COVID-19 Cyber Attacks Call for you to Backup Securely

Andrew Abwoga

The COVID-19 pandemic has had its fair share of influence on world media but of interest is the sheer amount of cyber attacks that have escalated since it began. Interestingly enough, is news of a 667 percent rise in Coronavirus-Related attacks since the beginning of March 2020. Downplaying the possibility of being attacked is far from the wisdom gained from corporations who have spent millions in setting up security controls, yet they still succumb to data breaches. This goes right down to medium and small businesses that have had their databases wiped off by ransomware. A point to note is that having an 'Assume Breach' mentality is ideal in all situations as you are devising your security strategies. At the point that your data gets stolen, you need to have been ready. 

Backing up your database stands out as one of the most fundamental steps you need to get ready. On top of that is the question of whether your backup can stand the test of time and security. And in that case, the exception rather than the norm is to ensure that you backup regularly, that your backups are secure and available.

Confidentiality, Integrity, Availability of Your Backups

Of most importance to consider for backup security is your business, security, and/or your compliance goal. With backups, as it is with your general security, it's always a matter of striking a balance between confidentiality, integrity, availability. Not forgetting, other security considerations like identification, authentication, authorization, and auditing; essentially aspects of access control.

For example, when it comes to considering the privacy of Personally Identifiable Information (PII) in your backups, all the above aspects (confidentiality, availability, and integrity) are equally important to consider since privacy breaches may be attributed to the lack of any of the aspects thereof. 

Backups Without ClusterControl

Open-source databases offer numerous tools that can help with doing backups. Below is a list:

 

Database/Database Cluster

Backup Tools

MySQL 

mysqldump, Percona XtraBackup for InnoDB engine, mysqlbinlog

MariaDB

mysqldump, Percona XtraBackup for InnoDB engine, mysqlbinlog, Mariabackup

Percona XtraDB Cluster

mysqldump, Percona XtraBackup, mysqlbinlog

Galera Cluster

mysqldump, Percona XtraBackup, mysqlbinlog

PostgreSQL

pg_dump, pg_basebackup using Write_Ahead_Logs (WAL)

 

 

You can decide to use either of the tools above depending on your needs; that is, according to the kind of database/cluster you are using. The drawback of using these native backup tools is the cost of maintenance that you may have to endure. ClusterControl offers numerous advantages over using these native tools as we shall see. To get more information about how you can utilize some of these tools please take a peek in our DevOps Guide to Database Backups for MySQL and MariaDB whitepaper.

Backup Management with ClusterControl

It is essential to have backups as a key operational aspect of your database management. Reasons being, incidents such as ransomware attacks, system crashes, hardware failures, power failures, or human errors (both accidental or intentional). ClusterControl offers numerous possibilities for your database security which is inclusive of being able to manage your database backups. With it, you have all the open-source backup tools wrapped in to make it as easy and convenient to plan and manage your backups for the open-source database/cluster of your choice. You can : 

  1. Get an overview of all your Backups

  2. Create/Schedule a Backup

  3. Encrypt, Compress and Archive Offsite

  4. Define Retention policies

  5. Receive Backup Notifications

  6. Verify/Restore Backups

Overview of all your Backups

You can get a glimpse of all your scheduled backups by navigating to Backups Tab. While on that tab, you can immediately be able to view the status of all your backups. You can further select the Create Backup, Restore Backups, Scheduled Backups or Settings Tabs as will be described in the next sections.

Create/Schedule a Backup

If you need to create/schedule a backup on ClusterControl, it is as easy as navigating from Backups -> Create Backup -> Schedule Backup and you will have the menu below:

Encrypt, Compress and Archive Offsite

AES-256-CBC is an encryption algorithm that has been proven to have sufficient strength for encrypting blocks of data such as database backups.  ClusterControl can help you achieve encryption for your database using this algorithm by navigating from ClusterControl -> Select your MariaDB Cluster -> Security -> SSL Encryption -> Enable.

 

 

Aside from encrypting your database, you can also encrypt your backups.  As you are creating your backup,  as described in the create backups section above, you will go through the first step of scheduling your backups, next on will be a section that will require you to specify the backup settings. In that section, you can toggle the options to encrypt and compress your database backups as shown in the diagram in the section below.

A point to note though is that encryption in and of itself doesn’t protect you from privacy breaches as a result of ransomware. An encrypted backup or encrypted data could also be stolen or re-encrypted by an attacker which could escalate into a breach if there are insufficient redundancies to ensure that the personal/critical data in question is available.

Define Retention Policies

You also have the option of specifying the backup retention period for your backups. By default the retention period is 31 days but you could specify a custom retention period if you wish.

Post-Backup Logs and Notifications 

Doing backups is not a fire-and-forget kind of activity, you will need to keep track of the status of your ongoing backups and a means to verify if your backups are running as scheduled. Using ClusterControl provides you with job logs, as shown below, that you can check through to keep track of the status of your log activity. 

Further to checking through job logs, you can also create email notifications that will provide you with the status of your backups. To create a notification go to Settings -> General Settings -> Email Notification Settings -> Backup:

Deliver option means that you will get notification immediately. You can also select Ignore or Digest and in that case, you will get a daily summary of alarms raised.

Backup Verification through Restoration

Based on the status of your notification, you need to verify if you can restore the backup. You can verify using the Restore and verify on a standalone option as shown below:

Final Thoughts

Backups are essential, although there is much more to consider aside from merely keeping backups. Proper planning should be done prior to starting any backup schedule. As part of the backup planning, you should think about the kind/nature of your data you are handling and if that imposes any regulations, privacy, or security compliance needs. If so, it may lead to further considerations such as encryption, the number of backup redundancies and possibly retention requirements.

ClusterControl
The only management system you’ll ever need to take control of your open source database infrastructure.