Backup vault should be configured to send notifications for each failed backup job

Best practices

Backup vault should be configured to send notifications for each failed backup job

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
coppa
CPRA
essential_8_au
essential_8_au_level_1
essential_8_au_level_2
GDPR
hdh
HITRUST
ISO/IEC 27001
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
Orca Best Practices
PDPA
UK Cyber Essentials

Description

AWS Backup is a fully-managed service that protects data across AWS services. Using this service, you can configure backup policies and monitor activity for your AWS resources in one place. We identified a Backup vault '{AwsBackupVault}' that does not send notifications (via Amazon Simple Notification Service - SNS) for failed backup jobs. Enabling alert notifications for failed vault backup jobs will allow you to avoid loss of backup data by monitor and mitigate any issues with your failed backup jobs.

Recommended Mitigation

In order to avoid backup data loss, it is recommended to configure notifications for each backup vault when a failed backup occurs. This can be done by creating an SNS topic and adding email as a subscription. Then, configure the backup vault with the SNS topic and add 'BACKUP_JOB_FAILED' as an event argument.

Backup vault should be configured to send notifications for each failed backup job

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS