The Blue Is You: AWS Shared Responsibility Model and the Need for Backup

The Blue is You!

You must regularly backup your AWS data and workloads – here’s why.

You must regularly backup your AWS data and workloads - here is why.So, you’re planning to (or have already) switched to Amazon Web Services (AWS) cloud computing from the more “traditional” on-site infrastructure model for its many advantages including convenience, scalability, costs, and security.  Or maybe you’re an enterprise who was ‘born in the cloud’ and have been enjoying the robustness and scalability that the Amazon Cloud offers.

Unfortunately, many companies don’t realize that they need additional backup and disaster recovery. They assume that Amazon’s services, like S3, are durable, redundant and, thus, mitigate any risk of downtime from a failure, error, outage or security attack. However, we’re here to explain that this is extremely risky thinking and, in fact, is downright false.

Data backup and security of your cloud environment is essential and is on YOU, not AWS. The AWS shared responsibility model details “security OF the cloud” versus “security IN the cloud”.

But what is this all about?

While the “cloud” itself is secured by AWS, everything within that cloud is your responsibility.

“Security and compliance is a shared responsibility between AWS and the customer.”

While cloud computing and AWS are changing the way enterprises manage and store data and are relieving the operational burden associated with maintaining physical data centers and infrastructure, YOU are STILL responsible for deploying, configuring, and maintaining the security of everything within your cloud.

The AWS shared responsibility model video further explains that Amazon is responsible for its various services and infrastructure that offer features that will secure workloads and other assets.

AWS services operate, manage, and control the physical security of the facilities in which services are operating. This allows AWS customers to shed their infrastructure headache. AWS customers no longer have to think about backup power generators or the temperature in a server room. AWS customers can instead focus on managing their core business and leave the management of data center facilities to the pros at AWS.

AWS customers, in turn, must take responsibility on their end by choosing which Amazon services to utilize in order to fully protect the availability and integrity of their cloud data. They must also be sure to meet their specific organizational requirements (RTO and RPO for example) for protecting that data. For example, they may be diligent in the implementation of patches and updates but NOT configure security groups, IAM or cross-region disaster recovery and this is where massive holes in backup and security can occur.

If an AWS customer accidentally terminates a workload without having a backup copy, AWS assumes no responsibility. You, as the customer should not assume AWS created backup copies of all their workloads. The shared responsibility model clearly states that the customer data in AWS along with the platform, operating system, and security settings are all customer responsibilities. This includes ensuring that your AWS environment is secure and protected. “Secure and protected” obviously includes the need to backup your data!

In addition to human error, we have seen major hardware outages in the case of large enterprises like Netflix and Salesforce in which downtime could have easily been prevented with an additional backup solution. We have also seen security threats from malicious attacks completely thwarted with the right backup in place.

The AWS portion of responsibility includes the security of the cloud. The customer is responsible for the security of the data in the cloud. AWS provides durable infrastructure with extremely low failure rates. AWS also provides tools needed to protect that data in the event of failure.

These tools include:

  • EBS snapshots (Block-level incremental backups)
  • Regions
  • Availability Zones
  • APIs
  • CLIs
  • Automation via Lambda Scripts

The AWS Shared Responsibility Model chart

As an AWS customer, you can ensure resilience by creating Snapshot backups of EBS volumes. The Snapshots are stored in an S3-like format and are highly available. This means that the workload you accidentally terminated can be recovered VERY quickly (30-seconds-or–less quickly). Making sure Snapshot backups are happening on a regular basis is in the blue section of the shared responsibility model, and the blue is you!

You can automate Snapshot backups using Lambda scripts and the AWS CLI and APIs. OR you can choose to shed your backup headache (without resorting to custom scripts) by selecting N2WS from the AWS marketplace. We protect AWS data and workloads from outages, failures, and accidents by leveraging the native tools AWS provides for backup, including Snapshots and the AWS APIs. By choosing N2WS, you arm yourself with the top-selected backup and DR solution for AWS. You can now recover from outages, failures, and accidents in 30 seconds and you don’t have to remember to create backups. We also add a lot of other necessary features, including reports, audits, dashboards, and alerts.

So, given that you’re a responsible person, you want to choose the BEST protection solution for your AWS infrastructure. Whatever you choose for backup and DR, don’t choose to ignore your responsibilities. Remember… the blue section of the AWS responsibility model is the customer’s responsibility; the blue is you!

Want to know what other responsible world-leading organizations like Harvard, Yale, and NASA are using to secure their clouds?

Then try Cloud Protection Manager for free

Cloud Protection Manager (CPM) is a native cloud backup, recovery, and disaster recovery solution for Amazon EC2 instances, EBS volumes, RDS databases and Redshift Clusters. Our easy-to-use automation tool utilizes AWS EBS and RDS snapshots, directly connecting to users’ AWS infrastructure to perform automated backups. To learn more about CPM and how to give your team the ability to back up data as often as needed and recover it far more quickly, try our 30-day free trial. (No credit card needed, and it takes mere minutes to configure).

Share this post →

You might also like: