The need to follow good practices

Blogging service JournalSpace is gone. They have put their domain name on eBay and are selling their servers. Everyone who used their blogging service is being pointed to instructions on how to retrieve their posts using Google’s cache. So, what happened?

Apparently, the data on their primary server was wiped, which resulted in all the data from their secondary server to be wiped too. This was because, they used a mirrored configuration to provide redundancy in case of failure of the primary server. Why is this a problem? The problem is that they were also using the secondary mirrored server as backup. The data was not backed up on any other device.

When the data on the primary server was erased either accidentally or maliciously (they seem to have had a problem with an employee recently), the data was automatically removed from their secondary server also. 6 years worth of blog posts were gone in a matter of minutes or hours. It is surprising that the person or the persons maintaining the site did not see the need to back up data in a secure medium.

A lot of questions come up:

  1. What were they thinking? Why did they not see the need for backups? If you do not want to backup your blog entries, that is fine. But when you provide a service, you have a responsibility to ensure availability and security. A mirrored server is a backup for the server and the service, not for the data.
  2. When they have already had some sabotage, why did they not take extra care? It is almost negligence when they knew someone had already tried to disrupt service by sabotaging key servers.
  3. One a different track, how many of you know what the backup procedures are for any of the content hosting services. If say, BlogSpot or WordPress face a similar situation, what will happen to the millions of users and their data. Are you sure that all the years that you spent typing up your posts will be saved?

Every organization tries to keep hackers on the outside from getting in . But so many are blissfully unaware that insider threats are more dangerous and more prevalent that you would think. The moral of the story is to have a well defined disaster recovery policy, separation of duties, principle of least privilege, etc.

Anyway, here is what the JournalSpace website says. I am going to print this and put it up above my desk to remind me to not take good practices lightly.

 JournalSpace is no more