Step 1. Implement a backup strategy
A comprehensive backup strategy is an essential part of an organization’s data protection plan to withstand, recover from, and reduce any impact that might be sustained because of a security event. Create an extensive backup strategy that defines which data must be backed up, how often data must be backed up, and how backup and recovery tasks will be monitored.
When you develop a comprehensive strategy for backing up and restoring data, first identify interruptions that might occur, and their potential business impact.
Your objective is to build a recovery strategy that brings your workload back up or avoids downtime within the acceptable recovery objectives, Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is the acceptable delay between the interruption of service and restoration of service. RPO is the acceptable amount of time since the last data recovery point. Consider a granular backup strategy that includes all of the following:
-
Continuous backup cadence
-
Point-in-Time Recovery (PITR)
-
File-level recovery
-
Application data–level recovery
-
Volume-level recovery
-
Instance-level recovery
Ransomware
A well-designed backup strategy should include actions that can protect and
recover your resources from ransomware
Retention requirements
In some industries, when developing a backup strategy, you must also consider the regulations for data retention requirements. Make sure that your backup strategy is designed with retention requirements that are sufficient to meet your regulatory needs for each data classification level and resource type.
Compliance
Consult your security compliance teams to validate whether your backup resources and operations should be included in or segmented from the scope of your compliance programs. Including backup and recovery as a critical part of your security program will help you understand where data is across your environment and appropriately define compliance scope.
For architectural best practices for designing and operating reliable, secure, efficient, and cost-effective workloads in the cloud, see Backup and recovery approaches using AWS and Reliability Pillar – AWS Well-Architected Framework.