SQL Databases
      Back to home
      1. Knowledge Base
      2. Azure Knowledge Base
      3. SQL Databases

      Low Point in Time Restore Backup Retention

      Risk Level: LOW

      Description: 

      This plugin guarantees that an appropriate Point in Time Restore (PITR) backups retention time is selected for Microsoft Azure SQL databases. Point-in-time restoration is a self-service feature that allows you to restore a database from backups to any point in time throughout the retention period. In recovery scenarios such as events caused by mistakes, wrongly loaded data, or the erasure of critical data, point-in-time restoration is important.

      PingSafe strongly recommends ensuring that an optimal backup retention period is set for Azure SQL databases.

      Configuration Parameters

      Point in Time Restore Backup Retention Period: This parameter denotes the desired number of days for which Point in Time Restore (PITR) backups are retained. An alert will be generated if it is set lower than the specified value.

      By default, the value is set to 7 so it will show vulnerability if it is set to less than 7 days.

      About the Service :

      Azure SQL Database is a fully managed platform as a service (PaaS) database engine that takes care of most database maintenance tasks including updating, patching, backups, and monitoring without the need for human intervention. You may develop a highly available and high-performance data storage layer for Azure apps and solutions with Azure SQL Database.

      Impact : 

      To prevent application or user mistakes, such as unintended data insertions or deletions, we should back up our SQL Server databases. It's crucial in this case to be able to return to a precise point in time. Automated backups provide guaranteed protection against data loss or physical data corruption.

      Steps to Reproduce :

      1. Sign in to your Azure portal with your Azure account.
        https://portal.azure.com/#home 
      2. Navigate to Azure’s All Resources.
      3. In the Type filter select the value as SQL Servers and click Apply.
      4. Next, select the SQL Server that you want to examine.
      5. Click on Backups under Data Management in the navigation pane.
      6. Check whether the SQL database is present in the available backup or not.
      7. Next, click on the database and check the PITR days under the retention policy. If the number of days is less than the configured then there is not an optimal backup retention period.
      8. Repeat the same steps for other servers as well.

      Steps for Remediation :

      1. Sign in to your Azure portal with your Azure account.
        https://portal.azure.com/#home 
      2. Navigate to Azure’s All Resources.
      3. In the Type filter select the value as SQL Servers and click Apply.
      4. Next, select the SQL Server that you want to examine.
      5. Click on Backups under Data Management in the navigation pane.
      6. Check whether the SQL database is present in the available backup or not.
      7. Next, click on the database and check the PITR days under the retention policy. If the number of days is less than the configured then there is not an optimal backup retention period.
      8. Select the database and then click on Configure policies to set the retention period and then click on Apply.

      9. Repeat the same steps for other servers as well.

      References :

      Please feel free to reach out to support@pingsafe.ai with any questions that you may have.

      Thanks

      PingSafe Support