Data Backup and Recovery

In the dynamic world of enterprise resource planning (ERP), data integrity and availability are paramount. At 10X ERP, we understand the critical importance of keeping your data secure and readily accessible. This article details our comprehensive data backup and recovery procedures designed to safeguard your business operations. Our backup strategy is built on our dedicated database architecture, where each client receives their own isolated PostgreSQL database. Learn more about our dedicated database approach.

Overview of Backup Processes

At 10X ERP, we employ a meticulously designed backup strategy that ensures the safety and availability of your data with precision and efficiency. Our process leverages advanced technology to provide up-to-the-second point-in-time backups, ensuring your business operations are supported by a reliable safety net. Each client's data is stored in their own dedicated database, providing complete isolation from other customers. This architecture ensures your backups are truly yours. Read about our dedicated database architecture.

Incremental Backup Strategy

  • Frequency: Every 30 minutes.
  • Purpose: Ensures timely data recovery and minimizes storage requirements.
  • Benefit: Keeps your data consistently up-to-date without overwhelming storage systems.

Daily Full Backups

  • Schedule: Conducted daily at midnight.
  • Outcome: Guarantees a complete snapshot of your data for comprehensive recovery options.
  • Advantage: Provides a solid foundation for data integrity and recovery capabilities.

Cloud Data Storage Solutions

  • Technology: Utilizes leading cloud data storage centers.
  • Storage Management: Employs dedicated storage buckets for enhanced security and scalability.
  • Highlight: Ensures secure, scalable, and efficient backup storage solutions.

Advanced Data Recovery Techniques

  • Capability: Point-in-time recovery (PITR) to the specific second.
  • Scenario Handling: Minimizes data loss even in critical scenarios.
  • Technique: Integration of Write Ahead Log (WAL) technology for comprehensive data recovery, including post-crash scenarios.

Backup Isolation and Ransomware Protection

A common concern with modern cyberattacks is ransomware that encrypts not only production data but also the backups. Our defense against this combines isolated backup storage, active data monitoring, and comprehensive audit trails.

Three Independent Backup Systems

Your data is protected by three separate backup systems, each with its own credentials and storage infrastructure:

  1. Encrypted database backups are stored in cloud object storage (S3-compatible) using AES-256-CBC encryption. This storage is completely separate from our application servers. An attacker who gains access to the application has no path to the backup storage.
  2. Encrypted file backups are stored in a second, independent storage system with its own access credentials and password protection.
  3. A third copy is maintained on a dedicated backup server via secure transfer, with its own access controls and authentication.

With on-premise servers, ransomware commonly encrypts the server and the backup drive because they sit on the same network (or are even connected to the same machine). Our architecture prevents this because backup storage credentials are not present on the application servers, and each backup system requires separate authentication to access.

Active Data Integrity Monitoring

Backup isolation protects the backup files themselves, but a more subtle attack could corrupt data through the application layer and let that corruption flow into backups over time. To catch this, we run automated data integrity checks that validate the consistency of your data on an ongoing basis:

  • 30+ automated checks covering accounting balances (General Ledger vs. subledgers), inventory reconciliation (system records vs. physical totals), accounts receivable, accounts payable, and dozens of other business rules.
  • Daily reconciliation compares GL balances against physical inventory and subledger totals, tracking match percentages over time. A sudden mismatch triggers investigation.
  • Email alerts notify our team of anomalies in critical areas like General Ledger transactions and inventory movements.

These checks are designed to catch data corruption quickly, whether caused by an attack, a software bug, or any other source, so we can restore from a known-good backup before the issue compounds.

Complete Audit Trail

Every change to every record in the system is tracked with a field-level audit trail, capturing old values, new values, the user who made the change, and when it happened. This makes it possible to pinpoint exactly when an issue started, identify what was changed and by whom, and restore to the precise point in time before the problem occurred.

Monitoring, Auto-Recovery, and Disaster Recovery

Our infrastructure is designed to detect and recover from failures automatically, minimizing downtime without waiting for manual intervention:

Continuous Monitoring

  • Health checks run continuously on every critical service. If a service becomes unresponsive, it is automatically restarted within minutes.
  • Infrastructure monitoring tracks server performance, resource usage, and availability around the clock.
  • Application error tracking alerts our team immediately to any software issues, including background job failures.
  • All critical services (web server, application server, database, cache) are configured with automatic restart policies, so transient failures resolve themselves without human intervention.

Geographic Distribution

Our servers are distributed across multiple geographic regions. A hardware issue or outage in one data center does not affect clients hosted in other regions.

Disaster Recovery

In the event of a major failure, our automated disaster recovery process can restore a complete database from backup with point-in-time precision down to the exact second. Because the process is automated and backups are stored in the cloud, recovery does not depend on shipping hardware, finding a technician, or rebuilding a physical server. This is a significant advantage over on-premise systems, where hardware failures can mean days of downtime.

Related Articles

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us