The BackHub Roadmap for 2019

We’re excited about taking BackHub to the next level this year!

We highly value customer feedback and also like to be transparent about our plans. These plans are based both on customer feedback and keeping up with evolving industry standards.

In this post I’ll share our priority projects for 2019.

Priority #1: Sync Backups to your Cloud Storage

Until now, backups have been stored on our own data storage, so customers lack direct access to them. Backups have only been accessible through the user interface or by cloning from our server via SSH. When you can sync backups to your own cloud storage, you have full control over your data, can always access it, and further process it.

Update April 12, 2019: We have now released Cloud Sync, which lets you sync your GitHub repository backups to Amazon S3, with other cloud providers to be supported in the near future.

Priority #2: Backup and User Activity Logs

We plan to implement two logs. The first is a Backup Activity Log to log successful backup creation and update, as well as any errors encountered during backup. This log provides more transparency on backup, and will be easy to access via the user interface and a Slack integration.

For security reasons it’s also important to track what users are doing. The User Activity Log will log the stream of all user activity. This log can be used to prevent suspicious activity. It also enables playback of all account activity during an incident review.

Priority #3: ISMS Implementation

Security is vitally important to us.

ISMS (Information Security Management System) implementation includes policies, processes, procedures, organizational structures, and software / hardware functions. By implementing ISMS we will systematically improve overall security from product to organization, and do so in a formal, documented way.

Customers often ask us to respond to vendor security questionnaires addressing many security topics, including security related to product, data, physical office, IT policy, network, upstream vendors, assets and data center, as well as business continuity, disaster recovery, and employee screening.

With ISMS implementation the process is streamlined. A trusted third party will be able to easily audit and verify our security practices.

Currently you log into BackHub with your GitHub user (oAuth).

This is practical for a few important reasons:

There is no need to create a new account on BackHub to be able to use it
Organizations do not have to manage permissions, and
If you are an owner of the organization, you automatically get access to its backups as well

The downside is that the oAuth service is dependent on GitHub. If GitHub is unavailable for any reason, you cannot log into BackHub either. Yet, the whole rationale for backups is to maintain access to data even in a failure scenario.

We implemented cloning last year to enable customers to access data independently from GitHub. Read more …

In 2019 we hope to integrate a second method to log into BackHub. We will likely implement a SAML solution, as SAML is a popular choice for our Enterprise customers.

Note: Another way would be to set a user or disaster recovery password, one which can be used only if GitHub is down. We are looking into how we might do this.