Every organization that hosts production workloads or data in the Amazon Web Services (AWS) cloud should take steps to protect them. This explains why organizations continue to perform backups in AWS. However, their ability to do AWS cloud backups well long term may hinge on three factors.
These include the origins of the data or workload, each backup software’s offering’s deployment options available from each offering, and each offering’s cyber resilience capabilities. DCIG takes these new factors into account as it refreshes its research on AWS cloud backup offering for its upcoming TOP 5 reports.
Workload and Data Origins
Historically organizations rarely had to consider where their workloads and data originated. Both almost always started on-premises. As a result, they followed more predictable growth patterns and organizations could protect them accordingly.
This approach may still hold true for organizations that ‘lift-and-shift’ their workloads and data to AWS. If they do so, they may simultaneously ‘lift-and-shift’ their current backup software to the cloud.
However, more organizations create or utilize cloud-native applications. This may create an unintended side effect from a data protection perspective. Cloud-native application may quickly create, and continue creating, large amounts of data. This rapid, ongoing data growth makes it more challenging for backup offerings ‘lifted-and-shifted’ to the cloud to keep pace.
Hence, as organizations consider which backup offering to use in the AWS cloud, they should first examine the origins of their data and workloads.
AWS Cloud Backup Deployment Options
Dynamically keeping pace with data growth and constant configuration changes in the AWS cloud present major challenges to every backup offering. How well a backup offering responds to them may well hinge on the deployment options it supports.
Organizations may obtain backup in at least the four following ways:
- Backup-as-a-service (BaaS). Organizations subscribe to a BaaS that runs outside of their AWS virtual private cloud (VPC). Once they create an account with the BaaS offering, they configure it to back up the data and workloads in their VPC. BaaS offerings often run as cloud-native applications so they can scale as needed with the BaaS provider handling all management.
- Software-as-a-service (SaaS). A SaaS offering closely resembles a BaaS offering except that it runs inside an organization’s AWS VPC. It uses a cloud-native architecture and ideally capitalizes on AWS’s infrastructure-as-a-service (IaaS) APIs to perform backups and recoveries. Organizations may support the SaaS themselves or engage the provider to do so.
- Software license. Organizations deploy backup software in AWS much like they do on-premises. They acquire a backup software license, install it on AWS EC2 VM, and then deploy and manage it themselves.
- Virtual appliance. This option resembles the software license option except the offering gets deployed as a virtual appliance.
Once in AWS, organizations should generally give preference to the BaaS or SaaS options since it gives them the most flexibility to dynamically scale backup. However, the more backup data these options manage, the more costly BaaS and SaaS options potentially become. As such, the more deployment options the backup provider offers for their software, the better. In this way. organizations may better manage their backup costs over time as their AWS environment evolves.
AWS Cloud Backup Cyber Resilience
Moving and hosting workloads and data in AWS helps to mitigate number of ways ransomware may enter an organization. However, it does not negate the possibility of a ransomware attack. As such, organizations must examine the cyber resilience capabilities of AWS cloud backup offerings.
Organizations may evaluate offerings based on the cyber resilience guidelines provided by the National Institute of Technology and Science (NIST). Ideally, backup offerings will anticipate, withstand, recover from, and adapt to ransomware.
All backup offerings deliver on these four objectives at some level. However, the more features they deliver for each one, the better the offering will position organizations to handle ransomware. Organizations should expect a great deal of innovation and maturity in each offering’s cyber resilience capabilities in the coming years. NIST published these standards in 2021 so providers must still understand, interpret, and apply them to their respective offering. However, in evaluating potential AWS cloud backup offerings, prioritize those who can best explain and document how their offerings deliver on these objectives.
Keep up to Date with DCIG
To be notified of new DCIG articles, reports, and webinars, sign up for DCIG’s free weekly Newsletter.
Technology providers interested in licensing DCIG TOP 5 reports or having DCIG produce custom reports, please contact DCIG for more information.