H1N1 Was The Last Pandemic. Here’s Why COVID-19 Isn’t Yet In That Category

I travel a lot for my work, in a global position my role requires me to be on a plane a lot and travelling to each corner. There is a mixed bag of travel for me, some of my travel is for customer and partner meetings but for the most part my travel is based around large IT conferences around the world. So far this year I have been to Shanghai, China in the first week back in 2019 (don’t worry I have had no symptoms of any cold or flu) then I have also been to Prague, Czech Republic and then also Atlanta, USA. Then I have had a huge block of being at home and no time on a plane.

What strikes me is the amount of conferences being cancelled due to the outbreak, I am not sure what happened in the IT industry going back to H1N1 in 2009 but now I am in this space its more visible.

As of today 29^th February, Happy Leap Day people. The following events have been cancelled within our Industry.

• Mobile World Congress in Barcelona
• Facebook Global Marketing Summit in San Francisco
• Facebook F8 in San Jose, California
• EmTech, Asia in Singapore
• Google News Initiative Global Summit in Sunnyvale, California
• Shopify’s developer conference, Unite, in Toronto
• Game Developers Conference, in San Francisco on March 16-17
• F5 Agility – March 16-19, 2020 in Orlando
• Cisco Live Melbourne
• Cisco Marketing Velocity Summit in Austin
• CloudFest 2020
• T Systems International Portfolio & Partner Day on March 5th in Berlin
• Microsoft Ignite Zurich cancelled
• IDC Direction SANTA Clara March 3rd

Currently KubeCon which is due to be at the end of March in Amsterdam is still on with some good communication from the organisers, I know this because this is the next event I am supposed to be attending but as the numbers grow and grow this and many more events will likely be considered for cancellation.

Another swarm of events being cancelled are sales kick off events generally around the beginning of the year or at the end of the company financial year. These are generally not published online but you just have to look at your twitter feed and speak to peers within in the industry.

It’s not just the IT industry there are lots of other events that were scheduled that have also been cancelled.

This is also affecting where people work, and really opens the door for companies to have to keep their employees at home to function away from large shared workspaces to prevent and additional risk of exposure, companies like Zoom and other collaboration and remote calling software is going to be some of the vendors that will benefit from this outbreak. I think one thing that will come from this is how companies deal with this in the future, I can see more and more people being allowed to work from home.

Lots more events are also listed here – https://www.cnbc.com/2020/02/06/reuters-america-update-2-dozens-of-asia-trade-fairs-conferences-postponed-amid-coronavirus-fears.html obviously as you can expect the Asian and in general APJ/APAC events are going to be the first ones to be cancelled.

Update: I am in the market for a Nintendo Switch and those supplies already seem to be affected by the virus and supply chain. Just one article outlining some of the details that we could be coming up against in that supply chain across the globe.

I am going to open up the comments here and would love to keep the events list growing with any that you know of so we can keep people informed.

Keep safe people,

How do you ensure if GitHub was down for a reason that your developers could still gain access to their code but also how many people actually run their code from GitHub directly into their environment?

Why do you need to backup GitHub?

As mentioned above if something was to happen to access to GitHub and that doesn’t just mean a site failure from that end it could also mean internet connectivity or issues within your environment which stops the ability to gain access to GitHub.

What if one of your developers or GitHub administrators brings down an important repository or makes a change that needs to be rolled back, this will also give you the ability to backup any other GitHub repository that you have watched or starred.

How did we get to this topic?

Well it was thanks to a couple of conversations but the trigger to actually exploring things more was having a quick chat with Ruairi McBride which then pushed me to go and do some digging which led me to some articles I will also mention as they could be useful.

The first resource I found was from Volkan Paksoy Volkan is a software developer so although approached this with backup in mind he also talks about some tools that are not the normal for us infrastructure people, but he covers things really well here. The bulk of the script I used actually is based on Volkans work I have just added some additional benefits to it.

Do I need to backup my GitHub?

My argument is how important is this code base, project work that you have within your GitHub account? Can you afford to lose it? Yes you most likely have a version of GitHub desktop running somewhere but what if mistakes occur? What if you lost that? Were compromised? If you feel like you should then there are lots of different scripts and open source tools out there as well as some paid for offerings that you can also use to create backups.

How can I start backing up GitHub?

As I have said there are many ways in which you can make this happen as with any backup methodology it’s down to what you want to achieve. I decided that as a test I wanted to create a daily backup of my GitHub repositories, I had no concern for space as I also know my Github only really contains PowerShell or code based repositories nothing with a huge size, I chose to take a full backup as it were on a daily basis

Having followed Volkans blog above where he states he already had GIT installed (Software Developers generally will have, in my case I did not) so this was the first step in order to start some level of backup.

Another resource to help with this –

https://www.atlassian.com/git/tutorials/install-git#windows

We then need to connect to your GitHub and this involves a few commands that can be found here but I will also print below.

Open a terminal/shell and type:

$ git config --global user.name "Your name here"

$ git config --global user.email your_email@example.com

Next we need to setup ssh on your machine, in my instance this machine is purely going to be a standalone machine that looks after this backup or other backup tasks this is not a developer machine or anywhere I will likely consume this source code we are backing up.

If you have not generated an SSH key for access to GitHub this resource will also help.

Connect GIT to your GitHub – https://kbroman.org/github_tutorial/pages/first_time.html

Not sure if this is needed but this helped me get some folder structure in place - git clone https://hostname/YOUR-USERNAME/YOUR-REPOSITORY

https://help.github.com/en/enterprise/2.18/user/articles/cloning-a-repository

Creating personal access token with Repo Scope – https://github.com/settings/tokens

How to then compress a group of files – https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.archive/compress-archive?view=powershell-6

create such public/private keys: Open a terminal/shell and type:

$ ssh-keygen -t rsa -C your_email@example.com

On windows you are going to find your required files here: C:\users\username\.ssh

• Go to your github Account Settings
• Click “SSH Keys” on the left.
• Click “Add SSH Key” on the right.
• Add a label “backup” and paste the public key from id_rsa into the text box

Then we can test if the above worked by running

ssh -T git@github.com

If that worked then you will get a return of

Hi username! You've successfully authenticated, but Github does

not provide shell access.

Ok so we now have GIT installed and we have now connected to our GitHub account. Next we are back to the Volkan page for the backup script. I have added some additional steps here as I want a point in time scheduled copy of my GitHub repositories that I can access if GitHub is not available or if someone is malicious within and deletes or edits my repositories.

#Script Original from https://volkanpaksoy.com/archive/2017/11/30/Backing-up-GitHub-Account-with-PowerShell/



#Define these four variables based on your own environment. 

$backupDirectory = 'BACKUP LOCATION'

$backupretention = 'COMPRESSEDBACKUPLOCATION'

$token = 'GITUSERNAME:PERSONALACCESSTOKEN'

$base64Token = [System.Convert]::ToBase64String([char[]]$token)



$headers = @{

    Authorization = 'Basic {0}' -f $base64Token

};



Set-Location -Path $backupDirectory

$page = 1

$perPage = 30



Do

{

    Write-Host "Getting page: $page"

    $response = Invoke-RestMethod -Headers $headers -Uri "https://api.github.com/user/repos?page=$page&per_page=$perPage"

    

    foreach ($repo in $response)

    {

        $repoName = $repo.name

        $repoPath = "$backupDirectory/$repoName"



        Write-Host "Processing repo at path: $repoPath"



        if ( (Test-Path $repoPath) -eq 0)

        {

            Write-Host "Repo doesn't exist, clone it"

            git clone $repo.ssh_url

        }

        else 

        {

            Write-Host "Repo exists, update"



            # Change to repo directory to fetch updates

            Set-Location -Path $repoPath



            git fetch --all

              #git reset --hard origin/master



            # Change back to root backup directory

            Set-Location -Path $backupDirectory

        }

    }

    

    $page = $page + 1

}

While ($response.Count -gt 0)



# Enable this command if you wish to store retention points for your GitHub repositories.



# The following commands will allow for us to take a compressed point in time version of our GitHub repository and assign the date to the compressed file and store to a relevant backup location. 

# The Compress-Archive -Path <LOCATION> should be your GitHub repository location, this could also be used in conjunction with another script that on a schedule will bring down and update from the live GitHub repository to this landing area.

# The -DestinationPath should be the target location you wish your backups to reside and potentially then be further protected by your Backup Software.

 



Compress-Archive -Path C:\Backup\Github\ -CompressionLevel Optimal -DestinationPath ('$backupretention' + (get-date -Format yyyyMMdd) + '_GitHubBackup.zip') -force

This is what I have started to do on a scheduled basis so I have at least a copy of my scripts and work completed outside of GitHub, the next challenge is going to be restoring that back into GitHub. If anyone has that as a workaround then please let me know and I will add to this post.

That’s some of the things from a security perspective that should be in place but what if something does get breached and data could have got out of the business. Then you must report any data and security breaches to the information commissioner. This is new as this was a choice from the company if they felt it required by themselves to report. It is not mandatory.

Now we have the overview, I think you will agree it’s going to mean for a huge review for a lot of businesses to understand the way their systems work as well as their employees.

Data Minimisation

Another area that I feel this is going to highlight is the security of systems. Often overlooked or its been the cutting corners for getting things done quicker. GDPR will mean a much stronger focus on technical security, this is going to introduce the use of encryption and having to make sure those security patches are installed on those workloads.

As well as Encryption, pseudonymisation will also be another technique where businesses will have to explore. Pseudonymisation is a technique that allows to replace some of the identifiers with fictitious entries to protect people’s data privacy.

Quote from WikiPedia:

“Pseudonymisation enhances privacy by replacing most identifying fields within a data record by one or more artificial identifiers, or pseudonyms. There can be a single pseudonym for a collection of replaced fields or a pseudonym per replaced field.”

Road Warriors

Many of us carry laptops and other mobile devices around with us on a daily basis, the majority of these devices actually contain some work content. How is this affected? Well it comes down to that review of process and directive from the data protection officer. There will be a requirement as there is today but with more of a highlight on making sure staff members are reliable when taking personal data and business data offsite on these devices. Device encryption is one of the areas I can quickly see being the easy tick here but I am sure there are more options around this like remote workers with thin clients on the road. Because this could also put data at risk of exposure and failure to ensure these points could expose businesses to a fine.

One of the key points moving forward or after the 25^th May 2018, consent must be freely given, specific, informed and unambiguous. It cannot be buried in lengthy terms and conditions.

This will make it much harder for marketers to establish that they have the requisite permissions, which is why your inbox has probably been “spammed” recently with emails asking for your consent to continue receiving messages. The benefit moving forward is that it also needs to be just as easy to opt out of these as it is to sign up for them.

How will the company achieve this?

Most of these public and private organisations that hold such data will be required to appoint a Data Protection Officer. The task of the DPO will be to monitor compliance with the law, education and training to staff as well conducting those internal audits and making sure things are in a good place. The DPO will also be the first point of contact for the authorities, I will touch on these later as well. They will also be the point of contact for any of those people that have their data processed, this will not stop at the employees this also includes the customers too. The interesting thing here is that the DPO must be given the resources to carry out these functions and must have direct access to the top of the management tree. Over the next year few years with the way data is becoming extremely important the DPO role is going to be really important for all.

Who is responsible for making sure everyone adheres?

This is who, well at least for the UK, Elizabeth Denman, Information Commissioner for the United Kingdom. Elizabeth is also the
Chief Executive Officer for a 500+ person independent regulatory agency enforcing data protection and freedom of information law. She appeared recently on the BBC and was asked some interesting questions in regard to the GDPR coming into effect.

“We will have more powers to stop companies processing data, but we only take action where there has been serious and sustained harm to individuals,” she explained.

“What this new fining power gives us is the ability to go after larger, global and sometimes multi-national companies where the old £500,000 fine would just be pocket change.”

She added that she accepted that some companies will need time to become fully compliant.

“The first thing we are going to look at is, have they taken steps, have they taken action to undertake the new compliance regime,” she added.

“Do they have a commitment to the regime?

“We’re not going to be looking at perfection, we’re going to be looking for commitment.”

Large fines will be reserved for the most serious cases, she said, when a company refuses to comply voluntarily.

This is why I mention that if you are only getting around to looking into this and if it effects your business then it’s not too late. But you need to welcome it because the world is changing to have more awareness to data and more importantly personal data and how it is used.

Let’s try and summarise

All those customers that have been holding your data, emailing you privacy updates via email and even those people that have been calling you will be obligated to clearly inform people about the why they are collecting personal data, how is it going to be used and if it’s going to be shared then who to. This is the reason I personally think this is a step in the right direction for data, it means it’s going to make our personal data safer and puts more control on us as to what we want companies to do with it. Unfortunately, this is not going to be an easy switch for all companies and there will be teething pains but it’s a necessary must in my eyes.

For the British people reading that thinks this will all go away post the United Kingdom leaving the European Union. Nope! The UK government have made it very clear that they will remain signed up.

Like I said I am all in favour of this and I do hope that the rest of the world takes notes and also becomes regulated in a similar way. I am also really pleased to know the company I work for is also adhering to this regulation.

Hopefully this is not new news to anyone that must adhere to this new regulation, if it is then there are heaps of content out there and I summarised the Veeam efforts here in another blog post – Veeam & GDPR – The Journey to being GDPR Compliant

Last week, Veeam had their annual conference VeeamON in Chicago, at the conference I was fortunate enough to team up with some fellow Veeamers to talk about the process that Veeam has taken to achieve GDPR compliance but also how it’s not a line in the sand and it’s a case of continuous improvement. We also touched on some of the features that are included within Veeam Backup & Replication and Veeam ONE that will help you understand what your data is doing and what you are doing with it.

It was really interesting to hear the audience asking the questions in regard to GDPR and other regulations, the nature where service providers in the US were already well and truly down the lane in becoming GDPR but still had some questions in that regard, like where the line gets drawn between end user and service provider. Then there were people in the room that didn’t know that they needed to be compliant even though they hold European data.

If you are late to the game that doesn’t mean you shouldn’t get yourself on the path to becoming compliant. 4% of your turnover or £20 million could be the incentive that you need. More details can be found in that first link above.

You may have also noticed a stream of emails coming in regarding privacy rules from pretty much every company you have ever dealt with. One thing I want to share is that you read these and understand what they will be committing to do to protect your data. I would also take a look back over those browser settings because these could be used as a third-party way of passing on data to these companies and then it’s not your data as such, just something else to be aware of.

I am going to be putting a few posts out this week in the run up to “GDPR Date” I hope they are useful. I want to touch on some personal changes people should consider, at the end of the day it’s your data! But I would rather these massive companies not use my data for the wrong reasons. I will also be touching on some more features within the Veeam platform that may help.

You can find the recording here.

We covered a very topical subject here in the UK regarding GDPR and how come next summer every business is going to have to adhere to these new regulations or face some heavy fines. First of all here is the opening introduction paragraph from the Information Commisioners Office (ICO) website.

“This overview highlights the key themes of the General Data Protection Regulation (GDPR) to help organisations understand the new legal framework in the EU. It explains the similarities with the existing UK Data Protection Act 1998 (DPA), and describes some of the new and different requirements. It is for those who have day-to-day responsibility for data protection.”

The fundamental change and awareness here is when it comes to your data you need to know what data you can keep, how long you can keep it for and what data you must not keep in your possession. This pertains to your production data but also comes into your data protection strategy.

From a Veeam perspective within our Veeam Backup & Replication software, there is the ability to exclude files and folders from individual virtual machines, this feature is called BitLooker.

BitLooker enables the exclusion of swap file blocks from processing. Considering that each VM creates a swap file, which is usually at least 2 GB in size and changes daily, this is a considerable amount of data that noticeably affects full and incremental backup size. However, BitLooker automatically detects the swap file location and determines the blocks backing it in the corresponding VMDK. These blocks are then automatically excluded from processing, replaced with zeroed blocks in the target image and are not stored in a backup file or transferred to a replica image.

It is widely known that in many modern file systems deleted files do not disappear from the hard drive completely. The file will only be flagged as deleted in the file allocation table (FAT) of the file system (e.g., the master file table (MFT) in case of NTFS). However, the file’s data will continue to exist on the hard drive until it is overwritten by a new file. BitLooker Excludes these deleted files blocks from the backup set.

As well there may be certain files and directories that you don’t want to back up at all (e.g., application logs, application caches, temporary export files or user directories with personal files). There also might be data protection regulations in place that require you to exclude specific objects from backup. No longer do you simply need to accept the need to back up useless data with image-based backups.

This feature really does allow for a granular and selective approach to what is included in your backup jobs as well as being excluded on a retention period required.

The next topic we discussed was around suffering a data breach in the form of ransomware. Even more topical as it seems something around cybercrime is in the new each and every day at the moment.

What is Ransomware? I wrote a post on this a few months back as well as a recorded webinar that I will look to at the end.

“What is ransomware? – A type of malicious software (Malware) which restricts access to a computer and/or the files on a computer until a ransom amount is paid.

It’s something that is downloaded via email or file from the internet or passed between users much the same as a virus, this can be linked to a virus, malware, Trojan horse these are the same thing but a more evolved version.

What is it going to do to a single computer or network? – it’s going enforce restrictions through encryption and prohibit access to certain areas of a machine or an environment once infected.”

We discussed how Veeam cannot prevent the attack from taking place but it may be possible to assist in the recovery or getting to a stage before the attack took place. The post linked below goes into more detail on how you should be keeping your backup data in certain ways to prevent those backup files also getting infected with the spite of encryption that comes with a ransomware attack.

I also mentioned Veeam ONE and a new Monitor Alarm in there that can be useful in the detection of a Ransomware attack. This alarm uses some CPU and Disk monitoring to determine possible VMs that may be under attack and can notify the administrator of this. a fully tweakable alarm that may or may not just work in your environment.

The thresholds are:
For VMware VMs
* Average CPU usage is above 70.0% and datastore write rate is 40 MB/s for 5 minutes. – gives a warning
* Average CPU usage is above 80.0% and datastore write rate is 60 MB/s for 5 minutes. – gives an error

For Hyper-V VMs
* Total run time is above 70% and virtual storage write is above 40 MB/s for 5 minutes. – gives a warning
* Total run time is above 80% and virtual storage write is above 60 MB/s for 5 minutes. – gives an error

These numbers can be adjusted as well as virtual machines within your environment can be excluded if you know they would constantly be above that threshold. It’s really something there that can give more visibility and help the fight against Ransomware.

Information Commisioners Office (ICO)

RansomWARe – What is it good for? Absolutely nothing!

How Veeam can protect your business from Ransomware

If you want to hear more and you are heading to the IP Expo event in Manchester at the end of April then my session schedule is here.

What is Ransomware?

Remediation – How do we fix this mess if hit?

Mitigation

3-2-1

EndPoint

Other Resources