Research Finder
Find by Keyword
Is AWS Building the Next Full-Service Resiliency Platform for Cloud-Native Workloads?
AWS adds Kubernetes support, GuardDuty malware scanning, air-gapped isolation improvements, and long-term S3 tiering
22/11/2025
Key Highlights:
AWS added native Amazon EKS backup and restore, enabling customers to protect cluster configuration and persistent volumes without open-source agents or custom scripting.
AWS Backup introduced GuardDuty malware scanning for S3, EBS, and EC2 backups to help identify infected recovery points and determine the last known clean baseline.
Logical air-gap vaults now support customer-managed KMS keys and allow direct-to-vault writes, improving isolation and reducing storage cost for regulated workloads.
New S3 Backup Tiering provides up to 30 percent cost reduction for long-term retention beyond 60 days.
AWS added support for cross-account and cross-region resiliency, expanded resource coverage, and tightened integration with auditing and governance tools.
The News
AWS introduced native support for backing up Amazon EKS clusters through AWS Backup, enabling Kubernetes environments to be protected without external tools or custom agents. The service now captures cluster configuration alongside persistent data and can restore into existing or newly created clusters. AWS also expanded its ransomware-resilience capabilities with integrated malware scanning using GuardDuty. New isolation features allow customers to use their own encryption keys in logical air-gap vaults and write backups directly into those vaults. Long-term S3 backup tiering was added to reduce the cost of retaining older recovery points. For more information, check out the AWS Storage Blog.
Analyst Take
AWS Backup’s progress in 2025 reflects a meaningful shift in how AWS approaches resilience for cloud-native and stateful workloads. The introduction of native EKS protection closes a longstanding gap for customers who have relied on open-source tooling or custom scripting to capture Kubernetes cluster state. By bringing EKS into the AWS Backup governance and policy framework, AWS is reducing operational complexity for platform teams that run microservices, analytics pipelines, and AI workloads on Kubernetes. This is an important evolution as Kubernetes continues to play a larger role in data-intensive and distributed applications.
The deeper story, in my opinion, is the continued movement toward ransomware-aware and compromise-tolerant recovery. Integrated malware scanning gives customers clearer visibility into infected recovery points, the earliest point of compromise, and the last known clean baseline. This capability represents a step forward in helping customers validate clean restoration paths and avoid reintroducing malware during recovery. Similarly, the enhancements to logical air-gap vaults strengthen isolation for regulated workloads. Customer-managed keys extend encryption control, and direct-to-vault writes reduce exposure while lowering the cost of maintaining isolated copies.
AWS intends to be a full capabilities provider for backup and resilience across stateful AWS workloads. In that context, the platform is evolving beyond snapshot orchestration toward a more unified resilience surface that spans compute, storage, containers, file systems, and databases. The strategy is consistent: broaden service coverage, deepen ransomware-resilient workflows, strengthen governance and auditing, and integrate with AWS’s broader security ecosystem. For organizations building primarily on AWS, this creates a more consolidated approach to protecting and recovering cloud-native resources. I expect to see progress in all these areas over the next year.
At the same time, customers with hybrid estates or application-level consistency requirements will continue to rely on partners that specialize in cross-platform protection, database log capture, metadata-aware recovery, and full-stack orchestration. AWS remains focused on infrastructure-consistent protection rather than application-consistent restore, especially for complex workloads such as lakehouses, distributed databases, and metadata-driven AI services. As customers adopt more infrastructure-as-code and GitOps practices, I believe demand will grow for more automated recovery workflows that extend beyond infrastructure and into application orchestration.
Overall, AWS has delivered one of its strongest years of advancement in the backup and resilience domain. The combination of Kubernetes-native protection, malware-aware recovery, isolated vaulting, and long-term storage optimization creates a more complete foundation for AWS-native resilience. The next logical step will be deeper alignment between these infrastructure capabilities and the broader application and data ecosystems that define whether a workload returns to a clean and usable state. We will be watching closely how this momentum influences customer adoption and the wider ecosystem.
What Was Announced
AWS Backup now supports Amazon EKS as a fully integrated resource type, offering protection for cluster configuration, persistent volumes, and namespace-level workloads through on-demand or policy-based backup plans. Customers can restore an EKS environment either by recreating the cluster automatically or by applying the recovery point to an existing cluster, and they can narrow the restore scope to the full cluster, individual namespaces, or persistent data alone. Standard AWS Backup capabilities apply to EKS, including item-level search, vault locking, delegated administration, Audit Manager integration, and cross-account visibility for larger organizations.
AWS advanced its ransomware-recovery capabilities via deeper integration with Amazon GuardDuty. Backups for Amazon S3, EC2, and EBS can now be scanned at creation or before restore to identify clean and infected recovery points. Customers can review the earliest timestamp where malware appeared, track infections across incremental recovery points, and perform partial restores that omit corrupted files. This provides better visibility into the lineage of an infection and helps teams validate clean-restoration paths before rehydrating data into production environments.
Logical air-gap vaults are expanded to support customer-managed KMS keys, allowing regulated industries to maintain encryption control while isolating backups from the primary account. AWS also introduced direct-to-vault writes, which place backups immediately into the isolated vault without retaining a redundant primary copy. For EBS backups, AWS briefly maintains a transient copy only to calculate incremental changes and removes it immediately after use. This reduces exposure in the workload account and lowers storage costs for customers who rely heavily on isolated vaulting.
AWS added S3 Backup Tiering for long-term retention scenarios, allowing customers to move recovery points older than sixty days into lower-cost storage classes. This model is designed for heavily regulated industries that store large volumes of historical backup data and want retention without the cost burden of standard storage. Across the broader platform, AWS continues to expand resource coverage and improve its governance, compliance, and cross-region visibility capabilities to better support large organizations operating across multiple accounts and regions.
Looking Ahead
At HyperFRAME Research, we will be watching how customers adopt these new AWS Backup capabilities in production and how they influence broader expectations for cloud-native resilience. Native EKS backup may help teams streamline their Kubernetes protection strategy and reduce the reliance on community tooling. The combination of malware scanning, isolated vaults, and customer-managed keys will be appealing to organizations advancing their cyber-recovery programs. As organizations expand their use of infrastructure-as-code, cross-region failover, and multi-account governance, I believe customer demand will drive AWS toward automated and orchestrated recovery workflows that extend beyond infrastructure into application and data services.
At the same time, the competitive landscape is evolving quickly. Leading data protection vendors, including Rubrik, Cohesity, Commvault and Veeam, are repositioning their platforms around end-to-end cyber-resilience, combining backup, threat detection, posture management, clean-room testing, and automated recovery into unified experiences. Customers see these capabilities in the market and will naturally look to AWS to offer similar levels of integration and operational consistency for their AWS-native workloads. I believe AWS will face growing pressure to continue expanding its coverage and to connect AWS Backup more tightly with security, identity, and orchestration services as customer expectations rise.
In my view, AWS delivered one of its strongest years of progress in backup and resilience. Looking ahead to 2026, I expect customers will increasingly ask AWS not only for durable snapshots and isolated vaulting but also for higher-order capabilities that help them validate, automate, and execute clean recoveries with greater confidence across expanding data and application ecosystems.
Don Gentile | Analyst-in-Residence -- Storage & Data Resiliency
Don Gentile brings three decades of experience turning complex enterprise technologies into clear, differentiated narratives that drive competitive relevance and market leadership. He has helped shape iconic infrastructure platforms including IBM z16 and z17 mainframes, HPE ProLiant servers, and HPE GreenLake — guiding strategies that connect technology innovation with customer needs and fast-moving market dynamics.
His current focus spans flash storage, storage area networking, hyperconverged infrastructure (HCI), software-defined storage (SDS), hybrid cloud storage, Ceph/open source, cyber resiliency, and emerging models for integrating AI workloads across storage and compute. By applying deep knowledge of infrastructure technologies with proven skills in positioning, content strategy, and thought leadership, Don helps vendors sharpen their story, differentiate their offerings, and achieve stronger competitive standing across business, media, and technical audiences.