Sep 29, 2021

Introducing Clumio Protect for Amazon S3

Chadd Kenney
Introducing Clumio Protect for Amazon S3

The public cloud is constantly evolving, Amazon S3, for example, has evolved from cost effective storage where data was dumped and forgotten, to a persistent data store for some of their most critical applications. As AWS customers adopted microservice-based modern applications and analytics, developers and data scientists were driven to find a persistent data store, and S3’s scale and flexibility were a natural fit. This mixed bag of data paired with heightened cyber security incidents put the onus on AWS customers to figure out how to protect their most critical assets.

While there are a bunch of useful features in S3 such as Durability, Versioning, Replication, and Object Lock, the challenge many AWS customers realize is that these features are great for other use cases, but not for a backup. Let’s dig through each feature:

  • Durability: Durability provides data loss assurance from AWS, which is great for primary storage. But for backup, unfortunately even 99.999999999% durability saves 0% of files from a deletion in the event a hacker gets access.
  • S3 Object Versioning: Versioning keeps a version for every change you make to the object, but unfortunately hackers can delete all versions making it a suboptimal solution. Versioning is applied at the bucket level, so you are forced to protect everything in the bucket. This results in a high cost backup solution when data changes often.
  • S3 Replication: S3 Replication replicates objects from one side to the other, but is not a great backup solution, as a hacker can just delete both copies. Replication requires a 1-to-1 mapping between buckets which increases management by 2x and puts the onus on the enterprise to ensure new buckets are replicated. If you have small files, replicating to lower tiers comes with additional costs and inefficiencies.
  • S3 Object Lock: S3 Object Lock is awesome for WORM compliant use cases and legal hold for long-term compliance, but it is not a backup mechanism to manage at large scale across all your S3 objects for backup since it does not allow changes to files.

S3 Replication

All of these features are missing key capabilities including ransomware protection, compliance visibility, global search with fast recovery, and built-in efficiencies to drive down costs. To help with these challenges, we are excited to announce the newest innovation in the Clumio family with Clumio Protect for Amazon S3, the industry’s first backup as a service solution for S3.

Clumio Protect for Amazon S3

Clumio Protect for Amazon S3 provides the following benefits:

  • The Ultimate Ransomware And Bad Actor Protection: Air-gapped S3 backups are stored outside your AWS account in immutable storage with data-at-rest and in-flight encryption and the ability to bring your own keys.
  • Global Compliance and Visibility: A centralized view across buckets, accounts, and regions to make compliance audits a breeze.
  • Lowest RTO to Meet Any SLA: Reduce recovery time with global search for buckets, prefixes, and objects across any AWS accounts, reducing restore times from hours or days to minutes.
  • Simpler and More Cost-Effective than Build it Yourself: Clumio Protect provides up to 50% savings on AWS costs with built-in efficiencies to remove the need for versioning, reduce the overhead of small files, and enable data classification.

As with everything with Clumio, the deployment of the solution is simple with a single pane of glass experience. The deployment is infrastructure-less and agentless for all your AWS accounts via a Cloud Formation Template or Terraform. Now you can see all your S3 buckets across all your accounts. Next, we enable the creation of another new innovation called Clumio Protection Groups, which provides an abstraction layer to manage buckets and prefixes across all your AWS accounts.

Clumio Protection Groups for S3

Clumio Protection Groups for Amazon S3

Protection Groups provide a powerful way to classify data, ensuring data protection aligns to business requirements. Protection groups are leveraged across all functions of Clumio, so you can do global search, compliance reporting, and data management at a protection group level. Configuring these are simple and intuitive:

  1. Decide what buckets you would like included across all your AWS accounts.
  2. Determine what prefixes you would like included and which prefixes you would like excluded from those prefixes.
  3. Add the S3 storage classes you would like protected.
  4. Decide if you want to protect all versions of your objects or just the most recent versions.
  5. Apply a Global Protection Policy that determines the amount of point-in-time backups stored, the retention of those backups, and the backup window.

Protection Groups Point In Time Backups versus S3 Object Versioning

Protection Groups Point In Time Backups versus S3 Object Versioning

Comparing Protection Groups with S3 Object Versioning showcases the value of Clumio for S3. Clumio users can define what needs to be protected across one-to-many AWS accounts containing as many Buckets and/or Prefixes. S3 Object Versioning provides bucket-level granularity only, making data classification nearly impossible unless you design your buckets perfectly. The recovery experience is completely different as well. Protection groups make it easy with point-in-time backups daily, monthly, or annually with compliance reporting with versioning; you only get recovery points when the file changes, and the recovery granularity is only at an object level.

The Lowest RTO with Global Search and Calendar View

The Lowest RTO with Global Search and Calendar View

Restoring fast starts with finding the data you want to restore in an intuitive way, and nothing is better than a calendar view that allows you to see all your recovery points in one view. The options for recovery include buckets, prefixes, and objects via global search with filters or recovery of bulk items via browse and restore. You can restore to any S3 tier, prefix, bucket, and account.

Clumio Protect Small File Optimization

Clumio Protect Small File Optimization

Small files can be very challenging when it comes to replication as well. Imagine you have 100 million 1KB objects in S3 Standard and you replicate to S3 Infrequent access for cost reduction. Since AWS meters at 128KB in S3 Infrequent Access, the storage cost is 100 million times 128KB making the storage costs $152.59 monthly. The one time put cost is 100 million times the put costs of S3 IA (1000 puts = $0.01) resulting in $1,000. Clumio bundles data into 4MB chunks, reducing the costs by 10X to Clumio users compared to replication.

Cloud Native vs Cloud Wannabes (aka “Cloud Cluster)

Clumio Protect for Amazon S3 is built from the cloud up, enabling near infinite scale to protect your data. You will not find a ton of EC2 instances in an Auto Scaling Group (ASG) within Clumio, like many of our friends in the industry. We built Clumio with true cloud scale architecture — independent scaling of compute and storage. Clumio leverages native APIs to access S3 inventory, data moving, and processing of data with an army of Lambda functions that spin up parallel compute to support any function in the platform.

Imagine how many cloud cluster nodes you would have to deploy to land 10 PB of S3 data. Many vendors typically recommend m5.4xlarge EC2 instances with 24 – 96 TB total across a minimum of 4 nodes. With the most dense nodes you need 106 bricks with 4 nodes per or 426 EC2 instances to manage!! The cost would be astronomical and you must run all of these in your account, all the time. While the number of nodes might be off by a few, at the end of the day it is a ton of nodes of compute and storage that you don’t need to manage or run with a cloud native platform, built for independent compute and capacity scale.

The Ultimate Ransomware Protection

Clumio Protect provides the ultimate ransomware protection with data backed up outside of your AWS account. S3 Versioning and Replication have the challenge of a hacker accessing or deleting the buckets it is protecting. Air gapping the data with Clumio Protect provides a No-Risk solution due to all the security and compliance mechanisms you don’t have to implement yourself.

Ultimate Security for Amazon S3

All data stored in Clumio Protect is immutable with data-at-rest and in-flight encryption. No data is persistent anywhere along the backup process in an unencrypted fashion. If you are looking for an additional layer of security, we provide the ability to bring your own key, paired with our key, giving you visibility of when data is processed in our system. Clumio provides multi-factor authentication with SSO integration, access controls for assets and roles, and no delete button so there is no vulnerability for hackers to get access or delete customers’ data. All of this together, provides the most secure way to store your data in AWS, so you always have a way to recover.

Early Access for Clumio Protect for S3

We are excited to open the Early Access Program for Clumio Protect for Amazon S3. Clumio Protect for Amazon S3 is expected to be available for early access by late October and generally available by December 2021. Qualified early access companies may be eligible to receive an iPad 10.2 upon completion of the early access program (subject to Terms and Conditions). Clumio is currently accepting early access applications at Clumio Protect is already available for protection of Amazon EBS, EC2, RDS, Microsoft 365, and VMware Cloud on AWS with a 30-day free trial on AWS Marketplace.

Stay tuned for a series of blog posts that dives deep into each of the topics above, providing insights into all of the innovations built in Clumio Protect for Amazon S3.

Until next time, stay SaaSy my friend! NO SLEEP TILL BROOKLYN!