Skip to content

With your data, it’s good to be paranoid

A few high profile, online security failures have stirred up paranoia about putting your data in the cloud. Major breaches to Sony’s Playstation Network, Dropbox and Distribute.IT in Australia have gotten many people paranoid.

And when it comes to data security, paranoia is a good thing. We have a security team plus an independent security consulting firm who are vigilant about data security and protecting our systems against breaches. We invite you to read about our substantial security measures.

It’s always a huge disappointment when we hear about these major breaches, mostly because they often turn out to be quite preventable – the victims are usually the subject of attack because they didn’t take some fundamental precautions.

In the wake of such breaches, a few people tend to declare an adamant refusal to put their data in the cloud. The reality is, nobody can avoid having their data in the cloud – for years now, all of us have had an ever increasing amount of our own data, along with data about us, accessible in the cloud. It’s a basic and unavoidable reality of the world we live in: your data is in the cloud. The speed and ease of living in the 21st century wouldn’t be possible any other way, it’s the plumbing of our global economy.

The vast majority of the time, having data in the cloud is a huge blessing. Once in a while, a breach happens. That’s why we need to stay paranoid. Pretending we don’t already have data in the cloud is the opposite of being paranoid, it’s being in denial.

So if you’re considering who you can trust to properly protect your data make sure you ask these extremely important questions.


Read more about Technology, security



Berend de Boer
23 June 2011 #

Question number one: does Xero backup my data to tape, which is offline, and is rotated for some time before being reused?

Michael Kent
23 June 2011 #

Thanks Alastair, it is an important issue. I get asked about security by every client I propose Xero to. The information outlined on the “security measures” page is good, but lacks independent verification.

I would like to see Xero publishing reports or at least high level findings of its independent third party security auditors and inspectors. Are the results of these audits and inspections ever made public?

23 June 2011 #

I find it somewhat ironic that this blog is about internet security but the third party bank feed provider xero uses requires your internet banking login and password to download nz credit card data and import it into xero

Craig Walker
23 June 2011 #

@Berend Actually we have a backup-in-depth strategy. First we backup to SAN – transaction logs are backed up constantly, differentials done nightly and full backups done weekly. We then backup the diffs and full backups to tape. As well as that we utilize log-shipping to an offsite environment so that in the unlikely event of SAN failure we have a live copy of the database sitting offsite, active, and ready to restore. The rotation on the tapes is fairly tight – we should never be in the position of requiring old tape backups.

We don’t take data loss lightly and are constantly improving our processes.


Berend de Boer
23 June 2011 #

Craig, not sure you have followed the DIT story, but the issue there did not seem to be the lack of backups. Most companies have backups to guard against disk loss, server loss, data centre loss, that kind of thing.

But here it appears an hacker was intend on destroying as much as possible so he wiped every backup as well. So you can have your off-site backup, but that won’t protect you in case an attacker can wipe it.

That’s where my offline tape backup comes in.

I’m pretty sure Xero can survive loss of a major portion of the planet, but protection against a planned attacker who wipes out every boot sector and every backup is something entirely different.

Many hosting companies are currently rethinking their backup strategies in light of this information.

In case of the most catastrophic loss I rather have a 30 day old backup than nothing obviously.

Alastair Grigg
23 June 2011 #

@ Michael, we don’t publish security audit and pen test results because even at a high level this would not be good practice from a security perspective. We’ve looked at many of the automated vendor test suites that have some sort of ‘hacker safe’ badge, but they only testing for very common misconfigurations of commodity software. We subject Xero to far more comprehensive and bespoke pen testing.

@ Jay, we’re working with banks to establish as many bank feeds as possible as direct partner feeds. But where we need to enable these through Yodlee we encourage more banks to also offer read-only user roles for this.

Paul Rushworth
24 June 2011 #

Hi Berend,

As we’ve mentioned, we replicate data in real time to multiple geographically dispersed locations.

In each location, we take point in time backups to discrete Storage Arrays, which are then archived to tape. The network design and implementation of this backup system is entirely isolated from the rest of Xero’s environment to the extent Xero administration staff do not have direct administrator access to it.

Xero is a public company, and its own accounts are on Xero. Xero’s IT team are independently audited regularly by one of the big four for the IT controls we have in place around the protection of Xero’s own data generally, and within that backup system.All Xero customers benefit from this as their own data is protected by the design and implementation of this system.

[…] been with you guys a while now and while I’m happy and have not had any major issues occur – as the recent blog on Xero mentions – It’s good to be paranoid about data […]

Brendan Tully
19 December 2011 #

Its hilarious when SMB clients ask us about security in the cloud – our first response is to ask them if they’re using the same password across the 100+ accounts they have for different services…in 90%+ of cases they are and its easily guessable.

Yes cloud introduces risk but its significantly less than the risk of that data sitting on their office server or PC and with a poor password strategy they may as well be leaving the front door open right now

Add your comment

We welcome all feedback but prefer a real name and email address.