At your service: Clumio Protect protects Amazon’s S3 buckets

Clumio has introduced a managed service to protect object data in AWS customers’ S3 buckets, transforming the clunky and limited versioning and replication-based AWS facilities into a single centralised and more capable operation.

Clumio Protect is available for the protection of Amazon EBS, EC2, RDS, Microsoft 365, and VMware Cloud on AWS. It has been extended with Clumio Protect for S3 to cover S3 buckets and their contents in all of a customer’s S3 accounts and regions.

Chad Kenney.

Chadd Kenney, VP of Product at Clumio provided an announcement quote: “S3 is massive and requires a cloud-native data protection solution that is built from the cloud up, to deliver all the scale and efficiencies that existing data protection products cannot provide at a reasonable cost.”  

The thinking is that AWS S3 storage is now used for increasing amounts of increasingly critical data, for such things as in-cloud analytics using data lakes. AWS’s own S3 protection involves versioning and replication, both creating extra copies of data which has to be stored at extra cost. That is better than nothing, but far from optimal.

Clumio Protect for S3 protects buckets and prefixes (object groups defined by object name string) across all of a customer’s AWS accounts and regions by moving the data into its own Secure Vault outside of a customer’s region. There is no need for 1-to-1 object mapping, and a Protection Group facility can apply protection polices to multiple objects. Such policies can define periods and which objects and S3 tiers to include or exclude.

A big selling point of Clumio Protect for S3 is cost. In-house AWS protection for S3 is based on replication with a second copy of the data created in the lower-cost S3 Infrequent Access (IA) tier. The Clumio service combines smaller objects into larger ones and so saves cost. Clumio has modelled the monthly replication costs for 1000 files (objects) in S3 and claims a greater than 10x reduction as its chart shows:

The Clumio service stores a customer’s data in its Secure Vault in a separate out-of-region AWS Clumio account, thus providing a logical air-gap defence against ransomware. Data is encrypted, with customers bringing their own keys, immutable, and access involves multi-factor authentication.

A management plane provides protected object information across all of a customer’s S3 buckets, accounts and regions, in a single dashboard. This makes compliance reporting much easier than fetching data yourself from a bucket survey. 

Restoration is to a point-in-time with global search and cross-account browsing capabilities. It also has varying granularity — at bucket level, at object level or at object prefix (object grouping by named type) and to any buckets, prefixes or objects to any S3 tier, prefix or AWS account. That makes recovery from data loss or corruption much faster, potentially decreasing it from hours to a matter of minutes.


AT first glance an AWS S3 data protection service would seem redundant — as several backup suppliers store their backup data in S3, because it’s cheaper than on-premises storage and the various S3 tiers provide lower costs for ageing data. Clumio makes the point that S3 is being used for online access to data in data lake/warehouse analytics scenarios. That data is growing rapidly and its protection is necessary. 

AWS’s own facilities are clunky, not optimised for cost as much as they could be, and limited in management reporting and restoration flexibility. Step forward Clumio with a slicker and more comprehensive service that can cost much less.

This is the first such AWS S3 protection service and we expect other SaaS backup service providers protecting data in AWS to follow in Clumio’s footsteps.

AWS has introduced cross-account and cross-region protection for files with CRAB for FSx, and could well upgrade its S3 protection facilities in the future.

Clumio Protect for Amazon S3 is expected to be available for early access by late October and generally available by December 2021.