CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023 

AWS Case Study | Banking | Backup

Optimise storage costs with Veeam

Industry: Banking

Banks are leaning in hard to cloud – and it’s not surprising, as moving workloads to the cloud offers multiple benefits to financial institutions such as lower costs, improved application availability, scalability, and innovation agility. When looking at migration, many customers need to find new solutions for backing up data across their hybrid estate, and they want to ensure that they take advantage of opportunities to optimise their spending when they begin using cloud services.

This bank has been around for nearly a century and is recognised for the quality of its customer service by customers and industry peers alike. They serve their customers through a network of branches, as well as mobile and internet banking channels. Data protection and security are high priorities, so the solution we presented had to be up their high standards.

Having a cloud native backup solution that was secure, centralised, cost effective, multi-cloud ready and easy to operate was a key priority for the bank. Our customer initially looked at AWS Backup, the native solution offered by Amazon, but it did not fit their requirements as it was limited to only AWS environments and did not allow some of the advanced features they needed such as de-duplication of data and auto-tiering into lower cost storage options like Amazon Glacier. They had some experience already using Veeam to back up their on-premises data, so it was an obvious choice. Topping the list of analyst reports like the Gartner Magic Quadrant consistently year after year, Veeam is a respected brand and offers an enterprise grade service that can be used across on prem environments and all major public clouds. The bank saw it as an option that offers flexibility and assurance to enterprises like them who demand high levels of compliance and enterprise SLAs.

The bank had an estimated total of 32TB worth of EBS storage attached to around 75 non-production and production EC2 instances that required regular backup. The majority of these instances were Windows based EC2 instances that host a range of banking related systems, ranging from in-house build IIS/.Net Core/SQL systems, to off the shelf products such as print management, file server, and secure email gateway systems. The bank also utilise AWS RDS to host the majority of their SQL and Oracle databases, however some of the larger legacy data warehouse databases are still hosted on MS SQL on EC2.

 

The Solution

 

Working with CyberCX, one of the bank’s long established and trusted partners, they were able to quickly design a solution that addressed their specific requirements. CyberCX always makes security job zero – as such we recommended a purely private-facing solution with no public internet exposure. Rather than a SaaS approach, Veeam sits in AWS itself which has benefits related to performance, cost and security. After deploying the architecture and installing Veeam in the environment, we integrated the solution with the banks other AWS accounts and services using AWS native APIs, such as SSO (single Sign On) and with the bank’s directory service based on Microsoft AD. CyberCX helped the bank develop and configure retention policies and test the solution in a variety of operating scenarios, each of which was fully documented for the bank’s internal operations team.

Veeam is deployed in AWS to enable backups from external sources. 

Using Veeam’s Cost Estimation tool, which uses assumptions such as a daily change rate of 3%, and volumes having a used capacity of 70%, we were able to make some high level estimates of different backup strategies cost impact. 

  

The Result

 

According to our estimates, having a 12 month Grandfather-Father-Son (GFS) EBS Snapshot policy would have cost Co-Op an estimated $4,128.95 USD per month. This style policy is similar to how AWS Backup would have worked prior to cold storage being available (EBS Snapshot cold storage was not an available feature at the time of deployment). Although EBS snapshots are only charged based on initial backup + incrementals, if you have a large time span of incrementals that constantly have small rates of change, the amount of EBS snapshot storage can grow significantly, resulting in a large EBS Snapshot cost over time. Having a 12 month GFS EBS Backup policy where snapshots older than a month are de-duped, compressed, and aged out to S3/Glacier would have cost Co-Op an estimated $1,825.46 USD per month. This estimate includes EBS Snapshot, S3, Glacier, S3API, and Data transfer related costs. Having older snapshots aged out into cheaper storage tiers helps reduce the EBS snapshot growth, which can significantly help reduce EBS snapshotting cost. Storing snapshots in a S3 buckets within a centralised backup also has a security advantage, because when an individual AWS account is compromised we can still restore backups to a new AWS backup account from the centralised backup repository. 

After adding the Veeam licence cost per host ($40 per host per year) to this cost we are still estimated to achieve a cost saving of ~56% when compared to an equivalent snapshot only policy.  

In addition to the cost savings, there are several soft benefits of our solution. The new approach is more reliable and stable than what they previously were using. Transparency was also improved, as CyberCX configured alerting profiles that feed into daily reports on storage usage, backup performance and other important metrics that help the bank manage backups more efficiently and effectively. This approach makes it easier to diagnose and remediate issues when they arise. The bank also enjoys better visibility of their backup landscape across on premises and cloud environments thanks to Veeam’s single pane of glass capabilities. 

Ready to get started?

Find out how CyberCX can help your organisation manage risk, respond to incidents and build cyber resilience.