< Return to blog

How to Protect Your S3 Backups: Advice from an AWS Storage Expert

Discover what’s changing in the S3 cloud backup landscape and how to stay resilient.
Team Eon
Around
6
 min read
Explore the article

Quick summary

  • AWS provides durable infrastructure for S3, but customers are responsible for protecting and managing their own data against risks like deletion, ransomware, and compliance violations.
  • S3 Versioning, Object Lock, and Cross-Region Replication require proactive setup and management to fully safeguard data.
  • Traditional backup tools often struggle with the scale and complexity of modern S3 environments, making automation and granular recovery critical for operational success.
  • Simplify and strengthen S3 backups by delivering agentless deployment, continuous resource classification, globally searchable snapshots, and ransomware-resilient recovery.

In this episode of Cloud Cuts, Eon Co-founder Gonen Stein sits down with AWS Senior Storage Specialist Anthony Fiore to unpack the evolving S3 landscape. From the shared responsibility model to the rise of ransomware threats, they explore what it takes to protect mission-critical cloud data today – and what’s coming next.

Want to hear how AWS thinks about S3 backups?
Watch the full episode

As cloud adoption accelerates, so do the risks and realities organizations must navigate. In particular, the role of Amazon S3 has evolved from simple storage to mission-critical infrastructure, bringing new challenges to light.

Why S3 Is More Critical and More Complex Than Ever

Amazon S3 remains the backbone of cloud storage infrastructure. However, the explosive growth of mission-critical data, along with rising complexity and compliance demands, is reshaping how companies approach S3 backups.

“Everything fails all the time, according to our VP and CTO. So, how do we ensure that we are doing what we can to prepare and protect our cloud resources, especially those that are business critical or sensitive?” 

– Anthony Fiore, AWS, Senior Storage Specialist

The notion that “everything fails…” is not a pessimistic view. It’s just the reality of operating the cloud. And with that reality comes an urgent need for smarter, more resilient backup strategies. S3’s impressive 11 nines (99.999999999%) of durability and built-in distribution across three Availability Zones give customers invaluable peace of mind, ensuring that their cloud infrastructure is stable and built to last. 

However, durability is no longer the only concern – customers are increasingly focused on protecting against accidental deletions, regulatory non-compliance, sophisticated cloud ransomware threats, and operational complexity at scale. And with AI workloads and cross-region architectures multiplying the volume of stored data, S3 is more vital (and more vulnerable) than ever.

“Durability doesn’t mean immunity from threats. This business reality makes proactive data protection essential.” 

– Anthony Fiore, AWS, Senior Storage Specialist

But even with S3’s durability and built-in safeguards, companies can’t afford to assume their data is fully protected. Enter the critical concept of shared responsibility – and the gaps it leaves unaddressed.

Who's Actually Responsible for Your Data?

Even with S3’s proprietary tools, many companies overlook the discrepancy between infrastructure security and data protection, referred to as the Shared responsibility model. Companies can trust their cloud vendor to manage the security of the cloud, but customers are responsible for the security of what they’ve stored in the cloud.

Who Protects What in the Cloud: The Shared Responsibility Model

In other words, AWS ensures secure infrastructure, but it is the customer’s responsibility to manage data access, permissions, and backup integrity – a task that requires exacting granular control over user permissions, monitoring anomalies, and ensuring backups are safely stored and recoverable.

“When it comes to data protection in the cloud, AWS and customers each have a role to play... Customers are responsible for managing access to their data, setting the right permissions, and ensuring compliance with industry regulations.”

– Anthony Fiore, AWS, Senior Storage Specialist

To aid in this effort, AWS offers services like Amazon Macie, which uses machine learning to automatically identify and classify sensitive data like PII and financial records. Macie also detects access anomalies and flags exposure risks before they turn into breaches.

How AWS Built S3 to Be Resilient

At AWS, the philosophy is resilience by design. Key features like S3 Versioning, S3 Object Lock, and Cross-Region Replication (CRR) are all available to help customers protect against threats beyond system failure.

  • S3 Versioning: Helps recover accidentally overwritten or deleted objects.
  • Object Lock: Enforces Write Once Read Many (WORM), bolstering compliance.
  • Cross-Region Replication (CRR): Enhances resilience by duplicating objects across AWS regions.

Alongside services like Amazon Macie, these tools form a security model that is inherently multi-layered, but still reliant on customers to implement the right configurations. And while that potent combination of features and solutions offers the bedrock upon which companies can build their cloud operations, customers are still left responsible and in need of additional guardrails and automation, particularly when it comes to backup and recovery at scale.

Addressing Backup Gaps

AWS lays the groundwork for S3 resilience, but many organizations still face critical gaps when it comes to the customer’s side of the shared responsibility model. That’s where Eon comes in.

In a truly symbiotic fashion, AWS provides the foundation while Eon addresses the practical pain points companies face on the customer side of the shared responsibility model. In this episode, Gonen outlines three persistent challenges:

  1. Discovery: Cloud environments are dynamic, and identifying which resources require backup (and when) is a moving target.
  2. Management: At S3 scale, traditional backup tools can’t efficiently handle billions of objects or exabyte-sized buckets.
  3. Access & Recovery: In the event of an incident, it’s often difficult or time-consuming to retrieve only the data that matters most.

Eon’s platform is purpose-built to address these challenges. Here’s how:

  • Cloud-Native Deployment: Born in and for the cloud, Eon requires no agents or appliances to install. Customers pay only for what they back up, and setup is as simple as connecting read-only APIs.
  • Continuous Resource Classification: Eon’s cloud backup platform continuously scans cloud environments for new or modified resources and auto-applies backup policies – eliminating “backup drift” and reducing risk exposure.
  • Globally Searchable, Backup-Optimized Storage: Eon Snapshots are globally searchable and support granular restore. Whether recovering a single file or querying a backed-up database, users can access what they need without restoring an entire snapshot.
“The idea behind Eon is driven by customer pain points under the shared responsibility model – as we built Eon, we wanted to provide effective solutions for customers. Eon is the first cloud-born backup autopilot for enterprise cloud infrastructure.”

Gonen Stein, Co-founder and President, Eon

Together, AWS and Eon form a layered defense strategy that redefines what effective S3 backup looks like in today’s cloud-first world.

Get More from Your S3 Backups

Eon offers S3 users several meaningful upgrades.

  • Cloud Backup Posture Management (CBPM): No more manual scheduling or maintenance, Eon’s backup posture solution is monitored and enforced automatically.
  • Granular Restore: Users can recover individual files, folders, or even database records across any backup point-in-time.
  • Massive Scale Support: Eon is optimized for S3-scale data: exabytes of information, millions or billions of objects, and multi-region environments.
  • Cost Efficiency: Eon stores only incremental object changes, reducing storage waste. It also eliminates the need for S3 source bucket versioning by providing cross-region backup directly from Eon’s storage layer.
  • Ransomware Protection: By separating and re-encrypting data in a logically air-gapped backup vault, Eon provides ransomware-resistant protection, ensuring data remains recoverable even in worst-case scenarios.

A Blueprint for Smarter S3 Backups

S3 is one of the most reliable storage services available, but backups must still be protected, managed, and recoverable. Fortunately, between AWS’s robust front-facing infrastructure and Eon’s intelligent automation layer, organizations can now access a full-stack blueprint for S3 backup success.

Whether your team is dealing with accidental deletions, compliance audits, or the looming threat of ransomware, proactive data protection isn’t just a “nice to have”—it’s mission-critical.

Want to hear the whole conversation?

Watch the full episode of Cloud Cuts: S3 Backups with AWS’s Anthony Fiore

We’ll see you on the next episode!

Experience what Eon can do for your business. Your personalized demo awaits.

You might also like

Article

2025 State of Cloud Backup: Where Enterprises Fall Short and How to Catch Up

New data from over 150 IT and cloud leaders reveals why cloud backup strategies are falling behind—and what teams are doing to catch up.
Around
6
 min read
Article

AWS Backup vs. Eon: What to Consider When Selecting a Cloud Data Backup Solution in 2025

Compare AWS Backup and Eon to discover which cloud backup solution delivers better performance, lower costs, and stronger protection in 2025.
Around
6
 min read
Article

How to Cut Your AWS S3 Costs: Smart Lifecycle Policies and Versioning

Cloud teams love the flexibility of AWS S3, but managing costs and complexity over time? That’s where things get interesting.
Around
6
 min read

Download the report