AWS Data Protection: Expectations vs Reality

Don’t believe the myth – just because your data’s in the cloud it doesn’t mean it’s 100% safe. While AWS may offer security at a level most companies wouldn’t be able to afford, there are still very real risks that you need to understand for efficient AWS data protection:

1. People are your weakest link

Human error is far and away the most common threat to your data. For example, it’s rather easy to accidentally terminate an instance. While you can set a protection in AWS that warns you when you’re about to delete an instance, if you manage thousands of instances things can get missed and instances terminated by mistake. If this does happen, then you must be able to recover.

2. On-premises threats still exist in the cloud

Even though your data is in the cloud, it’s still subject to the same threats as in the on-premises world. While AWS takes every reasonable step to put protections in place, cloud servers are still vulnerable to attack from ransomware and malware. Not to mention the threat from natural disasters, such as floods, earthquakes or fires.

3. Downtime does happen

While AWS claims it makes “commercially reasonable efforts” to guarantee at least 99.99% uptime, outages do happen. In the past year we have seen entire AWS regions being down for around five hours. If your whole production environment is running all instances in this region, you’re left praying for it to come back online.

4. Even your cloud account can be compromised

As with any type of online accounts – even with different levels of protection in place – you are still vulnerable to compromise; passwords can be stolen, and individual admins can be targeted by sophisticated social engineering. The truth is that companies can go out of business if their AWS account is compromised. Even Amazon itself recommends the use of multiple accounts to ensure you have your resources in multiple places in case of compromise.

Under the AWS shared responsibility model, it’s your responsibility to understand the threats to your data and ensure you have the right defenses in place to fully protect it. This means that backup in cloud is totally essential.

AWS Data Protection: EBS on its own is not enough

While AWS offers a native backup solution in EBS (elastic block storage) snapshots – which enable you to take a picture of your virtual drives (or volumes) at any given time – this is not enough on its own. EBS snapshots can provide a decent level of defense, however they are a basic tool and managing them through your AWS environment is a cumbersome process.

Other areas where EBS snapshots come up short include, not being application-consistent so applications cannot be backed up while they are running, not providing Disaster Recovery (DR) capabilities, not offering monitoring and reporting, and only backing up volumes, not complete servers and applications.

The advent of Data Lifecycle Manager (DLM) adds greater functionality to the native AWS solution – such as offering the automated execution of snapshots – but there are still limitations. If you no longer need any snapshots, you have to manually delete them, and policy options for taking snapshots is limited to either every 12 or 24 hours. This is not practical if you’re managing large amounts of instances and need to schedule regular snapshots, which means a third-party solution is critical.

N2WS Backup & Recovery offers users the ability to enhance the native capabilities of AWS to create an enterprise-level cloud protection solution. One that delivers proper viable backup and disaster recovery, as well as file-level recovery and powerful policy setting for scheduling and retention – none of which is available directly within AWS.

N2WS Backup & Recovery also ensures business continuity with fast recovery times (less than 30 seconds) and provides backup for complete servers and applications and supports MySQL, MongoDB, Oracle, PostgreSQL, SQL Server, Exchange, Active Directory and SharePoint.

Securing your compliance

Even with these immediately obvious benefits, some customers may believe they have so few instances they don’t need to worry as they can easily handle the manual management of snapshots. However, the reality is that if they were at any time audited and asked to provide proof of how their instances are protected, they are going to struggle without full audit trail reporting – something not included natively within AWS.

Just creating snapshots is not proof of backup. You don’t know who’s doing what or who’s creating those snapshots, you can’t provide a backup schedule or show proof of where the data is stored. So, if you’re dealing with European Union customer data you are not automatically GDPR compliant.

N2WS Backup & Recovery’s built-in reporting, monitoring and management means you know at all times who is doing what with your data and when backups are being run, and can clearly show that on request.

Managing across regions with ease

AWS recommends the use of multiple regions and accounts, for “isolation of blast radius” – i.e., limiting the spread/effect of a breach. This means having copies of your resources in different regions and accounts. While an important way to add another layer to your defense, managing this natively within AWS is complex and time-consuming. N2WS allows you to work across multiple accounts and regions via a single pane of glass, so you can easily backup or restore to and from whatever account or region you want at any time.

Save costs by backing up to S3

At $0.05 per gigabyte of stored data per month, EBS snapshots may seem inexpensive, however if you have hundreds (or even thousands) of instances and a long backup retention policy the costs quickly start to mount. In this case N2WS offers a powerful way to control costs by backing up to S3, which is a third of the cost per gigabyte.

AWS Data Protection

You still create a snapshot, but N2WS Backup & Recovery enables you to copy this to S3 for archiving. N2WS Backup & Recovery keeps backups in the Veeam VBR repository format – the data is stored as block-level incremental backups. This allows you to have a short retention period on your snapshots, while maintaining S3 copies for far longer – for months or even years, as required. This costs you far less than keeping monthly backups as a snapshot.

If your business is in the cloud it needs to be employing extra measures to ensure its data is fully protected. N2WS Backup & Recovery helps you leverage the power of the cloud and realize its full potential for your business – safely. Ensuring compliance, boosting efficiency, reducing costs and reducing risk along the way.

Looking for an AWS Data Protection solution? Try N2WS Backup & Recovery (CPM) for FREE!

Read also

 

Share this post →

You might also like: