

AWS console breach leads to demise of service with “proven” backup plan - dtparr
http://arstechnica.com/security/2014/06/aws-console-breach-leads-to-demise-of-service-with-proven-backup-plan/

======
brandon272
There's lessons here for everyone! If you are a SaaS provider, please keep
offsite backups and protect them sufficiently. Don't allow a common control
panel to manage your production data AND your backup data. In my backup
strategy I use a combination of onsite and offsite backups. The onsite is
really just a convenience thing where you can easily access your data quickly.
The offsite backups are there in case anything happens at the production
location, either to your live data or to the live data and the backups.

The lesson for customers is to never trust anyone when it comes to backups.
Don't assume that a provider's claim about their "rock solid" or "proven"
backups means anything. Pretend they don't have a backup.

~~~
gacba
Can you suggest a solution for those of us on AWS that are SaaS providers that
you find to be reliable?

