AWS re:Invent 2025 - Data protection and resilience with AWS Storage (STG338)

Data Protection and Resilience with AWS Storage

Proactive Defense Against Cyber Threats

• Ransomware and cyber attacks pose significant risks, with 59% of organizations experiencing attacks in 2024 and only 70-80% of data recovered even after paying ransom
• Cyber crime is estimated to cost $10.5 trillion worldwide by the end of 2022, more than the illegal drug trade
• Internal threats like human error and malicious insiders can also jeopardize critical data assets
• Case study of the 2017 Maersk cyber attack, one of the most costly and catastrophic cyber events, highlights the need for proactive defense

Understanding Data Resilience

• Resilience consists of multiple facets:
  • High availability: Automatic failover to maintain service continuity during component failures
  • Data protection: Backup, disaster recovery, and business continuity to recover from catastrophic failures
• Failure likelihood vs. impact should drive resilience strategies:
  • High likelihood, low impact events call for high availability solutions
  • Low likelihood, high impact events require data protection solutions
• AWS shared responsibility model: AWS provides resilient infrastructure, but customers are responsible for resilient application architecture

AWS Resilience Strategies

• Regions and Availability Zones (AZs):
  • Regions provide geographic distribution for disaster recovery
  • AZs are isolated failure domains enabling high availability designs
• AWS service types:
  • Zonal services (e.g. EC2, EBS) require customers to manage failover
  • Regional services (e.g. S3, DynamoDB) provide automatic high availability
  • Global services (e.g. Route 53) offer worldwide resilience and disaster recovery

Data Protection Frameworks

• 3-2-1-1-0 framework:
  • 3 copies of data
  • 2 different media
  • 1 offsite/offline copy
  • 1 immutable, air-gapped copy
  • 0 errors when restoring
• Recovery Time Objective (RTO) and Recovery Point Objective (RPO):
  • Local copies for fast operational recovery
  • Remote copies for regional disaster recovery
  • Isolated, immutable copies for cyber event recovery

Implementing Resilience Strategies

• Native AWS replication services:
  • S3 cross-region replication
  • DynamoDB global tables
  • FSx for ONTAP replication
• AWS Backup for centralized, policy-driven backups:
  • Backup vaults with access control and immutability
  • Automated restore testing and validation
• AWS Elastic Disaster Recovery (DRS) for instance-based workloads:
  • Continuous block-level replication to target AWS region
  • Automated recovery orchestration

Key Takeaways

• Assume the worst-case "digital extinction level event" and design for resilience accordingly
• Identify and prioritize mission-critical business and infrastructure services
• Implement a comprehensive 3-2-1-1-0 data protection framework
• Leverage native AWS services for replication, backup, and disaster recovery
• Test recovery plans regularly to ensure successful execution
• Engage with AWS for a cyber event maturity assessment workshop