Skip to content
Stu LeesAug 2, 2024 3:58:07 PM5 min read

In the Wake of Crowdstrike and Google Incidents, Are Federal IT Departments Ready for Cloud Disasters?

Discover how to be more prepared for cloud disaster recovery.

 

Introduction

As federal agencies increasingly migrate their operations to the cloud, the question of disaster preparedness becomes ever more critical. Recent high-profile incidents involving Crowdstrike and Google have brought this issue into sharp focus. The alarming reality is that federal IT departments may not be as prepared for cloud disasters as they should be.

This article explores the vulnerabilities exposed by these incidents and discusses the steps federal IT departments must take to ensure robust disaster recovery and data protection.

 

2024 - The Year of the Cloud Disaster?

In July 2024, Crowdstrike, a leading cybersecurity firm inadvertently released a software update that caused global chaos by crashing most Microsoft computers that automatically installed it.  

Only a handful of weeks earlier, Google's cloud hosting services faced a catastrophic human and systematic error that resulted in the accidental deletion of entire server instances from $125Bn pension fund UniSuper. This incident led to significant data loss and operational chaos for the Google customer and their many thousands of customers. 

Current State of Cloud Disaster Readiness in Federal IT Departments

Federal IT departments are tasked with safeguarding vast amounts of sensitive data while ensuring compliance with stringent regulations. However, several challenges impede their ability to fully prepare for cloud disasters:

Existing Challenges: Many federal agencies struggle with resource limitations, outdated infrastructure, and a lack of skilled personnel. These issues hinder their ability to implement comprehensive disaster recovery plans.

Compliance and Regulatory Requirements: Federal regulations such as the Federal Information Security Management Act (FISMA), the Federal Risk and Authorization Management Program (FedRAMP), and the National Institute of Standards and Technology (NIST) guidelines mandate stringent security and data protection measures. However, meeting these requirements amidst evolving cyber threats is a constant struggle.

Lessons Learned from Recent Incidents

The Crowdstrike and Google incidents have revealed chinks in the armor of 'cloud resilience' demonstrating that, in both cases, human error can have catastrophic downstream impact.  

Vulnerability Exposure: These incidents exposed critical gaps in data protection and recovery capabilities. They highlighted the importance of having robust systems in place to quickly detect, respond to, and recover from disasters.

Importance of Robust Backup Solutions: The need for comprehensive backup solutions cannot be overstated. Regular, automated backups ensure that data is always available, even in the event of a catastrophic failure or cyber-attack.

Quick Recovery and Minimal Downtime: Effective disaster recovery plans are essential for minimizing downtime and ensuring operational continuity. The ability to rapidly restore data and services can significantly mitigate the impact of a disaster.

 

CASE STUDY

BOLSTERING ATLASSIAN CLOUD RESILIENCY WITH ENHANCED DISASTER RECOVERY

Atlassian Solution Partner, ReleaseTEAM is no stranger to the world of IT disaster recovery but have been facing a new battle when having conversations with IT departments who have migrated to Cloud platforms such as Atlassian Jira.

"With the rush to move everything to cloud, a lot of IT departments made some very scary assumptions.  One common one, is that disaster recovery is 100% the responsibility of the SaaS vendor."  Says Robert Wen, a senior consultant from ReleaseTEAM.

"Unlike on-prem, the cloud vendors, including Atlassian, all have Shared Responsibility frameworks that customers automatically buy into as part of moving to the cloud.  These frameworks typically put a lot of the onus for data recovery back onto the end customer."

What Mr Wen is talking about might be common knowledge amongst senior IT Security and Compliance professionals, but is often lost in the 'fine print' section for less experienced and hyper-busy IT customers.   

Shared Responsibility can be best described by this statement that comes directly from the AWS Cloud Services shared responsibility framework. "We, the cloud vendor are responsible for the resilience of the cloud. The customer is responsible for the data resilience in the cloud. "

"In the event of an end customer related disaster incident - such as cyber penetration and maliscious data damage - the cloud vendors in most cases do not have to restore any of the customer data." Mr Wen continues.

Release Team recommends that all cloud customers review their responsibilities and invest in appropriate data protection and backup platforms such as Revyz Data Manager for Jira.

 

Best Practices for Enhancing Cloud Disaster Readiness

To enhance their readiness for cloud disasters, federal IT departments should adopt the following best practices:

Conducting Regular Risk Assessments: Regular risk assessments are crucial for identifying potential threats and vulnerabilities. By understanding the risks, agencies can better prepare and implement appropriate mitigation strategies.

Implementing Comprehensive Backup Solutions: Advanced backup solutions that provide encryption, redundancy, and compliance with federal standards are essential. These solutions ensure data security and availability during a disaster.

Training and Awareness Programs: Ongoing training and awareness programs for IT staff are vital. Educating personnel on best practices and response strategies ensures that they are equipped to handle disasters effectively.

Conclusion

The recent Crowdstrike and Google incidents serve as stark reminders of the vulnerabilities inherent in cloud computing. Federal IT departments must take proactive steps to enhance their disaster readiness. By investing in robust backup solutions, conducting regular risk assessments, and maintaining compliance with federal regulations, they can better protect sensitive data and ensure operational continuity. The time to act is now, before the next disaster strikes.

References

  • Federal Information Security Management Act (FISMA)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • National Institute of Standards and Technology (NIST) guidelines

 

About Revyz

Revyz is the first Jira native data protection application in the Atlassian Marketplace. And, it’s backed by Atlassian and Druva.

Revyz Data Manager for Jira can backup and store data securely and remotely, making it available for various recovery scenarios without having you roll back the entire site. It’s renowned for being simple, robust and aligned with global compliance regulations.

 
avatar

Stu Lees

Stu is the VP of Marketing and Partnerships at Revyz Inc. With a career spanning over 25 years in IT, Stu runs the global marketing and partnership teams for the Revyz business and is based in Auckland, New Zealand. Stu has worked in a wide variety of arenas that include 15 years in senior leadership roles in enterprise IT as well as running his own technology integration company from 2006-2013. Stu is involved as a leader in the Auckland Atlassian ACE group and speaks frequently in webinars on both cyber security and marketing.
RELATED ARTICLES

Other Jira Backup Resources

If you found this article on Jira Cloud Backups useful, then take a look at our new Resource Center for Jira Cloud

Looking for a Jira Backup Solution?

Review the featues of this award winning Jira Backup solution

Revyz Data Manager for Jira Cloud 2024

 

 

View Backup Features

The Digest for Atlassian Admins : September 2024

Managing Regulatory Requirements in Jira Cloud | Revyz.io

The Overlooked Costs of Atlassian Cloud: A Comprehensive Guide

How Inadequate Cloud Disaster Recovery Could Cost You Compliance