Search
Close this search box.

Using AWS Services for Cyber-Resiliency

Evaluator Group Take on AWS Storage Day Data Protection Announcements

AWS and the Shared Responsibility Model

AWS Storage Day 2022 highlighted data protection, and in particular the differences and simultaneous need for both application and data resiliency. This topic is important for two key reasons. The first reason is because ransomware has elevated cyber-resiliency to a board-level concern. The second reason is because, in the cloud, the line separating what the cloud provider is responsible for and what the customer is for, in terms of availability and protection of applications and their data, is blurry. Simply put, cloud providers are responsible for maintaining the uptime of cloud services, including infrastructure-as-a-service (IaaS), but customers are still responsible for the protection of their data and the security of their applications, just as they are on-premises. On more than one occasion, AWS emphasized – and ultimately went into detail, breaking down – this “shared responsibility model” between cloud providers and customers:

AWS Shared Responsibility Model

aws shared responsibility model
Source: AWS.Amazon.com

AWS not only detailed where ownership and responsibility lies, it also detailed what it is doing to uphold its end, and what tools it is providing to help customers uphold their end. In addition to providing customers with in-depth discussion of key checklist items for both application and data resiliency per the AWS Well-Architected Framework. Given today’s cyber-resiliency concerns, the prominent and commonly accepted National Institute of Standards and Technology (NIST) Cybersecurity Framework for identifying, protecting against, detecting, responding to and recovering from a cyber-attack, was often used to frame discussion.

Elastic Block Storage (EBS) Snapshot Capabilities

In addition to walking through “checkbox,” table stakes data protection capabilities that exist in AWS storage services, including S3 Object Lock for immutability and data encryption, AWS provided a deep dive into enhanced snapshot capabilities for its Elastic Block Storage (EBS) cloud storage service. AWS has added the ability to create crash consistent snapshots for subsets of EBS volumes that are tied to a single Amazon Elastic Compute Cloud (EC2) instance. Previously, users could create a snapshot of a single volume or of all volumes tied to the EC2 instance, but not a subset of multiple volumes. The multi-volume snapshots can be created through an API call, through the EC2 console, or through AWS Data Lifecycle Manager policies.

AWS Backup and Elastic Disaster Recovery

Complementing storage-level features, AWS also offers data protection services including AWS Backup and AWS Elastic Disaster Recovery (DR). AWS highlighted how these core backup and recovery services can be used in conjunction with services such as AWS Backup Audit Manager and AWS Fault Injection Simulator, to validate recoverability (for example, through DR testing). This is a very important conversation, because IT teams are pressured to validate and demonstrate that application and data resiliency can withstand ransomware and other malicious attacks.

Evaluator Group Comments

In-line with the NIST framework, Evaluator Group sees the role of data protection evolving beyond strictly backing up and recovering data – extending to preventing and detecting attacks. During its Storage Day, AWS walked through its GuardDuty threat detection, Security Hub security posture management, and Detective security analytics services can help customers to uncover attacks. For customers seeking additional support in boosting their cyber-resiliency, AWS also offers managed services, for instance for system patching, which is one of the top ways that attackers gain entry into their victims’ IT environments.

AWS Storage Day 2022 underscored the ongoing confusion in the industry regarding ownership over data protection. The content was valuable for IT professionals and cloud architects looking for perspective on the resiliency features that AWS is building into its services, as well as the services that AWS is providing to help them mitigate data loss and repercussions from cyber-attacks. This includes reference material in terms of how AWS recommends architecting networking, the cloud implementation, and data protection policies for security. AWS has added new badges for Data Protection/DR and for Data Migration to further support user training. Although still limited in its scope (most enterprises need to protect and have resiliency for a variety of resources, beyond AWS services), AWS is adapting to and working to help customers navigate data protection requirements that are evolving and becoming more critical in tandem with the imminence and impact of cyber-attacks such as ransomware.

Evaluator Group offers free and premium research on public cloud storage solutions as well as data protection software and systems. To learn more about AWS Backup-as-a-Service, download the free “Enterprise BUaaS Product and Vendor Landscape” Technical Insight report.

Author Information

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.

SHARE:

Latest Insights:

Tackling Mainframe Skills: Upskilling, Reskilling, and External Expertise Solutions for Modernization
Steven Dickens, Chief Technology Advisor at The Futurum Group, shares insights on how Mainframe modernization is accelerating with AI and hybrid IT, but skills gaps remain, with the majority of organizations relying on external providers.
Dion Hinchcliffe, VP of CIO Practice at The Futurum Group, shares insights into NVIDIA’s Q2 2024 earnings, challenges with its Blackwell chip, rising cloud costs, and the evolving AI skills gap.
NVIDIA, VMware, Salesforce, Dell, Pure Storage, and HP Inc. spotlight AI growth and cloud innovation. In episode 230 of the Six Five webcast, Patrick Moorhead, Daniel Newman, and guest Dan Ives discuss their innovations and market challenges.
Max Peterson, Vice President of Sovereign Cloud at AWS, joins Daniel Newman to share his insights on the burgeoning field of digital sovereignty, underlining its significance for businesses and governments alike.