Backup and recovery for critical data in Amazon S3

Protect your S3 buckets from accidental deletions, overwrites, and ransomware attacks.

Protect what powers your business

Your S3 environment houses critical application data, sensitive business information, and data lakes for analytics and AI. Do you have it all protected?
Laptop screen shows pie chart with colored data, and 'Why S3 Backup for Enterprises' in white on blue background.

Why S3 backup for enterprises

S3 is the innovation engine for millions of customers. Developers, DevOps, and CloudOps use S3 to power their applications. The data that fuels this innovation needs to be protected.

A square image with 'Shared Responsibility' in white on blue. Graphics depict company-customer partnership to secure data with people, shield & lock.

Infrastructure resilience ≠ Data resilience

While the infrastructure of Amazon S3 is extremely durable and protects against drive failures, it is critical to recognize that infrastructure or service durability does not equate to data durability.

According to Amazon’s shared responsibility model, the validity, security, accessibility, and usability of data on S3 is the customers’ responsibility.

"A laptop computer displaying a pie chart with different colors representing data, and the words 'Why S3 Backup for Enterprises' written in white on a blue background.

What you need to protect your S3 data from

S3 data can be lost due not only to user errors such as accidental deletions, misconfigured buckets, erroneous data lifecycle policies, and software-based corruption, but also due to malicious behaviors such as insider threats and ransomware attacks.

Losing critical data from S3 can lead to operational disruptions and downtime, non-compliance with industry regulations, and loss of customer trust.

Where current S3 backup solutions fall short

AWS provides tools such as versioning, replication, and AWS Backup to create and manage copies of S3 data, but these alone do not provide comprehensive, end-to-end air gap data protection.

Lack of out-of-enterprise air gap with current solutions can leave your data vulnerable to malicious attackers.

Current S3 backup solutions have scalability limits and cannot protect beyond a few billion objects

Simple data lifecycle misconfigurations can expunge entire buckets

Sifting through many object versions to find the correct copy can slow down time-critical recoveries

Protection policies and versioning can be set only at the bucket level, increasing costs in buckets with high change rates, or where only certain objects need to be protected

Backing Up Amazon S3 for Dummies

Download this Dummies book for simple answers to the most complex challenges in data protection and recovery in S3.

Why Clumio Protect for Amazon S3

Clumio makes your Amazon S3 data undeletable. Its cloud-native architecture enables near-zero RTO and RPO even at exabyte-scale, and puts your data protection and compliance on autopilot.

S3 Solution Brief   Product Facts at a Glance

The most scalable data protection solution ever built

  • Large enterprise customers routinely run into scalability issues with backup tools when their S3 environment exceeds tens of petabytes. This happens due to backup tools being built on legacy, machine-bound constructs.
  • Clumio is built on a serverless functions orchestration engine, where decoupled, stateless cloud resources scale dynamically with demand, giving it practically infinite scale.
  • Clumio can protect tens of billions of objects per bucket, measuring exabytes.

Instant Protection and Recovery

  • Protect your data in minutes: During a backup workflow, Clumio microservices inventory data sources, orchestrate, read, reduce, encrypt, and transfer data in parallel streams. Indexing and verification is also auto-scaled, and ensures an industry-leading low RPO of 15 min.
  • Recover instantly: Clumio uses serverless functions for scale-out rehydration while running parallel I/O operations across restore blocks to get customers back to a fully operational state really fast. Clumio routinely clocks the fastest RTO for AWS workloads in the industry, and can get customers back up and running in minutes.
compliance logos 2023

Compliance on autopilot

  • Clumio’s dynamic data retention enables customers to apply policies to a range of protected objects, specific to the industry, workload, or operational requirement. Clumio automatically detects new resources and applies relevant policies, keeping ever-changing data compliant.
  • Clumio also generates compliance reports and alerts customers when objects are out of policy. Backing up data with Clumio provides instant compliance with HIPAA, ISO 27001, SOC 2 Type 2, and PCI DSS. Clumio has many customers in highly regulated industries such as healthcare, financial services, and government.

Transparent pricing, advanced cost visibility

“With Clumio we can selectively provide the right levels of protection for our Amazon S3 data via global policies and protection groups. Global search enables quick recovery of any bucket or object for compliance needs, and optimizations to reduce small object overhead deliver a low TCO.”
Senior Director, Engineering Enablement at Cox Automotive

What Makes Clumio Different

  • Simple, click-to-play SaaS

    Clumio is an agent-less SaaS solution, relieving the customer of any management, upgrades, and installation tasks of traditional data protection. Updates are rolled out without the need for any intervention allowing customers to backup a slew of data sources within minutes, without worrying about asset size or capacity constraints.

  • Intuitive protection groups

    When a customer has many buckets to manage in multiple accounts, it can get cumbersome to track their policies and prefixes across their buckets. This is common problem in large enterprise

    Clumio protection groups provide an abstraction layer to manage objects, buckets, and prefixes across all AWS accounts. Protection groups can be recovered to any account, any bucket, at any particular point in time, at any granularity.

  • Flexible, granular recovery

    Unlike other solutions that can help recover to only points at which files were changed, only at individual object or bucket levels, and only to a local account, Clumio, helps customers restore data to any point in time at the level of objects, buckets, prefixes, or protection groups. Clumio can also recover directly to any uncompromised account or region.

  • Simple calendar, with advanced filtering

    Clumio offers a calendar view that allows customers to see all their recovery points. Customers can also search to find and restore exactly the object, bucket, prefix, or protection group they need to recover.

  • Predictive support

    Clumio is unmatched in its customer satisfaction, with raving reviews of Clumio’s predictive support that identifies and resolves over 90% of potential service needs before customers are even aware of a problem. Backups should bring peace of mind, and Clumio does exactly that.

  • Advanced cost visibility

    Clumio meters for exactly the data that is protected, down to the byte. Clumio also provides insights into hidden data protection costs, intelligently estimates spend and proposes ways to reduce cloud bills, regardless of whether that data is being protected by Clumio.

The Big Book of S3 Data Protection

This in-depth guide outlines how to set up and automate data protection for S3 with Clumio to secure your data while simplifying operational management.


  • What is Amazon S3?

    Amazon S3 object storage service is part of the Amazon Web Services, or AWS, cloud service offering. AWS S3 is widely used cloud storage, holding large volumes of data for most businesses using the AWS platform.

  • What is the AWS Shared Responsibility Model?

    The AWS Shared Responsibility Model states that AWS is responsible for the security and reliability of their servers and infrastructure, whereas the user is responsible for the security and reliability of their data and applications, including access control. This means the user is responsible for ensuring they are able to restore data in case of an overwrite or deletion, whether from human error or security breach.

  • Why protect Amazon S3?

    S3’s scope, scale and low cost make it a great data storage solution for data lakes, data analytics, and other unstructured data that drive business value and results. Users of Amazon S3 need to understand that a lot of this data stored in S3 is important and therefore needs backup.

  • What is the difference between Backup and Disaster Recovery as it relates to S3?

    Disaster recovery for S3 is a strategy and process that entails restoring applications relying on S3 data in the event of a significant disruption like a regional outage, natural disaster, or other large-scale failure.
    DR strategies vary in line with companies’ needs and SLAs, but can include fully redundant systems for immediate failover, and often include backup as an element. S3 replication can be used as part of a DR strategy for infrastructure failures, but because a replica is a live or versioned copy of the primary data, it does not allow you to roll back to a usable state in case of a mass encryption event like ransomware or deletions, corruptions, or overwrites that have been neglected for more than 30 days.These situations need a point in time backup.

    Backup is a crucial element of a disaster recovery strategy. Backup is specific to data that resides in storage services, databases, and applications. Whereas failover copies are structured the same way as production data, backup copies are stored more efficiently and must be restored to the production environment to be used. This strategy typically delivers cost benefits, but recovery can come with some added latency.

  • Why is cross-region recovery important?

    AWS Regions are different geographical areas where data can be stored. Each region is further broken down into multiple Availability Zones, which help ensure the technology remains resilient.

    Having these multiple regions is a key benefit of cloud computing. There are many instances in which having the flexibility to recover data to a different region is important. When users backup a bucket, it is meant to be restored in case of a data loss or other disaster like a region being down. In that case, they would want to restore the backup to another region. Another reason to restore data cross-regionally is if the source data has moved. While restoring backups across regions can increase latency, it is an important tool in the backup toolkit.

  • How does Clumio help me backup the right S3 data?

    One of the more useful aspects of cloud computing is its scalability. An S3 bucket has no object limit—it can contain billions of objects—and not all of those objects are important enough to backup. Clumio gives users the visibility and tools to control exactly which data to backup. S3 data can be selected by options like bucket, prefix (think of a prefix as a folder, and an object as a file), tag, account, region, and storage tier (like Standard or Glacier).

  • How do I automate my Clumio backups?

    A helpful feature of Clumio’s cloud backup as a service offering is the user’s ability to automate backups. Developers employ automation because it saves time, removing the need to actively manage backup operations. Automating your backups makes scalability instant and effortless. Clumio’s native tools allow users to automate their backups right in the application. Optionally, developers can deploy Clumio as code using our Terraform provider.

  • How do I ensure the security of my backups?

    Clumio delivers a variety of features that ensure the security of backups. In addition to backups being air gapped and immutable, data is encrypted in flight and at rest. Users can implement role-based access control, creating permissions for certain types of data by role or individual user, as well as multi-factor authentication.

  • What is S3 Instant Access Restore?

    Restoring data, especially in large volumes, can take a long time. While architectural elements like the use of Lambda functions can reduce latency significantly, developers often would like an even faster solution to restore their applications to a functional state. Clumio Instant Access allows them to instantly mount buckets from Clumio in a read-only format. This gets the application back up and running right away while waiting for the full restore to the original source. Users see metadata for each object in the restored bucket in the CLI along with the endpoint URL.

  • What makes Clumio better than other solutions?

    Clumio is architected uniquely, delivering scalability and performance, low cost, and visibility. Its architecture delivers high-performance S3 backups that restore with incredible speed and are reliable with robust security. The Clumio data backup system is easy-to-use and cost-effective, with plenty of additional advantages, like visibility that helps users understand and be more efficient with storage costs. Clumio allows users to be more versatile with the way they handle S3 data, for example turning off versioning or minimum object size metering.

Start your first backup
Get a demo