1

Context: With my team I created an "online platform" for a client which moved their operation from a paper based system to a content management system (CMS) based submission system on a Virturl Private Server (VPS).

A large group of users submit content to the CMS in the form of uploading PDF files. These are critical to the operation of the business.

As far as I see it, the online platform should be seen as a tool for data collection and the PDF files should be exported to a separate system as soon as they are uploaded. The business should depend on the exported files and not on the files in the CMS. I would assume the public facing CMS system to be always at risk of data loss through hacking, even cloud account cancellation caused by not paying the bill etc. We have set up backup of the site directory which would backup the data every 12 hours.

Question: Is it good practise to depend solely on the CMS or in this situation is it essential to always have a redundant backup of mission critical data on a separate system? Even if that is an email with the file attached.

And is it right to assume that data in the CMS is always at risk and therefor operations should not be based solely on the VPS?

Tulains Córdova
  • 39,201
  • 12
  • 97
  • 154
user74847
  • 19
  • 1

1 Answers1

1

Nothing is without risk. In house can fail. Out of house can fail. Backups can fail.

Question is, how much is it worth to mitigate these risks? The law of diminishing returns ensures you can spend more on mitigating risk than an actual failure would cost.

Be that as it may, you can go as far as maintaining a failover system across multiple providers so any one of them can go down without any disruption to service. You just have decide if the risk justifies the cost.

Push this far enough you run into the cap theorem.

  • Consistency (every read receives the most recent write or an error)
  • Availability (every request receives a response, without guarantee that it contains the most recent version of the information)
  • Partition tolerance (the system continues to operate despite arbitrary partitioning due to network failures)

The cap theorem says of these three you can have at most two without compromise. When you design a system, pay attention to which you're compromising. You can pick but that's really a business decision.

candied_orange
  • 102,279
  • 24
  • 197
  • 315
  • How secure it could/should be your system is always conditioned to customer budget. As @CandiedOrange mentioned some times is cheaper to let it fail. So first ask client and ler to him to decide – Laiv Sep 09 '16 at 04:46