Database Backups 101: Database Backup Security Considerations

Database Backups 101: Database Backup Security Considerations

Sarojini Devi Nagappan
23 January 2020

Data security is important to protect the data in an organisation from unauthorised access, malicious attacks, or phishing activities. The term database security includes the methods taken to protect the security breach from the data level, user-level, and system level. 

A database could be open to threats like DDoS attacks, unauthorised database access, SQL injection attacks, and more. Organisations must take measures to maintain the data security of the database, ensure fast recovery, and always have a backup available. 

Ensuring the security of your database backups is equally important as the security for the database itself. Reliable backups are an important part of recovery. This blog outlines common database backup security considerations which should be implemented to maintain the data security and integrity of these files.

Database Backup Security

Like the database, backups should also be secured on three levels namely; data level, user-level, and system level. There should be more than one copy of a backup, this ensures that if the backup has been damaged or altered by unauthorised access, there would still be a clean copy for recovery purposes. 

Ideally, database backups should be kept both on-site (stored on the same server as the database) and offsite to avoid situations such as hardware failures, which can lead to total data loss. Once the basic backup plan is in place, next comes in the security considerations for the database backup. 

Data-Level Database Backup Security

Data in a database backup is (usually) in the at-rest state. It’s best to employ data at-rest encryption methods to avoid any tampering of the data. Encryption transforms the data to another form and only authorised access can decode it. If the backup falls in the wrong hands, sensitive data is still protected based on the encryption when the backup was done. The backup data encryption depends on the database engine or the operating system itself, therefore, when you open an encrypted backup data the format would never be the same. Advanced database management systems usually come with a data encryption system, but often at a higher cost.

User-Level Database Backup Security

However well the data is encrypted, if it is easily available to anyone, encryption would be pointless. The place where backups are stored must have the same user management controls as your database access does.

It is also good to have multiple-factor authentication, not only for the database but for the database backups as well. A good combination of user login (username and strong password) combined with security codes from mobiles is a good way to verify the access as a means to data protection. This is a good method for any off-premise backup access (such as backups on the cloud). 

Other common practices include implementing role-based access for backups. This limits the number of people accessing the backups and, should there be any unauthorised access, security breach tracking can be done easily. Role-based access should also be considered for physical media as well, where the backups are stored to mitigate theft of the backup device. 

System-Level Database Backup Security

This is a security measure at the hardware, network and communication lines level which can also pose a threat to the database backups. Like a database, the database backup files can also be accessed via these channels. To avoid this, there should be limited access and protection (such as a firewall) on the servers wherever the backups are stored. This minimizes the threat to backup servers or backup hosting via system-level threat

Conclusion

Having a good database backup plan and policy is important in any organisation. The plan or policy should include enough measures to secure the backup from various types of malicious attacks. 

While it might seem that since backups do not have current data it’s not as valuable a target, but for hackers the data at rest provides valuable information (especially if the database contains user information). 

Access to backups is usually human-driven, so the first security consideration would be to have good rules on access privileges to limit access and avoid a security breach. 

It’s a good idea to invest in a good software or service to maintain a timely, valid, and highly secured backup of your databases (Like Backup Ninja!).

 

Tags