Okay then. Where would these backups go? S3 is easy to backup to. Tarsnap is nice. Rsync.net works as well. But these are all online backup options.
If you're advocating offloading to physical media, you need someone who is going to religiously do it (execute code, pull to removable flash drive/SATA dock), and the more up to date you want your backups to be, the more tedious it becomes.
How much are you willing to spend to have AWS Export send you a physical SATA drive nightly?
Why not to a big disk sitting on a computer in your house?
The server doesn't push to it, the home computer pulls from the server (via a cron job or something). That way an attacked can come in from somewhere else. It doesn't have to be perfect, and it shouldn't be your only backup. But having something like that is great for catastrophes like this.
> Why not to a big disk sitting on a computer in your house?
I used to do this to save the $6 and backup locally. Unfortunately, it stopped being practical once the backups hit 3-4 GB since they'd interfere with my internet access in the morning.
Realistically, what I'd do, is have each founder [or just any 2 technical folk really] each setup seperate accounts at two vendors [e.g. Backupsy + Kimsufi] and have the VM pull the backup from the source. I'd keep a week's worth of backups in this way.
No one person could destroy 100% of the backups. A single breach would not destroy 100% of the backups [although it might destroy the production environment depending on permissions].
The cost for such a solution to cover like 1TB of data? $40/month x2.
If you are a funded startup and you aren't able to spend $100/month on securing your backups I'm not sure what to tell you.
> I used to do this to save the $6 and backup locally. Unfortunately, it stopped being practical once the backups hit 3-4 GB since they'd interfere with my internet access in the morning.
3-4 GB of data each day?
I backup data from my personal laptop to digitalocean droplet ($5 month) and then during the night backup droplet (which also stores my mail and other stuff) to the disc connected to raspi in my home. Incremental backup (rdiff-backup) takes literally 5 minutes (3 mins for /home and 2 mins for mail). And amount of data slowly approaches 9GB.
One of the basic premises behind a solid backup strategy is that if disaster hits that it does not hit simultaneously in all places. If that does happen then I think you have different problems to contend with than trying to restore your backups.
I keep a backup of my home data at the office (encrypted volume). Plus another one at a family member's house halfway across the continent (disks are exchanged at family get-togethers)
At its simplest, you should be able to backup to another Amazon S3 setup, that's completely isolated, belonging to a separate account.
Backups should be initiated from a production account access key where "Create" access has been granted, but all the storage and maintenance by another AWS account with it's own access key.
However, I'm not sure that's technically feasible at the moment, without quite a lot of manual scripting
If you're advocating offloading to physical media, you need someone who is going to religiously do it (execute code, pull to removable flash drive/SATA dock), and the more up to date you want your backups to be, the more tedious it becomes.
How much are you willing to spend to have AWS Export send you a physical SATA drive nightly?