Database Backups 101: Why You Should Get Rid of Backup Scripts

Database Backups 101: Why You Should Get Rid of Backup Scripts

Andrew Abwoga
02 June 2020

One common way to automate your database backups is by simply creating a script which dumps your database and stores the dump files somewhere. This can be scheduled using cron so it runs at regular intervals. Although this approach to backup automation seems quite simple to achieve, there is much more to think about that may have far-reaching impacts to your business continuity, security and compliance. Are the backups properly taken and are they recoverable? Are the backups always executed, as per schedule? How is the process monitored, and what happens in case of failures? Is backup data duplicated across different sites, and is it easy for the IT staff to get an overview of which data is stored where? What does security look like? Which individuals have downloaded the backup data? How about ensuring the company is not keeping data beyond what is legal and regulated? 

Sacrificing your continuity, database security and compliance can be quite expensive considering its potential consequences. In this blog, we discuss why you may need to move away from your good old backup scripts.

Database Backup Cost of Development

Backup of your data is something you just need to get right. Failure to restore your data when you need it can lead to disastrous consequences to your business. You may probably make an attempt to develop the backup script to meet all your needs, but what is the cost to achieve that? The time and effort you need to develop a seemingly fully fledged solution out of a backup script may take significant time, if we want it to be secure, accurate, monitored and audited. The development effort goes far beyond taking backups and uploading them, as there are many other aspects to make it a proper backup management solution. 

Looking into the future, your database backups may grow over time to the point that your backup script will not be able to efficiently manage bulk restorations of your data. That can be painful for your business continuity especially when disaster, such as ransomware, strikes. When all your production data is suddenly encrypted. That’s the point when you will need to have a solution that can help you to efficiently restore all your data.

Database Backup Maintenance

Building a solution from scratch takes time, and needs to be maintained over time. It can be anything from bugs, to new database versions and new infrastructure requirements. Not forgetting how you may need to skim through lines of code on a series of scripts. It's troubling to think of the technical debt that may go into constantly revamping the backup scripts to meet your regular backup needs. Be it servicing the script when it breaks, keeping up with development to support new backup storage environments - such as the cloud storage environments, or worse, where you have to sacrifice your backup schedule to maintain the scripts. A backup solution can save you from the troubles of maintenance. It is also worth noting that maintenance can be pretty complex for staff who inherit these scripts, as they might not be very well documented and do require a certain expertise. 

Database Backup Security

As for your security, coming to terms with the knowledge that your database has been deleted, encrypted or stolen by some would-be hackers is not the greatest news you may want to receive at any point. Thinking sensibly about the security of your backups is ideal to prevent the latter from happening. Backup scripts may not be the greatest idea after all. Just think about it. First of all, you may encounter quite some degree of security/technical debt in trying to maintain the backup script before or even right after the hackers have scavenged on your backups or your customers database backup. That's considering that you may want to compensate for security by either improving your backup strategy using the script. Or, painfully wrestling to bake in security controls - like encryption, logging ,monitoring and alerting - right into your backup scripts and in some cases sacrificing the security of your backups when you are trying to close in on fully implementing all your security needs. It may be a good idea to find a solution that caters for your security needs out-of-the-box.

Some of the controls and features you may need to consider are:

  1. Encryption in-transit  

It ensures the confidentiality of your backups while it's being transferred over a network. Encryption in-transit ensures that your backup data can’t be sniffed by malicious actors.

  1. Encryption at-rest

Encryption at-rest ensures that your database backups are always encrypted at disk. This deters malicious actors from accessing your database backups.

Database Backup Security

Database Audit Logging

Ensures you have access to a trail of changes happening within your environment. Audit logging may come in handy when you are specifically tracking malicious changes in your environment. The ideal questions when conducting an audit are: Who has access to your data? When did they access the data? Where did they access the data from? What did they actually do? These questions may be difficult to pin down when using a backup script.

Database Backup Audit Logging

Monitoring & Alerting of Database Backups

Constant awareness of activities in your database/backup environment is key to ensuring that backups are always executed according to backup schedules. It is also important when trying to fight malicious activity. A monitoring and alerting capability can be quite a stretch to implement and maintain using a backup script. You may certainly need to have other monitoring and alerting tools to complement your backup scripts. 

Database Backup Compliance

You may also need to achieve industry or regulatory compliance. In this case, backups scripts may not be your best bet. Security and visibility may be quite key in helping you achieve compliance. When it comes to your privacy compliance, you may have to think about encryption controls, logging and monitoring to ultimately protect Personal Identifiable Information (PII). As mentioned earlier, it may be painful to achieve encryption or even monitoring using a backup script. 

Conclusion

There are reasons why you might not be able to get rid of all your backup scripts. For instance, in case you have very special requirements and there is no product or service for it. Or if there is a service that could do the job, but at an exorbitant price. In general, backup procedures should be fairly standard. Whether you want to achieve a 'scriptless' peace-of-mind or you probably want to gain full visibility and control of the security and compliance, you can benefit from the unified approach Backup Ninja provides to protect and manage your backup data.