Vault Lock to protect Atlas Cloud Backups
We are currently looking for a solution to secure our Atlas backups.
Something similar to AWS Glacier Vault Lock [1] or a simple grace period before backups are deleted once and for all would be nice.
It would be amazing to protect the Atlas backups from being deleted.
Currently, if one of our Atlas admins was compromised, the damage for the company would be enormously high. So we need to implement measures against the final deletion of our most mission critical data.
also mentioned in: [2]
[1] https://aws.amazon.com/de/blogs/security/amazon-glacier-introduces-vault-lock/
[2] https://developer.mongodb.com/community/forums/t/is-there-a-vault-lock-for-atlas-backups/11041
Martin
shared this idea
Hello,
I am pleased to announce that we have released our backup feature called Backup Compliance Policy, that protects your backups from being deleted by any user, ensuring WORM and full immutability (can not be edited/modified or deleted) for backups automatically in Atlas.
Backup Compliance Policy allows organizations to configure a project-level policy to prevent the deletion of backups before a predefined period, guarantee all clusters have backup enabled, ensure that all clusters have a minimum backup retention and schedule policy in place, and more.
With these controls, you can more easily satisfy data protection requirements (e.g., AppJ, DORA, immutable / WORM backups, etc.) without the need for manual processes.
Please note that the Backup Compliance Policy can not be disabled without MongoDB support once enabled so please make sure to read our documentation thoroughly before enabling.
-
Geoffrey
commented
With Azure too please.
-
Bryan
commented
I use Atlas because it's easy to set up, especially with backups. Without this feature, I have to build sync tools with the API to make sure my backups are secure. If someone got into our database and deleted the cluster - the backups are completely lost.