Comprehensive Backup Ransomware Protection
MongoDB Atlas needs a modern, comprehensive, secure ransomware protection strategy for its customers. Simply providing the ability to backup a database, and encrypt that database with "bring your own key" is not enough. Below I highlight what I believe are key components of a comprehensive strategy (or at least a good start).
Immutable and Verifiable Backups
Once backups are created, Atlas should provide a facility to ensure the backup remains immutable. Further, Atlas should provide verification that a backup continues to be untouched / unmodified for its entire lifecycle.
Deletion Protection
Atlas should provide enhanced deletion protection for backups. Any attacker with privilege escalation can delete backups, then take control of the database. There should be a MFA and/or multi-step/multi-person backup setting that customers can enable. This could enable a requirement of at least two factors before deleting a backup. Alternatively, it could also provide the ability to turn on a feature that would require two humans to "sign off" on the deletion of a backup.
(extra credit) Air Gapped Backups
An "extra credit" feature would be to have the ability to store a copy of each backup in an air gapped storage solution.
Robert
shared this idea
Hello,
I am pleased to announce that we have released our backup feature called Backup Compliance Policy, that protects your backups from being deleted by any user, ensuring WORM and full immutability (can not be edited/modified or deleted) for backups automatically in Atlas.
Backup Compliance Policy allows organizations to configure a project-level policy to prevent the deletion of backups before a predefined period, guarantee all clusters have backup enabled, ensure that all clusters have a minimum backup retention and schedule policy in place, and more.
With these controls, you can more easily satisfy data protection requirements (e.g., AppJ, DORA, immutable / WORM backups, etc.) without the need for manual processes.
Please note that the Backup Compliance Policy can not be disabled without MongoDB support once enabled so please make sure to read our documentation thoroughly before enabling.
In addition to Backup Compliance Policy, organizations can also utilize our multi-region Snapshot Distribution to automatically copy backups (snapshots and oplogs) to additional Atlas regions. If your primary cloud experiences a region outage then Atlas will be able to recover with a copied backup from another region, just like any normal restore.
-
Thanks for this.
First, snapshots are immutable by default. There is no way to edit a snapshot, regardless of who you are. Secondly, on your air-gapped comment, you have options today. 1) you can download your snapshots and store them wherever you like. 2) you can use export snapshot https://www.mongodb.com/docs/atlas/backup/cloud-backup/export/
On your other point, 100% agree and stay tuned :-)
(Edited by admin)
