AWS Backup 2025 year in review: advancing recovery resilience

As customers deployed increasingly diverse cloud workloads and confronted more sophisticated cyber threats, they needed data protection solutions that could scale across their AWS estate while guaranteeing recovery even in worst-case scenarios. This dual challenge shaped our focus in 2025 for AWS Backup: expanding the service’s reach across the AWS ecosystem while deepening our commitment to recovery resilience, the ability to not just protect data, but to ensure organizations can recover quickly and confidently from any disruption.

Customers shaped this vision through their feedback and real-world experiences. They’ve shared their challenges: managing backups across diverse workloads, defending against the rising threat of ransomware, validating recovery readiness, and maintaining access to data even during worst-case scenarios. By combining our strategic perspective on recovery resilience with these real-world requirements, we’ve built capabilities that address both the challenges customers face today and the threats they’ll encounter tomorrow.Organizations can now protect more of their AWS infrastructure while deploying more robust resilience architectures. In 2025, we expanded the service coverage and operational capabilities of AWS Backup, making it easier and more cost-effective to protect diverse workloads at scale while strengthening our recovery resilience posture to deliver comprehensive ransomware protection.

Expanding product support and operational efficiency

We significantly expanded AWS Backup coverage across the AWS ecosystem this year, driven by customer feedback about protecting modern workloads and optimizing costs. Customers needed an integrated solution to protect containerized workloads without adding operational complexity. We launched AWS Backup support for Amazon EKS, delivering a fully-managed solution that unifies protection of both EKS cluster state and persistent application data without requiring agents or add-ons. Customers can now automate backup policies across their entire EKS fleet and flexibly restore everything from entire clusters to individual persistent volumes, eliminating operational overhead while meeting compliance requirements through centralized policy management. We also extended protection to Amazon Redshift Serverless and Amazon Aurora DSQL, covering modern data warehousing and distributed SQL database workloads.

Customers consistently told us they need to balance cost optimization with recovery resilience. We introduced a low-cost warm storage tier for Amazon S3 backup data that can reduce long-term storage costs by up to 30% while maintaining full protection capabilities and performance. This tier offers the same enterprise-grade security and comprehensive capabilities customers rely on, including point-in-time recovery, ransomware protection and recovery, and compliance controls. We also added support for Amazon S3 optional ACLs and object tags backup, giving customers more granular control over their S3 backup configurations. To learn more about optimizing S3 backup costs, read our blog: Lower your Amazon S3 backup costs with AWS Backup S3 tiering.

Customers asked for greater flexibility in disaster recovery scenarios, so we enhanced Amazon EC2 restores with custom volume configuration support, allowing them to modify volume types, sizes, and IOPS during restoration. Additionally, AWS Backup now supports Amazon FSx Intelligent-Tiering.

For customers utilizing AWS Backup to perform backups across AWS Regions to isolated accounts, we streamlined operations with cross-Region and cross-account snapshot copying in a single operation for Amazon RDS, Amazon Aurora, Amazon DocumentDB, and Amazon Neptune snapshots. This enhancement eliminates the need for intermediate temporary copies and helps organizations reduce storage costs while accelerating their backup workflows across distributed environments.

We heard the need for faster, more surgical recovery operations, so we introduced item-level search and recovery capabilities, allowing customers to quickly locate and restore specific files and objects without recovering the entire backup of certain resource types such as Amazon S3 and Amazon EBS. This capability, which can be extended to EC2, significantly reduces recovery time objectives (RTOs) for granular recovery scenarios.

AWS Backup now also provides schedule preview for backup plans, helping you validate when your backups are scheduled to run. Schedule preview shows the next ten scheduled backup runs, including when continuous backup, indexing, or copy settings take effect.

We continue to push AWS Backup into more AWS Regions to better serve customers worldwide. We also added support for Amazon FSx for OpenZFS to more Regions, extended delegated administrator support to 17 Regions, cross-account management to 4 Regions, and Backup Audit Manager to 6 Regions, making it easier for enterprises to manage backups at scale.

Strengthening recovery resilience

Ransomware and insider attacks represent critical threats to enterprise data integrity. What truly sets AWS Backup apart–and what customers told us matters most–is our comprehensive approach to recovery resilience. Organizations need more than just backup copies; they need confidence that they can recover quickly from any disruption. In 2025, we continued to improve our ransomware resilience posture by delivering new capabilities that ensure backups remain immutable and isolated from threats, maintain integrity throughout their lifecycle, and stay available when customers need them most.

Growing logically air-gapped vault

AWS Backup vaults are immutable by default, and AWS Backup logically air-gapped vaults add several important layers of security, including deletion protection with AWS Backup Vault Lock in Compliance mode, and isolation through backup storage in a service-owned account. In 2025, we significantly enhanced our logically air-gapped vault capabilities.

Based on customer requests, we expanded logically air-gapped vault to support Amazon FSx for Lustre, FSx for Windows File Server, and FSx for OpenZFS, giving them comprehensive protection across their file system workloads.

Logically air-gapped vaults store backups in an AWS Backup service owned account and use AWS Owned Keys (AOKs) by default. However, we heard from many customers that they require full control over encryption keys for their most sensitive data. We introduced customer-managed key (CMK) support in logically air-gapped vaults, ensuring that even in the most stringent security scenarios, they maintain complete ownership of their encryption infrastructure. Learn more about encryption best practices in our blog: Encrypt AWS Backup logically air-gapped vaults with customer-managed keys.

As customers scaled their logically air-gapped vault implementations, they shared valuable feedback about streamlining their backup workflows. Building on this momentum, we enabled primary backups directly to logically air-gapped vaults, allowing organizations to store their initial backup copies in isolated vaults from day one—eliminating the need for secondary copy operations and the cost of a second backup copy. This evolution simplifies architectures while maintaining the highest level of protection against the threats they face.

Customers need guaranteed access to backup data even when source accounts or organizations become compromised. They need proper governance while guaranteeing availability during crisis situations. To address this, we launched Multi-party approval support in AWS Organizations for logically air-gapped vaults. Multi-party approval enables customers to authorize access to backups for approved accounts in logically air-gapped vaults, even when the owning account becomes inaccessible due to inadvertent or malicious events. By requiring multiple authorized individuals to approve recovery operations from isolated vaults, we ensure that this new recovery path is both secure and durable while maintaining the proper governance and authorization workflows organizations require.

Multi-party approval is essential for organizations with strict compliance requirements or those recovering from security incidents, as it prevents unauthorized access while ensuring that data remains available to authorized personnel when legitimately needed—even in worst-case scenarios where the primary account is compromised. For a comprehensive guide on implementing this capability, explore our two-part blog series: Implementing Multi-party approval workflows for AWS Backup logically air-gapped vaults and Improve recovery resilience with AWS Backup support for Multi-party approval.

Enhancing backup integrity testing

Customers need confidence their backups are actually recoverable. AWS Backup restore testing, launched in 2023, enables customers to automatically validate their recovery readiness by performing scheduled restore operations in isolated environments. Furthermore, restore testing integrates with 3rd party malware scanning services to enable customers to verify the integrity of a restored backup. This capability ensures organizations protect backups, recover them when needed, and maintain data integrity, giving teams confidence their recovery processes work and helping them meet compliance requirements.

While restore testing is a powerful tool for verifying backup integrity, customers needed an AWS-native, automated tool for scanning backups. We delivered Amazon GuardDuty Malware Protection for AWS Backup, which enables automated malware scanning of AWS Backup recovery points. This integration allows customers to detect malicious content before restoration, preventing the reintroduction of compromised data into production environments and addressing a critical gap in ransomware recovery strategies. For detailed guidance on implementing malware scanning, see our blog: Scan backups for malware with Amazon GuardDuty Malware Protection for AWS Backup.

Knowledge sharing and customer success

Beyond product launches, 2025 was a year of learning from customers and sharing knowledge back with the community. We published 14 blog posts covering the topics that matter most: cost optimization, ransomware recovery strategies, malware scanning, and multi-party approval workflows.

Customers requested architectural guidance, and we responded with deep dives into building centralized cross-Region backup architectures with AWS Control Tower, implementing restore testing for recovery validation, and designing effective ransomware recovery strategies. We also showcased how TUI modernized their backup strategy with AWS Backup, achieving improved operational efficiency and scale across their global operations.

Our technical content focused on hands-on guidance, with workshops and practical resources helping customers implement recovery resilience best practices. We also published an event-driven framework for integrating AWS Backup with Cloud Security Posture Management (CSPM) tools, demonstrating how backup and security operations can work together seamlessly.

Looking Ahead to 2026

As we reflect on 2025, we’re grateful for customer partnership, feedback, and trust. Every capability we delivered this year was shaped by real-world use cases, requirements, and challenges – from organizations protecting hundreds of accounts to those managing exabytes of mission-critical data. Our focus on enterprise-grade capabilities at scale ensures that AWS Backup grows with your business, delivering the same level of protection, performance, and reliability whether you’re safeguarding ten resources or ten thousand. Customer input continues to guide our roadmap and inspire us to push the boundaries of what’s possible in data protection and recovery resilience.As we look toward 2026, our commitment remains unchanged: we’ll continue listening to customers and investing in capabilities that address their evolving needs. We’ll keep strengthening the three pillars of recovery resilience – helping organizations protect their data with immutability and isolation, validate its integrity, and ensure its availability when needed most.The journey toward complete recovery resilience continues, and we’re honored to partner with customers every step of the way.

Here’s to a resilient 2026!

To learn more about AWS Backup and get started with recovery resilience, visit the AWS Backup documentation or explore our blog posts for hands-on guidance and best practices.