Data Protection for Amazon S3

Amazon S3 object storage service is part of the Amazon Web Services, or AWS, cloud service offering. AWS S3 is widely used cloud storage, holding large volumes of data for most businesses using the AWS platform.

The AWS Shared Responsibility Model states that AWS is responsible for the security and reliability of their servers and infrastructure, whereas the user is responsible for the security and reliability of their data and applications, including access control. This means the user is responsible for ensuring they are able to restore data in case of an overwrite or deletion, whether from human error or security breach.

S3’s scope, scale and low cost make it a great data storage solution for data lakes, data analytics, and other unstructured data that drive business value and results. Users of Amazon S3 need to understand that a lot of this data stored in S3 is important and therefore needs backup.

Disaster recovery for S3 is a strategy and process that entails restoring applications relying on S3 data in the event of a significant disruption like a regional outage, natural disaster, or other large-scale failure.
DR strategies vary in line with companies’ needs and SLAs, but can include fully redundant systems for immediate failover, and often include backup as an element. S3 replication can be used as part of a DR strategy for infrastructure failures, but because a replica is a live or versioned copy of the primary data, it does not allow you to roll back to a usable state in case of a mass encryption event like ransomware or deletions, corruptions, or overwrites that have been neglected for more than 30 days.These situations need a point in time backup.

Backup is a crucial element of a disaster recovery strategy. Backup is specific to data that resides in storage services, databases, and applications. Whereas failover copies are structured the same way as production data, backup copies are stored more efficiently and must be restored to the production environment to be used. This strategy typically delivers cost benefits, but recovery can come with some added latency.

AWS Regions are different geographical areas where data can be stored. Each region is further broken down into multiple Availability Zones, which help ensure the technology remains resilient.

Having these multiple regions is a key benefit of cloud computing. There are many instances in which having the flexibility to recover data to a different region is important. When users backup a bucket, it is meant to be restored in case of a data loss or other disaster like a region being down. In that case, they would want to restore the backup to another region. Another reason to restore data cross-regionally is if the source data has moved. While restoring backups across regions can increase latency, it is an important tool in the backup toolkit.

One of the more useful aspects of cloud computing is its scalability. An S3 bucket has no object limit—it can contain billions of objects—and not all of those objects are important enough to backup. Clumio gives users the visibility and tools to control exactly which data to backup. S3 data can be selected by options like bucket, prefix (think of a prefix as a folder, and an object as a file), tag, account, region, and storage tier (like Standard or Glacier).

A helpful feature of Clumio’s cloud backup as a service offering is the user’s ability to automate backups. Developers employ automation because it saves time, removing the need to actively manage backup operations. Automating your backups makes scalability instant and effortless. Clumio’s native tools allow users to automate their backups right in the application. Optionally, developers can deploy Clumio as code using our Terraform provider.

Clumio delivers a variety of features that ensure the security of backups. In addition to backups being air gapped and immutable, data is encrypted in flight and at rest. Users can implement role-based access control, creating permissions for certain types of data by role or individual user, as well as multi-factor authentication.

Restoring data, especially in large volumes, can take a long time. While architectural elements like the use of Lambda functions can reduce latency significantly, developers often would like an even faster solution to restore their applications to a functional state. Clumio Instant Access allows them to instantly mount buckets from Clumio in a read-only format. This gets the application back up and running right away while waiting for the full restore to the original source. Users see metadata for each object in the restored bucket in the CLI along with the endpoint URL.

Clumio is architected uniquely, delivering scalability and performance, low cost, and visibility. Its architecture delivers high-performance S3 backups that restore with incredible speed and are reliable with robust security. The Clumio data backup system is easy-to-use and cost-effective, with plenty of additional advantages, like visibility that helps users understand and be more efficient with storage costs. Clumio allows users to be more versatile with the way they handle S3 data, for example turning off versioning or minimum object size metering.