Source URL: https://aws.amazon.com/blogs/aws/aws-backup-adds-new-multi-party-approval-for-logically-air-gapped-vaults/
Source: AWS News Blog
Title: AWS Backup adds new Multi-party approval for logically air-gapped vaults
Feedly Summary: Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path.
AI Summary and Description: Yes
Summary: AWS has announced a new feature that integrates logically air-gapped vaults with Multi-party approval in AWS Backup. This capability enhances data protection and access recovery, allowing organizations to restore backups even when their AWS account is compromised or inaccessible. The feature provides a robust layer of security and governance for backup operations, crucial for compliance and operational resilience against malicious threats.
Detailed Description:
AWS’s announcement of Multi-party approval for logically air-gapped vaults in AWS Backup introduces a significant enhancement to data security and recovery processes. This feature allows organizations to securely manage and recover their backups even in cases of account compromise, thus aiming to mitigate risks associated with data access constraints during security breaches.
Key Points:
– **Logically Air-Gapped Vaults**: These vaults provide secure storage for backups, physically separating them from other AWS services to protect against ransomware and other malicious threats.
– **Multi-party Approval**: This governance mechanism requires multiple trusted individuals to approve access requests, ensuring that no single entity can unilaterally make decisions about sensitive data.
– **Enhanced Recovery Options**:
– Administrators can create an approval team composed of trusted members.
– If access to an AWS account is lost due to malicious or unintentional actions, the team can approve access requests from a “clean recovery account.”
– Vault sharing requests and approvals are logged using AWS CloudTrail, providing full accountability.
– **Process Overview**:
1. **Approval Team Creation**: Establishes a group of trusted users within AWS Identity and Access Management (IAM).
2. **Vault Association**: Associates the approval team with air-gapped vaults, ensuring request legitimacy.
3. **Request for Access**: If compromised, requests for vault access can be made through another account.
4. **Approval Process**: The designated approval team reviews the access request, ensuring thoughtful decision-making.
– **Operational Benefits**:
– Accelerated recovery time following incidents.
– Independence from the compromised account’s security credentials.
– Formal governance to align with compliance needs.
The implementation of Multi-party approval for AWS Backup reinforces AWS’s commitment to enhancing security measures for cloud services and helps organizations develop resilient recovery strategies against potential cybersecurity incidents. This capability is critical for professionals involved in information security, cloud governance, and compliance, highlighting the need for comprehensive recovery planning and robust access management.