Silicon Valley ft. Bryon Singh, RailWorks Corporation

Silicon Valley ft. Bryon Singh, RailWorks Corporation

By Steve Gold
Posted in Security
On March 12, 2024

"Silicon Valley," the hit HBO comedy series that aired from 2014 to 2019, follows the trials and tribulations of Richard Hendricks and his team at Pied Piper as they navigate the competitive world of Silicon Valley with their groundbreaking compression algorithm.

One of its core narratives provides a compelling backdrop to discuss the significance of automated backups. Throughout the series, Pied Piper faces multiple data management crises, including near-losses of crucial algorithmic data and intellectual property due to various mishaps and competitive sabotage efforts. These scenarios underscore the necessity for robust, automated backup systems in safeguarding valuable digital assets against unforeseen events.

"Silicon Valley" also sheds light on the importance of prioritizing which data sets are critical to business operations and therefore must be included in automated backup processes. Richard and his team learn the hard way that not all data is equally important, and identifying what must be protected at all costs is crucial. This mirrors the strategic approach businesses must take in classifying data based on its importance and the impact of its loss, thereby ensuring that backup resources are allocated efficiently.

This safeguard emphasizes the importance of automated backups to protect your organization's critical data. Regular, automated backups ensure that you can recover from accidental deletions, hardware failures, or even cyberattacks. To determine the best backup frequency (weekly or more often), start by classifying your data based on its sensitivity. This will help you prioritize the most crucial information for more frequent backups.

Best Practices:

  • 3-2-1 Backup Strategy: Maintain at least three copies of data, stored on two different media types, with one copy kept offsite for disaster recovery.
  • Backup Scheduling: Align backup frequency with how critical the data is and how often it changes. Highly sensitive data might warrant daily backups.
  • Test Your Backups: Periodically test backups to ensure data can be successfully restored. Document test results.
  • Encryption: Secure your backups with strong encryption, both in transit and at rest, for added protection.
  • Retention Policies: Define how long various types of backups need to be kept, balancing storage costs with recovery needs and any legal/regulatory requirements.

Here’s a link to the Data Recovery Policy Template provided free of charge from the fine folks at the Center for Internet Security: https://www.cisecurity.org/insights/white-papers/data-recovery-policy-template-for-cis-control-11

Here’s some detail on this specific Control/Safeguard.  If you want more detail, DM me.

CIS Control 11 – Data Recovery

Establish and maintain data recovery practices sufficient to restore in-scope enterprise assets to a pre-incident and trusted state.

Implementation Group 1

CIS Safeguard 11.2 - Perform Automated Backups

Perform automated backups of in-scope enterprise assets. Run backups weekly, or more frequently, based on the sensitivity of the data.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.