Platform
- Data Resiliency Cloud
  Data Resiliency Cloud
  Enterprise Cloud Backup and data management across edge, on-premises and cloud workloads
- Data Protection
  Data Protection
  Modernize data protection to reduce costs and complexity
- Cyber Resiliency
  Cyber Resiliency
  Be ready for cyber attacks with data that is always safe, always ready
  - Accelerated Ransomware Recovery
  - Security Posture & Observability
- Governance & Compliance
  Governance & Compliance
  Secure, protect, and streamline data governance for all your critical data, wherever it lives
  - eDiscovery and Legal Hold
  - Sensitive Data Management
- Take a Tour
Solutions
- Business Drivers
  Business Drivers
  Learn how Druva helps you accelerate key business initiatives
- SaaS Applications
  SaaS Applications
  Druva provides comprehensive data protection that supports multiple SaaS applications from a single platform. Discover the Druva difference today.
- Enterprise Workloads
  - Virtualization
    Virtualization
    Transform data center backup and disaster recovery for virtual environments
    
    VMware
    
    Nutanix
  - Databases
    Databases
    Reduce the cost and complexity of data protection for enterprise databases
    
    Oracle
    
    MS SQL
    
    SAP HANA
  - Files
    Files
    Discover a more cost-efficient way to protect on-premises and cloud NAS
    
    NAS/files
  - Public Cloud
    Public Cloud
    Protect native AWS and Azure deployments with secure backups without the cost and complexity
    
    AWS
    
    Microsoft Azure
- Enterprise Endpoints
  Enterprise Endpoints
  Unify SaaS apps and end-user device protection to reduce data risks. Improve cyber resilience and compliance by protecting enterprise workloads and assets.
- Free Trial
Customers
- Explore All Customer Stories
  We are trusted by the world's leading organizations to protect their data. Explore customer success stories to see how your peers are using Druva.
- Ransomware recovery ready
  Learn why Medallia chose Druva
  
  SaaS data protection across the enterprise
  See why Regeneron partnered with Druva
Resources
- 2023 Gartner® Magic Quadrant™
  See why Druva is recognized as a Visionary
  
  Data Resiliency for Dummies
  Get your guide to data resiliency
Partners
- Strategic Partners
  Strategic Partners
  Learn about Druva's strategic capabilities across platform, OEM, and other partnerships. Find out how Druva accelerates and protects customers' cloud journeys.
  - Dell Technologies
  - AWS
  - VMware
  - Nutanix
- Programs
  Programs
  Learn how you can profit with Druva and a cloud-first SaaS selling motion. Explore partner programs, access resources, and discover the benefits of partnering with Druva.
- Become a Partner
Company
- - Company
  - Leadership
  - Investors
  - Careers
  - Contact Us
  - Newsroom
  - Awards
  - Events
  - Blog
  - Diversity, Equity & Inclusion
- Get in touch with us
  Contact Us
  
  News, product innovations, and more
  Blog
Get Started
Support
Login
Language

Product

EC2 backup protects against ransomware and reduces AWS storage costs

March 17, 2022 Akshay Panchmukh, Product Manager

Amazon’s Elastic Compute Cloud (EC2) instances are widely used for running applications on Amazon Web Services (AWS) infrastructure. According to AWS — “Amazon EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned. The service runs within Amazon’s proven network infrastructure and data centers. The Amazon EC2 Service Level Agreement commitment is 99.99% availability for each Amazon EC2 Region.”

Many top businesses, like Netflix and Pfizer, rely on EC2 instances to scale their business with best-in-class cloud computing power. As much as it is important to scale up the environment, it is equally important for such businesses to be highly available in all situations. This leads enterprises to take point-in-time snapshot copies of data to build a business continuity strategy for dealing with potential disasters or ransomware attacks.

Usually, enterprises would use cross-region and cross-account snapshot copies of their EC2 data as the primary strategy to protect themselves from internal and external threats. However, this comes with a hefty price to keep their data available. Standard EBS snapshot storage is charged at $0.05 per GB, which can add up to a huge amount for enterprises that have petabytes of data across their multitudes of AWS accounts. Standard Amazon EBS snapshots are created in the same region as the source, in the same AWS account — which poses a greater risk of backups being affected by ransomware, insider threats, or accidental deletion. Customers are now looking for secure, encrypted, and air-gapped backups that are isolated from their primary production environment to ensure business continuity.

Druva not only provides an air-gapped backup of EC2 instances and attached (or unattached) EBS volumes, but also provides a cost-effective solution for its customers which can reduce TCO up to 50% when compared with storing EC2 snapshots in AWS. Druva uses global source-side deduplication to compress encrypted and non-encrypted data without storing customers’ ekeys, and always follows best-in-class industry-level security standards. By backing up Amazon EC2 data to the Druva Data Resiliency Cloud, organizations reduce the operational complexity of managing multiple snapshot copies in AWS. You can leverage additional features like policy immutability, app-consistent backups, and manual deletion prevention, and in addition, there are no worker instances that need to be spun in the customer’s account. Druva takes care of that. That’s right! This means no hidden charges!

We’ll walk through how simple it is to create secure, air-gapped backups using the Druva Data Resiliency Cloud for your Amazon EC2 workloads.

How it works

Step 1: Provision Cloud Storage

1. Log into your Druva Native Workloads (CloudRanger) console for AWS and navigate to the Account for which you wish to set up storage. Click the gear icon on the top navigation bar.

2. Click Druva Cloud to be directed to the Druva Storage page.

3. Click Provision Storage to request a new Druva Cloud Storage.

4. Select the Druva Storage Region you would like to store your data in and specify an appropriate Storage Name.

The Storage request, once initiated, triggers a Support ticket to provision the storage on Druva Cloud.

Once complete, the Storage listing page will list all available Cloud Storage with the relevant Status.

Requested: Indicates that a new Storage has been requested and is pending approval. Once approved, the status is updated accordingly.
Access Provided: Indicates that the request has been approved and Cloud Storage has been provisioned in the Region specified.
Access Denied: Indicates that the storage request has been denied for specific reasons. For more information, contact your Druva Account Manager or Support.

Step 2: Storage rules

Storage Rules help create a mapping between the Druva Data Resiliency Cloud and your AWS resources within specific Regions and Accounts. Once you identify the AWS resources to be backed up to Druva Cloud, the Storage Rules direct the data backups to the appropriate Druva Data Resiliency Cloud Region provisioned within your chosen Account.

In other words, use storage rules to direct specific resource backups to the appropriate Druva Data Resiliency Cloud Storage.

To define Storage Rules:

1. Log into your Druva Native Workloads (CloudRanger) console and navigate to the Account for which you wish to configure storage rules. Click the gear icon on the top navigation bar.

2. Click Druva Cloud to be directed to the Druva Storage page.

3. On the Storage Rules tab, click Add Storage Rule.

Select the Account and AWS Region to filter resources to be backed up from.
Select the Druva Storage name to assign the storage for all backups generated from the resources filtered within the selected Account and Region.

Step 3: Add credentials

The Client Credentials enable access to your AWS Key Management System (AWS KMS) to generate and manage the data encryption key (ekey). The ekey, once generated, is used to encrypt the user data that is then backed up to Druva Cloud.

Note: This is part of the digital envelope encryption process that Druva strictly adheres to. Druva does not store the ekey of users and has no access to the data.

To get started with ekey management, you will need to import the relevant credentials to your Druva CloudRanger account.

1. Log into your Druva Native Workloads (CloudRanger) console and navigate to the Account for which you wish to configure Client Credentials. Click the gear icon on the top navigation bar.

2. Click Druva Cloud to be directed to the Druva Storage page.

3. On the Client Credentials tab, click Create Client Credentials.

4. On the Add Credential page, specify the following:

Select the Account and AWS Region for which you wish to generate the key credentials.

NOTE: This is just the location where the client credentials will be stored, and these can be used for any accounts/region within the organization. There is no need for creating client credentials in every region/account.

The Parameter Store Name automatically displays the appropriate AWS Parameter Store within which the credentials are stored.

Step 4: Create Backup policies to move EC2 Backups to Druva Data Resiliency Cloud

Druva Cloud-enabled backup policies let you select an automatic schedule to create EC2 backups per the required retention.

Step 5: Check your EC2 Backups in Druva Data Resiliency Cloud

Once the EC2 backups are created using the global policies, you will see those backups on our backup listing page.

In the ‘Location’ column, you will find ‘Druva Cloud’ in place of the EC2 Backups which have moved to Druva Cloud.

Step 6: Restore from Druva Data Resiliency Cloud

For any operational or troubleshooting purpose, if you need to restore your EC2 backups in the Druva Cloud you can simply select the backup from the EC2 backup listing page and then select ‘Restore’.

You can restore the EC2 Backup as a volume or an instance.

Conclusion

Cross-account and cross-region snapshots provide a level of resilience against cyber attacks and disasters, but they also increase costs and complexity. Druva removes the need for cross-account and cross-region snapshots and provides air-gapped backups for superior protection against ransomware with an up to 50% reduction in TCO.

You can also leverage Druva’s recent security enhancements for AWS native workloads, such as manual deletion prevention and policy immutability, to keep your data safe in Druva Data Resiliency Cloud. Additionally, you can create application-consistent backups for Amazon EC2 resources using pre- and post-scripts.

Key takeaways

Thousands of organizations leverage Amazon EC2 to build and run applications with speed and confidence, but as they expand their cloud footprint, data visibility, protection, and recovery often become costly and complex challenges. The latest innovations within the Druva Data Resiliency Cloud highlight how Druva can address these pain points and is helping businesses unlock even more value in the cloud through a radically simplified approach.

Availability

We’re excited about the release of our EC2 backup capabilities for both AWS and Druva customers. Druva’s cloud backup capabilities for Amazon EC2 workloads will be generally available via the Druva Data Resiliency Cloud this Spring 2022.

Learn more about what Druva can do for your AWS environment on the Druva website.

EC2 backup protects against ransomware and reduces AWS storage costs

How it works

Step 1: Provision Cloud Storage

Step 2: Storage rules

Step 3: Add credentials

Step 4: Create Backup policies to move EC2 Backups to Druva Data Resiliency Cloud

Step 5: Check your EC2 Backups in Druva Data Resiliency Cloud

Step 6: Restore from Druva Data Resiliency Cloud

Conclusion

Key takeaways

Availability

Blog

Druva Data Resiliency Cloud

Cloud Backup & Recovery

Data Protection

Governance & Compliance

Cyber Resilience

Business drivers

Workloads

Partners

Customers

Resources

Company