Backups: Thoughts on a Single Point of Failure

Version control: a source of backups for developers

Backups are important. We know this. Not just a backup, but redundant backups. Your backups should have backups. This isn’t just true of the code that you’re writing for a client or the great American novel that you’re writing for yourself. Think of those family photos of your child growing up, or the videos of the last holiday with the entire family together. Or, more pragmatically, your bank records. Hopefully you know that it’s important to have backups when it comes to any data, and certainly these sorts of critical data.

The type of backup that you use, of course, depends on the data that you’re backing up and how tech-savvy you are. There are great end-user solutions out there. Developers use version control, and host our code bases in a remote repository. Everything for me also goes onto an external drive, and usually another cloud solution as well if it involves client work, because if my MacBook has issues tomorrow and is out of commission for a day, the client’s data cannot ever be at risk.

Backups Aren’t Just For Data

I’m often invited to give talks to local Meetup groups, especially WordPress user groups, on the topic of security for websites and applications. One of the things that I emphasize is that the production version of your site cannot be the only version that you have, and that relying on the backup that your hosting provider is making for you isn’t good enough.

Because I’m generally focused on the development and infosec areas of site ownership when I give these talks, one of the things that I forget to bring up is also having redundant backups in the number of people who have access to the critical information about your site and environment. In short, there should be more than one person with access to all of the components that make your web presence work: your site, your hosting, your domain registrar, your CRM, etc.

This Sounds Counterintuitive, but it Isn’t

This may raise a red flag, if you’re familiar with security best practices, because you know (don’t you?) that the number of users with administrative permissions should be kept to a minimum, regardless of what platform or content management system that you use. The principle here is simple: if a user account is compromised by phishing or a brute force attack, you want as small a chance as possible that the compromised user will have administrative capabilities. If most users are only editors in a WordPress site, for example, and one of them is compromised, the amount of damage that the attacker can inflict will at least be mitigated.

So, why am I encouraging you to have more than one person holding the keys to your virtual kingdom? Let me give you a real-life example.

This week I was contacted by a company with a WordPress multisite instance. All of their sites were broken. The developer who had built them was out of the country on vacation. They needed their sites functional again, but all they had when they called were credentials to their WordPress instance. No hosting credentials, no knowledge of what CDN they were using, no other information of any kind that would allow me to access error logs and see what was going on.

From a personnel perspective, their developer was a single point of failure. He was unavailable, and thus everything was un-recoverable in a crisis scenario.

Remove the Single Point of Failure

I’m fortunate enough to a have a lot of repeat clients, and I work hard to keep them. However, at the end of each project, all of my clients…even if I’m sure I’ll be working with them again in the future…are handed all of the information that they need to access all of the details of their web presence: at least one administrative user in their CMS, hosting credentials, MySQL users, anything else that they would need to function if there was ever an emergency and I was unavailable, or if they ever decided to do work with another developer. That’s the client’s information, and isn’t mine to keep. If I’m on vacation and a client’s site goes down, and they need to bring another developer in, they have all of the information necessary to give that developer the access that he or she needs to fix the issue. I’m not a single point of failure for any of my clients.

So, go make your backups. Plan. If the person running your web presence is ill next week and there’s a crisis, who else will have the necessary information? Bad things happen sometimes, but they’re not nearly as nasty if you’re prepared for them. If you don’t feel like you’re ready for a worst-case scenario, get in touch and we’ll get you that way.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.