Accidental deletions of data are common and can affect business operations. This topic describes the preventive methods that you can use to prevent data loss related to accidental operations.
The following best practices follow general guidelines and are not a complete security solution. The best practices are provided only for reference and may not be suitable for your business scenarios. We recommend that you remain aware of data security threats and take the necessary preventative measures.
Enable versioning for a bucket
Object Storage Service (OSS) allows you to configure versioning for a bucket to protect objects that are stored in the bucket. When you overwrite or delete objects that are stored in a versioning-enabled bucket, OSS saves the objects as previous versions in the bucket. Versioning allows you to recover a previous version of an object to protect the object from being accidentally overwritten or deleted.
If versioning is enabled for a bucket, OSS specifies a unique ID for each version of an object stored in the bucket. For more information about how to enable versioning, see Overview.
Configure a retention policy for a bucket
The Write Once Read Many (WORM) feature of retention policies in OSS allows you to prevent users from modifying or deleting objects. If you do not want anyone, including resource owners, to modify or delete objects in a bucket within a specific period of time, you can configure a retention policy for the bucket. Before the specified retention period ends, you can only upload objects to or read objects from the bucket. You can modify or delete objects only after the retention period ends. For more information about how to configure a retention policy for a bucket, see Retention policies.
Enable CRR for a bucket
Cross-region replication (CRR) performs automatic and asynchronous (near real-time) replication of objects across buckets in different OSS regions. Operations such as creating and overwriting objects can be synchronized from a source bucket to a destination bucket.
CRR can help you meet compliance requirements for cross-region disaster recovery and data replication. When you configure a CRR rule, you can set the replication policy to Add/Change to prevent data losses caused by accidental deletions.
This way, if data is accidentally deleted from a source bucket, you can recover the deleted data by retrieving its copy from the destination bucket.
For more information about CRR, see CRR overview.
Configure scheduled backup for a bucket
OSS provides the scheduled backup feature that you can use to back up objects in a bucket to Cloud Backup on a regular basis. If an object is accidentally lost, you can recover the object from Cloud Backup.
After you configure a scheduled backup plan for a bucket, Cloud Backup backs up all objects in the bucket from a specific start time and retains the backups in the vault for a specific period of time based on the retention policy. For more information, see Scheduled backup.
After Cloud Backup performs a full backup, you can create an OSS restore job in the Cloud Backup console to restore an object accidentally deleted from the bucket to the version before the object was deleted. For more information about how to create an OSS restore job, see Restore OSS objects.