N2WS: The backup rebels of AWS and Azure

Meet N2WS – an IaaS-style backup service on AWS and Azure that wants to be a great backup tool rather than an everything-and-the-kitchen-sink data protection combo.

We had an introduction to N2WS in a briefing and learned how it differs from all the on-premises and SaaS data protection companies. It plans to extend its coverage to the Google Cloud Platform in the future. N2WS says it does not lock in customers with a proprietary backup format and backs up a whole application running in the cloud, not just its data.

Ezra Charm, N2WS
Ezra Charm

Marketing head Ezra Charm told us: “What we are is an orchestration engine that’s making this happen inside their AWS or Azure environment. The backups themselves always reside inside the customer’s account and under the customer’s domain.

“We’re not software as a service. We’re infrastructure as a service. We’re deployed as an instance that runs inside the customer’s environment.”

This helps where there are geographic data location restrictions. Charm mentioned “customers in EMEA where there’s data sovereignty concerns … we give our customers the ability to deploy our product as infrastructure. The product can replicate itself to other regions and other accounts, so that they can harden the product as much as they want to harden their entire infrastructure. ”

The backup is snapshot-based: “In AWS, the underlying backup is a snapshot. We supplement the snapshot by capturing metadata about the customer’s environment to orchestrate recovery in different methods, but the customer always maintains 100 percent sovereignty and control of all of their data … We help customers with orchestrating disaster recovery scenarios through all the different AWS and Azure regions.”

Sebastian Straub, N2WS
Sebastian Straub

Principal solutions architect Sebastian Straub told us: “Another thing that we do as well is cross-account disaster recovery. So even if your first account gets compromised, gets hacked, that’s okay. Because the other account still has the backup available.”

In AWS, N2WS protects RDS, Aurora, RedShift and DynamoDB databases, S3 and VPC settings. It doesn’t protect serverless applications, though. It also offers lifecycle management, with Charm saying: “As customers build mountains of storage costs on AWS, we can go in there on day one and move data to appropriate storage tiers and still maintain the recoverability and availability.

“We’ve unlocked all the different storage tiers on Amazon S3, for our AWS customers. We’re doing the same thing in Azure now. “

An N2WS backup contains more than application data. Straub said: “We’re also backing up the infrastructure that goes along with it … Not only are we backing up the resource, but we’re also backing up the network configuration, the security groups, the permissions, the configurations of VPN connections, transit gateways, all of that is backed up as well. You can truly take your entire environment [and] then stand it up someplace else in a different region in a completely different continent.”

N2WS said its offering is different from SaaS data protectors such as Clumio that offer compression and deduplication. Charm said: “Our snapshots are already compressed to begin with. Nobody knows how and why, because AWS keeps it as a proprietary secret.” N2WS doesn’t do deduplication because “it’s block storage, encrypted block storage. There isn’t much that you can do with deduplication.” 

Deduplication also means the data is stored in a proprietary format and rehydrating the data for recovery takes time and delays the recovery.

Straub emphasized the point: “We don’t touch the data. That’s why the US government loves us, because the data never actually flows through our solution. We don’t have to look at it in order to deduplicate it, we don’t have to look at it in order to compress it.”

The N2WS service is, Charm said, “sold through AWS and Azure Marketplace.We’re sold on a month to month cancel anytime basis … We install the product from the marketplace. It deploys as a virtual instance, inside their environment, within a few minutes.”

He goes on to claim this means customers are not locked in: “The backups we take are non-proprietary, and it really keeps us honest because if we don’t do the right thing, they can leave us. So we really, on a month-to-month basis, we have to win them over … We’re available forever in recovery-only mode. That’s something we’ll offer forever. So we will never lock a customer up.”

Straub explained: “One of the necessary evils of a backup solution in the past, especially on-prem was, I’m touching all of your data, I need to back it up, give me admin permissions. That’s not the case with us. You have very granular control of what we’re allowed to see and do within your environment. So you could air gap us from the backups. You can create the backups, and we can’t even touch your own backups.”

N2WS has a clear view of its position in the data protection market. Charm said: “We’re staying focused on being a tool that people use to help them manage data on AWS and Azure. We’re not a platform, AWS and Azure are the platforms.” It’s needed because AWS and Azure protect their own infrastructure but not a customer’s data; that’s the customer’s responsibility.

What about ObjectLock and virtual air-gapping?

“Customers can store data in S3 repositories inside the customer’s account. That repository is protected by ObjectLock and we will orchestrate that, managing backups within that repository.

“We provide different methods for customers to perform air-gap backups, and most of it is using the different AWS and Azure regions around the world … A customer can harden their environment to the point that only earth-bending events will take them out.”

In summary, Charm said: “We have a great product. And it’s really good at backup. And it’s even better at recovery. And it does orchestrated recovery, and all these fun things. It’s 100 percent focused on the cloud workload.” 

N2WS is an IaaS backup tool company focused on AWS and Azure with GCP coming, and no wish to move on-premises or into the general data management and security fields.

Charm said: “We’re very excited about our next release, which will include a ton of content around Azure backup and recovery. And we’re really fleshing out our solution on Azure Marketplace and and building out a go-to-market with Microsoft. We’re really excited to do that. GCP will be our next target afterwards.”

He mentioned a Holy Grail of in-cloud data protection, which is cross-cloud recovery: “We help customers move data between AWS region, synchronized development and, and pre-production environments … And we’re going to be announcing some capabilities between AWS and Azure shortly.”

N2WS background

N2WS (Not 2 Worry Software) was founded in 2012 by CTO Uri Wolloch and business development VP Ohad Kritz to backup applications running in AWS since Amazon protected its infrastructure but not user’s data. Jason Judge was appointed CEO in 2016 and resigned in 2019 to become CEO of WindRate. Kritz then became the CEO.

There are three N2WS offices: Haifa in Israel for engineering, research and development, West Palm Beach in Florida, for US sales and business, and Edinburgh in Scotland for sales and marketing.

Veeam bought N2WS in 2018 for $42.5 million in cash, but later decided to sell it back to the original owners as US public sector N2WS customers did not want their backup supplier to be owned by the two Russians who owned Veeam. The sale was completed in October 2019.

Our understanding is that N2WS has well over 80PB of data under its management and north of 1,000 customers. It has a substantial presence in the US public sector, with Charm telling us: “We’re used not just by public sector organizations in the US, but in the UK and across Europe as well.”