Valentine's day vm backup plan

by Michael Werneburg
on 2018.02.14

You are here:
Risk topics
» Risk topics blog
April, 2018

March, 2018
· the planning fallacy

February, 2018
· Valentine's day vm backup plan

November, 2017
· the unsafe workplace and the body's response

October, 2017
· ISACA article is live

September, 2017
· published
· the Equifax breach
· Tracking Vulnerability Fixes to Production

August, 2017
· evaluating third party cyber risk

July, 2017
· getting it wrong with R
· de-identifying health information
· that's a lot of tracking!

June, 2017
· gaming Google news
· privacy in this day and age
· another record breach
· writing an industry standard
· ISACA article accepted

May, 2017
· Covey time-management quadrants
· safe harbor de-identification of health data
· an ISACA article

April, 2017
· my guide on managing third party risk
· PMP for five years
· metrics that matter
· 720 reads in 48 hours
· I lost my job

March, 2017
· farewell, SIRA board
· the message and the medium
· an interesting take on consulting


I'm working on a project in which the data set is so sensitive that backups to long-term media – or outside the production network segment – aren't permitted. The data's also supposed to be short-lived, and encrypted when not in use. Encryption, says the auditors, can't be done with a key residing on the server. All that said, we need to be able to recall data on an ad-hoc basis.

So I hand-rolled some backups, like it was the 90's. GPG to the rescue! As soon as the data is through the gate, I grab the files and encrypt them with a public key generated under a system account, on a separate server. I then dump the GPG'd files in a specific location, delete the unencrypted source files, and wait for an automated job on the second server to log in, pick up the encrypted files, and clean up the interim location on the production server.

Within a day, the copies retained on the second server are discarded as well.

In the normal course of production, we've had to go back to the backup server to restore files on a number of occasions. Everything seems to be working.

big list