Database Backup Strategies for Cloud-Hosted Systems
Cloud-hosted databases offer significant improvements over traditional on-premise backup approaches — but "the cloud backs it up" is not a strategy. Understanding what managed services provide, and where gaps exist, is essential to designing robust backup coverage.
What Managed Database Services Provide
Services like Amazon RDS, Cloud SQL, Azure Database, and Supabase typically provide:
- Automated daily snapshots with configurable retention (7–35 days)
- Point-in-time recovery (PITR) — restore to any second within the retention window
- Multi-AZ replication — automatic failover within a region
What They Don't Protect Against
- Accidental deletion: If someone deletes a table or truncates data, PITR helps — but only within the retention window
- Regional outages: Multi-AZ protects against single availability zone failure — not full regional outages
- Account-level events: If your cloud account is compromised or misconfigured (e.g. deletion protection disabled), backups in the same account may be at risk
Complementary Strategies
- Cross-region backup copies: Copy snapshots to a secondary region — protects against regional outages
- Immutable offsite backups: Export data to object storage with object lock (S3 Object Lock) — cannot be deleted even by compromised credentials
- Application-level export: Regular exports of critical data to separate storage — independent of the database service
- Deletion protection: Enable deletion protection on all production databases — prevents accidental or malicious deletion