Amazon recently announced the availability of AWS Backup Audit Manager, a new feature of AWS Backup to monitor the compliance status of backups and generate reports to meet business and regulatory requirements.
The new feature allows administrators to define technical requirements covering details such as the amount of backup copies that should be created and find which parts of their AWS deployments do not meet these requirements. Designed to evaluate, and demonstrate backup compliance, AWS Backup Audit Manager integrates with AWS Audit Manager, the service to continuously audit the usage of cloud resources, to help customers collect evidence of backup activity along with other AWS services.
With AWS Backup Audit Manager, you can now continuously and automatically track your backup activity, such as changes to a backup plan or backup vault, and generate automatic daily reports. AWS Backup Audit Manager provides built-in, customizable, compliance controls. Simply put, controls are procedures with backup policy parameters, for example the backup frequency or the retention period, that align with your business compliance and regulatory requirements.
Example of a backup job report in the AWS console. Source: https://d2908q01vomqb2.cloudfront.net/da4b9237bacccdf19c0760cab7aec4a8359010b0/2021/08/20/backup_audit_manager-reports-list.png
Mark Curphey, CTO at Open Raven, highlights the main use cases and the new partnership between the data security platform and AWS:
To successfully recover from a ransomware attack, organizations need to plan ahead by completing two foundational tasks, identifying critical data and systems and backing them up as per organizational requirements so that they can be protected and recovered. The combination of AWS Backup Audit Manager and Open Raven streamlines this effort, eliminating guesswork and hours of manual toil.
To track activities, AWS Backup Audit Manager requires customers to enable monitoring through AWS Config for backup plans, vaults, recovery points and AWS Config resource compliance. The recording status of the resources can be monitored in the Resource Tracking section of the AWS Backup console.
AWS canceled the AWS re:Inforce 2021 conference in Houston and replaced it with a smaller and free virtual event where they announced the new backup feature. Scott Piper, AWS security consultant, comments:
The only announcement from the re:Inforce keynote was AWS Backup Audit Manager. I don’t think COVID was the only reason re:Inforce was cancelled.
Part of AWS Backup, AWS Backup Audit Manager is currently available in a subset of AWS regions. The pricing is based on backup evaluations, incurred when resources are evaluated against controls, and charges for configuration items recorded by AWS Config.