In my company, we have business critical applications with 0-hour RTO (Recovery Time Objective) and RPO (Recovery Point Objective) requirement. Usual strategy to ensure the RPO objective is to have regular backups (let’s say daily incremental, weekly full) and ensure the database is mirrored in real time into two geographically separate datacenters. This a good setup in case one of the datacenters goes BOOM. Application service is redirected to the other one and no data is lost.
But let’s say that a business application is compromised and starts deleting data from the database. The deletions are then mirrored to the other datacenter and restore is only possible from the last full/incremental backup image.
What is a good strategy to prevent this scenario and ensure that the 0 hour RPO requirement is met?