Skip to content

Cloud Backup Survey Finds IT Professionals Still Unaware of Compliance Requirements

Photo by krakenimages on Unsplash

This post is part of a sponsored ComplyTrust blog post series. To learn more about ComplyTrust, please visit complytrust.com.

In August 2022, IT Brand Pulse ran a survey among professionals using cloud-native data protection solutions for their AWS-based workloads. Ran across a panel of twenty IT practitioners with workloads in the cloud, interesting patterns emerged from this report.  

The survey focused primarily on customers taking advantage of the native AWS Backup service. Among respondents, two thirds mentioned that their organization takes advantage of AWS Backup, while one third indicated they leverage third party solutions.

Use of AWS Backup vs third party SaaS backup solutions – Source: IT Brand Pulse research

AWS Backup in a Nutshell

AWS Backup protects several AWS services including EC2 instances, EBS volumes, AWS S3 buckets, and several cloud native database services (RDS, DynamoDB, Netpune, DocumentDB, and more).

It also supports a variety of cloud file systems, not only Amazon EFS, but also Amazon FSx and its broad ecosystem of partners: FSx for NetApp ONTAP, FSx for Lustre, FSx for Windows File Server file systems, and FSx for OpenZFS.

Finally, AWS Storage Gateway volumes and VMware workloads (on-prem, on Amazon Outposts, and in VMC – VMware Cloud on AWS) are also supported.

Despite being less-known than some of its cloud native, third party competitors, the growing ecosystem of AWS Backup and its cloud-centric nature makes this exploration worthwhile.

Overview of AWS Backup – Source: AWS Backup presentation page

Survey findings

The survey looked at four key capabilities of AWS Backup:

  • Single File Restore
  • Snapshots
  • Automation
  • Reporting

Single File Restore

The survey looked at restore granularity on AWS Backups. The granularity itself is dependent on the AWS service being backed up, backup configuration, and data sets related with the service / application / instance in scope.

When asked for the importance of single file restore granularity requirements regarding their RPO, RTO and SLA requirements, 50% of the users considered it as a “must-have” or “helpful” feature, while the other half was satisfied with image-level backups. Only 11% of the respondents indicated that single file restore is a requirement.

TECHunplugged considers that over a broader sample of AWS Backup users, the percentage of users requiring single file restore should be significantly higher.

Snapshots

The second key capability evaluated was snapshots, particularly “How snapshots are important to my organization” across several use cases (Patching, RTO/RPO adherence, Disaster Recovery, RTO/RPO Compliance Requirements, Recovery).

A broad majority of respondents (almost 80%) indicated that snapshots are essential for their recovery requirements, while only 33% mentioned disaster recovery. Interestingly, only 6% of the respondents indicated patching as a rationale for using snapshots.

Worryingly (at least for us at TECHunplugged), only 22% of the respondents agreed with the statement that “Frequent snapshots are critical for RPO/RTO”, which is somehow in contradiction with 50% of them agreeing that “Snapshots can help meeting RTO/RPO compliance requirements”.

Although we categorically emphasize that snapshots are not backups, the flexibility provided by snapshots (when combined with backups) should not be overlooked.

Automation

One of the selling points of AWS Backup is that it is a fully managed backup service. As such, the service should offer policy-based data protection through a single central management interface. The survey queried IT professionals on automation needs, with a focus on automated test and validation reporting of AWS Backups.

50% of the respondents viewed automated test and validation as a requirement, while the other half either considered it as a potential benefit (33% of respondents), or not needed at all (22% indicated it as not critical, with ad-hoc manual checks if necessary).

Reporting

AWS Backup allows the generation of reports through its management interface. When organizations require additional compliance reporting and auditing capabilities, AWS Backup Audit Manager (BAM, a companion product to AWS Backup) can be leveraged to provide deeper insights.

Respondents were asked to reply to the “My organization is generating separate backup reports for each of these environments” question, with the following possible answers:

  • One backup application on-premises
  • Multiple backup application on-premises
  • AWS Backup
  • One third-party backup application in AWS
  • Multiple third-party backup applications in AWS
  • Avepoint

Slightly less than only one third of the surveyed users (29%) claimed to use “AWS Backup”, while “One backup application on-premises” dominated with 53% of respondents.

Without additional details, it is difficult to determine whether AWS Backup reporting capabilities are either not required, insufficient, or poorly structured for the need of users.

Pain Points and Customer Needs

Customers were also requested to rate the priority among five pain points for cloud backup:

“lack of successful backup verification”, “complex / time intensive deployment”, “support for my application”, “high cost of licensing”, and finally “backup / restore completion times”.

Pain points and customer needs – source: IT Brand Pulse research

33% of the respondents reported completion times as their first pain point area, ex-aequo with “high cost of licensing” (also 33%). TECHunplugged extrapolates that “high cost of licensing” might refer to cloud backup costs, which can be complex and often exclude additional fees (for example pulling data from AWS Glacier or egress transfer fees).

Interestingly, none of the surveyed seemed to be concerned about the ability to report on RTO/RPO/SLA adherence, and only 17% were concerned about cloud backup’s ability to support their applications. Finally, only 6% cared about backup verification.

Among requests for improvement and potential customizations, an overwhelming majority of respondents viewed “the ability to set thresholds and notifications for backup policy compliance” as “important” or “very important” (75% total). A slight majority (just over 50%) identified a “reporting dashboard that visualizes snapshot and backup log data” as “important” or “very important”.

Conclusion

Although AWS Backup is not yet considered as a primary go-to data protection solution in the world of Hybrid Cloud Data Protection, the solution is steadily improving its support ecosystem.

Metrics collected by IT Brand Pulse shows several trends. It emerges that either professionals using AWS Backup are using it as a secondary data protection option, or they are not aware of its full potential. However, for those which are aware of AWS Backup capabilities and service / platform scope, the lack of enterprise grade reporting and compliance features becomes concerning.

Since the survey analyzed answers from a limited user base (twenty users, out of which 60% were in technical positions), it is a fair assumption to consider that emphasis on adherence to regulatory compliance was underestimated, both due to the primary concerns of the queried user base, and because of the small user sample.

Nevertheless, some of the expressed concerns remain very valid points, indicating that third-party solutions are needed to achieve better compliance outcomes, both from a policy adherence/enforcement standpoint, and for reporting capabilities as well.

Organizations that leverage AWS Backup and seek to improve their compliance stance have the ability to join the ComplyScan Plus (CS/P) Early Access Program. ComplyScan Plus (CS/P) is a cloud native SaaS application that monitors and report on global AWS Backup job activities. The solution is secure and significantly boosts AWS Backup Audit Manager (BAM) capabilities, by simplifying and automating FINRA, HIPPA, ISO and NIST compliance, while also validating and meeting RPO/RTO requirements. Find out more about ComplyScan Plus (CS/P) and join the pilot program here.