Using AWS Services for Cyber-Resiliency

Evaluator Group Take on AWS Storage Day Data Protection Announcements

AWS and the Shared Responsibility Model

AWS Storage Day 2022 highlighted data protection, and in particular the differences and simultaneous need for both application and data resiliency. This topic is important for two key reasons. The first reason is because ransomware has elevated cyber-resiliency to a board-level concern. The second reason is because, in the cloud, the line separating what the cloud provider is responsible for and what the customer is for, in terms of availability and protection of applications and their data, is blurry. Simply put, cloud providers are responsible for maintaining the uptime of cloud services, including infrastructure-as-a-service (IaaS), but customers are still responsible for the protection of their data and the security of their applications, just as they are on-premises. On more than one occasion, AWS emphasized – and ultimately went into detail, breaking down – this “shared responsibility model” between cloud providers and customers:

AWS Shared Responsibility Model

aws shared responsibility model
Source: AWS.Amazon.com

AWS not only detailed where ownership and responsibility lies, it also detailed what it is doing to uphold its end, and what tools it is providing to help customers uphold their end. In addition to providing customers with in-depth discussion of key checklist items for both application and data resiliency per the AWS Well-Architected Framework. Given today’s cyber-resiliency concerns, the prominent and commonly accepted National Institute of Standards and Technology (NIST) Cybersecurity Framework for identifying, protecting against, detecting, responding to and recovering from a cyber-attack, was often used to frame discussion.

Elastic Block Storage (EBS) Snapshot Capabilities

In addition to walking through “checkbox,” table stakes data protection capabilities that exist in AWS storage services, including S3 Object Lock for immutability and data encryption, AWS provided a deep dive into enhanced snapshot capabilities for its Elastic Block Storage (EBS) cloud storage service. AWS has added the ability to create crash consistent snapshots for subsets of EBS volumes that are tied to a single Amazon Elastic Compute Cloud (EC2) instance. Previously, users could create a snapshot of a single volume or of all volumes tied to the EC2 instance, but not a subset of multiple volumes. The multi-volume snapshots can be created through an API call, through the EC2 console, or through AWS Data Lifecycle Manager policies.

AWS Backup and Elastic Disaster Recovery

Complementing storage-level features, AWS also offers data protection services including AWS Backup and AWS Elastic Disaster Recovery (DR). AWS highlighted how these core backup and recovery services can be used in conjunction with services such as AWS Backup Audit Manager and AWS Fault Injection Simulator, to validate recoverability (for example, through DR testing). This is a very important conversation, because IT teams are pressured to validate and demonstrate that application and data resiliency can withstand ransomware and other malicious attacks.

Evaluator Group Comments

In-line with the NIST framework, Evaluator Group sees the role of data protection evolving beyond strictly backing up and recovering data – extending to preventing and detecting attacks. During its Storage Day, AWS walked through its GuardDuty threat detection, Security Hub security posture management, and Detective security analytics services can help customers to uncover attacks. For customers seeking additional support in boosting their cyber-resiliency, AWS also offers managed services, for instance for system patching, which is one of the top ways that attackers gain entry into their victims’ IT environments.

AWS Storage Day 2022 underscored the ongoing confusion in the industry regarding ownership over data protection. The content was valuable for IT professionals and cloud architects looking for perspective on the resiliency features that AWS is building into its services, as well as the services that AWS is providing to help them mitigate data loss and repercussions from cyber-attacks. This includes reference material in terms of how AWS recommends architecting networking, the cloud implementation, and data protection policies for security. AWS has added new badges for Data Protection/DR and for Data Migration to further support user training. Although still limited in its scope (most enterprises need to protect and have resiliency for a variety of resources, beyond AWS services), AWS is adapting to and working to help customers navigate data protection requirements that are evolving and becoming more critical in tandem with the imminence and impact of cyber-attacks such as ransomware.

Evaluator Group offers free and premium research on public cloud storage solutions as well as data protection software and systems. To learn more about AWS Backup-as-a-Service, download the free “Enterprise BUaaS Product and Vendor Landscape” Technical Insight report.

Author Information

Krista Case

Krista Case brings over 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Related Insights
Databricks AI’s GPU Reliability Push Exposes Hidden Risks for Large-Scale Training
July 3, 2026

Databricks AI’s GPU Reliability Push Exposes Hidden Risks for Large-Scale Training

Databricks AI reveals critical GPU reliability challenges in distributed training environments. Silent slowdowns and numerical corruption pose greater risks than visible failures, threatening model quality and compute efficiency at enterprise...
Domino Data Lab From MLOps Platform to Governed AI Application Factory
July 2, 2026

Domino Data Lab: From MLOps Platform to Governed AI Application Factory

Nick Patience, VP and Practice Lead, AI Platforms at Futurum, examines Domino Data Lab's pivot to governed AI application delivery, its agentic AI governance framework, and what the strategy means...
Lakebase and LTAP Challenge Database Orthodoxy, Are Monoliths Finally Obsolete?
July 2, 2026

Lakebase and LTAP Challenge Database Orthodoxy, Are Monoliths Finally Obsolete?

Databricks revolutionizes analytical platforms through Lakebase and LTAP, unifying transactional and analytical workloads. Research shows 73.6% of organizations are increasing spend, signaling a major shift from legacy databases....
Shopify’s PyTorch Foundation Move Signals a Power Shift in Open Source AI for Commerce
July 2, 2026

Shopify’s PyTorch Foundation Move Signals a Power Shift in Open Source AI for Commerce

Shopify's Platinum membership in the PyTorch Foundation signals a shift toward community-governed AI frameworks, avoiding vendor lock-in as enterprises increasingly deploy generative AI in production....
Can Miles Make Large-Scale LLM RL Post-Training Practical for the Enterprise?
July 1, 2026

Can Miles Make Large-Scale LLM RL Post-Training Practical for the Enterprise?

RadixArk's Miles framework tackles the enterprise AI adoption barrier by composing open-source tools into a unified stack for large-scale LLM reinforcement learning post-training, significantly reducing computational costs and engineering complexity....
Can Databricks Make Video Data Truly Searchable, or Will Scale Break the Model?
June 28, 2026

Can Databricks Make Video Data Truly Searchable, or Will Scale Break the Model?

Databricks unveils a new architecture for video analytics that integrates vision language models and serverless GPU compute, enabling enterprises to search, summarize, and automate insights from massive video datasets....

Book a Demo

Welcome

The vision behind everything in Futurum’s Custom Research practice is this: research should show you what is happening, what comes next, and what to do about it. It should be personal to each audience, easy for people to grasp, and structured so LLMs can reason over it accurately. And it should be fast and turnkey; you want answers now, not another project to carry for quarters.

Whether you are defining business, channel, or go-to-market strategy; evaluating vendors or justifying ROI; or commissioning research to fill an emerging market need, we have your back, with a program that answers your questions with the objectivity and credibility to drive real decisions.

To do it, we bring unmatched data to bear: Futurum research, surveys, and market projections; validated market feeds; ETR’s 15 years of insight from 10,000 technology decision-makers; G2’s buyer and user data; and what our analysts hear every day. Add leading primary collection, from AI-moderated voice interviews to surveys and analyst-led interviews, all turnkey, and every project comes out credible, nuanced, and actionable.

And we don’t just drop the results in your lap. For internal work, we provide analyst-led sessions, interactive dashboards, and a range of formats. For market-facing work, Futurum delivers turnkey activation and amplification that actually gets seen, by people and by LLMs, through our media and share of voice. This is research that moves decisions and markets.

We will meet you wherever you are, from a fast-turn brief to a multi-year program, and shape the work to your goals, timeline, and budget. The right program for your moment.

If any of this is useful, I would love to talk.

Benjamin Brown, VP Custom Research, Futurum Research

Benjamin Brown

VP, Custom Research · The Futurum Group

Newsletter Sign-up Form

Get important insights straight to your inbox, receive first looks at eBooks, exclusive event invitations, custom content, and more. We promise not to spam you or sell your name to anyone. You can always unsubscribe at any time.

All fields are required






Thank you, we received your request, a member of our team will be in contact with you.