Reducing the backup retention duration can reduce an organization’s ability to re-establish service in case of a security incident.
Data backups allow to overcome corruption or unavailability of data by recovering as efficiently as possible from a security incident.
Backup retention duration, coverage, and backup locations are essential criteria regarding functional continuity.
Ask Yourself Whether
- This component is essential for the information system infrastructure.
- This component is essential for mission-critical functions.
- Compliance policies require this component to be backed up for a specific amount of time.
There is a risk if you answered yes to any of those questions.
Recommended Secure Coding Practices
Increase the backup retention period to an amount of time sufficient enough to be able to restore service in case of an incident.
Sensitive Code Example
For Amazon Relational Database Service clusters and instances:
resource "aws_db_instance" "example" {
backup_retention_period = 2 # Sensitive
}
For Azure Cosmos DB accounts:
resource "azurerm_cosmosdb_account" "example" {
backup {
type = "Periodic"
retention_in_hours = 8 # Sensitive
}
}
Compliant Solution
For Amazon Relational Database Service clusters and instances:
resource "aws_db_instance" "example" {
backup_retention_period = 5
}
For Azure Cosmos DB accounts:
resource "azurerm_cosmosdb_account" "example" {
backup {
type = "Periodic"
retention_in_hours = 300
}
}
