For our cybersecurity audit, we’re being asked how does Gitlab backup our data for the SaaS solution? I am assuming that the free tier and the paid tiers have the same backup policy, but if not, that would be interesting to know. Questions we’re looking to have answered:
- Frequency of backups
- Retention period
- Are offline copies stored
- Frequency of testing of backups
- Encryption of backups
- Recovery time objective
See here, this is what I found when googling
gitlab saas backup policy.
Backups of our production databases are taken every 24 hours with continuous incremental data (at 60 sec intervals), streamed into GCS. These backups are encrypted, and follow the lifecycle:
- Initial 14 days in Multi-regional storage class.
- After 14 days migrated to Nearline storage class.
- After 40 days migrated to Coldline storage class.
- After 120 days, backups are deleted.
- Snapshots of filesystems are taken every 4 hours; this is primarily git repository data but also includes other transient operational data