Amazon primes S3 as backup facility


Cloud-attached storage backup.

Amazon Web Services has launched a new offsite backup service that replicates in-house application data to the Simple Storage Service (S3) cloud. 

The AWS Storage Gateway, currently in beta, involves installing a virtual appliance -- initially VMware ESXi 4.1 with wider support planned later -- between business applications and in-house storage.

The gateway takes snapshots and replicates it to S3. Data is transferred to S3 over a Secure Sockets Layer connection and from there it is encrypted using Advanced Encryption Standard 256 bit keys, according to Amazon. 

After installing the gateway, administrators would create "gateway storage volumes" which are attached to on-premise application servers as iSCSI devices.

There's also an option to mirror data, either as a disaster recovery strategy or to offload capacity to Amazon's Elastic Cloud 2 (EC2), achieved by uploading applications to S3 in the form of Amazon Elastic Block Storage (EBS) snapshots, then attaching the blocks to a compute instance through the management console or EC2 APIs.

Pricing for the service in Singapore's S3 starts at $US125 a gateway a month.

While Amazon's infrastructure may be more robust than many in-house systems, last year's extended outage in Western Europe highlighted it is far from impervious to the same types of issues that enterprises face, such as human error and power failures.

In Amazon's case, engineers spent days moving massive amounts of data to S3 before attempting to rebuild storage blocks that were mistakenly deleted during a botched de-duplication run.  

One criticism of the security set-up is that Amazon holds the encryption keys, offering "checkbox compliance", commented Dan Griffin, former Microsoft security executive and founder of JW Secure

"Commendably, during replication, the data traverses an encrypted tunnel (SSL). As well, when the data is received by Amazon’s storage gateway proxy in the cloud, it’s encrypted before it’s written to permanent storage.

"However, since Amazon has access to the encryption keys, that protection buys you checkbox compliance, but not much more. After all, whoever has access to the keys can decrypt the data, and that includes rogue system administrators, or even Amazon itself if under duress (subpoena, national security, etc.)."

Amazon's new backup service comes a week after its launch of another enterprise service, the NoSQL-based 'big data' offering for the enterprise, DynamoDB. 

Copyright © . All rights reserved.

Amazon primes S3 as backup facility
Top Stories
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
What InfoSec can learn from the insurance industry
[Blog post] Another way data breach laws could help manage risk.
A ten-point plan for disrupting security
[Blog post] How can you defend the perimeter when it’s in the cloud?
Sign up to receive iTnews email bulletins
Latest Comments
What is delaying adoption of public cloud in your organisation?

   |   View results
Lock-in concerns
Application integration concerns
Security and compliance concerns
Unreliable network infrastructure
Data sovereignty concerns
Lack of stakeholder support
Protecting on-premise IT jobs
Difficulty transitioning CapEx budget into OpEx