Backup Storage
Description
The Backup Storage asset provides secure and reliable storage for virtual machines, containers, databases, and critical configuration files within the Scheol Lab environment.
It ensures:
- Data redundancy
- Retention of historical system states
- Rapid recovery in case of system failure
- Protection against accidental deletion or ransomware
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | INF-BCK-01 |
| CI Type | Infrastructure |
| Asset Name | Backup Storage |
| Asset Category | Data Protection |
| Owner | Operations Role (Ops) |
| Status | Active |
| Location | On-Premise / Off-Site |
| Primary Function | Data backup and recovery |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Infrastructure | Proxmox Host | Active |
| Infrastructure | Public VPS | Active |
| Platform Services | Ansible / Gitea | Planned |
| Platform Services | Identity Management Platform | Planned |
Relationships
| Relationship | Target CI |
|---|---|
| Hosts backups for | Proxmox Host VMs, containers, databases |
| Supports recovery for | Critical infrastructure and application services |
| Provides capability | Disaster recovery and business continuity |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟨 Medium |
| Integrity | 🟥 High |
| Availability | 🟥 High |
Criticality score: 🟥 High
Rationale:
- Integrity is critical to ensure restorability of systems and prevent data corruption.
- Availability is crucial for recovery operations and continuity of lab experiments.
- Confidentiality is medium because some backups may contain sensitive configuration or user data, but not all are externally exposed.
Responsibilities
| Role | Responsibility |
|---|---|
| Operations Role (Ops) | Backup scheduling, verification, storage maintenance, and restoration procedures |
| Security Role (Sec) | Ensure encrypted storage, access controls, and audit logging |
Security Controls (High-Level)
The following security controls are typically applied to this asset:
- Encryption - at rest and in transit for all backup data.
- Access Control - restricted access to authorized personnel only.
- Integrity Verification - regular checksum or hash validation of backups.
- Retention Policy - define lifecycle and versioning of backups.
- Monitoring & Alerts - detect failed or incomplete backup jobs.
- Disaster Recovery Testing - periodic restore tests to verify reliability.
Security Considerations
Typical risks related to this asset include:
- Accidental deletion of backups
- Compromise of backup storage
- Corruption of backup data
- Unauthorized access
Security practices include:
- Strict RBAC and encryption
- Regular integrity checks
- Off-site replication for disaster recovery
- Periodic restore testing
Methodological References:
- ISO 27001 - Control 8.3 Access restriction ; Control 8.5 Information backup.
- NIST CSF - PR.IP Information Protection Processes and Procedures ; PR.DS Data Security.
- EBIOS RM - Critical infrastructure backup assets.