Knogin
[Developers]

Backup & Disaster Recovery

A law enforcement agency's primary investigation server suffers a catastrophic storage failure at 3 AM on a Monday. Active cases, evidence records, and case notes are at risk. The administrator opens the Backup domain, s

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domains

Overview#

A law enforcement agency's primary investigation server suffers a catastrophic storage failure at 3 AM on a Monday. Active cases, evidence records, and case notes are at risk. The administrator opens the Backup domain, selects last night's verified full backup, and initiates a restore to a standby tenant environment. Within the hour, investigators are back online. No data is lost. The chain of custody is intact.

That recovery scenario is only possible if backups were running, verified, and accessible. The Backup domain automates all of it, scheduling, integrity checking, encrypted cloud storage, and point-in-time restoration, so that disaster recovery is a documented procedure rather than a crisis response.

Key Features#

  • Multiple Backup Types: Supports full, incremental, and differential backups to balance completeness, speed, and storage efficiency.
  • Automated Scheduling: Cron-based scheduling allows daily, weekly, monthly, or custom backup intervals with automatic execution.
  • Integrity Verification: Cryptographic checksum validation ensures backup files have not been corrupted or tampered with.
  • Encryption at Rest: All backups are encrypted by default to protect sensitive data in storage.
  • Cloud Storage Integration: Backups are securely uploaded to cloud object storage for offsite durability.
  • Point-in-Time Restoration: Restore data from any completed backup to recover from data loss or corruption.
  • Cross-Tenant Disaster Recovery: Supports restoring backups to a different tenant for disaster recovery scenarios.
  • Expired Backup Cleanup: Automated enforcement of retention policies removes backups past their retention period.
  • Backup Health Metrics: Aggregated statistics provide visibility into backup success rates, storage usage, and scheduling status.
  • Non-Blocking Operations: Backup and restore operations run asynchronously so they do not interrupt platform availability.

Use Cases#

Law enforcement agencies schedule nightly full backups with six-hourly incremental backups to maintain comprehensive data protection with minimal storage overhead, ensuring active case data is never more than a few hours from recovery.

Financial regulators configure retention policies aligned to their data preservation requirements, seven years in some jurisdictions, with automated cleanup ensuring storage costs remain proportionate as older records pass their retention window.

Intelligence organisations performing disaster recovery restores a verified backup to a separate isolated tenant, bringing operations back online without affecting the primary environment or creating cross-contamination between the recovery instance and live data.

Critical infrastructure operators verify backup integrity on a scheduled basis to confirm that stored backups can be reliably restored when needed, meeting operational resilience requirements mandated by sector regulators.

Integration#

The Backup domain integrates with the alert system for backup failure notifications, the audit logging system for tracking backup and restore operations, and the monitoring infrastructure for health dashboards and storage cost analytics.

Open Standards#

  • AES-256-GCM (NIST SP 800-38D / FIPS 197): All backup blobs are encrypted client-side using AES-256-GCM with a per-blob Data Encryption Key and a 96-bit nonce before leaving the platform, as specified by NIST SP 800-38D.
  • SHA-256 (FIPS 180-4): Cryptographic checksums of backup archives are computed using SHA-256 and stored alongside each backup record to enable integrity verification on demand or at scheduled intervals.
  • PKCS#11: When a Hardware Security Module is configured, the per-blob Data Encryption Key is wrapped and unwrapped via the standard PKCS#11 mechanism CKM_AES_KEY_WRAP, ensuring the KEK never leaves the HSM boundary.
  • S3-compatible Object Storage API: Backup files are stored in and retrieved from cloud object storage using the S3-compatible API, with provider-side SSE-AES256 applied as an additional layer over the client-side envelope encryption.
  • gzip (RFC 1952): Backup archives produced by pg_dump are compressed using gzip (maximum compression level) before upload, reducing storage consumption and transfer time.
  • ISO 8601: All timestamps in backup records, schedule configurations, and restore operations are serialised and exchanged in ISO 8601 format, ensuring unambiguous date and time interoperability.
  • POSIX Cron Expression Syntax: Backup schedules are defined using standard five-field cron expressions, validated at creation time, enabling flexible daily, weekly, monthly, or custom recurrence intervals.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.