Welcome to another edition of the Backup Bulletin! I’m back from vacation, a little sunburned, and ready to dive in.
What we’re talking about
Terraform (Hashicorp) adopts BUSL
The makers of Terraform have announced their move to a Business Source License (BUSL for short). While we’re heavy users of Terraform, this has no impact on Rewind as we don’t compete with any Hashicorp’s products. (If you also use the free or commercial version of Terraform for your provisioning needs, you’re likely ok.)
But - this is another clear example of the Golden Rule #2: understand your tech stack and your dependencies. Companies who built entire products around Terraform now face competitive restrictions: If your offering significantly overlaps with what a Hashicorp product can do, you can’t use Terraform. Perhaps the OpenTF group will be successful with their attempt to fork Terraform and keep it open-source, but those of us who remember the Elasticsearch vs. AWS ‘agreement’ aren’t holding out a ton of hope.
Understanding your tech stack, and your responsibilities when it comes to dependencies and the ecosystems in which you operate, can prevent your business from resting on a house of cards (remember when log4j blew up?) Truly, XKCD said it best:
A new acoustic attack has proven to have up to 95% accuracy identifying keystrokes - simply by listening to the sound of a keyboard. Researchers used easily available materials such as a Macbook and an iPhone to correctly guess sensitive info via the sound of the keystrokes.
“This is exactly why I program at a levitating desk, using a laser-projected keyboard inside of an acoustic-tiled, hermetically sealed cube.” - Kevin Stark, CloudOps and tin-foil hat enthusiast.
All jokes aside, it’s important to remember that interesting new hack =/ relevant new threat. You’re still far more likely to lose data to good old fashioned human error.
From the Compliance Corner
This is a new section where I pick the brain of our resident data protection and privacy specialist, Margaret Corcoran. Basically, she reads the GDPRhub wiki so you don’t have to.
The best method for staying ahead of GDPR violations? Learning from others' costly mistakes. A Hungarian debt processor was recently fined €25,000 (or ~$27,000 USD) for not having a clear data retention policy. When a customer attempted to delete their data, the company failed to inform them that their data would remain in the company’s backups per their data retention policies. Specifically, their lack of clarity around backup retention policies “breached the principle of transparency under Article 5(1)(a) GDPR.” (click the link if you’re having trouble sleeping).
Moral of the story: good data protection practices include data retention policies (here’s a template that might help). Data protection is an important – and specialized– job and it’s up to you to adhere to the regulations that apply to your business.
If you’ve never heard of Klaviyo, consider this a reminder to check the data protection and backup policies of your favorite SaaS apps. Our friends at Klaviyo, for example, spell it out: “Customer shall have the sole responsibility for [...] backup of Customer’s Data.”
Anything you think we missed? Hit us up at backup.bulletin@rewind.com if you’ve got a topic you think we should be talking about.
If you have any questions or concerns about your Rewind backups, get in touch at help@rewind.com. We’re here to, ahem, help :)
Until next time!
James CiesielskiCTO and Co-Founder
With over 20 years building scalable solutions in telecom, fintech, and of course, SaaS, James was there from the beginning: Rewind’s inaugural Backups for Shopify. You can typically find him passionately explaining the SRM, cooking with his wife and kids, and volunteering to be in net for every pickup game he can find.
Or, click the links below.