Your Backups Must Be Protected
Disaster Recovery isn’t just about recovering from infrastructure outages. In today’s cloud connected world, there are many more variables to consider to ensure resilience, starting with cybersecurity. Indeed, the most common cloud disasters are cyber, ransomware in particular.
If a bad actor compromises your cloud environment with the intent of holding it for ransom, often the first thing that they will target are your backups. If they are able to delete your backups, you lose the ability to recover and will have no choice but to pay the ransom.
For this reason, the industry best practice is to store your back up outside of your production environment in an ‘air-gapped’ manner, isolated from production networks, using immutable storage techniques. This way, if your production environment is compromised, your backups will remain secure.
Achieving Air-gapped Data Protection in AWS
If you are in AWS, there are multiple ways to deliver on the best practice of air-gapped data protection. As with any cybersecurity concern, adopting as many of these mitigations as possible is recommended as part of a defense in depth strategy. A layered approach to protection will help you to ensure that you are protected from the unexpected.
One common way to protect your data is to store your data backups in a separate AWS account. Arpio makes this easy to accomplish by automatically replicating your data at the frequency your business requires, into the secondary account of your choice. Arpio’s sophisticated automation means that it can manage this recovery account for you, so you can keep it locked down until you need it.
Another best practice is to leverage AWS Backup Vault Locks for your backups. This way, if an intruder is somehow able to access your recovery environment, your backups will be immutable, and remain resilient to malicious deletion.
Arpio automates the vault locking process for all supported data services by integrating with AWS Backup. Simply tell Arpio which accounts you would like to enable backup vaulting, and we will take care of the rest.
Infrastructure Resilience Is Just As Important
We’ve talked alot about data, but what do you do about your infrastructure? If your primary AWS account is compromised, you won’t want to restore your data into this environment – that infrastructure is compromised. Instead, you’ll need to restore into a clean, and secured AWS account.
But anyone who has built on AWS’s capabilities knows that this sounds simpler than it is. There are a host of managed services and their dependencies that come into play to effectively run a cloud-native application. Unknown dependencies and manual configuration steps can make recovery into a clean environment a hassle and drastically elongate your recovery time.
Arpio can help here too. Once you have configured Arpio, it will constantly back up and replicate not just your data, but also your entire infrastructure, so that it will be ready when you need it. Launching recovery into your secure, locked down recovery environment is as easy as the push of a button.
Arpio Gives You Complete Resilience to Ransomware
As we have outlined – when thinking about ransomware protection in AWS, it’s important to consider not just your data, but your entire infrastructure. In both cases, Arpio has got you covered.
Arpio is the only solution that natively understands all of the AWS services that comprise your cloud environment, as well as their dependencies. We not only make it easy to ensure your backups are protected from a bad actor, but also that you can quickly and easily recover those backups in a clean, secure environment that matches your production environment.
Want to learn more? Schedule a demo today to see it in action, or start a free trial to see how Arpio would work in your complex cloud environment. We’d love to show you how easy ransomware protection in AWS has become.