If your organization uses version control systems like GitHub, GitLab, and Bitbucket, you probably are aware that code as intellectual property is the most valuable asset inside your company – you and your team spent thousands of hours (and money) to write, support, and improve projects. As CTO, CISO, DevOps Lead, software-house owner, or team leader – you probably can imagine how much it would cost you to lose the code your team has been working on for months…
But is it even possible? Data breaches, systems downtime, policy changes, and more – all of those factors can limit access to your repositories on GitHub, GitLab, Bitbucket, and in conclusion, put your Intellectual Property at risk. And without proper protection of your IP, your business might not be able to harness the full potential of code created by your employees.
Now, let’s find some arguments that will back you up during discussions with your superiors. team members and even developers that professional repository backup software is something essential for your development process and company security.
Like most SaaS providers, also GitHub, GitLab, and Atlassian rely on shared responsibility models that define which security duties are handled by the service provider and which belong to your organization. In a nutshell: service providers are generally responsible for the entire system’s accessibility, security, and availability. But when it comes to data, they are only data processors, you are the owner so your data is your concern – you need to make sure it’s properly protected and compliant with all legal requirements – for example in terms of data retention.
For example, at Atlassian, the company handles the security of the applications themselves, the systems they run on, and the environments those systems are hosted within. They ensure compliance with standards such as SOC2 or PCI DSS.
You are responsible for the proper management of information on your account. You have to control the users, access to your data, and what apps you install and trust. Finally, you are responsible for ensuring your company is meeting compliance requirements. Just like in the below image:
Image: Atlassian Cloud Security Shared Responsibilities [Atlassian]
Probably that is why hosting service providers like GitHub recommend having reliable third-party backup software – such as GitProtect.io.
Believe us or check it out, but there were many times that GitHub, Bitbucket, or GitLab went down, leaving many companies without access to their code and the possibility to work. Going further, with many financial losses.
One of the biggest outages of GitLab happened in 2017. It was caused by the accidental removal of data from primary database servers. This incident caused the GitLab.com service to be unavailable for many hours. They also lost some production data that they were eventually unable to recover. Specifically, they lost modifications to the database and data such as projects, comments, user accounts, issues, and snippets (more).
In June 2020, there was a major outage of the Github service that lasted for hours and impacted millions of developers (more).
That kind of outages can impact developers’ productivity, especially if they occur during crucial launch windows. Think about your company – how long will you be able to work without access to your GitHub data? How much such an outage will cost your company? Are you able to afford it? Or you better prevent such situations and invest in reliable third-party backup software like GiProtect.io to quickly recover data and get back to code and work?
And GitHub downtime is only the tip of an iceberg…
One of the most common issues when it comes to cybersecurity incidents generally is human error/mistake. HEAD overwrite, accidental deletion of branches, or even intentional deletion made by the frustrated employee (or ex-worker, who still has access to the repository) – are some of the most common reasons for data loss. And we have to keep in mind that developers tend to have one GitHub account that they use both for personal and professional purposes, sometimes mixing the repositories. Thus, it is crucial to keep an eye on that.
Ransomware remains one of the most expensive threats for businesses of all time. It happens every 11 seconds and is projected that by the end of 2021 it will generate global losses of…20 billion dollars (compared to 325 million in 2015).
One of the most misterious ransomware attacks on git hosting services happened in 2019. Bleeping Computer reported that attackers were targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories and leaving behind only a ransom note and a lot of questions.
Business downtime caused by a ransomware attack usually lasts days. Then a company needs weeks to restore all systems, and without reliable backup software those attempts usually fall down. You can not believe that paying a ransom will give you a 100% guarantee of recovering your data. When it comes to the version control system, losing access to the data that stays encrypted, can cause downtime as well. Unless you have your Git backup and you can recover the data anywhere, from any point-in-time, and get back to work immediately. And most of all, not lose your data at all.
Not only human errors or hacker attacks can lead to losing access to your data, but it can also be influenced by many sorts of hardware and software failures. This is especially dangerous when your developers are working on a local git repository.
Adding problems with synchronization, saving repositories, downloading it, you can see a full range of issues that can slow down, postpone or disable the development process and expose your company to financial loss.
As you can see GitHub, Bitbucket, and GitLab as hosting services proved themselves as quite reliable solutions, yet are not bulletproof. That is why for example GitHub recommends having an additional, third-party backup software. Please note that the stake here is your source code, projects, Intellectual Property, hours of work, and thousands of money… So DevOps backup, like GitProtect.io seems like a small investment for the peace of mind it provides.