What Happened to Code Spaces?
An unauthorized intruder gained access to Code Spaces’ Amazon Web Services (AWS) control panel and attempted to extort a large sum of money from the company in exchange for relinquishing access/control back to Code Spaces. However, by the time Code Spaces finally managed to regain access to their AWS account, the damage had already been done.
Over a 12-hour period, most of Code Spaces’ data and backups, including the offsite backups, were partially or completely deleted. After that incident, we received recurring requests from our customers to allow backup and recovery across multiple AWS accounts using N2WS Backup & Recovery in order to prevent attacks that lead to snapshot and data deletion.
Put simply, if data and snapshots are stored in an additional account, guarded separately from the original account, backup data is safe from security holes and attacks. As we saw our current and prospective customers’ inputs as best-practice for backups, we immediately implemented this input and included cross-AWS-account backup and restore capabilities, allowing automatic copy and recovery of snapshots between AWS accounts.
Using Backup and Recovery Tools to Prevent Disaster
N2WS provides you with a fully-featured backup and disaster recovery solution within Amazon EC2. Using N2WS’s policy-based backup solution, you can specify a policy where snapshots are automatically copied to other AWS accounts or AWS regions. Y
ou also have the option to determine whether the snapshots should be kept or deleted in the original account once they are copied to the DR account. You may prefer to keep the same snapshot in multiple accounts as an additional security measure, or choose not to do so in order to reduce storage costs.
N2WS automatically deletes older EBS snapshots according to the retention windows and policies you configure. However, they can be configured to be tagged by N2WS as “Ready for Deletion” instead of actually deleting them. This can allow you to use N2WS with “safer” IAM credentials for the vault account (without delete snapshot permissions).
So, even if N2WS is compromised (very unlikely), the vault account credentials can’t be used to delete the snapshots. Only the owner of the DR account can execute the deletion manually or with a script (using a different IAM user than the one N2WS uses).
NOTE: the owner of the DR account has different credentials than those of the original account, thereby ensuring that your data remains protected.
N2WS also allows you to recover snapshots to an account that is different than the one in which the snapshots are stored. In a data-loss scenario, this capability enables you to recover your instances and volumes back into their original account, while the snapshots are stored elsewhere.
This way, only snapshots are stored in your DR account, while N2WS recovers your instances back to the original account, or to a third account, with a single click. To further preserve your data’s security before performing recovery, N2WS only permits snapshot recovery into accounts that have already been registered in N2WS.
Looking at a Real-World Enterprise Configuration
A production account of a large enterprise in Amazon EC2 is typically accessible and used by many of its employees. Such an AWS account may be vulnerable to actions of potentially disgruntled employees or unauthorized access by hackers.
While there are various access control options provided by AWS and others, one way to greatly improve the resiliency to data loss is by using N2WS and setting an additional AWS account acting as a backup vault. This account has separate credentials known only to a trusted person within the organization, making it inaccessible to the users of the production account.
By setting a cross-account backup policy in N2WS, all backup data from the production account is automatically stored in the vault. In case the production data is lost or compromised, the backup data can instantly be copied back and restored to the original account or other pre-defined accounts.
The separate “vault” account for backups allows organizations to provide an open work environment to their developers without compromising continuous backup and DR data security. One of our key customers is a large media organization with multiple AWS accounts.
A primary account is used for the production environment while another one was created to store the snapshots for backup and DR purposes. The DR account contains snapshots of hundreds of EC2 instances with tens of terabytes of EBS storage. The customer defined a policy in N2WS that once the snapshots are copied into the DR account, they are automatically deleted from the primary account to avoid double payment for the backup data. In cases of outages or degradation in production, the customer can use N2WS to automatically recover its instances back into its primary production account.
Can You Trust N2WS?
In 2013, we released our backup and recovery product, N2WS, which is currently the most popular enterprise storage solution sold on AWS’ Marketplace. Today, hundreds of thousands of production application and database servers for thousands of customers are running on AWS cloud and are backed up with N2WS.
N2WS is safe, reliable, and secure. It has a wide user base, ranging from SMBs to large enterprises, government agencies and universities all over the world. The N2WS solution has been qualified by many organizations and it is trusted to maintain a reliable backup. As data security is key to product integrity, N2WS is a highly-secured solution: All AWS secret keys stored in N2WS are encrypted and the N2WS server is only accessible via HTTPS and SSH.
Secret keys are never displayed in N2WS‘s UI and are always encrypted in N2WS‘s databases. Contrary to third-party SaaS solutions, the N2WS instance is launched within the customer’s own EC2 environment and under the customer’s own security policies, so all data and credentials are never exposed outside of the customer infrastructure. To strengthen security further, we also suggest adding an AWS security group around the N2WS instance so that no one outside of your organization’s network can gain access to it. With N2WS Backup & Recovery, you can rest assured that your data remains secured and protected.
Getting Started with N2WS
You can try out N2WS Backup & Recovery with the 30-day free trial available on the AWS Marketplace. After launching your own trial instance, you can try out the backup features provided by N2WS in your own environment, including cross-account backup and recovery, and determine which N2WS version best suits your needs.