Murrstock - stock.adobe.com
AWS Backup now has a way for customers to keep tabs on their backups and prove to auditors that policies are being enforced.
This week, at the security- and compliance-focused AWS re:Inforce virtual conference, Amazon rolled out AWS Backup Audit Manager. This new feature is part of AWS Backup and allows customers to track the activity of all their backups. Additionally, it can generate detailed reports on backup, replication and restore jobs to provide visibility into those activities.
This information helps customers more easily determine if their backups are meeting compliance requirements. Gathering backup activities into digestible, auditable reports shows an organization's backup policies are being followed. Reports can also be used to identify where backup frequency or backup retention policies aren't enough to meet service-level agreements (SLAs) so they can be adjusted accordingly.
Vinny ChoinskiSenior analyst, Enterprise Strategy Group
"Without that visibility, it's really hard to get a handle of an enterprise backup environment," said Vinny Choinski, a senior analyst at Enterprise Strategy Group (ESG), a division of TechTarget. "A lot of times, backups are created and then forgotten about."
AWS Backup Audit Manager tracks backup activities within a defined account and region of the user's choice. Once deployed, customers can choose an Amazon S3 bucket for receiving automated daily reports in JSON or CSV format. Reports can also be generated on-demand.
AWS Backup Audit Manager is similar to third-party backup monitoring and compliance tools such as Bocada and Aptare, which Veritas acquired in March 2019. Backup software from Veeam, Commvault, Rubrik and others commonly have backup reporting tools of some sort, though the level of detail and analysis the report provides varies by product.
Ransomware attacks have resulted in increased customer demand for ensuring that backups meet compliance requirements, and AWS Backup Audit Manager is a good start to making that capability native to the platform, Choinski said. However, the capability needs to expand beyond simple auditing, and should include a way to see storage cost utilization of the backup and better visualization of the data presented in the reports, he added.
"It's really hard to look at all this stuff in a spreadsheet," Choinski said.
Veeam and other third-party data protection vendors arrived at their own backup compliance capabilities through ransomware, so it wouldn't be a surprise if AWS develops Backup Audit Manager toward backup resiliency, said ESG senior analyst Christophe Bertrand. Reporting that an organization's backup policies are followed fulfills regulatory compliance requirements, and reporting that SLAs, recovery time objectives and recovery point objectives are being met fulfills internal requirements. Logically, the next step has to be reporting on whether the backup copies are recoverable -- that they'll successfully boot up and aren't infected by ransomware, Bertrand said.
"[AWS Backup Audit Manager] has a lot of value from day one, but it needs to provide something to further reinforce the resilience of the data in the future," Bertrand said.