Druva has announced new capabilities to protect customer workloads running in Amazon Web Services (AWS). It is delivering three new capabilities that extend its existing solutions for Amazon S3 and Amazon EBS. It also includes new management features such as global policies for AWS and automated onboarding. The news was announced at AWS re:Invent where Druva also announced it had surpassed $100m in recurring revenue.
According to Mike Palmer, Chief Product Officer, Druva:“AWS’s ease-of-use, competitive cost, and vast array of services have enabled enterprises to build today’s applications, scaling on demand and innovating for the future.
“Given how easy it is to set up environments in AWS, enterprises look to further reduce business risk, increase operational efficiency, and retain visibility of all their data. As one of the only data protection solutions built entirely on AWS, and given our intimate knowledge of it, Druva is the ideal solution to help leverage AWS to the fullest and drive our customers’ business forward.”
Druva focused on reducing risk and raising data protection
The key focus of these new announcements are to de-risk the use of AWS. This is especially important around AWS Simple Storage Service (S3). There have been a number of high profile breaches around customer use of S3. Among those affected are high profile names such as Uber, Netflix, FedEx and Accenture.
AWS hasn’t stood still. It has made several updates to the security of AWS S3. The problem is not with the actual product but the way it is configured, implemented and deployed by customers. That doesn’t mean AWS is perfect but any serious analysis of the breaches show that misconfiguration is the key issue.
It is not just security that is the issue. AWS does not promise to backup and restore data. It is down to customers to do that, something few realise. This is why Druva has strengthened its offerings.
One solution is the new global data management policies. They include:
- Automated onboarding: Consistent onboarding of users when deploying cloud services is essential. Users can now set policies for new users and change those for existing users simply. This is not just about an organisations private AWS environment. It also supports AWS GovCloud accounts.
- Enforcing backup policies: Organisations have invested in creating backup policies. The problem for many is ensuring that they are applied and working. Users can now create, deploy and apply global backup policies across all accounts from users to system accounts.
- Regional variation: Privacy laws and the need to geo-lock data creates a challenge when designing global policies. New policy selectors allow greater flexibility with designing backup policies. It is now possible to use ID, Tag, AWS Account, AWS Organization, VPC, Subnet or Region to help unifying policies across accounts.
Making it easier to backup S3 and archive EBS
Druva has also improved the user interface (UI) for Amazon S3 backup. It is now easier to navigate across all the snapshots of Amazon S3 buckets. This means that when administrators are searching for copies of deleted data, they can do so much faster than before.
As with the updates to the management tools, there are new policies covering backups. These can be defined by region and account. Administrators can also build their own rules to include/exclude the way some S3 buckets are managed. There is a caveat here. Customers need to keep this under review as it is easy to lose site of an S3 bucket that has been excluded for specific reasons. There appears to be nothing in the new Druva tools that enforces regular review of policies.
For Amazon EBS, Druva has added new archival capabilities. This includes the ability to transition EBS snapshots to Amazon S3 storage classes like Amazon S3 Glacier and Amazon S3 Glacier Deep Archive. Druva claims that this will: “significantly reduce costs by up to 50X* while retaining availability for business continuity, compliance, customer contracts and e-Discovery.”
Enterprise Times: What does this mean
Securing and backup up cloud data is critically important. There is a belief that responsibility for data in the cloud is that of the cloud service provider CSP. That is not the case and shows how rarely organisations read the terms and conditions.
Take the recent case of customers losing data when an AWS facility had a power outage. Under the T&Cs, Amazon makes it clear that customers, not it, are responsible for backing up data. For those customers that lost data this seemed to come as a revelation. Yes, they should have read the T&Cs. However, it also shows how, when moving to cloud, organisations simply abdicate good data protection practices.
These new features from Druva will also help remove the fragmentation that cloud has caused. Few organisations do a big bang cloud move. Instead, they move over a period of time and across multiple locations. This causes a disconnect with policies. The new policy tools should help organisations take back control of their data and policies.