Amazon lets customers back up data across regions or even move data out of S3 into Amazon Glacier for data archiving. A rule can move Amazon S3 object versions to the lower-cost Glacier class and automatically delete them from Glacier storage after the data expiration date. This may feel like going backward, but instead of backing up to another cloud instance, creating an offline archive is an option, too. The benefit of having offline backup is to ensure there is a copy of essential business data attackers don't readily have access to.
Remember the basics
Amazon offers all the tools to take care of the security basics. Don’t ignore them. Multifactor authentication on AWS accounts is a must. Create separate accounts for developers so that no one is sharing passwords. Make sure no one is using root accounts and that developer accounts have only the necessary privileges.
Use Amazon’s tools to manage private keys and make sure they are stored securely. Monitor AWS usage for suspicious activity, such as unexpected API calls and unusual account logins.
Being secure on AWS requires a different mind-set from how organizations traditionally approached security. As Govshteyn says, “You have to believe Amazon is doing the job it needs to secure its environment, but people also have to change how they architect their infrastructure.”
Sign up for CIO Asia eNewsletters.