• The typical architecture for protecting databases:

  • Creation of backup policies either through scripts or dedicated database backup tools

  • These policies will create a database backup to a storage target

  • Increasingly, organizations are relying on an additional storage target (“vault”) to create a separate (air gapped) copy of database for cyber resilience purposes

• The responsibility for backing up the database frequently is on the database administrator (DBA)

 Inefficiency: Each script and tool will manage database backups differently. There may be inconsistency in ability to use incremental backups, leading to inefficient use of backup storage targets and increased cost/need for storage.

Secure on first copy: Removes the need for a vault by creating an immutable copy that cannot be altered/modified once written. Also uses Zero Trust principles such as MFA/TOTP by default, multi-person rule.

Walk me through the process of preparing to back up a newly provisioned database.

How do you ensure you consistently hit your SLAs across all databases with respect to backup windows?

What is the process for recovering a criticadatabase in a disaster scenario? Or in situations where you need to provision for dev/test or reporting?

How is security coordinated between you (the DBA) and the infrastructure team with respect to database hosts and storage hosts? Who is responsible in the event of a cyber attack for each part of the environment?

Tell me about the way RPO is determined by the business; how do your current backup processes guarantee that RPO agreements with the business can be met?

• Challenge: Complexity: Relying on scripts that are maintained by the DBA team, and a mix of other database specific backup tools, creates a huge amount of complexity that may lead to inconsistent protection and missed protection of databases.

• Challenge: Inefficiency: Each script and tool will manage database backups differently. There may be inconsistency in ability to use incremental backups, leading to inefficient use of backup storage targets and increased cost/need for storage.

• Challenge: Slow Recovery: Most backup processes require the database backup to be moved back to the production environment, and requires full recovery of the database even if only a small amount of data is needed. Leads to very slow recovery processes. 

Challenge: Cyber Resilience: Database backup software relies on writing to a separate storage layer that is often compromised during a cyber attack. Using a vault approach can create an air gap but the vault is often targeted, and since the vault isn’t updated as often as primary backup, consistent RPO is not maintained. Finally, the database software is running on a host (virtual machine) which is also targeted during a cyber attack. If an attacker compromised the host, the database is now compromised also. 

Slow Recovery: Most backup processes require the database backup to be moved back to the production environment, and requires full recovery of the database even if only a small amount of data is needed. Leads to very slow recovery processes.

Efficiency using Incremental Forever: Always uses incremental forever to store the most efficient backup and reduces need for additional storage.

• Script-based backup across a wide variety of database platforms → Risk of unprotected / underprotected backups and loss of data

• Inefficient Database Recovery → Lengthy RTO and increased risk of data loss

• Long backup operations disrupt production environment performance → Poor user / customer experience

• DB hosts and backup storage not cyber resilient →Downtime leading to lost revenue and potential fines

• Cyber vaults increase RPO time → Unexpected data loss

• HWDIB/D: SLA Domains: Remove the complexity of having to use scripts and separate tools to write to a separate storage layer. Uses SLAdomains to apply protection to databases, and write to one storage target in Rubrik appliance. APIs and Role Based Access Control (RBAC) available to database administrators (DBA) can still control the backup and recovery process. 

• HWDIB/D: Secure on first copy: Removes the need for a vault by creating an immutable copy that cannot be altered/modified once written. Also uses Zero Trust principles such as MFA/TOTP by default, multi-person rule.

• HWDIB/D: Efficiency using Incremental Forever: Always uses incremental forever to store the most efficient backup and reduces need for additional storage.

• HWDIB/D: LiveMount: Can restore the database instantly within the Rubrik cluster and use that database during recovery to the production environment. 

HWDIB/D: Cyber Resiliency for Host Protection: Rubrik protects the host in addition to the database. Through our cyber services we can detect encryption events, and help ensure fast recovery of the host.

Cyber Resilience: Database backup software relies on writing to a separate storage layer that is often compromised during a cyber attack. Using a vault approach can create an air gap but the vault is often targeted, and since the vault isn’t updated as often as primary backup, consistent RPO is not maintained. Finally, the database software is running on a host (virtual machine) which is also targeted during a cyber attack. If an attacker compromised the host, the database is now compromised also.

LiveMount: Can restore the database instantly within the Rubrik cluster and use that database during recovery to the production environment.

• Automated Database Protection → Ensure compliance and protection of new workloads

• Rapid and Granular Database Recovery → Reduced RTO, ability to restore business operations faster, reducing financial impact

• Achieve backups without slowing down the application → Positive customer experience

• Holistic, cyber resilient strategy for database hosts and storage → Business protected from downtime, lost revenue

• Achievable RPOs in a cyber attack → Meet business RPO