Securing backups
If a database contains sensible data, its backups will contain sensible data too. This is something we must never forget. There are several good practices that companies should follow to keep backups safe:
Setting proper permissions: Only the user who performed the backups, probably a DBA, should have the permissions to read or write them.
Transfer backups in a secure way: If backups are performed on the database server and then copied into another machine, the transfer must be done in a safe way. For example, the
scp
command can be used to copy the files with an SSH connection.Encrypt backups: After all, in theory, stealing a backup is always possible.
Physically store backups in a safe place: A safe place is a place that unauthorized persons cannot access. A safe place should also be equipped with antitheft and antifire devices.
If necessary, SELinux or firewalls can be used to improve security.