安全控制:数据恢复Security Control: Data Recovery
确保所有系统数据、配置和机密均定期自动备份。Ensure that all system data, configurations, and secrets are automatically backed up on a regular basis.
9.1:确保定期执行自动备份9.1: Ensure regular automated back ups
Azure IDAzure ID | CIS IDCIS IDs | 责任方Responsibility |
---|---|---|
9.19.1 | 10.110.1 | 客户Customer |
启用 Azure 备份并配置备份源(Azure VM、SQL Server 或文件共享)以及所需的频率和保持期。Enable Azure Backup and configure the backup source (Azure VMs, SQL Server, or File Shares), as well as the desired frequency and retention period.
9.2:执行完整系统备份,并备份客户管理的所有密钥9.2: Perform complete system backups and backup any customer managed keys
Azure IDAzure ID | CIS IDCIS IDs | 责任方Responsibility |
---|---|---|
9.29.2 | 10.210.2 | 客户Customer |
启用 Azure 备份和目标 VM,以及所需的频率和保持期。Enable Azure Backup and target VM(s), as well as the desired frequency and retention periods. 在 Azure 密钥保管库中备份客户托管的密钥。Backup customer managed keys within Azure Key Vault.
9.3:验证所有备份,包括客户管理的密钥9.3: Validate all backups including customer managed keys
Azure IDAzure ID | CIS IDCIS IDs | 责任方Responsibility |
---|---|---|
9.39.3 | 10.310.3 | 客户Customer |
确保能够定期在 Azure 备份中执行内容数据还原。Ensure ability to periodically perform data restoration of content within Azure Backup. 测试已备份客户托管密钥的还原。Test restoration of backed up customer managed keys.
9.4:确保保护备份和客户管理的密钥9.4: Ensure protection of backups and customer managed keys
Azure IDAzure ID | CIS IDCIS IDs | 责任方Responsibility |
---|---|---|
9.49.4 | 10.410.4 | 客户Customer |
对于本地备份,使用在备份到 Azure 时提供的密码提供静态加密。For on-premises backup, encryption-at-rest is provided using the passphrase you provide when backing up to Azure. 对于 Azure VM,使用存储服务加密 (SSE) 对数据进行静态加密。For Azure VMs, data is encrypted-at-rest using Storage Service Encryption (SSE). 使用 Azure 基于角色的访问控制来保护备份和客户管理的密钥。Use Azure role-based access control to protect backups and customer managed keys.
在密钥保管库中启用软删除和清除保护,以防止意外删除或恶意删除密钥。Enable Soft-Delete and purge protection in Key Vault to protect keys against accidental or malicious deletion. 如果将 Azure 存储用于存储备份,请启用软删除以在 blob 或 blob 快照被删除时保存和恢复数据。If Azure Storage is used to store backups, enable soft delete to save and recover your data when blobs or blob snapshots are deleted.
后续步骤Next steps
- 请参阅下一个安全控制:事件响应See the next Security Control: Incident Response