As we use more and more third-party vendor services, we become overly reliant on the vendors' own backup and disaster recovery practices. This can (and has) come back to bite us if the vendor themselves experiences a security incident, or simply closes up shop and doesn't answer any phone calls.
At UC Davis, we host web sites on two different cloud-based vendor services, and they differ greatly in their implementation, access, and APIs. One uses linux containers while the other is a more traditional server cluster. With one, the customer can schedule jobs to run on the infrastructure itself. The other has a robust command-line tool.
In this session, I will describe our custom cloud-based automated process whereby we backup over 700 web sites across two vendors into a secure AWS account owned and managed by UC Davis.
We will cover:
- Web application hosting, service, and access tools provided by the two vendors.
- Cloud-based tools for performing "serverless" tasks.
- Cost-conscious storage options for kinda a lot of data.
- Fun flow-charts and diagrams that show the architecture, data flow, and security considerations.
Prerequisites:
- Understanding that "The Cloud" is just somebody else's computer.
- Healthy distrust for vendor infrastructure integrity.
- Desire to avoid a $1.14 million ransomware incident.
- A general understanding of web site hosting would be nice, but not required.