Claim Ownership

Author:

Subscribed: 0Played: 0
Share

Description

 Episodes
Reverse
Today we are joined by security expert and host of the Secure Talk podcast, Mark Shriner, to discuss information security. We talk about it from a personal perspective, as well as for organizations. Mark, Curtis, and Prasanna talk about what are the bare minimum things you should be doing as an individual to protect your personal information and data, both from a security and backup perspective. We then move on to talking about it from a company perspective, and how very important things like MFA (while good) do not solve everything, and then we talk about many other things you could be doing. Then there was the moment that created the title of the podcast, where Prasanna disagreed with Curtis – but not quite. When it comes to information security and data protection (and many things in life), perfect is the enemy of good. Try not to be overwhelmed with all the things you could or should be doing; just pick something and do something. Something is always better than nothing when it comes to these areas. This episode is jam-packed with good information you won't want to miss. Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
So many people are surprised when their restore is slower than their backup. You shouldn't be, as it's quite common. The good news is there are things you can do to make it faster – if you know them in advance. W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi tackle the seven reasons why your restore may be slower than your backup. Topics covered include RAID penalties, tape issues, database concerns, and others. You'll walk away knowing what to do in order to find out how slow your restores are – and how to fix them. This podcast is packed with good info! (And the death of a USB hub.) Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
Pat Mayock is a Data Protection Warrior for HPE, and he helped us to understand where he thinks LTO & RDX (a removable disk technology) sit in the market. He explains how much tape is used today in enterprise and cloud environments, especially in the public cloud that so many think is a tapeless world. He says the cloud vendors are some of LTO's biggest customers! We talk about what LTO is good at, what it's not so good at, and what that means for how you should use it. Then we shift gears to talk about RDX, a removable disk product that has been around for roughly 15 years. It consists of a docking station and a disk-based cartridge that is built to kind of resemble a tape! Each cartridge contains a single disk drive that you can use very much like you would use a tape, except it appears as a drive letter (mounted filesystem) versus a tape drive. He explains what its target market is and how it meets a niche in the removable storage market in between removable USB disks and a standalone LTO tape drive. This is a fascinating episode you won't want to miss. Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
This whole episode is a Mr. Backup rant, where he talks about things that people should really stop doing with their backup systems, starting with backing up directly to tape. There is a place for tape, but it is NOT at the front end of the backup system. Curtis and Prasanna passionately discuss and explain several relics of the ways we used to do things, and why they no longer make sense. Another one is repeated full backups - synthetic or otherwise. Many of them can be addressed by just changing how you use your backup product, but a few of them may cause you to think about making a change. (Hint: if your backup product has been around for more than 20 years, it probably can't get away from some of the relics of the past.) Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
This week we are joined by emergency preparedness expert and prolific author and speaker, Virginia Nicols, webmaster of EmergencyPlanGuide.org. We talk about why and how to prepare for a disaster/emergency in your personal life, as well as how to do it for a small business. This is a bit different than our usual episode, as there is very little talk about backup and recovery. We talk about where to start when assessing what to do, and what steps you can take right away to prepare. Virginia is extremely knowledgeable on the subject and we learned a lot. You will too! Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
If you liked last week's episode where we talked about this "so let's talk about ransomware" series on reddit, you'll love this week. We have the author, Snorkel42, to talk about the origins behind the security cadence series, and why he decided to finally write some on ransomware. (He explains that everything he talks about his ransomware, but he admits he's been "Mr. Myagi'ing" it for a while.). This guy knows his stuff, and this is the second time he has been on the podcast. He's knowledgeable and entertaining. One of those rare combinations. This is a great episode you will not want to miss. Here are the three posts: https://www.reddit.com/r/sysadmin/comments/tdvbp4/security_cadence_okay_fine_lets_talk_ransomware/ https://www.reddit.com/r/SecurityCadence/comments/tedapy/security_cadence_ransomware_part_2_actions_on/ https://www.reddit.com/r/SecurityCadence/comments/tfm927/security_cadence_ransomware_part_3_the_worst_case/   Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
This week, Prasanna and Mr. Backup (W. Curtis Preston) review a series of posts made by Snorkel42, who previously appeared on this podcast in the episode called "Security expert rips Okta for their response to hack." Things were recorded out of order, so this is the episode where we discovered him on Reddit, and tried our best to distill several thousand words into about 30 mins of advice on how to protect against ransomware. We talk about how to prevent getting it in the first place, how to limit its damage if you do get it, and how to respond and restore your data once that happens. There is a ton of really good advice here, so check it out! Here are the three posts: https://www.reddit.com/r/sysadmin/comments/tdvbp4/security_cadence_okay_fine_lets_talk_ransomware/ https://www.reddit.com/r/SecurityCadence/comments/tedapy/security_cadence_ransomware_part_2_actions_on/ https://www.reddit.com/r/SecurityCadence/comments/tfm927/security_cadence_ransomware_part_3_the_worst_case/   Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
Vast is a massively-scalable storage system designed around multiple pieces of technology that weren't available just a few years ago (e.g. NVMe, Storage class memory, QLC) that offers both file and object functionality, immutable snapshots, and integration with the cloud to address the "smoking hole" problem. Their typical sale (of which they've made many) is north of $1 million, and they have many exabytes of disk in the wild. It's a scale-out storage system without all the typical East-West traffic such systems have. We do our best to poke holes in their offering, but Howard Marks goes toe-to-toe quite well. This one went a little long (one hour) but we truly were fascinated with the Vast story Howard was telling. Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
This episode is a unique look inside the Conti ransomware group, courtesy of a four-part series from Krebs on Security. We review the interesting takeaways from Brian Kreb's series of over 12,000-words from quite a bit of research. The series was inspired by a hack of Conti that resulted in a traunch of internal documents being made public. This gives a unique view into how the organization thinks, how it is laid out just like any other business, the weapons it uses to spread ransomware, and its attempts to branch out to other areas of cybercrime. If you enjoy the episode, be sure to check out the articles that inspired it: https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion (https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-i-evasion) https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office (https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-ii-the-office) https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry (https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iii-weaponry) https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime (https://krebsonsecurity.com/2022/03/conti-ransomware-group-diaries-part-iv-cryptocrime) Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
This week we are joined by John "Ricky" Martin, Director of Strategy at NetApp (and former owner of a tape recovery business), to talk about his paper that declares that backup is fundamentally evil and done in an unintelligent way. Mr. Backup wasn't sure how this one was going to go, and there were at least one or two arguments along the way. No blows were thrown, though. We definitely talk about what a tape recovery business is, and what it was like to do that. We also talk about tape backup, full backups, multiplexing, tape handling, and other elements of how backup is still done today by many people. It's a fun episode where you should learn a lot.
We have none other than Snorkel42 from Reddit on the podcast today. He has 20 years experience in InfoSec, and is a prolific writer on Reddit under the handle Snorkel42. (Check out his posts here: https://www.reddit.com/user/snorkel42/). (We will not be using his given name during the recording.). He thinks Okta managed to turn a mole hill into a mountain by incorrectly handling the hack that happened in January – that we just learned about last week. That's right, we just found out about a hack that actually happened in January! We dive deep into what happened, what it means, and how the worst problem of all is how Okta responded to it. Our expert says he no longer trusts Okta, and gives advice to customers on what to do next. This is a very timely episode that you will really enjoy – unless you're an Okta customer or employee.
Gary Williams tells a great story about earlier in his career that taught him the value of testing backups and updating documentation. He explains how he thought his backups were fine, until a "new guy" came onto the scene and dared to ask the question, "When was the last time you tested your backups?" As Gary explains, sometimes new people have the best perspective. They let him do the first test, and .... it failed spectacularly! It all came down to the documentation they were so proud of. Hear Gary's story and learn from his mistake – one that defined his career. (Mr. Backup also tells the story that defined his career as well!)
Gary Williams tells a great story about earlier in his career that taught him the value of testing backups and updating documentation. He explains how he thought his backups were fine, until a "new guy" came onto the scene and dared to ask the question, "When was the last time you tested your backups?" As Gary explains, sometimes new people have the best perspective. They let him do the first test, and .... it failed spectacularly! It all came down to the documentation they were so proud of. Hear Gary's story and learn from his mistake – one that defined his career. (Mr. Backup also tells the story that defined his career as well!)
When you back up your SaaS apps (because you know you are supposed to), should you back them up to a SaaS service or on on-premises backup system? After defining what SaaS is and isn't, Prasanna and Curtis discuss this important question. First they look at how sizing a SaaS system for backup is different than when you do it in a datacenter, and how that creates challenges for backup design. Does it make sense to use on-premises backup to backup a cloud resource like SaaS?
Learn from others' mistakes by reviewing last year's worst ransomware attacks with Mr. Backup and Prasanna Malaiyandi. Listen to them review the 10 worst attacks from 2021, then discuss lessons learned: Colonial Pipeline, BrennTag, Acer, JBS, Quanta, NBA,AXA, CNA, CD Projekt, and Kaseya. Then they discuss the trends they see, and the lessons we can all learn from these horrible attacks.
W. Curtis Preston (Mr. Backup) and Prasanna Malaiyandi weigh in on a reddit thread that started with a simple question from a user. He has MSPs trying to sell him a solution to back up Microsoft 365, and he's wondering if that's even necessary. As usual on reddit, there are many opinions. Mr. Backup debates the various points being made by the anit-backup crowd, including an article arguing the same point. We start with an overview of why it's important, then we take on the various arguments used to support not backing it up. We talk about how retention policies are not backup, and why. Even retention lock doesn't help, and neither do lagged copies of Exchange Online. We also talk about how the e-discovery tool is NOT a restore tool and will not give you what you're looking for. Finally, we talk about the idea that backup tools can't do DR for Exchange online, and how that is used to bash them as well. Great discussion on this one.
On this week's episode of Backup Central's Restore it All, Mr. Backup himself becomes the guest, while Prasanna Malaiyandi takes over as host. W. Curtis Preston explains the backup configuration of the website behind the Restore it All podcast, and how bit rot caused him to have to restore part of it. We talk about bit rot, the 3-2-1 rule, off-site backups, backups stored in S3 and Google Drive, and what it's like to restore part of a MySQL database. Luckily, the folks at LiquidWeb were very helpful. Watch Curtis explain how practices what he preaches over at BackupCentral.com. If you want to watch the video version of this episode, it's here: https://www.youtube.com/watch?v=I3285etiYBs
This is a response to Tom Hollingsworth's (@networkingnerd) video "Disaster Recovery is a Security Function," found here: https://gestaltit.com/tomversations/tom/disaster-recovery-is-a-security-function-tomversations-episode-25/. I respectfully disagree w/Tom's assertions in his video, and decided to use this as the first episode I'm going to publish a video version of. You can listen to the podcast on all the usual podcast channels, or watch the video version on youtube here: https://youtu.be/ym_ibNWVjgA Tom said that backup and security are very closely related, and suggested that if we reported to the same team, we could perhaps accomplish more together. While I understand the point he is making, I disagree with it, and Prasanna and I discuss it on this episode. We believe Tom's opinion comes from an outdated concept of how security works in backup systems; we haven't worked like that in quite some time. I explain how modern backup systems work from a security perspective, then talk about the idea of backup folks reporting to security folks. I think it's a bad idea for several reasons.
This week's episode is about an incident that happened at the University of Kyoto, Japan, where they lost 77 TB of research data forever. What can we learn from what happened to them? First we discuss the concept of "we can't afford backup," that seems to be prevalent in a lot of universities and research institutions. We then ask and answer the question of whether or not it is every OK to not backup data, along with whose responsibility is it? We pause the recording for what appears at first to be a spam call, but you'll have to listen to hear that. We talk about what happened there, including a letter from HPE apologizing for what happened. Kudos to HPE for that. We also discuss a story from my very first week on the job in 1993; it's not pretty. Mentioned in this episode: Free eBook version of O'Reilly's Modern Data Protection For a limited time, you can get a free ebook copy of my latest O'Reilly book, Modern Data Protection. Just go to druva.com/podcast and download it!
Vinicius "Vinny" Grippa, the co-author of O'Reilly's Learning MySQL (now in its second edition) talks MySQL and MongoDB, as well as that all-important topic of how to back them up! We first learn a little bit about Percona, where Vinny works, as they consult in the database space. We then discussed a hot topic from Curtis, which is this idea of companies that say they don't want an IT department. We then discuss the book, Learning MySQL 2nd edition, and Vinny's top 3 performance suggestions for MySQL, including a discussion about the differences between MyISAM and InnoDB tables. We then discuss the typical ways people back up MySQL and MongoDB, followed by a discussion of two free tools that Percona makes available: Xtrabackup and PerconaBackup for MongoDB. It is a fascinating discussion you won't want to miss.
Comments 
Download from Google Play
Download from App Store