Yesterday, a security breach led to a catastrophic data loss at Codespaces, another company in the repository hosting industry. We're very sorry for the Codespaces customers who lost data, as well as the Codespaces team, who suffered the loss of years of their hard work.
As Internet professionals, we all know that doing anything on the Internet entails security risks. Our approach at ProjectLocker is to 1) characterize and understand the risks inherent in our systems, 2) develop and deploy risk-mitigation strategies, and 3) ensure that customer data is durably protected in the event of any system failures.
Without going through our entire security infrastructure, here are a few of the measures we take to ensure the durability of customer data against attacks like the one on Codespaces:
- Multiple copies of your data are stored on redundant disk arrays.
- We take frequent automatic backups and keep them offsite.
- We take failsafe backups and store them at a different service provider than the primary provider.
- We require multi-factor login to management systems used by ProjectLocker staff.
- We follow best practices in securing OSes, and keep the systems patched.
- We ensure the physical security of servers by utilizing only carrier-grade hosting facilities.
- We utilize dedicated servers controlled by ProjectLocker.
There are a couple of architectural points nestled in there that bear examining. ProjectLocker runs on dedicated servers. This actually gives our customers two benefits: it allows our services to perform fast more consistently than shared infrastructure, and it creates friction in decommissioning a machine. This friction isn't the lynchpin of our durability strategy, but it does mean that shutting down a ProjectLocker server will involve phone calls with our IBM account manager before any actions are taken. We generally want activities in our business to happen fast, but decommissioning servers is one that we're happy to have happen more deliberately.
The other point is that most of these measures are the product of responding to more run-of-the-mill issues in managing a cloud-based service. ProjectLocker is in its 11th year of profitable operations, so we've seen our fair share of disk failures, network outages, and data center explosions. The net result is that we're paranoid about data durability and security. We're happy to spend a bit more on our infrastructure to ensure that we can continue to say that we've never lost a single byte of customer repository data.
If you have any questions about your account or any of the options available to enhance security for your account, please get in touch and we'll be happy to help.
If you're not a ProjectLocker customer, you can sign up for a 30-day Free trial here (no credit card required):