Whether you’re using Amazon S3 and Amazon Glacier as a backup target for database dumps, building a fully SEC-compliant archive, or something in between, AWS object storage offers a number of capabilities to ensure that your data stays retained, protected, and compliant with the rules of your business. This interactive session covers established best practices and new features to help you meet your retention requirements while minimizing storage costs.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Using Amazon S3 and Amazon Glacier
for Backup or Archive Storage
Paul Meighan
Principal Product Manager
Amazon S3
S T G 3 3 9
Andrea Chiappe
VP API/PaaS Product Management
Broadridge

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related breakouts
Wednesday, Nov 28
STG403 - Manage Objects & Optimize for Cost at Scale with Amazon S3 & Amazon Glacier
6:15pm – 8:00 | Aria West, Level 3, Ironwood 7
Thursday, Nov 29
STG402-R - Configuration and Management Best Practices with Amazon S3 and Amazon Glacier
1:00pm – 2:00pm | Aria West, Level 3, Starvine 10, Table 4
Thursday, Nov 29
STG404-R1 - Performance & Cost Optimization at Scale with Amazon S3 & Amazon Glacier
4:00pm – 5:00pm | Aria West, Level 3, Starvine 10, Table 2

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What’s New for Backup & Archive on AWS Object Storage

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 STEPS
FOR MAXIMUM
PARANOIA

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Integrity Checking
S3 Content-MD5 Header
• PutObject Header: x-amz-content-md5
• You run a checksum before upload, pass in with the PUT
• S3 runs a checksum as well, rejects PUT if yours doesn’t match.
Sigv4 Payload Signing
• SHA-256 payload checksum
• Built in to the AWS SDKs
• Possible to opt out by providing UNSIGNED-PAYLOAD instead of hash

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 STEPS
FOR MAXIMUM
PARANOIA

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How Versioning Works
Key LastModified VersionId RETAIN UNTIL
PUT 1 EXAMPLE.JPG 2014-11-05T18:44:56 ekT1wA4fPyQgVaMKDQSmpJk4GUEzbX0K 2019-11-05
PUT 2 EXAMPLE.JPG 2015-11-05T18:44:56 OqSso_2kQhdyg5GGyW61gQlrQY1YT503 2020-11-05
PUT 3 EXAMPLE.JPG 2016-11-05T18:44:56 JA4myYTL9eh9TK.dhTIgYonqBKa6Mfjd 2021-11-05
DELETE
MARKERDELETE EXAMPLE.JPG 2017-11-05T18:44:56 yLAuNvayJMTvtJY2Eat6GZJgvQdPHaAG 2022-11-05
PUT 4 EXAMPLE.JPG 2018-11-05T18:44:56 ex5e6GzmPcAzEmJLEZ6KihZYzZGw8eVq 2023-11-05
VERSIONSTACK

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
How Versioning Works

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 STEPS
FOR MAXIMUM
PARANOIA

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cross-Region Replication: More than a Second Copy
Protect against AWS root account compromise.
Protect against bad actors & IAM account compromise.
Satisfy geographical distance requirements.
.. or replicate straight to S3 Glacier

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
CRR Rule Prioritization
No Tags
Rule: HIGH RTO
Result: Storage Class Change
Tagged – kid | pictures
Rule: LOW RTO
Result: Same Storage Class

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Direct PUT to S3 Glacier
1. PUT to S3
2. Create & Execute S3 Lifecycle Policy
3. Monitor & Verify
1. PUT straight to S3 Glacier
2. Chill

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 STEPS
FOR MAXIMUM
PARANOIA

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Introducing S3 Object Lock

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S3 Object Lock
OBJECT

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New Object Meta-data
3New Object
Properties
Retain Until Date
• Defines the date until which the object is immutable
• Can be applied on PUT, or added after the fact
• Can be changed, but only moved further into the future
Object Lock Mode
• Governance Mode – Delete possible with special permissions
• Compliance Mode – Delete is not possible, even by root account
• Can escalate from Governance to Compliance, but not deescalate
Legal Hold Flag
• Boolean – Legal Hold can be on or off for an object
• Independent from Retain Until Date
• Applied and removed with a new API that can be restricted by IAM

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
New Bucket-Level Defaults
3New Bucket
Properties
WORM State
• Boolean – WORM can be on or off for a bucket
• WORM must be on for the bucket in order to lock an object
Default Retention Period
• Defines the default retention for new objects
• Automatically calculates and applies a Retain Until date
• Can be overridden with a Retain Until date in the PUT payload
• Does not affect existing objects
Default Mode
• Defines the default mode for automatically applied locks

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Retention Periods down to the Version Level
Key LastModified VersionId RETAIN UNTIL
PUT 1 EXAMPLE.JPG 2014-11-05T18:44:56 ekT1wA4fPyQgVaMKDQSmpJk4GUEzbX0K 2019-11-05
PUT 2 EXAMPLE.JPG 2015-11-05T18:44:56 OqSso_2kQhdyg5GGyW61gQlrQY1YT503 2020-11-05
PUT 3 EXAMPLE.JPG 2016-11-05T18:44:56 JA4myYTL9eh9TK.dhTIgYonqBKa6Mfjd 2021-11-05
DELETE
MARKERDELETE EXAMPLE.JPG 2017-11-05T18:44:56 yLAuNvayJMTvtJY2Eat6GZJgvQdPHaAG NONE
PUT 4 EXAMPLE.JPG 2018-11-05T18:44:56 ex5e6GzmPcAzEmJLEZ6KihZYzZGw8eVq 2023-11-05
VERSIONSTACK

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S3 Object Lock – Full Workflow
MD5

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
4 STEPS
FOR MAXIMUM
PARANOIA

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S3 Glacier Restore Improvements

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
5,000+

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
>80%

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Finance
Healthcare
Insurance
Retail
Telecom
Utilities

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
BUSINESS GOALS
 Enable compliance with new data
privacy and protection regulations
 Help clients improve customer
experience with new insights to their
information assets
 Reduce compliance and operating costs
by automating costly manual processes
TECHNOLOGY GOALS
 Modernize architecture to mitigate end-of-
life technology and drive customer-centric
innovation
 Improve information lifecycle efficiency,
compliance, storage, and management
 Connect information silos, ecosystems and
users via APIs, user interfaces, and artificial
intelligence

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Compliance toolkits for portability, access, erasure
IIM Goal:
Provide an SEC compliant data management and archival solution
Add intelligence to meet stacked compliance, privacy, and new portability rules
Support GDPR data access, erasure, and portability requirements
“I would like access to the data you have about me”
“Please send me all of the information you have about me”
“Delete all information you have about me”

29. PREMIUM
Information Services Data Lakes
BASIC
Information Services
Enterprise
Clients
Third-Party & Cloud
Services
Enterprise
Systems
Broadridge
Partners
Enterprise
Consumers
Users and systems access reusable vertical-driven Broadridge services using UX, chatbots, or API microservices
Enable a vertical-driven information services tier
 Architected as a commodities layer to offer Broadridge’s Brands flexibility
 Offer different pricing models (basic vs premium) based on the components leveraged at a tenant/client level
 Easily connects with current, legacy, and/or siloed resources and information assets
INFORMATION SERVICES ABSTRACTION TIER
INFORMATION PLATFORM
USER ACCESS
APIs & Vertical Resources ChatbotsUser Experience (UX)

30. PREMIUM
Information Services Data Lakes
BASIC
Information Services
Third-Party & Cloud
Services
Retention
INFORMATION PLATFORM

31. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.