Why Backup GitHub, GitLab, or Bitbucket—the Risk of Data Loss
This article explains why developers should use professional backup software to protect their source code, projects, intellectual property, and money.
Join the DZone community and get the full member experience.Join For Free
If your organization uses version control systems like GitHub, GitLab, and Bitbucket, you probably are aware that code as intellectual property is the most valuable asset inside your company—you and your team spent thousands of hours (and money) to write, support, and improve projects. As CTO, IT manager, software-house owner, or team leader—you probably can imagine how much it would cost you to lose the code your team has been working on for months.
But is it even possible? Data breaches, systems downtime, policy changes, and more—all of those factors can limit access to your repositories on GitHub, GitLab, and Bitbucket, and put your intellectual property at risk. Without proper protection of your IP, your business might not be able to harness the full potential of code created by your employees.
What Can Go Wrong With Your Git Data?
Now, let’s find some arguments that will back you up during discussions with your superiors, team members, and even developers that professional repository backup software is something essential for your development process and company security.
1. Shared Responsibility Model
Like most SaaS providers, GitHub, GitLab, and Atlassian rely on shared responsibility models that define which security duties are handled by the service provider and which belong to your organization. In a nutshell, service providers are generally responsible for the entire system’s accessibility, security, and availability. But when it comes to data, they are only data processors. You are the owner, so your data is your concern—you need to make sure it’s properly protected and compliant with all legal requirements—for example, in terms of data retention.
At Atlassian, the company handles the security of the applications themselves, the systems they run on, and the environments those systems are hosted within. They ensure compliance with standards such as SOC2 or PCI DSS.
You are responsible for the proper management of information on your account. You have to control the users, access to your data, and what apps you install and trust. Finally, you are responsible for ensuring your company is meeting compliance requirements. Just like in the below image:
Believe us or check it out, but there were many times that GitHub, Bitbucket, or GitLab went down, leaving many companies without access to their code and the possibility to work. Going further, with many financial losses.
According to TechCrunch, one of the biggest outages of GitLab happened in 2017. It was caused by the accidental removal of data from primary database servers. This incident caused GitLab.com to be unavailable for many hours. They also lost some production data that they were unable to recover. Specifically, they lost modifications to the database and data, such as projects, comments, user accounts, issues, and snippets.
Also, according to TechMonitor, in June 2020, there was a major outage of the Github service that lasted for hours and impacted millions of developers.
3. Human Errors
One of the most common issues when it comes to cybersecurity incidents generally is human error/mistake, head overwrites, accidental deletion of branches, or even intentional deletion made by the frustrated employee (or ex-worker, who still has access to the repository)—are some of the most common reasons for data loss. We also have to keep in mind that developers tend to have one GitHub account that they use both for personal and professional purposes, sometimes mixing the repositories. Thus, it is crucial to keep an eye on that.
Ransomware remains one of the most expensive threats to businesses of all time. It happens every eleven seconds and is projected that by the end of 2021, it will generate global losses of 20 billion dollars (compared to 325 million in 2015).
In 2019, Bleeping Computer reported that attackers were targeting GitHub, GitLab, and Bitbucket users, wiping code and commits from multiple repositories and leaving behind only a ransom note and a lot of questions.
Business downtime caused by a ransomware attack usually lasts for days. Then a company needs weeks to restore all systems, and without reliable backup software, those attempts usually fail. You can not believe that paying a ransom will give you a 100% guarantee of recovering your data. When it comes to the version control system, losing access to the data that stays encrypted can cause downtime as well. Unless you have your Git backup and you can recover the data anywhere, from any point in time, and get back to work immediately. And most of all, do not lose your data at all.
5. Hardware and Software Errors
Not only human errors or hacker attacks can lead to losing access to your data, but they can also be influenced by many sorts of hardware and software failures. This is especially dangerous when your developers are working on a local git repository.
Adding problems with synchronization, saving repositories, and downloading it, you can see a full range of issues that can slow down, postpone, or disable the development process and expose your company to financial loss.
6. Security Compliance
Just a few words: SOC2 and ISO 27001. Why are those standards so desirable? Because once the company completes its SOC2 or ISO 27K audit, it positions itself as a secure, reliable, and trustworthy service that can guarantee security, availability, confidentiality, privacy, and processing integrity. Do those security standards make the company stand out from the competitors? Definitely!
Though, one of the requirements to pass the audit and obtain a status of a secure service is backup. It stands out as a guarantee that the data is recoverable from any point in time and there is no threat to the company’s business continuity.
As you can see, GitHub, Bitbucket, and GitLab as hosting services proved themselves as quite reliable solutions, yet are not bulletproof. That is why for example, GitHub recommends having an additional third-party backup software.
Note: the stake here is your source code, projects, intellectual property (IP), hours of work, and thousands of money, so professional backup software seems like a small investment for the peace of mind it provides.
Published at DZone with permission of Marta Przybylska. See the original article here.
Opinions expressed by DZone contributors are their own.