When things go haywire.. Beta gets delayed..

On 20th Feb, we sent out mails inviting people for our Private Beta. We were all set to Beta Launch on 14th of March. But unfortunately, we have to push the private beta to a later date.

Unfortunate Turn of Events!
Last week our Cloud Servers were hacked and held for ransomware.
For almost 2 months now we had been relentlessly developing to stay compliant with our goal to ‘Ship Fast’, but in the momentum, we missed several critical things like Security, Backups, and Redundancy.
While we had online backups and basic firewall configured, this simply wasn’t enough!

– We had a basic firewall configured but left our servers open to several type of attacks.
– Vulnerability testing wasn’t done.

– Our online backups were on the block storage on the same instance. They were deleted as well.
– We were fools to not create offline backups of our entire database.

More Problems?
– Creating new instances take up a lot of time since we have made several custom changes to various servers
– Chain of dependencies for libraries used
– Not good enough documentation

Steps Taken:

– Vulnerability assessment for Web Servers and Web App
– Removing single point of failure for both Web App and database
– Introduced Load balancers
– Setup Data Replication
– Offline and online scheduled backups
– Automating deployment scripts
– implementing Server and Service Monitoring
– backup and Rollback testing
– cloud access permissions
– proper SSL termination
– obfuscate keys and passwords for services we use
– keep defaults in case database goes down
– CVE watchlists

Today, we are taking a breath and thinking ‘Better sooner than later’. It would have been a huge catastrophe to have our data wiped if we had users onboard.
We are taking a step back and working on delivering an Enterprise Grade Solution!
We will notify you when we are ready for our "Real Beta". Meanwhile looking forward to your continued support and feedback.

Vaibhav Jain
Founder, StartupFlux