Continuous data protection refers to the process of creating data backups every certain amount of time on a particular database system. It is intended to prevent data loss from different kinds of outages and provide a simple way to restore and reprocess data.
A possible implementation is to make a copy of every record and activity related to a particular database of interest that is then stored in a separate database. This second database can be of a different type, designed to be limited on its access to protect the data from any unauthorized access. The Continuous Data Protection systems allow us to recover from any data loss at any given moment, thanks to the fact that every activity and record is constantly being backed up in a redundant database. This way, we can overcome the problem related to periodic backups, referred to as “backup windows”.
The motivation behind these kinds of controls is in part due to the rise of ransomware, a malicious tactic employed by cyber attackers that can encrypt an entire database to, later on, ask for a ransom to recover the data. Besides protecting against ransomware, continuous data protection protects sensitive data from accidental deletion or corruption. Sometimes, controls like continuous data protection are necessary due to compliance with specific data protection regulations that seek to enforce best practices when dealing with sensitive user or financial data. Ideally, these controls allow for a full recovery without any data loss, which can otherwise lead to unacceptable consequences for a certain business operation or continuity, for example, financial transaction data. One example of this might be the necessity of having continuous data protection systems when building an online payment system.
Although this control has been available since the use of relational databases started to be mainstream during the 1980s, modern cloud providers also support this through different kinds of products. The solutions might vary according to the specific provider. Still, most need to have capabilities to deal with varying types of restorable objects of importance, such as transaction logs, audit logs, security images, mailboxes and massages, credentials, and so on.
As an example, cloud data warehouses like Snowflake offer commands like UNDROP TABLE or UNDROP DATABASE.
Even though continuous data protection may provide a layer of security, it is important to also make sure it is tested and audited as it can be the target of attacks as well.
