solid point or two about what they should be doing. All that and Curtis complaining about how much he spent on his vacation to Hawaii. Boo hoo, right?

Top 5 security mistakes you're making in the cloud

Mon, 19 Sep 2022 04:00:00 -0700

Cyber security attacks are everywhere, and they're definitely going after what you have running in your favorite hyperscaler. Today we are joined by Paul Hadgy, CEO of Horangi Security, a cyber security company specializing in securing your cloud infrastructure. We talk about a number of things, but at one point, Mr. Backup asked him what the thought was the five biggest security mistakes people make when building out their cloud infrastructure. He gave us a pretty good list, and then talked about how they're able to secure it AND make sure you're properly utilizing it. (They can tell you resources you're paying for that you shouldn't be!) Great interview with Paul.

How to back up Jira

Mon, 12 Sep 2022 04:00:00 -0700

Jira is yet another service that could be at the center of your organization, and losing the data stored in there could cost you a lot. Did you know it doesn't even have an audit trail for many things? Not only can you lose data, you might not know what was deleted or who did it! We are joined this week from two representatives from Revyz, a new service to back up Jira. They talk about what to back up and what you can do for free, along with what functionality that misses out on. They then explain how their new service works and what it offers. Great episode where I learned a lot. Even if you don't use Jira, you will find a lot of useful info in this episode.

What are RTO and RPO & how do they drive backup design?

Tue, 06 Sep 2022 04:00:00 -0700

If you don't meet your company's Recovery time objective (RTO) and Recovery Point Objective with your backup design, nothing else matters. Seriously. No one cares if you can back up – only that you can restore in a timeframe they consider reasonable. The only way that's going to happen is if you agree to these times UPFRONT. In this episode in our new back to basics series, we'll jump right into this extremely important topic. We'll explain what RTO & RPO are, what recovery time and recovery point actual are, and how they relate to RTO & RPO. We'll also explain how to get your company to agree to them.

Why you need a password manager

Mon, 29 Aug 2022 04:00:00 -0700

Why don't you have a password manager already? Our guest this week, Chris Hayner, blogger at hayner.net and host of the Chaos Lever podcast, wrote a great blog called Yes, you need a password manager. "Yes, You Do Need A Password Manager, Brett. Yes You Do!" Both Prasanna and Curtis DO have password managers, so he's preaching to the choir. But if you'd like to hear the argument for why you need one, and arguments against many of the usual excuses for not having one, then this is the episode you need. And, as usual, we have a little fun along the way.

Datacore becomes leader in container-attached storage

Mon, 22 Aug 2022 04:00:00 -0700

Datacore has been one of the storage industry's best-kept secrets for a long time, quietly growing a dedicated customer base in Fort Lauderdale. Their CEO, Dave Zabrowski, joins us on this episode to explain their background, and tells us about how their technology and some savvy business decisions resulted in them owning Open EBS, the most popular container-attached storage platform. Datacore is a software-defined storage product that virtualizing pretty much any kind of storage into any other kind of storage, giving you exactly what you need, without vendor lock-in. Join us on this podcast to hear what's special about Datacore.

M-disc founder explains how it keeps data for 1000 years

Mon, 15 Aug 2022 04:00:00 -0700

This week we have Barry Lunt, one of two founders of Milleniata, the creators of M-Disc. The company may be gone, but the format lives on. Most modern DVD and Blu-Ray drives can write to M-Disc, and Verbatim still sells it. Barry explains to us why they decided to make M-Disc, and why it's different than any other optical product. He also offers a shocker: a study done many years ago that shows that recordable DVDs are nowhere near as good at holding onto data as they claim. There is a lot of good info in this episode. Hope you like it.

The industry's first $10M data resiliency guarantee (From Druva)

Mon, 08 Aug 2022 04:00:00 -0700

Druva's new data resiliency guarantee covers more than any other guarantee in the data protection/data resilience segment. It also was written with no silly exclusions (like some other guarantees) that are simply there to keep from having to pay anyone. It requires only a certain service level and that the customer follows Druva's best practices. It protects against the five areas of risk, including cyber, human, application, operational, and environmental. It includes SLAs for uptime, backup success, restore success, immutability, and confidentiality. This week we have Stephen Manley, Druva's CTO, to tell us about this new guarantee. Check out the new guarantee here: https://www.druva.com/resilience-guarantee/

Warshipping: The latest trick in the bad actor's playbook

Mon, 01 Aug 2022 04:00:00 -0700

Warshipping is yet another way hackers are taking advantage of how the pandemic has changed the workplace. Did you know you could be hacked by UPS, Fedex, or the postal service? Warshipping is shipping a self-powered device in a package so that it arrives at your office and is left unattended. (It's sent to someone working from home.) The device then sits there, sniffing the wifi, and eventually cracking your WiFi network and attempting to steal secrets. This isn't science fiction; it's reality. It's enabled by so much remote work, and by technology such as the Raspberry Pi. Read all about it in this article in DarkReading.com: https://www.darkreading.com/edge-articles/i-built-a-cheap-warshipping-device-in-just-three-hours-and-so-can-you

In this episode, Prasanna and Curtis discuss what this is, how it works, and what you need to do to stop this new attack vector.

Really inexpensive AND secure storage systems for backup

Mon, 25 Jul 2022 04:00:00 -0700

If you're one of those people that look at typical storage offerings for backup and recovery and say, "I can't afford this," you're not alone. A lot of ready-to-go storage solutions can get very expensive very quickly. Our guest this week (Erik Ableson from Infrageeks.com) ran into this a lot with his small-government customers and SMBs in France, and knew he had to get creative. He wanted to build a hardened Linux repository for Veeam backups, and he also wanted an S3 object storage system to serve as the second copy. His customers couldn't easily buy cloud services, so he needed something they could own and manage themselves. (He explains the unique reason they can't buy cloud services.) He built the Linux repository using a Synology box to run both the storage and a Linux VM, and he built the object storage system out of the free version of MinIO and what I will call a very unique build of hardware. Learn the details in this fun episode of a real practitioner's solution to a unique and challenging problem.

Using and backing up Hammerspace's global filesystem

Mon, 18 Jul 2022 04:00:00 -0700

Hammerspace offers a global filesystem that creates a single namespace across multiple storage systems and cloud storage providers. Hammerspace's name is inspired by the name for the magical place that cartoon characters get them from (e.g. Bugs Bunny pulling a huge hammer out of his pocket). They've taken a different approach to a global filesystem, using metadata to significantly minimize actual data movement and increase performance. Molly Presley, their SVP of Marketing (and friend of the pod!), explains the interesting use cases for this technology.

The Five Most Dangerous New Cyber Attack Techniques (A review of the RSA Keynote)

Mon, 11 Jul 2022 04:00:00 -0700

2022 is a new world in the cyber attack space, and Katie Nickels, SANS instructor, and director of intelligence at threat detection vendor Red Canary, describes the top five new attack they are seeing in the space. Spoiler alert: one of them is attacks against backups! Learn from an expert as we discuss the top five attacks they are seeing right now. We talk about living off the cloud, MFA exploits, an increase in nation-state hackers, the increased use of stalkerware, and YES: attacks against backup infrastructure. We discuss each of these in this important episode of Restore it All!

Is M-Disc the ultimate archive medium for SMBs and home users?

Mon, 27 Jun 2022 04:00:00 -0700

This week we talk about this exciting "new" medium for archiving data that is especially attractive to SMBs and home users. It's an optical disc that looks like a DVD and is readable in all Blu-Ray drives, but underneath it's something very different. If you haven't heard of it, then you're in luck! Thanks to Daniel Rosehill, backup anorak and friend of the show, we're going to talk about it – and its competitors on this week's episode! We discuss the good and bad about using all of the following for archiving: paper, SSD, disk, tape, DVD, Blu-Ray, ending with M-Disc. Learn what's wrong with these other mediums, and what's so great about this one in another fun episode of Restore it All!

Backup practitioner tells stories from the trenches

Mon, 20 Jun 2022 04:00:00 -0700

Someone that knew Bill Gates when he was a boy in on the podcast this week, although we only talk about Bill Gates for a moment. He has 30+ years in backup experience and tells us what it's been like to adapt to all of the backup changes over the years. His first backup was to punch cards and punch tape, and he was in the same Boy Scout troop as Bill Gates. Fans of the podcast know his name already, as it comes up randomly on the show as a friend of Curtis. But this is the first time Stuart Liddle has graced us with his presence.

Like Mr. Backup, his career starts with a data loss story that actually involved people having to re-enter data. We discuss a lot of configuring and running backups, including deciding on retention periods, treating all backups the same (or not), virtual tape libraries and other dedupe systems, and how important a change management data database (CMDB) is. We also talk about the danger of becoming entrenched in a specialty like backup, knowing only one specialty or product. We talk about how it's not good for you or your company.

Finally we talk about the different way people are using the cloud today for IT and backup, and how that affects cost. Curtis and Prasanna use a great analogy that helps it make sense.

This week's episode is fully of useful information.

Just do something! (about your security and your backups)

Mon, 13 Jun 2022 04:00:00 -0700

Today we are joined by security expert and host of the Secure Talk podcast, Mark Shriner, to discuss information security. (Make sure to check out his podcast here: http://www.securetalkpodcast.com/)

We talk about it from a personal perspective, as well as for organizations. Mark, Curtis, and Prasanna talk about what are the bare minimum things you should be doing as an individual to protect your personal information and data, both from a security and backup perspective. We then move on to talking about it from a company perspective, and how very important things like MFA (while good) do not solve everything, and then we talk about many other things you could be doing. Then there was the moment that created the title of the podcast, where Prasanna disagreed with Curtis – but not quite. When it comes to information security and data protection (and many things in life), perfect is the enemy of good. Try not to be overwhelmed with all the things you could or should be doing; just pick something and do something. Something is always better than nothing when it comes to these areas. This episode is jam-packed with good information you won't want to miss.

Seven reasons why your restore may slower than your backup

Mon, 06 Jun 2022 04:00:00 -0700

So many people are surprised when their restore is slower than their backup. You shouldn't be, as it's quite common. The good news is there are things you can do to make it faster – if you know them in advance. W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi tackle the seven reasons why your restore may be slower than your backup. Topics covered include RAID penalties, tape issues, database concerns, and others. You'll walk away knowing what to do in order to find out how slow your restores are – and how to fix them. This podcast is packed with good info! (And the death of a USB hub.)

Data protection warrior explains LTO & RDX

Mon, 23 May 2022 04:00:00 -0700

Pat Mayock is a Data Protection Warrior for HPE, and he helped us to understand where he thinks LTO & RDX (a removable disk technology) sit in the market. He explains how much tape is used today in enterprise and cloud environments, especially in the public cloud that so many think is a tapeless world. He says the cloud vendors are some of LTO's biggest customers! We talk about what LTO is good at, what it's not so good at, and what that means for how you should use it. Then we shift gears to talk about RDX, a removable disk product that has been around for roughly 15 years. It consists of a docking station and a disk-based cartridge that is built to kind of resemble a tape! Each cartridge contains a single disk drive that you can use very much like you would use a tape, except it appears as a drive letter (mounted filesystem) versus a tape drive. He explains what its target market is and how it meets a niche in the removable storage market in between removable USB disks and a standalone LTO tape drive. This is a fascinating episode you won't want to miss.

Top seven things you must stop doing with your backups

Mon, 16 May 2022 04:00:00 -0700

This whole episode is a Mr. Backup rant, where he talks about things that people should really stop doing with their backup systems, starting with backing up directly to tape. There is a place for tape, but it is NOT at the front end of the backup system. Curtis and Prasanna passionately discuss and explain several relics of the ways we used to do things, and why they no longer make sense. Another one is repeated full backups - synthetic or otherwise. Many of them can be addressed by just changing how you use your backup product, but a few of them may cause you to think about making a change. (Hint: if your backup product has been around for more than 20 years, it probably can't get away from some of the relics of the past.)

How to prepare for an emergency (at home and work)

Mon, 09 May 2022 04:00:00 -0700

This week we are joined by emergency preparedness expert and prolific author and speaker, Virginia Nicols, webmaster of EmergencyPlanGuide.org. We talk about why and how to prepare for a disaster/emergency in your personal life, as well as how to do it for a small business. This is a bit different than our usual episode, as there is very little talk about backup and recovery. We talk about where to start when assessing what to do, and what steps you can take right away to prepare. Virginia is extremely knowledgeable on the subject and we learned a lot. You will too!

Snorkel42, security expert from reddit, explains his security cadence series

Mon, 02 May 2022 04:00:00 -0700

If you liked last week's episode where we talked about this "so let's talk about ransomware" series on reddit, you'll love this week. We have the author, Snorkel42, to talk about the origins behind the security cadence series, and why he decided to finally write some on ransomware. (He explains that everything he talks about his ransomware, but he admits he's been "Mr. Myagi'ing" it for a while.). This guy knows his stuff, and this is the second time he has been on the podcast. He's knowledgeable and entertaining. One of those rare combinations. This is a great episode you will not want to miss.

Here are the three posts:

https://www.reddit.com/r/sysadmin/comments/tdvbp4/security_cadence_okay_fine_lets_talk_ransomware/

https://www.reddit.com/r/SecurityCadence/comments/tedapy/security_cadence_ransomware_part_2_actions_on/

https://www.reddit.com/r/SecurityCadence/comments/tfm927/security_cadence_ransomware_part_3_the_worst_case/

How to prevent ransomware, slow its spread, and respond if you get it

Mon, 25 Apr 2022 04:00:00 -0700

This week, Prasanna and Mr. Backup (W. Curtis Preston) review a series of posts made by Snorkel42, who previously appeared on this podcast in the episode called "Security expert rips Okta for their response to hack." Things were recorded out of order, so this is the episode where we discovered him on Reddit, and tried our best to distill several thousand words into about 30 mins of advice on how to protect against ransomware. We talk about how to prevent getting it in the first place, how to limit its damage if you do get it, and how to respond and restore your data once that happens. There is a ton of really good advice here, so check it out!

Here are the three posts:

https://www.reddit.com/r/sysadmin/comments/tdvbp4/security_cadence_okay_fine_lets_talk_ransomware/

https://www.reddit.com/r/SecurityCadence/comments/tedapy/security_cadence_ransomware_part_2_actions_on/

https://www.reddit.com/r/SecurityCadence/comments/tfm927/security_cadence_ransomware_part_3_the_worst_case/

Vast Data really does appear to be "vast"

Mon, 18 Apr 2022 04:00:00 -0700

Vast is a massively-scalable storage system designed around multiple pieces of technology that weren't available just a few years ago (e.g. NVMe, Storage class memory, QLC) that offers both file and object functionality, immutable snapshots, and integration with the cloud to address the "smoking hole" problem. Their typical sale (of which they've made many) is north of $1 million, and they have many exabytes of disk in the wild. It's a scale-out storage system without all the typical East-West traffic such systems have. We do our best to poke holes in their offering, but Howard Marks goes toe-to-toe quite well. This one went a little long (one hour) but we truly were fascinated with the Vast story Howard was telling.

A look inside the Conti ransomware group

Mon, 11 Apr 2022 04:00:00 -0700

This episode is a unique look inside the Conti ransomware group, courtesy of a four-part series from Krebs on Security. We review the interesting takeaways from Brian Kreb's series of over 12,000-words from quite a bit of research. The series was inspired by a hack of Conti that resulted in a traunch of internal documents being made public. This gives a unique view into how the organization thinks, how it is laid out just like any other business, the weapons it uses to spread ransomware, and its attempts to branch out to other areas of cybercrime.

If you enjoy the episode, be sure to check out the articles that inspired it:

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry

https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime

Backup is evil (or at least how many people do it is)

Mon, 04 Apr 2022 04:00:00 -0700

This week we are joined by John "Ricky" Martin, Director of Strategy at NetApp (and former owner of a tape recovery business), to talk about his paper that declares that backup is fundamentally evil and done in an unintelligent way. Mr. Backup wasn't sure how this one was going to go, and there were at least one or two arguments along the way. No blows were thrown, though. We definitely talk about what a tape recovery business is, and what it was like to do that. We also talk about tape backup, full backups, multiplexing, tape handling, and other elements of how backup is still done today by many people. It's a fun episode where you should learn a lot.

Security expert rips Okta for their response to hack

Mon, 28 Mar 2022 04:00:00 -0700

We have none other than Snorkel42 from Reddit on the podcast today. He has 20 years experience in InfoSec, and is a prolific writer on Reddit under the handle Snorkel42. (Check out his posts here: https://www.reddit.com/user/snorkel42/). (We will not be using his given name during the recording.).

He thinks Okta managed to turn a mole hill into a mountain by incorrectly handling the hack that happened in January – that we just learned about last week. That's right, we just found out about a hack that actually happened in January!

We dive deep into what happened, what it means, and how the worst problem of all is how Okta responded to it. Our expert says he no longer trusts Okta, and gives advice to customers on what to do next.

This is a very timely episode that you will really enjoy – unless you're an Okta customer or employee.

Restore test fails due to bad documentation

Thu, 24 Mar 2022 19:52:00 -0700

Gary Williams tells a great story about earlier in his career that taught him the value of testing backups and updating documentation. He explains how he thought his backups were fine, until a "new guy" came onto the scene and dared to ask the question, "When was the last time you tested your backups?" As Gary explains, sometimes new people have the best perspective. They let him do the first test, and .... it failed spectacularly! It all came down to the documentation they were so proud of. Hear Gary's story and learn from his mistake – one that defined his career. (Mr. Backup also tells the story that defined his career as well!)

Should you backup SaaS with BaaS?

Mon, 14 Mar 2022 11:00:00 -0700

When you back up your SaaS apps (because you know you are supposed to), should you back them up to a SaaS service or on on-premises backup system? After defining what SaaS is and isn't, Prasanna and Curtis discuss this important question. First they look at how sizing a SaaS system for backup is different than when you do it in a datacenter, and how that creates challenges for backup design. Does it make sense to use on-premises backup to backup a cloud resource like SaaS?

Top 10 Ransomware Attacks of 2021

Mon, 07 Mar 2022 12:00:00 -0700

Learn from others' mistakes by reviewing last year's worst ransomware attacks with Mr. Backup and Prasanna Malaiyandi. Listen to them review the 10 worst attacks from 2021, then discuss lessons learned: Colonial Pipeline, BrennTag, Acer, JBS, Quanta, NBA,AXA, CNA, CD Projekt, and Kaseya. Then they discuss the trends they see, and the lessons we can all learn from these horrible attacks.

Mr. Backup takes on reddit about Microsoft 365 backup

Mon, 28 Feb 2022 12:00:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi weigh in on a reddit thread that started with a simple question from a user. He has MSPs trying to sell him a solution to back up Microsoft 365, and he's wondering if that's even necessary. As usual on reddit, there are many opinions. Mr. Backup debates the various points being made by the anit-backup crowd, including an article arguing the same point. We start with an overview of why it's important, then we take on the various arguments used to support not backing it up. We talk about how retention policies are not backup, and why. Even retention lock doesn't help, and neither do lagged copies of Exchange Online. We also talk about how the e-discovery tool is NOT a restore tool and will not give you what you're looking for. Finally, we talk about the idea that backup tools can't do DR for Exchange online, and how that is used to bash them as well. Great discussion on this one.

Mr. Backup Forced to Restore BackupCentral.com!

Mon, 21 Feb 2022 12:00:00 -0700

On this week's episode of Backup Central's Restore it All, Mr. Backup himself becomes the guest, while Prasanna Malaiyandi takes over as host. W. Curtis Preston explains the backup configuration of the website behind the Restore it All podcast, and how bit rot caused him to have to restore part of it. We talk about bit rot, the 3-2-1 rule, off-site backups, backups stored in S3 and Google Drive, and what it's like to restore part of a MySQL database. Luckily, the folks at LiquidWeb were very helpful. Watch Curtis explain how practices what he preaches over at BackupCentral.com.

If you want to watch the video version of this episode, it's here: https://www.youtube.com/watch?v=I3285etiYBs

Should DR/backup folks report to the security team?

Mon, 14 Feb 2022 12:00:00 -0700

This is a response to Tom Hollingsworth's (@networkingnerd) video "Disaster Recovery is a Security Function," found here: https://gestaltit.com/tomversations/tom/disaster-recovery-is-a-security-function-tomversations-episode-25/.

I respectfully disagree w/Tom's assertions in his video, and decided to use this as the first episode I'm going to publish a video version of. You can listen to the podcast on all the usual podcast channels, or watch the video version on youtube here: https://youtu.be/ym_ibNWVjgA

Tom said that backup and security are very closely related, and suggested that if we reported to the same team, we could perhaps accomplish more together. While I understand the point he is making, I disagree with it, and Prasanna and I discuss it on this episode. We believe Tom's opinion comes from an outdated concept of how security works in backup systems; we haven't worked like that in quite some time. I explain how modern backup systems work from a security perspective, then talk about the idea of backup folks reporting to security folks. I think it's a bad idea for several reasons.

What Can We Learn From University of Kyoto Losing 77 TB of Research Data?

Mon, 07 Feb 2022 12:00:00 -0700

This week's episode is about an incident that happened at the University of Kyoto, Japan, where they lost 77 TB of research data forever. What can we learn from what happened to them? First we discuss the concept of "we can't afford backup," that seems to be prevalent in a lot of universities and research institutions. We then ask and answer the question of whether or not it is every OK to not backup data, along with whose responsibility is it? We pause the recording for what appears at first to be a spam call, but you'll have to listen to hear that. We talk about what happened there, including a letter from HPE apologizing for what happened. Kudos to HPE for that. We also discuss a story from my very first week on the job in 1993; it's not pretty.

Free backup tools for MySQL & MongoDB explained by author of Learning MySQL

Mon, 31 Jan 2022 12:00:00 -0700

Vinicius "Vinny" Grippa, the co-author of O'Reilly's Learning MySQL (now in its second edition) talks MySQL and MongoDB, as well as that all-important topic of how to back them up! We first learn a little bit about Percona, where Vinny works, as they consult in the database space. We then discussed a hot topic from Curtis, which is this idea of companies that say they don't want an IT department. We then discuss the book, Learning MySQL 2nd edition, and Vinny's top 3 performance suggestions for MySQL, including a discussion about the differences between MyISAM and InnoDB tables. We then discuss the typical ways people back up MySQL and MongoDB, followed by a discussion of two free tools that Percona makes available: Xtrabackup and PerconaBackup for MongoDB. It is a fascinating discussion you won't want to miss.

Happy Data Privacy Day!

Mon, 24 Jan 2022 12:00:00 -0700

This week we celebrate Data Privacy Day, which is an international event that occurs every year on 28 January. According to its website, "The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices. It is currently observed in the United States, Canada, Nigeria, Israel and 47 European countries." Prasanna and Curtis discuss the latest in privacy practices and regulations, drawing on Prasanna's new experience protecting the privacy of Zoom's customers. We talk about the difference between PII and Personal Data, different regulations around the world, and some new tech features you can use to protect your privacy. We also discuss a few gotchas out there, such as Verizon's new system that they require you to opt out of! Happy Data Privacy Day, everyone!

Does K8s still need DR? O'Reilly K8s Author On the Hot Seat!

Tue, 18 Jan 2022 00:14:00 -0700

Things got a little tense on this week's podcast when James Strong (@strongjz, Co-Author of O'Reilly's Networking & Kubernetes) hinted at DR being a thing of the past with K8s. Mr. Backups was having none of that. No blows were thrown, mostly because it was all online, but it was a really good conversation that K8s and DR enthusiasts alike will find interesting. We also cover the new book, Networking and Kubernetes, by James Strong and Vallery Lancey, including why the decided to write it, and what it covers. We talk about monitoring K8s networking, and James uses at least 25 acronyms that may be new to some listeners. Don't worry: we make him explain all of them.

Resiliency expert reviews Major Facebook Outage

Mon, 10 Jan 2022 12:00:00 -0700

Bob Plankers, resiliency specialist from VMware, joins us on this week's podcast, as we examine last year's major Facebook outage that took out Facebook, WhatsApp, and Instagram all at once. We discuss what we believe happened, just how bad it got, and our thoughts as to what we can learn from this huge outage. This isn't schadenfreude, and we acknowledge that we are Monday morning quarterbacking. It's an attempt to LEARN from the misfortunes of others – not to take joy in them. Solid discussion with @plankers.

Remembering the Best and Worst of 2021

Mon, 03 Jan 2022 12:00:00 -0700

On this first business day of 2022, let’s take a look back at the year that was. It was, of course, another year of COVID. In fact, Curtis contracted COVID right at the end, despite being boosted. This is also the year of the OVH fire that we talked about for three episodes:

https://www.backupcentral.com/datacenter-manager-dan-frith-discusses-the-ovh-fire-restore-it-all-podcast-105/

https://www.backupcentral.com/how-do-you-prove-your-backup-service-is-real-restore-it-all-podcast-106/

https://www.backupcentral.com/ovhs-backup-service-didnt-work-restore-it-all-podcast-107/

We think our most interesting episode of the year goes to Paul VanDyke from Kodiak Island, who deleted his whole environment and then tested his backups: https://www.backupcentral.com/it-admin-deletes-entire-datacenter-then-tests-his-backups-restore-it-all-podcast-135/

We even had a barbecue episode. No backups, just beef and BBQ. https://www.backupcentral.com/no-backups-just-beef-bbq-restore-it-all-bonus-episode/

Prasanna said he learned a lot about tape this year from these three episodes:

https://www.backupcentral.com/tape-drive-designer-schools-mr-backup-on-tape-restore-it-all-podcast-111/

https://www.backupcentral.com/deep-dive-into-why-tape-still-has-a-future-in-storage-restore-it-all-podcast-129/

https://www.backupcentral.com/fujifilm-tape-evangelist-explains-past-present-future-of-tape-lto-restore-it-all-podcast-132/

We think our best “get” was Peter Krogh, who talked about how he coined the term “3-2-1 Rule” while writing the first edition of The DAM Book: Digital Asset Management for Photographers.

https://www.backupcentral.com/peter-krogh-who-coined-the-3-2-1-rule-on-our-podcast-restore-it-all-podcast-131/

This led to a brief discussion about solar flares, where I mention a talk I watched by Intel. This is a link to that talk:

https://techfieldday.com/event/eicd16/

We also had two Druva competitors on this year, Veeam and HYCU.

https://www.backupcentral.com/dave-russell-answers-our-questions-about-veeam-restore-it-all-podcast-104/

https://www.backupcentral.com/veeam-reps-explain-defense-against-conti-ransomware-restore-it-all-podcast-127/

https://www.backupcentral.com/hycu-vp-explains-their-service-to-mr-backup-2/

The big winner of the year was ransomware. We talked about it a lot:

https://www.backupcentral.com/ransomware-victim-tells-his-story-restore-it-all-podcast-96/

https://www.backupcentral.com/is-entity-level-encryption-the-answer-to-exfiltration-ransomware-restore-it-all-podast-119/

https://www.backupcentral.com/protecting-your-network-from-ransomware-restore-it-all-podcast-122/

https://www.backupcentral.com/restoring-quickly-from-a-ransomare-attack-with-a-long-dwell-time-restore-it-all-podcast-123/

https://www.backupcentral.com/veeam-reps-explain-defense-against-conti-ransomware-restore-it-all-podcast-127/

Curtis this everyone should be looking into an intelligent DDI (DNS, DHCP, IP management) system that will spot (and stop) ransomware when it tries to reach out to its command and control servers.

https://www.backupcentral.com/stop-ransomware-in-its-tracks-with-dns-dhcp-ipam-restore-it-all-podcast-87/

You also need to monitor your bandwidth to look for exfiltration:

https://www.backupcentral.com/securing-speeding-up-network-traffic/

https://www.backupcentral.com/stop-ransomware-attacks-in-seconds-restore-it-all-podcast-126/

Finally, we talked a little about the book, and the upcoming 2022.

https://www.backupcentral.com/why-you-need-a-copy-of-modern-data-protection-restore-it-all-podcast-110/

Happy New Year, everyone! Here’s to a better 2022!

IT Admin deletes entire datacenter THEN tests his backups!

Mon, 20 Dec 2021 12:00:00 -0700

This week’s guest tells the most incredible story we’ve ever had on the podcast. We’ve had ransomware restores, disaster recoveries after a hurricane, but we’ve never had someone who deleted their entire computing environment and then restored it using their backups. (Backups that had never been tested to this degree, BTW.)

Paul VanDyke is the IT Supervisor at the Kodiak Island Borough in Alaska, which is the second largest island in the US and has to satisfy its backup and DR needs while staying on the island. Cloud resources are not a possibility due to bandwidth concerns, so he’s doing things “old school.” We first talk about the kinds of things they are protecting from, including tsunamis, fires, and strong winds. They are primarily based on tape, and for DR they store copies of all backups in a nearby safe. We discussed ways they could improve their resilience, such as shipping some tapes to a location on the mainland.

But the highlight of this episode is the story of when Paul intentionally destroyed his entire environment and then tested his backup system! He learned many valuable lessons, starting with “don’t ever do that again!” Luckily, his test was successful, albeit not without some challenges. He wiped the storage arrays on five servers: two domain controllers, an email server, a file server, and an application server and then restored them. (He had his reasons for doing it this way, which he goes into in the podcast.)

One big thing he learned was how restores are often slower than backups. So he prioritized critical apps (e.g. email, fileserver, logins) and got them up by Monday morning. Then it took him a few more days to get the application server up and running due to a more complicated restore. We have a really good discussion on how Paul could have done things better, including a really good idea that Prasanna came up with it. Curtis also tells a similar story about the first time he “tested” backups when he actually needed them, versus doing it in advance.

We cover a number of topics and questions on this podcast:

What was an Exabyte Mammoth (M2) tape drive?

What is a helical scan tape drive?

What is multiplexing?

Why can restores be slower than backups?

What happens when you rebuild a RAID array?

Should you have a post-mortem after a large incident?

How important is recovery testing?

How important is it to set expectations in IT, especially when it comes to recovery times?

ZFS filesystem in the cloud – just for your backups

Mon, 13 Dec 2021 12:00:00 -0700

The founder of rsync.net, John Kozubik, joins us on the podcast this week. It's a unique offering: a ZFS filesystem running in a private cloud – accessible only via SSH – that is designed just for sending your backup data to. They support anything that can run over SSH. Use rsync, scp, etc. to copy your data unencrypted, or something like restic, duplicity, or borg, if you want your backups to be encrypted. (All backups are encrypted in flight, of course, because they are all over SSH.).

The servers are completely locked down except for the SSH port, so they're about as secure as they can be for what they are. You can configure ssh to behave the way you want it (e.g. passphrase, MFA, etc.), and the ZFS filesystem automatically creates daily snapshots of the backups you send there. (More complicated schedules can also be created.)

You pay by the gigabyte ($.025/GB/mth) for the size of the ZFS filesystem and its associated snapshots, but they urge you to NOT over-provision. Provisioning is easy and non-disruptive, so only add storage when you need it. For an extra fee ($.017/GB/mth), they can also replicate your backups to another region.

It's a no-nonsense offering that seems to be unique out there – especially when you add the ZFS features. Check out the website and rsync.net, and you'll see they aren't spending any money on being flashy. They just want to build a rock-solid ZFS syncing destination that is separate from any cloud provides.

Rclone creator Nick Craig-Wood Explains This Powerful Tool

Mon, 06 Dec 2021 12:00:00 -0700

This week, we talk to Nick Craigwood, the creator and principal developer of rclone, a very popular open-source tool for copying data to and from cloud providers. Rclone is downloaded roughly 250,000 times each month, and has over 30,000 stars on GitHub. There are six core developers, and a great community of users and other developers at rclone.org.

We talk a little bit about Nick’s development philosophy, which is that he doesn’t mind adding features - as long as they don’t break backwards compatibility. Then we talk about how rclone works, and what it’s like to sync a filesystem to an object store – including support for multi-part uploads and downloads. We also talk about rclone’s encryption support, while Nick was “relaxing” on holiday. We then talked about how rclone can be used to minimize the risk of backing up to any one cloud provider, preventing things like what happened during the OVH fire earlier in 2021. We also discuss some strategies, such as backing up directly to two different clouds, versus backing up to one, then syncing to another – and how CloudFlare’s R2 might figure into things. Finally, we talk about Nick’s plans for rclone’s future, such as making their web UI better to increase usability for many more people – while not sacrificing the command line. Join us for a fascinating episode, the first one where we’re talking to the creator of the tool in question.

Don’t forget the drawing for a free e-book version of Modern Data Protection. All you have to do to be eligible is sign up for my newsletter at https://www.backupcentral.com/subscribe-to-our-newsletter/

FujiFilm Tape Evangelist Explains Past, Present & Future of Tape/LTO

Mon, 29 Nov 2021 12:00:00 -0700

Fujifilm's tape evangelist, Rich Gadomski, joins us for an interesting discussion on tape and LTO. We talk about the different subtrates that have been used over the years, and how that changed things. We then talk about LTO-9 and what that brings to market. We also talk about how tape has seen a bit of a resurgence in interest in the backup market due to the advent of ransomware. Always fun to talk to someone that can talk at this depth on such things.

Peter Krogh, who coined "the 3-2-1 rule," on our podcast!

Mon, 22 Nov 2021 15:30:00 -0700

The term "3-2-1 rule" comes up on almost every episode, and we have the guy that coined it with us on the podcast! How exciting! Peter Krogh coined the term fifteen years ago. He is now Chief Product Officer at Tandem Vault, but this week he is talking to us.

He first talks about how he coined the term “3-2-1 Rule” while writing the first edition of The DAM Book: Digital Asset Management for Photographers, now in it’s 3rd edition. He didn’t invent the idea of three copies and offsite backup, but he did distill it down to what we now refer to as the 3-2-1 rule. (Three copies on two media types, one of which is offsite.) We’ve played with it a bit over the years, but that is the core idea.)

He explains how digital photographers were some of the first to need significant amounts of storage -- and to have the need to protect that storage so they don’t lose everything. Hard drives were too small to hold your whole collection, so what do you do?

Like a lot of folks in this space, his love for good backups goes back to a moment when he thought he lost it all. Curtis then tells his very similar story of how his company almost lost the company’s purchasing database, which also launched his career in backups. Peter then explains the incredible importance of metadata, and the huge importance it plays in the overall value of an image.

Then we get into the nitty-gritty of what the person who coined the term “3-2-1 rule” was thinking for each of the numbers. And interestingly enough, Mr. Backup had a slightly different understanding of the 2! Peter feels that the “2” refers to different media types. (This led to a very interesting discussion about how you do what he’s asking for in today’s cloud world.) One idea he talked about is that if you have two hard drives on the same network, they’re still subject to many of the same risks, which isn’t really keeping in line with the original idea of the 2.

We then talk about those that believe that RAID is backup, and follow that with a discussion about how SaaS services aren’t backing up your data – unless they specifically say they do so in your contract. Then we get into a discussion of Peter’s company, Tandem Vault, and how they have designed the next generation of Digital Asset Management and delivered it as a SaaS offering.

Mr. Backup and Mr. SQL argue over how to backup SQL Server

Mon, 15 Nov 2021 12:00:00 -0700

Ever had questions about SQL Server, Azure, SQL Server ON Azure, how to backup SQL Server, or how to backup Azure? This is the episode for you. Denny Cherry, a SQL Server and Azure specialist and author of seven books, talks to us about both of these technologies. Before talking about anything important, we tackle the mystery of how you pronounce Azure. Surprise! I was pronouncing it wrong, according to Denny, who talks to Microsoft people all the time.

We first talk about performance tuning, and Denny explains some things that most DBAs can do to improve performance, starting with indexes. (He also explains what an index is for those that don’t know.) We then talk about how bad query code needs to be in order to justify looking into that, and he gives us a few examples.

We also (of course) talk about backing up SQL Server, starting with the political discussion of WHO should own the backup process: a backup admin or a DBA? Denny and Curtis clearly do not agree on this one, but the discussion is a good one. Grab your popcorn! One of Denny’s best quotes is that he feels one of the primary jobs of the DBA is to be able to restore the database if something happens and if you can’t do that, nothing else matters. So beautiful.

Then the topic of dedupe comes up and things get heated again; our guest hates dedupe and Curtis loves it. That was another good discussion. Short version: make sure you have more than one copy of a deduped data store.

We continue the discussion of different ways to backup SQL Server, and Denny definitely prefers the native backup capabilities of SQL Server, and he explains why. Curtis then makes a suggestion on a way for DBAs and backup admins to both get what they want, but it doesn’t sound like Denny is taking the bait.

After a brief discussion on SQL Server vs Oracle, we move into the various ways one can use SQL Server in Azure. Denny’s gives advice as to what makes sense for most customers – and his opinion on the question of whether or not you save money in the cloud. Short answer: not usually, but you get a lot more power, flexibility and ease of use.

Regarding Azure vs AWS, it appears that Azure is very equivalent to AWS in overall functionality at this point, and there appears to be a number of cost and functionality advantages to running SQL Server in the cloud. One of the biggest advantages is that you can use an on-prem license of SQL Server in the PaaS version of it in the cloud. That’s pretty cool. We also talk about how roughly half of the VMs in Azure run Linux, and why that might be the case.

All-in-all it’s a really interesting podcast, even though we almost came to blows once or twice. (OK, not really.) But really good discussions about SQL Server, Azure, and backups of both.

Deep dive into why tape still has a future in storage

Mon, 08 Nov 2021 12:00:00 -0700

Mark Lantz, Manager CloudFPGA and Tape Technologies for IBM, joins us on this week’s podcast to talk about how he feels that tape still has a future in data storage. We talk about past and future advancements in the substrates tape uses, as well as how tape has not approached the superparamagnetic limit, the way we have with disk. (This is the limit at which you cannot increase the storage capacity of a particular magnetic medium without creating more problems.) We have reached this limit on disk, where the magnetic grains have gotten so small, they can’t get any smaller without assistance. One such method of assistance is heat-assisted magnetic recording (HAMR), which we discuss – and how HAMR comes with its own problems. By contrast, tape hasn’t come even close to the superparamagnetic limit. In fact, tape can scale the aerial density 100X before it starts getting close. We also discuss coercivity and bit error rate (BER), which are extremely important concepts to understand. Another topic we talk about is how tape is getting better at scaling capacity faster than speed, because most people do not need faster tapes. (We talk about how and why we can’t stream the ones they have.) We finish out the podcast with an explanation of why helican scan drives (e.g. 8mm, 4mm, & AIT) all disappeared overnight. We cover a lot of territory in this episode, so buckle up!

Transfer backups from one product to the next

Mon, 01 Nov 2021 11:00:00 -0700

Every wondered what you're supposed to do with all your old backups, now that you've moved on to another backup product? Simon Brown from StoneRam believes he has the answer to this problem that has plagued backup customers (and vendors) for ages. He's able to transfer backup data out of common backup formats and into your new product, or restore backups from your old product without having to maintain that infrastructure. It's a fascinating approach to this age-old problem. Check them out at https://www.stoneram.com.

Veeam reps explain defense against Conti ransomware

Mon, 25 Oct 2021 11:00:00 -0700

After the recent stories about Veeam customers being directly targeted by the Conti ransomware group, we invited Rick Vanover and Dave Russell from Veeam to discuss the topic on the podcast. The stories in the press seemed to focus on the attack, as well as how ruthless the Conti ransomware gang tends to be. We thought we'd give Veeam a chance to explain exactly what Veeam customers can do to protect their backups from being exfiltrated and deleted. It seems that Rick, Dave, and company are doing everything they can to explain to all Veeam customers that this is something they should pay attention to. The following are two resources they said should prove useful:

Ransomware in 2022: 7 Capabilities You Need for Rapid and Reliable Recovery

https://bit.ly/3m32gI8

5 Ransomware Protection Best Practices

https://bit.ly/3nh7aAx

Stop Ransomware Attacks in Seconds

Mon, 18 Oct 2021 11:00:00 -0700

This week we are joined by Greg Edwards, CEO and founder of CryptoStopper, to discuss once again the important topic of ransomware. We talk about the challenges typically experienced by ransomware victims, especially exfiltration and potential exposure of sensitive data. The only way to stop that particular attack is stop the data from being exfiltrated in the first place. CryptoStopper has a way to detect that a ransomware attack has begun, but stopping it before it does any actual damage.

ZFS is not magic - it needs backup and RAID

Mon, 11 Oct 2021 11:00:00 -0700

This one will get you talking! Jody Bruchon, author of “ZFS won’t save you: fancy filesystem fanatics need to get a clue about bit rot (and RAID-5),”, joins us on the podcast. The blog post went viral, resulting in three times as many words in the comments as the original article had. We start with an explanation of bit rot, why it happens, and why ZFS won’t be able to fix all bit rot. (For more information on bit rot, check out Episode 111 of this podcast here: https://www.backupcentral.com/tape-drive-designer-schools-mr-backup-on-tape-restore-it-all-podcast-111/). Jody then explains how ZFS needs disk redundancy in order for its self-healing features to work, and how if you don’t have that, you’re going to need backup to repair a ZFS volume damaged by bit rot. (We also talk about how it’s possible for a bit to be flipped without being noticed – even with ZFS.) Jody’s main concern is that people talk about how ZFS can be used to repair data corruption – without explaining how you need RAID-Z (or something) to use those features. He also explains why he prefers RAID-5 or RAID-10 to RAID-6. We then discuss “shucking,” the practice of buying external drives and ripping the drive out of them – to save money.

Curtis (Mr. Backup) then gets into an argument with Jody about the merits of Blu-Ray vs disk vs tape as a backup medium. Jody has some good points, but Curtis was unconvinced.

If you want to read Jody Bruchon’s original article, you can do so here: https://www.jodybruchon.com/2017/03/07/zfs-wont-save-you-fancy-filesystem-fanatics-need-to-get-a-clue-about-bit-rot-and-raid-5/

How good is your backup system, really?

Mon, 04 Oct 2021 11:00:00 -0700

Inspired by the article "How good is your backup, really?" by Sandra Vogel, we discuss how to evaluate and potentially redesign your backup system. We talk about different kinds of backup systems, and how that impacts how you evaluate them. We also talk about how important it is these days to ensure that your backups are impervious to ransomware. We also talk about the importance of including recovery testing in your evaluation, and what kinds of restores to test.

Here's a link to the original article: https://www.itpro.com/server-storage/backup/357713/how-good-is-your-backup-really

Restoring quickly from a ransomare attack with a long dwell time

Mon, 27 Sep 2021 11:00:00 -0700

We talk to Celeste Kinswood from Druva about cyber resilience, and specifically ransomware attacks that have long dwell times – which is most of them. The median dwell time (the time between infection and you finding out you have ransomware) is 23 days, and the average is around 90. It's encrypting files during that entire time, and responding to that is beyond difficult. Celeste talks about a novel approach that Druva is taking to solve this growing challenge.

Protecting Your Network from Ransomware

Mon, 20 Sep 2021 11:00:00 -0700

We review and discuss Mark Dargin's Network World article "Credible threat: how to protect networks from ransomware." His article lays out several steps, each of which we discuss and expand upon: train your people, update your servers and apps, antivirus tools on endpointsm backup your data (of course), test your backups, and conduct vulnerability assessments (Pen tests).

Read the original article here: https://www.networkworld.com/article/3218708/how-to-protect-your-network-from-ransomware-attacks.html

We found a company that verifies backups as a service!

Mon, 06 Sep 2021 11:00:00 -0700

We all know how important it is to verify your backups. But many companies simply lack the technical ability or time to do such a thing. Chris Marshall's company, VerifiedBackups.com to the rescue. They have a service that is aimed at companies with under 100 GB of SQL data. and will do an end-to-end verification of your SQL backups, guaranteeing that they are recoverable and safely stored offsite. I'm a fan of "as a service" anything, but this really takes the cake. Such an important thing to do, and he makes it happen.

Is Entity-Level Encryption The Answer to Exfiltration Ransomware?

Mon, 30 Aug 2021 11:00:00 -0700

Brian Greenberg and Cameron Laghaeian argue the point that individually encrypting each entity in a database storing personal information is the only true way to stop ransomware attacks that have exfiltrated data and threaten to release it. While Mr. Backup likes the idea, there was a pretty heated discussion on this episode, because he believes that doing this will roll back all advancements in backup in the last twenty years. Thanks to an olive branch from Cameron, though, they may have come to a hybrid solution that makes both sides happy. This is a great episode with heated discussion and good news for companies trying to protect themselves from ransomware attacks that include exfiltration of data.

Is Apple Violating iPhone Users' Privacy?

Mon, 23 Aug 2021 11:00:00 -0700

In this privacy-themed podcast, we start with Apple's bombshell of a new feature, where they are scanning your pictures to see if you have any child porn on your Apple devices. While stopping child porn is a laudable goal, we discuss the privacy ramifications of this feature. We also discuss how Apple's iCloud backups aren't encrypted! The next topic is Luxembourg's huge $900M GDPR fine levied against Amazon for failure to get permission to track users. Then finally we discuss Prasanna's experience with using CCPA to find out how a company got his cell phone number. Spoiler alert: it's a sad ending. We then round out the podcast by discussing whether or not we need a more Federal response to privacy in the US.

CockroachDB: the SQL database as resilient as its namesake

Mon, 16 Aug 2021 11:00:00 -0700

Dave Lukens from Cockroach Labs joins us to discuss CochroachDB, a highly resilient SQL ACID-compliant database. We discuss the CAP theorum, which says you can choose any two from Consistency, Availability, and Partition Tolerance – but you can't have all three. We talk about which two they chose, and why they believe they're the most resilient SQL database. We also, of course, discuss how you back this monster up! (We also discuss why it's named CockroachDB, and it's exactly what we thought!)

No backups - just beef & bbq

Tue, 10 Aug 2021 21:22:00 -0700

In this bonus episode of Restore it All, Mr. Backup talks BBQ! A few months ago, Curtis did a 15-stop BBQ tour of Texas, and made a series of youtube videos (https://www.youtube.com/wcpreston) about it. This is a bonus episode where Prasanna interviews him about his experience. If you have no interest in BBQ or beef, you can skip this one. Our regular episode will go live next Monday.

HYCU VP explains their service to Mr. Backup

Mon, 09 Aug 2021 11:00:00 -0700

Subbiah Sundaram, VP of Products at HYCU, joins Mr. Backup and Prasanna Malaiyandi on the podcast to explain the evolution of the HYCU product line. They have expanded well beyond their original product that was aimed at Nutanix AHV. In addition to VMware, they've added support for Google Cloud Platform, Azure, Kubernetes, and Microsoft 365. They are also clearly focused on delivering their offerings as a service. We then have a very interesting discussion about the use of the multi-region object storage that Google Cloud offers.

Mr. Backup Grills StorOne on Their Data Protection Story

Mon, 02 Aug 2021 11:00:00 -0700

Mr. Backup and Prasanna grill George Crump, CMO of StorOne, a software-defined storage company, about their product. We start with an overview, alon with George's claims about not needing backup... .then we challenge him on that topic. George used to be Curtis' boss, so this one's a fun one.

Emmy Winning Sound Mixer Explains Movie Archiving

Mon, 26 Jul 2021 11:00:00 -0700

We are super excited to have the Emmy Winning sound mixer Larry Blake on the podcast to talk about his upcoming book "Solving The Digital Dilemma." It is a response to "The Digital Dilemma," which is a paper released in 2007 by the Academy's Sci-Tech Council that discusses long term archiving of a movie. (It describes a very NON-digital solution.) He has edited the sound on over 60 motion pictures, over 30 of which with Oscar-winning director Steven Soderbergh. This is both a very entertaining and very informative podcast about the about the art and science of archiving motion pictures.

Information Security Expert Says it Must Evolve

Mon, 19 Jul 2021 11:00:00 -0700

Wolfgang Goerlich, Advisory CISO, explains the current state of information security, and why he thinks many environments are focusing on the wrong things. We speak about ransomware, extortionware, and phishing, even giving examples where we know we have personally been phished! He explains how this illustrates his point that we need more emphasis in different areas of information security.

Are You Vulnerable to an Attack like the one on Kaseya?

Mon, 12 Jul 2021 11:00:00 -0700

Mr. Backup and Prasanna discuss the Kaseya attack that happened over the July 4th weekend of 2021. First, we talk about how bad actors use long weekends for attacks, then discuss various things you can/should do to ensure that your environment would not be vulnerable to such an attack. We talk about the kinds of questions that even an unskilled person can ask to help mitigate this risk, including (especially) the all-important questions about backups. We also talk about the need for establishing a "bat-phone" type connection between your environment and any providers you may be using. We have a short talk about the impact that all these attacks are having on ransomware costs, and how you can use your DR site to test patches.

Tape Drive Designer Schools Mr. Backup on Tape

Mon, 05 Jul 2021 11:00:00 -0700

Joe Jurneke has been designing the innards of magnetic devices since 1973, and now he's here to answer our questions. He started with disk, and moved over to tape over thirty years ago, and is now retired – but consults with the tape industry from time to time. We talk in detail about how tape drives work they way they do, their reliability and more. We take down a couple of myths from the guy that was there, even correcting a misunderstanding Mr. Backup has had for many years. If the phrase "magneto crystalline anisotropy" has been used on any other podcast, we'd be surprised. This is a good one you won't want to miss.

Why you need a copy of Modern Data Protection

Mon, 28 Jun 2021 18:34:00 -0700

We cover my latest book, Modern Data Protection, by O'Reilly & Associates on this podcast. I give an overview of the book, which covers the "Why, What, Where, and How" of backup, archive, and disaster recovery. After giving an overview of the book, I talk about why I wrote, and what it's like to write a book for O'Reilly. Prasanna acted as a tech editor on the book, so he offered his unique perspective as well.

Can OVH properly redesign their backup infrastructure?

Mon, 21 Jun 2021 11:00:00 -0700

Prasanna and Curtis discuss whether or not can (or will) OVH properly redesign their backup infrastructure to prevent another incident like what happened in March, where many customers lost their sites forever. As we discussed in our previous podcast, OVH had a backup service already that people paid for, and it was not up to the task. OVH"s CEO made an 8-minute video where he discussed some of the things they were going to do to make things better, and we discuss what he said. We talk about their idea of a centralized region just for backups, and whether or not that's a good idea. We also talk about how big of a job they have in front of them. We applaud what we see, but have many concerns that the brief video do not address. We also talk about how this plan is supposed to take five years, and what do OVH customers do in the meantime?

ComplyTrust: Remembering those you need to forget

Tue, 15 Jun 2021 11:00:00 -0700

We talk to Mike Johnson of ComplyTrust, who says they "remember those you are supposed to forget." We talk about the data management challenges created by data subject access requests (DSARs), right-of-erasure (ROE, AKA right to be forgotten, or RTBF) requests, and the fact that we have many parts of the datacenter that are much better at remembering than forgetting. Backups are a particular challenge, but Mike brings up other challenges, such as mergers and acquisitions, and salespeople importing old data. ComplyTrust SaaS offering has a unique solution to this problem by remembering (on your behalf) those you are supposed to forget, and continually checking to see that they stay forgotten.

OVH's Backup Service Didn't Work

Mon, 07 Jun 2021 11:00:00 -0700

This week we discuss further lessons from the OVH fire, which starts with an admission by the CEO that some customers who paid for the backup service lost their backups in the fire. It then morphs into a discussion about designing resilient systems, starting with the concept of designing for failure. You have to protect against both physical and logical damage to your apps and data. We talk about using both cloud-native apps that have resiliency built in, vs having to add resiliency to your own app. Most importantly, know how your app/data is protected, and don't tolerate wishy-washy terminology in your service agreements. Above all, test, test, test!

How do You Prove Your Backup Service is Real?

Tue, 01 Jun 2021 11:00:00 -0700

This week we discuss a topic brought up by the OVH fire. It appears some people actually had a contractual backup service that wasn't doing it's job. How do you verify that a service you're paying for is real, and is doing what it claims to be doing? Especially how do you make sure they are storing data offsite? We've got some ideas.

Datacenter manager Dan Frith discusses the OVH Fire

Mon, 24 May 2021 11:00:00 -0700

Datacenter manager Dan Frith (@penguinpunk) joins us on the podcast for our first discussion of the #OVHFire. A massive fire destroyed a datacenter of a large cloud provider in Europe, and millions of websites disappeared. We talk about the lessons we can learn from this event.

Dan talks about how outsourcing the servers doesn't outsource the responsibility for data protection. I make the point that this fire shows what happens when you completely rely on a single entity for both production and data protection. We end up talking about the 3-2-1 rule and how it applies in this scenario.

I also give a discount code during the podcast for my new O'Reilly book Modern Data Protection, which is now available for purchase. If you use the URL below and the code I give on the podcast, you can get 35% of the retail price.

https://shop.aer.io/oreilly/p/Modern_Data_Protection_Ensuring_Recoverability_of_/9781492094050-9149

Dave Russell answers our questions about Veeam

Mon, 17 May 2021 11:00:00 -0700

It only took us 100 episodes, but we finally got Dave Russell, VP of Enterprise Strategy at Veeam, as our guest on the podcast. Dave and Curtis go way back, and this was a great discussion. We cover the proper use of tape, and what it was like for Dave when he went to Veeam. Another big discussion point was Dave clearing up misconceptions (some of which may have come from this podcast) about what Insight Partners acquiring Veeam really meant. We then get into a great discussion about how Veeam works, ending that discussion with Dave explaining what Veeam is doing to address concerns about Windows and ransomware.

Fortune 100 company considers changing backup product

Mon, 10 May 2021 11:00:00 -0700

Our anonymous guest this week is from a Fortune 100 company who is considering swapping out their backup product. Our guest has been at the company for over 20 years, and remembers swapping out NetWorker for NetBackup many years ago. Now he is considering swapping out NetBackup to address his challenges with that product. We discuss a number of topics, including the age-old argument of who should be in charge of database backups, as well as the challenges of moving to a modern backup product when you are still using operating systems not usually supporting by such products. Our guest's final thoughts center on the importance of a good relationship with the vendor in question.

Veeam User Warns About Item-Level Retention in Microsoft 365 Backup

Mon, 03 May 2021 11:00:00 -0700

A Veeam user warns of what he felt is a confusing option in Veeam Backup for Microsoft 365. He says he likes the product, but that the first retention setting mentioned in the documentation (item-level retention) might not do what you think it does. He thinks everyone should use snapshot-level retention, which behaves more traditionally. We also discuss IBM Spectrum Protect (AKA TSM) a little bit, as they also use that product. Our guest is speaking on conditions of anonymity, so we gave him a fake name (Puddleglum) and altered his voice in the recording. (Want to talk about your environment, but don't want to use your name? We'd love to have you on and we'll keep you anonymous too!)

Securing & speeding up network traffic w/o VPN or SD-WAN

Mon, 26 Apr 2021 11:00:00 -0700

Adi Ruppin, founder of Ananda Networks, joins us on the podcast to discuss how they secure – and increase the performance of – network traffic without deploying a VPN or SD-WAN. He talks about how the technologies we use for networking are actually very old designs that come with a lot of downsides. Ananda Networks aims to address those downsides while giving you everything a VPN and SD-WAN do – and more. Faster and more secure internet connections without the technologies we usually use for such things.

What we learned in 100 episodes of Backup Central's Restore it All

Mon, 19 Apr 2021 11:00:00 -0700

It's hard to believe, but this is our 100th episode! Prasanna and Curtis discuss the favorite topics we've had over 100 episodes, as well as the many things we've learned along the way. We talk about containers and K8s, tape, COVID-19, election security, and how recoveries are impacted by other factors. We also talked extensively about ransomware, and talked to someone who had actually been through a recovery from an attack. We talked about DDI, cloud backups, the importance of segregating your Windows backup server, and many things about the 120+ database products that have to be backed up.

Thank you so much to our listeners! We look forward to 100 more episodes!

Kubernetes Expert Explains K8s, the CSI, and backups

Mon, 12 Apr 2021 11:00:00 -0700

Russ Cantwell (@rcantw3ll), CTO of SHI Corp, joins us to talk about Kubernetes, the Container Storage Interface (CSI), and backups. Before we get to that, however, we talk about how he, his pregnant wife, and two-year old child all got COVID-19. We discuss how that went and continues to go, and then we talk about Kubernetes. (If you're not interested in our banter, and just want to hear about K8s, just fast-forward to 11:50.)

Porteguese University Using Open-Source Backup Tools

Mon, 05 Apr 2021 11:00:00 -0700

Another industry veteran, Jose Calhariz. joins us this week to explain how he uses the community versions of two open-source backup tools to meet his university's backup needs, while saving money. We have a very interesting discussion that includes coverage of dump, tar, and Amanda. Jose also tells a great story of a huge recovery he had to do, that took several days.

Create a physical air-gap without using tape using portable disk

Mon, 29 Mar 2021 11:00:00 -0700

Darren McBride, CEO of Highly Reliable Systems (http://high-rely.com/ ) joins us on this podcast to talk about their product, which he says is designed for SMBs to get reliable offsite backup without using tape or an Internet connection. They have purpose-built appliances that support mirroring, but with removable disks. This product has been on the market for almost twenty years, but is having a surge in demand due to the desire by many companies to have an air-gapped backup for ransomware protection purposes.

Ransomware Victim Tells HIs Story

Mon, 22 Mar 2021 11:00:00 -0700

In May of 2020, Tony Mendoza of Spectra Logic found out his company had been attacked by ransomware. Hear his harrowing tale of how long it took just to get the data center ready for a restore, and then the various tools they used to bring things back online. He did not want to pay that ransom! Spectra Logic is actually a tape vendor, so Tony has a unique viewpoint. We thank him so much for being so candid about his experience. You will learn a lot.

Bacula: Sucking the Vital Essence from your computers

Mon, 15 Mar 2021 11:00:00 -0700

Rob Morrison joins us from Bacula Systems, the commercial arm of the open-source backup product, Bacula. It's tagline is that it roams the datacenter at night and sucks the vital essence from your computers. Bacula Systems has come a long way since I first saw them years ago. Check out what they're been up to.

Back in my day, backups were really hard

Mon, 08 Mar 2021 12:00:00 -0700

This week’s episode is dedicated to my friend Jim Bougor, who passed on this week. Jim, this week’s guest (Darryl Baker), and I all worked at Collective Technologies back in the day. Darryl comes with over 30 years of backup and IT experience, and he and I walk down memory lane about the way things used to be with backups. Apropos for women’s history month, we also talk about Grace Hopper and Ada Lovelace a little bit. The Grace Hopper speech Darryl references can be seen here: https://www.youtube.com/watch?v=9eyFDBPk4Yw&ab_channel=funbury We talk about all sorts of tape drives from the old days including: 9-track, VHS, QIC-180, 8mm, AIT, 4mm, TK-70s, DLTs, and LTOs. We discuss the concept of coercivity and how that relates to magnetic media. We also discuss the difference between helical scan and linear tape drives, and Darryl’s theory as to why helical scan disappeared.

Distributed Ledger (e.g. BlockChain) expert explains how to use it for security

Mon, 01 Mar 2021 12:00:00 -0700

Chainkit Founder & CEO Val Bercovici returns to the podcast to build on what we learned last week. This week we talk about how distributed ledger technology (such as the one in BlockChain, but there are others), can be used to increase security. We talk about the SolarWinds hack and how that could have been prevented using such technology.

Blockchain expert explains blockchain & distributed ledgers

Mon, 22 Feb 2021 12:00:00 -0700

We invite blockchain expert Val Bercovici, Founder & CEO of ChainKit, on the podcast to explain the basics of distributed ledgers, as well as the biggest distributed ledger – BlockChain. He explains what a distributed ledger is and why you might want one. We then talk about why someone would contribute to such a ledger, meaning why you would volunteer your resources to be part one – a process known as "mining." Then, as a precursor to our next episode, we talk a little bit about the security possibilities of a distributed ledger.

Using backup to refresh your server, laptop, and phone

Mon, 15 Feb 2021 12:00:00 -0700

Prasanna and Curtis discuss the importance of occasionally refreshing your hardware (or virtual hardware) and how important backup in in that scenario. There are many modern tools that can help you migrate from one thing to another (e.g. iPhone migration), but you'd better also have a decent backup. We also discuss the pros and cons of TimeMachine. It's nice, but not perfect. (Still better than anything in WIndows, though.)

Netbackup & Rubrik User Tells Their STory

Mon, 08 Feb 2021 16:43:00 -0700

Julie Ulrich, Systems Engineer at Farm Bureau Insurance of Michigan, joins us on this episode to talk about her experiences with NetBackup and Rubrik in her world. She’s been working in backups for over 25 years, so has seen a number of iterations of both products. We talk about many of the challenges she had with NetBackup that led her to considering Rubrik, as well as the pros and cons of using Rubrik. We also talk a little about her concerns about Microsoft 365.

Scary data loss stories

Mon, 01 Feb 2021 12:00:00 -0700

These are the kinds of stories that keep you up at night. UK police deleted hundreds of thousands of records. Sysadmin accidentally deleting thousands of users. A new backup "feature" that made the backups worthless. The infamous story of Toy Story getting deleted with no backups! All this and more!

The Very Tape-Centric Backup Views in Finland

Mon, 25 Jan 2021 12:00:00 -0700

In another fascinating look into a very different world (backup-wise), we are delighted to have Timo Piiparinen from Multicom in Finland. He’s been in the IT industry for over 40 years at the same company! TImo gave us a fascinating look into a very different backup world. He makes a case for tape in the backup system (something I gave up on a while ago) because he’s using a backup software vendor that didn’t give up on the medium and actually innovated for it. Using a unique multiplexing setup that used flash disk as a big cache for the tape, very large block sizes, and what he called read-optimized writes, they run these tape drives at over 650 MB/s during backups and can guarantee restore speeds! He and I spar a bit over the value of disk during DR, and his position was that this was only necessary for the most critical systems. He’s a fan of tape, which is hard to find these days. TImo will be back.

Stop ransomware in its tracks with DNS, DHCP, IPAM!

Mon, 18 Jan 2021 12:00:00 -0700

We welcome Andrew Wertkin, Chief Strategy Officer of BlueCat, a DNS, DHCP, & IPAM (DDI) security company. Like backup, properly securing these parts of your infrastructure are both extremely important – and everyone thinks it's boring. I knew nothing about DDI before this recording and I learned a ton about the ways that bad actors use these technologies to either attack or exploit your company. Using technologies like Bluecat can actually stop ransomware in its tracks! Andrew explains exactly how ransomware attackers use DNS for Command and Control, and how products like Bluecat can be used to stop them in ther tracks. This is a great episode with a lot of really good information.

Microsoft 365 expert explains why you need to back it up

Mon, 11 Jan 2021 12:00:00 -0700

Vanessa Toves joins us again to explain exactly why you need to backup Microsoft 365 and similar services. We talk about how Microsoft is only responsible for that platform; you are responsible for the data. Particular attention is given to the idea that somehow Retention Policies are a substitute for backup. She explains exactly why that is not the case. In fact, her experience with such policies has her struggling to wrap her head around why someone would want to do that.

Microsoft 365 architecture that needs to be backed up

Mon, 04 Jan 2021 12:00:00 -0700

Vanessa Toves, a Microsoft 365 expert, joins us on Restore it All to explain the unique architecture of Microsoft 365 (formerly known as Office365). We talk about Teams and Groups, and how many people misuse both. We cover Sharepoint's role in this as well, and how Exchange Online figures into the picture. This was originally going to just be an overview, but our architecture questions just kept coming, and Vanessa kept answering them. This episode lays a good foundation of what we will cover in the next episode, which will be dedicate to backing up Microsoft 365.

2021 Storage and Data Protection Predictions

Mon, 28 Dec 2020 12:00:00 -0700

Prasanna and Curtis wax philisophical at the end of 2020, and try to predict what they think will happen next year. We look forward to the end of 2020 (don't we all?) and look with a positive outlook to 2021. We talk about the vaccine, and what it's going to be like getting back to work, and whether or not there will be a new normal there that's not like what it was. We talk about SaaS products and their prevalence, as well as the emergence of a number of backup products based on Kubernetes. 2020 has been quite the year; let's hope 2021 is better.

Here is the FTC page I referenced in one of the editor's notes: https://www.ftc.gov/tips-advice/competition-guidance/guide-antitrust-laws/single-firm-conduct/predatory-or-below-cost

Inside look at the DDOS attack on Fathom Analytics

Mon, 21 Dec 2020 12:00:00 -0700

Fathom Analytics (https://www.usefathom.com) is a privacy-first analytics engine, and they were attacked in November 2020 via a very big DDOS attack that threatened their core business. Jack Ellis, co-founder of Fathom Analytics, is a developer and first used the developer mindset to address this threat. He quickly realized he was out of his depth and decided to call for help. The AWS Shield Advanced team came to the rescue and helped them shut down the attack, and helped to stop additional attacks that were still on the horizon.

Jack wrote about his experiences in the blog post "Someone attacked our company," and its URL is below. Now he shares his experience with us. What's it like to be attacke by an unknown assailant bent on doing your company harm – and to not be sure how to stop it? Join us on this episode to find out!

Someone Attacked Our Company: https://usefathom.com/blog/ddos-attack

Disaster Recovery after a hurricane - a First Hand Account

Mon, 14 Dec 2020 12:00:00 -0700

We get a closer look at the eye of the storm. A few episodes ago, we had an anonymous guest we called Harry Potter, who told us what it was like to manage a DR remotely. This week we hear from the man on the ground, recovering two datacenters after a hurricane wiped out the island where they resided. We learn all sorts of lessons, especially about how so much of a disaster recovery has very little to do with what backup people think of when they think about a "recovery." In fact, we spend almost this entire episode NOT talking about backup! We talk about network connections, places to sleep, how to eat, and how to recover your datacenter when the neighborhood power won't even stay on. This guest is also remaining anonymous, and since he is Harry Potter's friend, we called him Ron Weasley. (My apologies to the Potterheads out there.)

Author of Cloud-Native Patterns explains importance of cloud-native design

Mon, 07 Dec 2020 12:00:00 -0700

Cornelia Davis, 30-year industry veteran and CTO of Weaveworks, explains what cloud-native design is and why it matters. She explains that you do not have to go fully cloud-native on day one if you are moving an app to the cloud, but everything you do "refactor" to a cloud-native architecture will be more resilient, scalable, and cost you less to operate. We talk about Kubernetes and how that figures into everything, but how it is not the only way to be cloud-native.

Listeners to the podcast can get a 40% discount on Cornelia's book by using our code "podrestore20"

https://www.manning.com/books/cloud-native-patterns?query=Cloud%20Native%20Patterns

Public Health Expert Explains COVID-19 Vaccine News

Mon, 30 Nov 2020 12:00:00 -0700

Lindsey Schulz MD/MPH joins once more on the podcast to discuss the great news we have had in the last few weeks around the Coronavirus (COVID-19). There are THREE vaccines that have been announced that all exceed the goals the medical community set, and will all be applying for emergency use authorization from the FDA. She explains the pros and cons of each of the three vaccinees we know about at this point, as well as giving a little info about another vaccine that is expected to announce soon. This is great news!

Doctor & Public Health expert explains current state of the pandemic

Mon, 23 Nov 2020 12:00:42 -0700

Lindsey Schulz MD/MPH visits us again to give us an update on the current state of COVID-19. There is good and bad news, here, as we are in the midst of a third wave of cases and deaths. But the good news is that health care professionals have learned a lot about the virus in the last several months that have helped to reduce the death rate somewhat, and improve quality of life for those suffering from the illness. Next week's episode will focus on the vaccines that we now know about, but this week we will just talk about the current state of the disease itself.

Election poll site manager explains US election systems

Mon, 16 Nov 2020 12:00:00 -0700

In a departure from our normal coverage, I decided to bring on Mark Thompson, who was the Site Manager for the election polling site I volunteered at last week. He gives us insight into how elections are managed in the US, and what we do to prevent fraud and ensure the overall integrity of the system. We talk about the technology used on the front end of the polling process, which in San Diego county including Electronic Poll Books (EPBs) and Ballot Marking Devices (BMDs). We then also talk briefly about the checks and balances in the actual counting process. Although this is a departure from our normal fare, I think a lot of people will benefit from the info we discuss.

Also, I also posted a blog post about this topic here: http://www.backupcentral.com/why-its-really-hard-to-rig-a-national-election/

Dissecting two ransomware attacks on hospitals

Mon, 09 Nov 2020 12:00:00 -0700

Prasanna and Curtis talk about two recent ransomware attacks on hospitals and what we can learn from them. They also discuss things you can do to protect yourself from such attacks, and how to prepare to respond if you get one. We especially talk about the 3-2-1 rule and the remote desktop protocol (RDP) and how these figure into protecting yourself from such things.

Tape may be cheap, but disk is better for backups

Mon, 02 Nov 2020 12:00:00 -0700

This isn't a rebuttal to last week's podcast, but it might seem that way. Last week we talked about the advantages of tape for very long term retention (e.g. 10 years), one of which is a significant cost advantage. This week we will discuss how backup, recovery, and disaster recovery are very different use cases, and why disk and cloud is a much more appropriate place for that use case. Joining us to discuss this topic is Druva's CTO, Stephen Manley, who has spent many years at companies that use disk for this purpose.

Why Tape is Cheaper than Glacier for Long Term Storage

Mon, 26 Oct 2020 11:00:00 -0700

Matt Starr, CTO of Spectra, comes on the podcast to discuss the advantages of tape for long term storage. We talk about how tape is actually better at holding data long term than disk is – 10,000 times better if you compare it to SATA disk. We also talk about the advancements in tape in the last 10-20 years that have made libraries like Spectra's even more reliable than they used to be. Finally, we talk about the Spectra T-Finity library that can now hold an Exabyte of data in a single unit! What started this whole idea of bringing Matt on was Spectra's eBook that said that the T-Finity tape library was significantly cheaper than Glacier Deep Archive if you store your data for a long period of time (e.g. 10 years or more). Here's the eBook that got the conversation started: https://bit.ly/37BtTkK

Why is it so hard to backup consumer SaaS products?

Mon, 19 Oct 2020 11:00:00 -0700

Daniel Rosehill, a self-described "backup anorak," joins us to discuss how difficult it can be to backup consumer SaaS services, such as Evernote. Daniel used to use EverNote on Linux, and sent a message to their support system on how to backup its data. They had no answer unless you were using it on Windows. We talk about Google Drive, Dropbox, and other consumer-grade cloud services, and how the challenges of backing them up should be a concern for any users of these platforms – not just backup anoraks. (An anorak is a slightly prejorative term that refers to someone who is interested in a not-so-leading idea – like backups.)

The Dangers of Improperly Secured Cloud Accounts

Mon, 12 Oct 2020 11:00:00 -0700

The Palo Alto Networks’ Unit 42 threat hunting team found that a big customer of theirs had misconfigured two critical Amazon Web Services (AWS) services. If these misconfigurations were exploited by hackers, it could have created a data breach that could have cost the customers tens of millions of dollars. Prasanna Malaiyandi and W. Curtis Preston (Mr. Backup) discuss this misconfiguration, and what you can learn from it to protect backups you store in the cloud.

Real Life Hurricane Disaster Recover Story

Mon, 05 Oct 2020 07:00:00 -0700

A mystery guest from a multinational corporation that experienced a disaster during a recent hurricane describes their mostly-disk NetBackup environment and how they used it to recover from a hurricane that ravaged an island. (Company and location names are changed or not mentioned so "Harry Potter," our mystery guest, can speak freely.)

Backing up MongoDB & Cassandra, a deep dive

Mon, 28 Sep 2020 11:00:00 -0700

Shalabh Goyal(@goyalshalabh) joins us on this podcast to discuss sharded databases – and MongoDB and Cassandra in particular – and how one might go about backing them up. Suffice it to say that it is complicated. We learned a lot from recording this podcast and you will learn a lot listening to it!

Backing up Sharded NoSQL Databases

Mon, 21 Sep 2020 11:00:00 -0700

Tony McGarry, Senior Principal Engineer at Druva, joins W. Curtis Preston and Prasanna Malaiyandi to talk about backing up large, multi-node, sharded NoSQL databases like DynamoDB, Cassandra, and MongoDB.

What is it like to actually use VMware Cloud on AWS? (AKA VMC)

Mon, 14 Sep 2020 16:05:00 -0700

Adam Fisher (@BonzoVT), Cloud & DevOps Engineer at RoundTower Technologies, visits the podcast to talk about VMware Cloud on AWS (AKA VMC), and what it's like to actually use and administer it in a production environment. We also talk about how people backup VMC.

What makes Rust a good, safe programming language?

Tue, 08 Sep 2020 10:59:00 -0700

Carol Nichols and Jake Goulding, the authors of the Rust in Motion video series, join us to talk about Rust and why it makes such a "safe" programming language. We discuss what it means to be a safe programming language and how Rust accomplishes that.

We also discuss the upcoming free Live@Manning Rust Conference.

Finding Rustaceans weird but intriguing? Secretly wanting to become one? Tune-in, Sep 15, to the live@Manning #Rust conference to find your #Rustlang pincers! http://mng.bz/qNoA

Somewhere in the podcast we also give out a 40% discount code for anything at Manning.com.

Proliferation of the edge, containers, & how to protect them

Tue, 01 Sep 2020 04:48:00 -0700

Gina Rosenthal (@gminks) joins us on this week's podcast to talk about the edge, Kubernetes, and how to protect it all. Good conversation that also includes som Texas Brisket talk!

We also mention the Women in Tech conference that will go live on October 13. Here's what they have to say about themselves:

When the girls get coding!. Join us on your screens, Oct 13, for the live@Manning “Women in Tech” conference to celebrate the rising movement of women in technology. http://mng.bz/7GZm

We still have a long way to go to achieve diversity, inclusion and equality in technology. Our contribution is the live@Manning “Women in Tech” online conference, Oct 13, starring the women rocking the tech boat! http://mng.bz/7GZm

Cloud navigators and serverless gurus; algorithm sorceresses and community advocates; we proudly bring you the women creating the tech world we live in. Oct 13, live@manning “Women in Tech” Twitch conference!

#womenintech #womenwhocode

9 Tips for Disaster Recovery

Mon, 24 Aug 2020 11:00:00 -0700

Prasanna and Curtis discuss their opinion of an ITPro article called Nine Tips to Improve your Disaster Recovery Strategy. In case you're curious, they are:

1. Have full documentation

2. Assess the risks

3. Drill for disaster

4. Prepare for disasters of different levels

5. Consider the cloud

6. Prioritize resilience

7. Evaluate security practices

8. Revise and Revisit

9. Build a critical response team

What can we learn from the twitter hack

Mon, 17 Aug 2020 11:00:00 -0700

Scott Lowe (@otherscottlowe) joins us on the podcast to discuss the recent major hack of Twitter, where hundreds of accounts were compromised using backdoor access gained via a Twitter employee.

How to backup a NAS filer?

Mon, 10 Aug 2020 11:00:00 -0700

W. Curtis Preston and Prasanna Malaiyandi discuss the pros and cons of the various ways to backup a NAS filer.

One big problem with the Right to be Forgotten and Backups

Mon, 03 Aug 2020 17:14:00 -0700

Curtis and Prasanna discuss the very difficult problem of "forgetting" someone using a backup system that is fundamentally designed to remember. This is a direct conflict between GDPR/CCPA and backup.

Salesfore Expert explains why backing up SFDC is so important

Mon, 27 Jul 2020 11:00:00 -0700

Antone Kom, 7X Certified Salesforce expert, explains to W. Curtis Preston and Prasanna Malaiyandi all the things that can go wrong when you don't backup your Salesforce database.

Are cloud "snapshots" the way to protect cloud resources?

Mon, 20 Jul 2020 11:00:00 -0700

Chris Evans (@chrismevans) discusses with us the idea of cloud "snapshots" (which are actually image copies & very different than array snapshots) and the pros and cons of using them for backup & recovery – as well as other purposes.

Thoughts on the Cloud from an AWS Customer turned employee

Mon, 13 Jul 2020 11:00:00 -0700

We are joined by Jake Burns, who is an industry veteran and an AWS and Druva customer before he became an AWS employee. He is now Enterprise Strategist at AWS and shares with us how LIveNation moved their entire corporate infrastructure to the cloud in one year, and how he now supports AWS customers in their cloud journey.

Those that do not remember backup history are condemned to repeat it

Mon, 06 Jul 2020 17:41:00 -0700

On this special US Independence Day edition, we talk a little bit about history in general, and how we all owe those who came before us. Then we morph that discussion into one about backups, and how we must also remember the backup lessons of the past. W. Curtis Preston (@wcpreston) then tells old backup stories.

Learning from the Honda Ransomware Attack

Mon, 29 Jun 2020 11:00:00 -0700

Zoë Rose, a cyber investigator from the UK, joins us to talk about the lessons we can learn from the ransomware attack on Honda. We discuss a number of "common sense" things a company can do to protect their data.

GigaOm Analyst explains their latest report on data management

Tue, 23 Jun 2020 11:00:00 -0700

GigagOm analyst Enrico Signoretti (@esignoretti) is our guest this week, and he helps us understand their latest radar report, which evaluates data management vendors.

One year anniversary special! With the voice behind our theme song!

Mon, 15 Jun 2020 11:01:00 -0700

On this first anniversary special, we are joined by my daughter, the voice behind our podcast's theme song. Fun times talking to her, and talking about our dreams for next year's broadcast.

How Hollywood Picks Backup Products, Part 2

Mon, 08 Jun 2020 11:00:00 -0700

We continue our series of how Hollywood Picks backup products, discussing vendor selection and proofs of concepts. Jeff Rochlin returns as a guest, hosted by W. Curtis Preston and Prasanna Malaiyandi.

How Hollywood Picks Backup Products (Part 1)

Wed, 03 Jun 2020 21:52:00 -0700

We talk to Jeff Rochlin, a veteran of many Hollywood studios and related businesses, about how he would go about picking a backup product in that environment. W. Curtis Preston and Prasanna Malaiyandi hosting.

Is backup worthless for DR?

Mon, 25 May 2020 11:00:00 -0700

Prasanna Malaiyandi and W. Curtis Preston discuss an article that says that backups are worthless for DR. Are they? Some are, some aren't. Have a listen and see if you agree!

Are Drive Recovery Services a Good Option?

Mon, 18 May 2020 11:00:00 -0700

If you've ever wondered about whether or not drive recovery services are a good option, then this is the podcast for you. W. Curtis Preston and Prasanna Malaiyandi discuss whether or not they're a viable alternative to backup.

What workloads are appropriate to backup to the cloud?

Mon, 11 May 2020 11:00:00 -0700

Is it appropriate to backup your data to the cloud? Which workloads work well to be backed up to the cloud? Even more importantly, which workloads don't backup to the cloud well? These are the questions we answer in this episode of Restore it All, with W. Curtis Preston and Prasanna Malaiyandi.

Why Egress Charges are a fact of life in the cloud

Mon, 04 May 2020 14:00:00 -0700

W. Curtis Preston & Prasanna Malaiyandi discuss the reality of egress charges (AKA data transfer charges) in the cloud, and how they are the digital equivalent of the fees we all used to pay to Iron Mountain.

Backup & DR Lessons from The Tiger King & Westworld

Mon, 27 Apr 2020 21:32:00 -0700

There are backup & disaster recovery lessons to be learned from Netflix's The Tiger King, and HBO's Westworld. The 3-2-1 rule rules!

Free IT services offered during Coronavirus lockdown

Mon, 20 Apr 2020 15:06:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss free services that vendors are offering during the Coronavirus lockdown, as well as an interesting discussion about how this might change how we work for the long haul.

Why everyone should be wearing masks right now!

Tue, 14 Apr 2020 14:00:00 -0700

Special guest Christopher Kusek ( @cxi )talks about #masks4all, why he was always a fan of the idea, and the current logic behind it now.

MD & Masters in Public Health Gives Hope for the Future of the Coronavirus/COVID-19

Mon, 06 Apr 2020 19:47:00 -0700

Lindsey Shultz, MD/MPH (Masters in Public Health) gives us hope for the future in this part of our three-part interview with her. If you haven't heard parts 1 and 2, please do so. They focus on defining the problem: what is COVID-19 and why is it so scary. This episode focuses primarily on hope for the future.

Are we over-reacting to Coronavirus/COVID-19? Lindsey Shultz M.D./M.P.H. answers that question!

Wed, 01 Apr 2020 19:13:00 -0700

We continue our three-part interview with Lindsey Shultz, MD/MPH about the Coronavirus. In this second part, we focus on the reaction to COVID-19, and why it's so much more extreme than our reactions to other diseases of the past.

Doctor & Masters in Public Health answers our Coronavirus and COVID-19 questions

Mon, 30 Mar 2020 17:34:00 -0700

Lindsey Shultz MD/MPH (M.D. and Masters in Public Health) joins us to answer all our Coronavirus/COVID-19 questions. This is the first in a three-part interview with her, as she was so helpful we talked to her for almost two hours. You won't want to miss this one!

A View from Italy & its Coronavirus Quarantine

Mon, 23 Mar 2020 20:47:00 -0700

Enrico Signoretti (@esignoretti) joins us from Italy to discuss how the Coronavirus/Covid-19 quarantine is going. We also get a first-hand report about what it's like for a company that didn't have anyone working remotely to suddenly have hundreds doing so.

Coronavirus concerns Part 2

Mon, 16 Mar 2020 17:11:00 -0700

Prasanna Malaiyandi and W. Curtis Preston discuss week 2 of the Coronavirus scare. We dispense some helpful advice, both technical and non-technical.

Coronavirus and your data

Mon, 09 Mar 2020 15:00:00 -0700

@wcpreston and @pmalaiyandi discuss Coronavirus and how it's going to affect the IT community, as well as your backup and recovery system. We discuss remote employees, cloud data protection, and disaster recovery.

Brian Biles from Datrium explains how they do HCI & DR

Mon, 02 Mar 2020 17:16:00 -0700

Brian Biles (@BrianBiles), Co-Founder and Chief Product Officer of Datrium, is our special guest. He explains their offerings, with a focus on how they use VMware Cloud on AWS to do DR.

How to create a backup and DR plan

Mon, 24 Feb 2020 20:04:00 -0700

W. Curtis Preston & Prasanna Malaiyandi discuss how to create a backup plan, including discovering what can harm your data, gathering requirements, and looking at design options.

Is there hope in the Kubernetes Backup Space?

Mon, 17 Feb 2020 20:25:00 -0700

Special guest Chris Mellor (@chris_mellor) joins us on the podcast, and he asks some very good questions about the future of backup for Kubernetes, including a discussion about Portworx.

Applying Machine Learning to Data Protection

Mon, 10 Feb 2020 13:00:00 -0700

Our special guest this week is Preethi Srinivasan, Technical Product Architect at Druva. We talk about Machine Learning, analytics, and how they relate to Data Protection.

Salesforce reverses its position on their recovery service

Tue, 04 Feb 2020 01:56:00 -0700

We discuss how Salesforce.com has reversed their position on their "recovery service" that costs $10,000 and takes 6-8 weeks.

Knative Book Author Schools Mr. Backup in Kubernetes & Container backup

Mon, 27 Jan 2020 12:00:00 -0700

We have a special guest this week! None other than the author of "Knative in Action," Jacques Chester is joining Prasanna and Curtis to help us understand the interesting world of Kubernetes, Docker, Knative, and how it all relates to backup and storage.

Veeam Acquisition – Part 2

Tue, 21 Jan 2020 01:30:55 -0700

Due to the popularity of last week's podcast (An investor's perspective on Veem's Acquisiton), Prasanna and I decided to discuss this topic further. We used the article "The 6 things a private equity firm will do after they buy your business" from inc.com as a reference: https://www.inc.com/jim-schleckser/the-6-things-a-private-equity-firm-will-do-after-they-buy-your-business.html

Veeam acquisition from an investor perspective

Mon, 13 Jan 2020 22:34:00 -0700

One of the most successful investors in technology stocks is our special guest this first podcast of the new year! Matt Feshbach has managed billions in tech stocks, and he lends his brain to answer questions such as:

- What does it mean that a private equity company just bought Veeam?

- Why would they do that?

- What's next?

It's a great podcast where I learned a lot. Hope you like it!

How to back up IaaS, PaaS & SaaS (i.e. cloud-native services)

Mon, 23 Dec 2019 14:00:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss the various ways to back up IaaS, PaaS and SaaS data.

AWS Outposts & Zombies

Mon, 16 Dec 2019 23:25:00 -0700

W. Curtis Preston & Prasanna Malaiyandi discuss the announcements of re:Invent 2019, and how Curtis fought zombies and lost.

How do you backup a container?

Fri, 06 Dec 2019 04:36:00 -0700

W. Curtis Preston (Mr. Backup) and Jon Owings, Principal Solutions Architect for Cloud Solutions at Pure Storage (@jon_2vcps), discuss what container backup is, why it's so difficult, and what you need to do to back them up.

Thanksgiving Special

Thu, 28 Nov 2019 03:09:00 -0700

In this special Thanksgiving Episode of Restore it All, Prasanna and Curtis talk about the things they're thankful for. Important stuff, like smart phones, virtualization, and containers. Yea... we're nerds.

Dispelling lies about AWS snapshots for backups

Fri, 22 Nov 2019 00:25:00 -0700

W. Curtis Preston (Mr. Backup) & Prasanna Malaiyandi discuss some vendor FUD about using AWS snapshots (which are really image copies and not snapshots) for protecting native AWS resources like EC2, Redshift, S3, and EBS.

Are backup admins obsolete?

Fri, 15 Nov 2019 19:59:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss whether or not backup admins are no longer needed. They also discuss tapas and sangria. :)

What to look for in a SaaS data protection solution

Thu, 07 Nov 2019 07:26:00 -0700

W. Curtis Preston (Mr. Backup) & Prasanna Malaiyandi discuss SaaS backup: what it is, what it isn't, things to look for in a SaaS data protection solution, and how to decide if SaaS data protection is for you.

How Hollywood Does Storage

Fri, 01 Nov 2019 14:32:00 -0700

Jeff Rochlin, a former actor and Hollywood IT Industry veteran, makes his second appearance on Restore it All. W. Curtis Preston (Mr. Backup) & Prasanna Malaiyandi ask him to design a greenfield datacenter. We also talk about GDPR & CCPA.

Backing up relational databases

Thu, 24 Oct 2019 15:21:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss the various ways one can backup a relational database, like Oracle, SQL Server, DB2, MySQL, and PostgreSQL.

Why are vendors offering Backup as a Service?

Fri, 18 Oct 2019 03:10:00 -0700

W. Curtis Preston (Mr. Backup) and a mystery guest discuss why it has become so popular for data protection companies to offer their product as a service.

What do people use instant boot for?

Fri, 11 Oct 2019 16:40:00 -0700

W. Curtis Preston (Mr. Backup) & Prasanna Malaiyandi talk about the concept of "Instant boot" what companies use it for, and when (and when) not it might be an appropriate tool.

Thoughts on the latest Forrester Wave

Fri, 04 Oct 2019 04:14:00 -0700

Curtis & Prasanna greet their special guests Chris Mellor (Editor, The Register) and Chris Evans (Storage Unpacked Podcast), and talk about The Forrester Wave: Data Resiliency Solutions, Q3 2019.

If you want to download the report yourself, you can do so here: https://resources.druva.com/analyst-reports/the-forrester-wave-data-resiliency-solutions-q3-2019

Did a GDPR court just cripple GDPR?

Fri, 27 Sep 2019 04:07:00 -0700

W. Curtis Preston (Mr. Backup) interviews Eugenia Buzogly, Senior Director of Legal and Data Protection Officer for Druva about a recent GDPR ruling that some have interpreted to mean they no longer have to comply! (Here's the ruling: https://regmedia.co.uk/2019/09/24/cp190112en.pdf) Does the ruling actually mean that?

Backups - Done - Wrong

Thu, 19 Sep 2019 06:53:00 -0700

W. Curtis Preston (Mr. Backup) and Rob Worman discuss various backup configuration mistakes they've seen throughout their many years of backup.

How To Win On Jeopardy (A "bonus" episode)

Wed, 18 Sep 2019 04:30:00 -0700

In this "bonus" episode of Restore it All, I offer a complete departure from our normal podcast content as Rob Worman regales us with stories of what it's like to be a Jeopardy champion, as well as the path he took the get there. Some good advice for anyone thinking about being on the show.

Make sure you're not the next ransomware victim!

Fri, 13 Sep 2019 19:36:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss two recent huge ransomware attacks. One that affected dozens of cities in Texas, and hundreds of dentists in the US. We discuss things you can do to ensure you don't get attacked, as well as what to do in case you get attacked.

Cloud customers lose data

Fri, 06 Sep 2019 01:38:00 -0700

W. Curtis Preston and Prasanna Malaiyandi discuss the AWS outage that happened over Labor Day weekend, where some customers actually lost data. We also discuss what they could/should have done to prevent that.

VMworld and Funny Backup Stories

Wed, 28 Aug 2019 17:11:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi talk with Steve Schaub at VMworld 2019 about VMware's announcements, and we also tell funny backup stories.

Challenges with Disaster Recovery

Fri, 23 Aug 2019 21:58:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss various challenges with disaster recovery. We also have a very special guest star!

Beer and Backups and Banks

Thu, 15 Aug 2019 10:22:00 -0700

W. Curtis Preston (Mr. Backup) and Ben Patridge talk about the things they learned while working in IT and backups at a bank.

Beer and Backups, Part 1

Mon, 12 Aug 2019 03:54:00 -0700

Special guest on the podcast this week, Ben Patridge (Portland beer Ben), and W. Curtis Preston (Mr. Backup) discuss horror stories and other things gone wrong with backups, while drinking a couple of Trappist beers from Belgium.

Tape is not dead

Thu, 01 Aug 2019 03:31:00 -0700

After covering in the last episode why tape isn't really good for backup anymore, W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss the continued uses for tape. It's not dead -- even growing.

Why tape and backup became enemies

Wed, 24 Jul 2019 22:08:00 -0700

W. Curtis Preston (AKA Mr. Backup) explains to Prasanna Malaiyandi the early days of tape, and what happened to make backup and tape to become bad for each other.

How Hollywood does backup

Thu, 18 Jul 2019 04:17:00 -0700

Today we have a special guest on Restore it All, and it's none other than Jeff Rochlin, an industry veteran and long-time friend. He's going to be giving us the inside scoop about how they do storage and backups in Hollywood, where he has worked for over 40 years. He started out as an actor, and has run IT for the likes of Disney, Dreamworks, and is now head of IT at Fandango and Rotten Tomatoes. This episode is a little longer than most, but it's full of good stuff. I hope you enjoy it.

Microsoft disabled the registry backup

Thu, 11 Jul 2019 14:00:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi are joined by a guest, Matt Leib, and they discuss how Microsoft disabled the registry backup in Windows 10 and told no one.

The Wifi is Down

Fri, 05 Jul 2019 17:53:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malayaindi interview an IT director from a tech company in the bay area. (Company and full name withheld for privacy reasons.) . We discuss what it's like to be an IT and security manager in today's world.

How to use the cloud for backup

Sat, 29 Jun 2019 05:00:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss different ways of using the cloud for backup

Why Backup SaaS Services

Sat, 22 Jun 2019 05:10:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss why it's important to backup SaaS services such as Office 365, G Suite, and Salesforce

Disaster Recovery

Sat, 22 Jun 2019 05:07:18 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss various ways people perform disaster recovery

Protecting from Ransomware

Sat, 22 Jun 2019 05:05:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malayaindi discuss how to protect yourself from ransomware, and how to recover from if it happens.

That's not Backup

Sat, 22 Jun 2019 05:00:00 -0700

W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss various things people say are backup, which actually aren't backup.

The Anniversary of GDPR

Sat, 22 Jun 2019 04:15:00 -0700

In our premiere episode of Backup Central's Restore it All Podcast, W. Curtis Preston (Mr. Backup) & Prasanna Malaiyandi discuss the one year anniversary of GDPR