Jun 02, 2022

Air Gap Protection for Amazon EC2 and EBS – Introducing Clumio SecureVault Lite

Authors
Chadd Kenney
Air Gap Protection for Amazon EC2 and EBS – Introducing Clumio SecureVault Lite

Businesses running in the public cloud are in a tough spot when it comes to data protection.  They are faced with protecting their data to ensure business continuity and compliance, in addition to protecting their data from both internal and external cyber threats.  Warnings, regulations, and compliance are bearing down on everyone.

  • Cybersecurity and Infrastructure Security Agency (CISA) has advised enterprises to “Regularly back up data, air gap, and password-protect backup copies offline,” and “Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.”
  • The Federal Financial Institutions Examination Council (FFIEC) released Appendix J, which created a stringent compliance requirement to protect data in an air-gapped fashion: “a data backup architecture limits exposure to a cyber attack and allows for restoration of data to a point in time before the attack began.”
  • Cyber insurance companies are requiring enterprises to prove secondary copies of data exist outside their production access controls, before approving policies.

Options for Protecting Amazon EC2 and Amazon EBS

While various options exist for protecting Amazon EC2 and Amazon EBS, most of them are complex and quickly become expensive.  Let’s first take a look at the typical data protection options for Amazon EC2 and Amazon EBS and review the various costs for each solution.  For the breakdown of each configuration, we will use an example of 100TBs of application data with 1 year retention (30 daily and 12 monthly backups) with a 3% daily change rate, 20% monthly change rate, and a 20% annual growth rate.

Options for Protecting Amazon EC2/EBS

  • In Account Snapshot Protection Only:

    This is typically the first stage of the data protection evolution, where application data is protected inside the AWS account only.  This option is vulnerable to all attacks, but especially a ransomware attack, as the production data and backup snapshots can be accessed and deleted by an attacker.  The local snapshots at $0.05 per GB per month result in $264,192 per year.

  • Replicating Snapshots Across Accounts:

    This is typically the next stage of the data protection journey where all snapshots are stored both locally and remotely in an alternate account, which is away from the production data.  While this provides additional protection, it is still vulnerable, as the data is within the access controls of the enterprise.  It also drives the cost 2x higher as well at $528,384 per year.  WOW!

  • Centralized Backup Vaulting:

    Backup vaulting into a centralized account can be a more optimized option, and adding vault lock can provide some additional protection. But customers are looking for a comprehensive turnkey offering outside their access controls that is also very cost-effective, as vaulting to another account puts an additional cost and management time on top of the local snapshots resulting in $338,534 per year.

Introducing Clumio SecureVault Lite

Clumio has been leading the cloud data protection evolution providing customers air gap protection, outside the customer’s access controls, for Amazon EC2 and Amazon EBS since 2019.  Today we are excited to announce Clumio SecureVault Lite – the industry’s most cost-effective air gap ransomware service now delivers air gap protection at the same cost as local snapshots alone.

With SecureVault Lite, enterprises are no longer faced with the choice between ransomware protection and cost reduction.  Clumio’s continued innovation and integration with AWS native services has resulted in a 30% savings compared to SecureVault, allowing air gap protection at a similar cost as local in-account snapshots.  This makes achieving air gap ransomware protection more affordable, to ensure all data is securely protected, no matter what security challenges arise.  To prove this, let us compare air gap protection options using AWS snapshots vs. Clumio SecureVault Lite.

Amazon EBS Out of Account Protection vs. Clumio SecureVault Lite for Amazon EC2 and Amazon EBS

comparing it to Clumio SecureVault Lite for Amazon EC2 and Amazon EBS

Taking the same scenario as before and comparing it to Clumio SecureVault Lite for Amazon EC2 and Amazon EBS we see up to 53% cost savings.

Amazon EBS Local Snapshots vs. Clumio SecureVault Lite for Amazon EC2 and Amazon EBS

Comparing to local snapshots without out of account protection

Comparing to local snapshots without out of account protection, we see a 7% savings, enabling any enterprises to get air gap ransomware protection at no incremental cost compared to local snapshots alone.

Pricing comparison between clumio vs amazon ec2/ebs

Clumio SecureVault Lite for Amazon EC2 and Amazon EBS key benefits include:

  • 30% cost reduction:

    Clumio SecureVault Lite EC2 backups and EBS backups are affordably priced at $0.035 per GB per month, reducing the cost of protecting critical application data by up to 30% compared to SecureVault. This cost optimization enables air gap protection at similar cost as in account snapshots. SecureVault backups can be protected in our out-of-the-production region and recovered to any AWS account.

  • Ransomware and bad actor protection:

    Clumio SecureVault Lite backups are stored outside of the customer’s AWS account, completely separated from the production environment. Customer data is stored on immutable storage, and is encrypted both at-rest and in-flight, with the ability for customers to bring their own keys. In addition, Clumio provides multi-factor authentication (MFA) with Single Sign-On (SSO) integration, access controls for assets and roles, and no delete button.

  • Compliance made easy:

    Simple and intuitive reports in Clumio Protect and Clumio Discover ensure compliance requirements are met. Additionally, the platform and underlying controls are compliant with HIPAA, PCI DSS, ISO 27001, and AICPA SOC.

  • Rapid recovery:

    Clumio SecureVault is optimized for both backup and recovery. It leverages deep integrations with AWS native services for infinite scale and provides a simple calendar view to find all recovery points. Clumio SecureVault Lite enables enterprises rapid recovery of Amazon EC2 instances or Amazon EBS volumes to any AWS account.

Try It Free

More information about Clumio SecureVault Lite pricing for Amazon EC2 and Amazon EBS is available at https://clumio.com/pricing. Clumio Protect is available for the protection of Amazon Elastic Block Store (Amazon EBS), Amazon Elastic Compute Cloud (Amazon EC2), Amazon Relational Database Service (Amazon RDS), Amazon Simple Storage Service (Amazon S3), Microsoft 365, and VMware Cloud on AWS with a 30-day free trial in AWS Marketplace. Clumio SecureVault Lite will be generally available in early August.  Stay tuned for more and more innovation from Clumio!

Until next time, stay SaaSy my friend! NO SLEEP TILL BROOKLYN!

 

Save 30% on Your Existing EC2 Protection Guaranteed