DevOps and Automation
System administration and infrastructure management.
Managed Hosting
Reliable managed web hosting service.
Managed Databases
Performant and secure managed databases.
Storage
Cost effective storage with free egress.
Web Design and Development
Websites and applications using modern frameworks.
Technical Consultancy
Practical and personalised technical advice.
Get Started
Most businesses that lose data had backups
They just could not use them. The backup job was silently failing. The backup lived on the same server that failed. Nobody had ever tested a restore. The retention window was shorter than the time between the incident occurring and being discovered.
A backup strategy is only as good as your last successful restoration test. Everything else is optimism.
Types of backup
Full backups capture the complete state of the database at a point in time. Straightforward to restore, but large and slow to take. Daily full backups are the baseline for most production databases.
Incremental backups capture only changes since the last backup. Faster and smaller, so practical for more frequent intervals. Restoration is more complex — you need the full backup plus every subsequent incremental applied in order.
Point-in-time recovery (PITR) continuously archives the transaction log — the Write-Ahead Log in PostgreSQL, the binary log in MySQL and MariaDB. This lets you restore to any arbitrary moment, not just when a scheduled backup ran.
PITR matters most when incidents are detected hours or days after they occur. Without it, you can only restore to your last full backup. With it, you can restore to the moment before the incident.
Define your RPO and RTO first
RPO (Recovery Point Objective) — how much data loss is acceptable. If your RPO is one hour, backups must run at least hourly. If it is zero, you need synchronous replication.
RTO (Recovery Time Objective) — how long the system can be down before it causes serious damage. Your entire recovery process — detection, retrieval, restoration, verification — must fit within this window.
These numbers should be set by the business, not the technical team. How much data loss is actually tolerable? How long can the application be down? The answers determine what backup infrastructure you need, and they are often different from what people assume before they think it through.
Retention periods
Seven days of daily backups is a reasonable minimum. Thirty days is more appropriate for regulated industries or businesses with contractual obligations. For older data, cold storage — lower-cost, slower-retrieval — is the practical option.
Your retention window also determines how far back PITR can reach. If your transaction log archive only covers 7 days, you cannot recover to a point 8 days ago.
Offsite storage is not optional
Backups stored on the same server as the database they back up are not backups. A disk failure, ransomware, or a provider incident will take both out simultaneously. Store backups separately: different server, different cloud account, ideally a different region.
3-2-1 rule: three copies of your data, on two different media types, with one offsite.
Test your restores
Run a restoration drill at least quarterly. Take a recent backup, restore it to a test environment, verify the data is intact, and confirm the application works against it. Document the process so anyone on your team can execute it — not just the person who set it up. Time how long it takes, and check that against your RTO.
If you cannot restore a production backup in a controlled drill, you will not manage it during an actual incident.
Conclusion
Backup is an operational process, not a feature you configure once. The backups that exist but have never been tested have no real value — you just do not know that yet. All Vatora managed database instances include automated daily backups, offsite storage, and point-in-time recovery as standard. Get in touch if you would like to discuss your setup.
