The goal of Amazon Workspaces is to solve IT headaches by placing the full desktop experience in the cloud. Organizations set up virtual desktops, and users can access their documents, resources, and applications from any device. They pay for access only when an employee actually uses it, providing significant cost reductions compared with persistent virtual desktops deployed in a traditional data center. Because the data and applications are stored in Amazon’s secure cloud, this Desktop-as-a-Service (DaaS) approach promised to be a simple and secure way to provision new users and manage their data.
However, while Amazon Workspaces may do a phenomenal job solving some security challenges, it is helpful to utilize third-party solutions to address all the challenges that organizations face. These challenges include a lack of sufficient backup, insufficient compliance features, and the need for time-consuming hands-on management by IT administrators. These problems add up, making extra protection critical for a truly secure Amazon Workspaces implementation.
Data Backup Challenges on Amazon Workspaces
Amazon Workspaces automatically back up every 12 hours. This means that if a disaster occurs, an organization risks losing up to 12 hours of data changes. On top of that, administrators have to restore the end users’ data, leading to lost productivity while end users wait to resume work.
Many organizations attempt to use file sharing as a stand-in for true data protection, based on the assumption that if files are synced to the cloud, end users can just load their projects and get back to business. While sharing and collaboration features are certainly a value-add on many cloud services (including Amazon Workspaces), these consumer-grade solutions simply aren’t designed for business-scale data recovery. The onus is on the end user to sync and share their data, putting critical data and files at risk.
“Amazon Workspaces empowers IT to effectively manage virtual desktop installation and provisioning, but fails to supply the necessary tools for secure data backup and recovery.”
Not only is that data at risk, but IT often has no visibility into its own users’ data on DaaS solutions. There’s no way to place data on a legal hold when needed or to ensure that all critical and sensitive data is being backed up. If file sharing is used as a proxy for proper data management, there’s the additional risk of former employees retaining access to corporate intellectual property (IP) via file-sharing accounts. Amazon Workspaces empowers IT to effectively manage virtual desktop installation and provisioning, but it fails to supply the necessary tools for secure data backup and recovery.
How Druva Can Protect Your Amazon Workspaces
In order to truly secure data on Amazon Workspaces, you need a dedicated data security solution. We’re proud to announce that Druva inSync, our leading-edge cloud data protection solution, is now available for Amazon Workspaces.
With Druva inSync, you can
- Back up data more frequently.
Backing up every 12 hours just won’t cut it, especially in the case of a ransomware attack. That could result in hours of lost data and tons of work to be redone across your entire company. Druva inSync offers data backup as frequently as every 5 minutes.
- Ensure policy compliance across your organization.
Some businesses try to sidestep the 12-hour backup window by using Amazon’s file-sharing service WorkDocs as an ad-hoc backup solution. However, this places the onus on the end user to sync their own data, with no organizational control and no Plan B if they forget.
With Druva inSync, automatic backup is managed centrally through a single portal. Administrators have the power to manage policies, users, data, and applications as needed. For example:
- Every user is accounted for through Druva inSync’s mass deployment and Active Directory integration.
- All sensitive and critical data is backed up in its entirety.
- Data is protected according to specific company policies, including those that define inclusion and exclusion, backup frequency, and data storage locations and retention.
- Reduce admin workload through automation and self-serve data recovery.
Amazon Workspaces simplifies many administrative IT tasks by streamlining device provisioning; however, it is not able to do the same with data backup and recovery. Users are fully dependent on administrators for data recovery, which results in lost productivity for both the user and the administrator. Device lifecycle management is another challenge, and there aren’t sufficient tools for monitoring serious security risks like backup failures, inactive devices, or data loss from departing employees.
On the other hand, Druva inSync’s lifecycle management tools lighten the load on administrators and increase productivity by:
- Automatically activating new users and new devices
- Identifying and automatically deleting inactive devices and users
- Receiving automated email alerts when a device fails to back up
In addition to these features, Druva inSync’s self-service tools ensure that end users can access their data whenever they need it, without having to wait for an administrator to come online. If data is corrupted, automatically deleted, or locked by a ransomware attack, the end user can independently get immediate access to the data and restore a complete snapshot, specific directories, or individual files without an admin’s assistance.
- Prevent data loss.
Druva inSync’s Data Loss Prevention (DLP) functionality reduces the total economic impact in case a workspace is hacked and a user gets locked out. It provides powerful, multi-layered protection of critical data residing on your workspace. Once a device is marked for DLP, Druva inSync ensures that the data is encrypted and is rendered unreadable. The data is then auto-deleted from the workspace if the user does not connect for a specified period of time that can be customized to your needs.
Druva inSync Goes Beyond Simple Backup
Not only does Druva inSync ensure that your Amazon Workspaces data is securely backed up and readily available in case of disaster, but it goes a step further with additional features such as compliance, eDiscovery, and analytics. These features enable you to do the following:
- Automate compliance monitoring.
With Druva inSync, your organization has complete control over proactive compliance monitoring. You can select from predefined compliance templates — including HIPAA, GLBA, and PCI — or define customized compliance templates specific to your organization. You can then stay on top of monitoring with customizable tools that enable you to do the following:
- Define sensitive data and scan user data for compliance violations or risks
- Locate end-user data that has violated a compliance policy
- Generate a non-compliance report to analyze and understand adherence to specific compliance regulation requirements within your organization
- Manage legal holds and eDiscovery.
In legal situations, data must be readily available for quick recovery. With Druva inSync, you can immediately place a user’s data on legal hold, without the need for any user intervention. This preserves the backup data for that user and keeps it immutable for as long as you need it, regardless of the standard retention policies in place. Administrators can then analyze and access data via Druva inSync’s eDiscovery integration.
Again, these tools go beyond simple data preservation to improve your operations and reduce costs. For example, you can:
- Capture forensic metadata and ensure legal admissibility
- Locate critical data across all users and devices with data insight tools
- Streamline data transfer to eDiscovery platforms
- Reduce downstream eDiscovery costs with metadata, full-text search, and culling capabilities
- Cut backup storage costs.
High-availability backup is the cornerstone of a good disaster recovery system, but too often, it comes with astronomical storage costs. Unlike traditional methods, however, Druva inSync provides full scalability with a dramatically lower total cost of ownership (TCO). With its patented incremental backup and global dedupe technology, Druva inSync provides frequent backups with minimal data transfer and storage costs.
The built-in security features of Amazon Workspace aren’t sufficient to truly protect your data and your business. Critical gaps, long backup windows, and missing features add up to serious risks and major costs in the event of a disaster.
How Hatco Protects Against Ransomware with Druva on AWS
Learn how to reduce ransomware risks now with Druva, while proactively preparing a response for the future in our upcoming webinar.