Screaming in the Cloud - The Relevancy of Backups with Nancy Wang
Episode Date: January 27, 2022About NancyNancy Wang is a global product and technical leader at Amazon Web Services, where she leads P&L, product, engineering, and design for its data protection and governance busines...ses. Prior to Amazon, she led SaaS product development at Rubrik, the fastest-growing enterprise software unicorn and built healthdata.gov for the U.S. Department of Health and Human Services. Passionate about advancing more women into technical roles, Nancy is the founder & CEO of Advancing Women in Tech, a global 501(c)(3) nonprofit with 16,000+ members worldwide.Nancy is an angel investor in data security and compliance companies, and an LP with several seed- and growth-stage funds such as Operator Collective and IVP. She earned a degree in computer science from the University of Pennsylvania.Links:https://coursera.org/awitAdvancing Women in Technology: https://www.advancingwomenintech.orgLinkedIn: https://www.linkedin.com/in/wangnancy/Advancing Women in Technology LinkedIn: https://www.linkedin.com/company/advancingwomenintech/
Transcript
Discussion (0)
Hello, and welcome to Screaming in the Cloud, with your host, Chief Cloud Economist at the
Duckbill Group, Corey Quinn.
This weekly show features conversations with people doing interesting work in the world
of cloud, thoughtful commentary on the state of the technical world, and ridiculous titles
for which Corey refuses to apologize.
This is Screaming in the Cloud.
This episode is sponsored in part by our friends at Redis,
the company behind the incredibly popular open source database
that is not the Bind DNS server.
If you're tired of managing open source Redis on your own
or you're using one of the vanilla cloud caching services,
these folks have you covered with the go-to managed Redis service
for global caching and primary database capabilities,
Redis Enterprise.
Set up a meeting with a Redis expert during reInvent,
and you'll not only learn how you can become a Redis hero,
but also have a chance to win some fun and exciting prizes.
To learn more and deploy not only a cache,
but a single operational data platform
for one Redis experience,
visit redis.com slash hero.
That's R-E-D-I-S dot com slash hero.
And my thanks to my friends at Redis
for sponsoring my ridiculous nonsense.
This episode is sponsored in part
by our friends at Rising Cloud,
which I hadn't heard of before.
But they're doing something vaguely interesting here.
They are using AI, which is usually where my eyes glaze over and I lose attention,
but they're using it to help developers be more efficient by reducing repetitive tasks.
So the idea being that you can run stateless things without having to worry about scaling, placement, etc. and the rest.
They claim significant cost savings, and they're able to wind up taking what you're running as it is in AWS with no changes and run it inside of their data centers that span multiple regions.
I'm somewhat skeptical, but their customers seem to really like them. So that's one of those areas where I really have a hard time being too snarky about it, because when you solve a customer's
problem and they get out there in public and say, we're solving a problem, it's very hard to snark
about that. Multis Medical, Construx.ai, and Stacks have seen significant results by using them,
and it's worth exploring. So if you're looking for a smarter, faster, cheaper alternative to EC2,
Lambda, or Batch, consider checking them out. Visit risingcloud.com slash benefits. That's
risingcloud.com slash benefits. And be sure to tell them that I sent you, because watching people
wince when you mention my name is one of the guilty pleasures of listening to this podcast.
Welcome to Screaming in the Cloud. I'm Corey Quinn.
I've said repeatedly on this show, and I stand by it, that absolutely nobody cares about backups
because they don't. They do care tremendously about restores, usually right after they really
should have been caring about backups. My guest today has more informed opinions on these things
than I do just because I'm bad at computers.
But Nancy Wong is someone else entirely.
She is AWS's general manager of the AWS backup service and heads the data protection team.
Nancy, thank you for tolerating me. I appreciate it.
Hey, no worries, because when I heard you say, I don't care about backups, I knew I had to come on this show and correct you.
It's the sort of thing where there's no one as fanatical as a convert.
And every grumpy old sysadmin that is in my cohort either cares a lot about backups or just doesn't even think about it at all.
And the question is, the only thing that separates those two groups is, have you lost data yet?
And once you've lost data and you feel like a
heel, you realize, wow, this was eminently preventable. What can I do differently to fix
this? And that's when people start preaching the virtues of backups and, you know, this
novel, ridiculous idea of testing the backups you've made to make sure that it isn't just,
yeah, it says it's completing correctly, but if you haven't restored it, you don't really know. Yeah, I mean, that's so true, right? And that's why
when we're thinking about our holistic data protection strategy, it's less so about, hey,
make sure that you take backups, which is, albeit a very important part of the data protection
hygiene, but it's making sure that you can regularly test the things that you're backing up to make sure that, frankly, when you happen to be in a disaster scenario or someone fat fingers
a restore process, that you have good known bits to restore from.
So people will be forgiven for not potentially understanding what AWS backup is, where it starts
and where it stops. I mean, let's be clear. This is sort of the price you, as a company, get to pay for having 300 some odd services. Not everyone is conversant with
every single one of them. I know I'm as offended as anyone at that fact, but apparently other
people have lives. So what is AWS Backup? So on that note, Corey, I do have to say that I'm
probably at a more of an advantage in terms of my name being very descriptive in what it does versus maybe Athena or Redshift, right?
Where it's very clear, hey, we do backups.
But actually, if you parse apart the product, and this is why the team itself is called Data Protection, there are various axes to think about what we do, right? So to help illustrate, perhaps if you think about axes one,
as in what are the different types of application data that we protect, right?
There's obviously database data.
There's going to be file system data.
There's various storage platform data, right?
And those are comprised by AWS services that I'm sure you all are very familiar with,
love dearly, like RDS, EBS, right, with EC2 VMs, etc. But also more
recently, we added S3, right, which we'll get to that in just a bit. But because I'd love to talk
about, you know, how folks think about S3, and why you might want to back it up. Right. So that's
axes number one. Now, if we turn to axes number two, it's about the different platforms where these application data might reside. So there's, of course, in cloud, and that's the place where most people are familiar with and why they might choose to seek out a first party native data protection provider like AWS Backup. backup. And by the way, we just extended our support to on-premises as well, starting with
VMware. So, which is a thing that a lot of backup admins were super excited to hear about and all
those V experts out there. And of course, the final axes, right, is to think about how we make
sure that we not just protect your data, but we are also able to give you tools like compliance reporting, which we announced in August
at Reinforce via our CISO, Stephen Schmidt, about, hey, once you take your backups, how are you
monitoring continuously the resource configurations of the application data that you're protecting?
Are your backup plans architected to meet RPO requirements that your organization needs to meet?
Are they being, for example, retained for the right amount of times?
Is it seven years or is it a month?
Many different organizations have widely varying RPO requirements.
So making sure that all of that is captured, monitored, and also reportable, right? So when, hey, that auditor decides to knock on your door, you have a report ready to say,
hey, I'm in compliance.
And by the way, I'm proactively thinking about how my organization can meet evolving regulations.
Please tell me you're familiar with AWS Audit Manager, which is, to my understanding,
aimed at solving exactly this problem.
If the answer is no, this would admittedly not be the first time where I found, oh, wow,
we have a complete service duplicate hanging out somewhere at AWS.
Oh, good.
How do we make it run containers, being the next obvious question there?
Sure, which is actually a great lead-in to, again, another descriptive name of AWS service,
which is AWS Backup Audit Manager. So if you recall from the reinforced
keynote, it was one of the slides that was highlighted. The reason being, right, I'm a
firm believer of a managed solution. Because look, we all know that AWS is great at building,
I would say, tools or building blocks or primitives to design end-to-end solutions.
It's the Lego approach to cloud services.
What can I build with this?
You're only constrained by your imagination.
Okay, but what can I build?
Here to talk about that is someone from Netflix.
Great, I want to build Twitter for pets,
which I guess now has to stream video? Yeah, it becomes a very different story.
The higher-level service offerings are generally not a common area
that AWS has excelled in,
but this seems to be a notable exception.
That's actually where my background is, right? So previous to AWS, I worked at a not-so-small
startup anymore called Rubrik down in Silicon Valley, where we spent a lot of time thinking
about what is the end-to-end solution for customers, right? How can customers simply
deploy with one click, make sure that they can create
policies that are repeatable, that are automated and go off when you want them to, and make sure
that you have reporting at the end of the day. So that's really what we focus on. But I digress,
Corey, to your question about AWS Audit Manager. The name of the service within AWS Backup that
handles compliance reporting and auditing
is called AWS Audit Manager. And we certainly didn't pick that name by fluke. The reason being,
we wanted AWS Backup, from that managed solution point of view, to be the single central platform
where customers come to create data protection policies, where they come to execute those data
protection policies in backup plans, store their backups in encrypted backup vaults, and have the ability to restore
them when they want, and finally report on them.
So it is that single platform.
Now, with that said, if, for example, you wanted that reporting to come from AWS Audit
Manager, which is a service that does a lot of reporting across many AWS services,
you also have that ability. So depending on what user persona you might be, whether you're from
the central compliance office, or you're a member of the data protection team, and within an
organization, you might choose to use that functionality separately. And that's a flexibility
that my team strives to provide. One of the most interesting things about AWS Backup is that I did not affirmatively go out
of my way to use your service. I did not, to my recollection, wind up saying, oh, time to learn
about this new thing and set it up and be very diligent about it. But sure enough, I find it showing up on the
AWS inventory, which is of course the bill. And I look at this in a random account I use for various,
you know, shit posting extravaganzas. And sure enough, it's last so far this month, it is
recording this toward the near the end of the month. It charged me $3 and 40 cents to back up
70 gigs of data, which is first first, like, on the one hand,
there is an argument of, now, wait a minute.
I didn't opt into this.
What gives?
The other side of it, though, is,
how dare you make sure that my data isn't going to be lost,
not through your negligence, but through my own
when I get sloppy with an RMRF?
And because I've been using EFS a fair bit,
and it is integrated extraordinarily tightly
with that service.
It goes super well.
It works out when setting this up,
unless you go out of your way to disable it,
it will set up a backup plan.
And first, that is not generally aligned
with how AWS thinks about things,
which across the board,
generally the philosophy I've gotten is,
oh, you want to do this thing? That's a different service team. Do it yourself. But also, it's one
of those areas that is the least controversial. If you have to make a decision one way or another,
yeah, opt people into backups. Was that as hard to get approved as I would suspect it would be,
or was that sort of a no-brainer? Hopefully you can let me know what your account number is, Corey, so I can make sure it doesn't
get marked for fraud, A. But B, going into our philosophy on protecting data. So EFS actually
was one of our first AWS services that was supported by the AWS Backup service, which is actually quite a fascinating story in itself
because the service only launched in 2019.
Now, AWS has been around for much, much longer than that.
And it feels even three times longer than that.
Yes.
Exactly, right?
So as a central data protection platform
for the AWS overall cloud platform,
it's quite interesting that
from a managed solution perspective, the service is not yet four years old, right? It's quite interesting that from a managed solution perspective,
the service is not yet, you know, four years old, right?
We're barely embarking on our third year together.
So with that said, why we started with EFS, right?
And a few other services is we wanted to cover
the most commonly used SAFL data stores for AWS cloud.
EFS being one of them as the first cloud native, as Wayne Dussault would say, elastic file system in the cloud. And so what their entire file system as a file system volume,
but also have the ability to specify individual files, folders that they want to restore from.
And so file level recovery, super, super important. And it's something that we also
want to bring for other file systems down the road as well. And so to your question, Corey,
a common design principle
that we think about is how do we make sure that customers are protected? Obviously, in a world
where we cannot yet use AI to transcribe every part of a customer's intent when they're looking
to protect their data, the closest that we can get is, hey, you create a file system,
we assume that you want it protected, unless you tell us you don't want to, right? And so for certain resources like EFS, where we have
a deeper level integration to our own data plane, right, we can then say, once you create a file
system, we'll opt you automatically into AWS backup protection until you tell us to stop,
right? And from there, you have all the goodness that comes with AWS Backup, such as file level restore,
such as, for example, now Warmlock,
which disables the ability to mutate backups
from anyone, even someone with admin access.
So a big announcement in your area at reInvent
was AWS Backup support for S3.
Allow me to set up
an intentionally insulting
straw man argument here.
S3 has vaunted 11 nines of durability,
which I think exceeds the likelihood
that Gravity is going to continue to function.
So are they lying by having AWS backup supporting it now?
Or are you just basically selling us something
we don't need?
Which is it?
Well, you know, Corey, judging by the hundreds of customers who have been building up my inbox,
and that's why I actually ended up creating a special email alias for the S3 preview.
So what we launched at reInvent was a public preview of the ability to start baking in S3
backup protection or bucket protection into their existing data protection workflows,
right?
And so judging by the hundreds of customers, many of them in highly regulated industries
in FinServ, in healthcare, as well as in the U.S. government, I would say that I think
they find it pretty important.
And we're not just peddling things they don't need.
So I'm getting ahead of myself, right?
We're actually, we should probably start the conversation is a deeper dive into how we think about data protection on AWS, right? We're actually, we should probably start the conversation is a deeper dive
into how we think about data protection on AWS, right? And so there's two really core schools of
thought, right? One is, you know, focus on data durability, which in itself is a function of
technology. So to your point of 11 nines, right? That is very much true. And that's why S3
increasingly becomes the platform of choice
now for all of customers, you know, analytics information and other stateful stores that they
want to keep in S3 buckets for applications, right? But second of all, and this is a part
where AWS Backup wants to focus on, is that concept of data resiliency, which itself is a function of external factors, right? Because,
for example, human errors such as fat fingering or miscellaneous entries could impact, for example,
how you can access information that's stored in your S3 bucket. Or unfortunately, sometimes what
we've heard is accidentally deleting an S3 bucket or certain objects in your S3 bucket.
This speaks to the idea that RAID is not a backup.
Sure, you want to make sure a drive failure
doesn't lose your data,
but you also want to make sure that you overwriting a file
that was super important doesn't happen either.
And RAID nor data durability in S3
are going to save you from that.
Yeah, because for example, right, we have built-in,
and this is actually very core to not just AWS backup, but really how we think about data protection on AWS is, again, that separation of control.
So I encourage you to try to delete, let's say, an EBS volume that is protected by AWS backup from the EBS console.
You'll likely find a very glaring error in your face that says you do not have sufficient privileges to do so.
And the reason we actually make such a separation of control or our role-based access control,
RBAC, so core to our product design is so that, for example, whoever creates that primary volume
should not be the same person that deletes it unless they do happen to be the same person with
two different roles, right? And
that prevents, for example, unintended mutations. That also enables the data protection administrator
to have the ability to, let's say, do cross-region copies, right? Having your S3 bucket or objects
stored in another region in another account that can be completely locked down to anyone,
even those with administrator
access, right? So like I said before, all the platform goodness, AWS backups, such as version
control, warm locks, having multiple copies of those backups, as well as different protection
domains. That's what customers look for when they come to the service. And to your point, right,
especially even with highly durable platforms like S3,
right, there's still external factors that you simply can't control for all the time, right?
And having that peace of mind, having that protection that you know is on 24-7, hey,
that keeps businesses up, right? And that keeps consumers like you and me able to enjoy all the
goodness that those businesses offer. Shifting from transacting to analytics required way too much overhead and, you know, work.
With HeatWave, you can run your OLAP and OLTP, don't ask me to pronounce those acronyms ever again,
workloads directly from your MySquirrel database and eliminate the time-consuming data movement and integration work
while also performing 1,100 times faster than Amazon Aurora and 2 two and a half times faster than Amazon Redshift
at a third the cost.
My thanks again to Oracle Cloud
for sponsoring this ridiculous nonsense.
I agree wholeheartedly with everything that you're saying.
I had a consulting client
where it's coming in and optimize the AWS bill.
And wow, that sure is a lot of petabytes
over in that S3 infrequent access bucket.
How about you change the infrequent access one zone? Oh, no, no, we lose this data.
It basically ends a division of the company. Cool. Do you have multi-factor delete turned on? No.
Do you have versioning turned on? No. Okay. This is why I call it cost optimization,
not cost cutting. You should be backing that up somewhere because
there is far likelier by several orders of magnitude that you or someone on your team
intentionally, unlikely, or by accident, very likely as someone who's extremely accident prone
with computers from my own perspective, because I am, is going to accidentally cause a data loss
there. So yeah, spend more money and back that up. And they started doing that. So it's
always nice when your recommendations get accepted. But yeah, if data is that important, you absolutely
need to have a strategy around that. What I love so far about what I've seen from AWS Backup is,
and please don't take this in any way as criticism on it, is that it's so brainless. It just works
because people don't think about backups
until it's too late to have thought about backups.
Yeah, don't worry.
I don't take that as offense, Corey.
Otherwise, I wouldn't be on this show.
Absolutely, right?
My motto is set it and forget it, right?
Just as I want to make it super simple for our mission,
right, for customers to understand our mission,
as well as, frankly, the engineers who build a service
to understand our mission. It is, we protect our customers' data on AWS.
How? With set-it-and-forget-it data protection policies.
And we try to configure these policies to be fairly comprehensive. where you want your backup copies created to, right? Which regions, which accounts, for example,
which user role do you want to use with these data protection policies?
Which services do you want to protect?
And even recently, we created the selection ability, right?
Or as we call it, AWS Backup Select.
So you can include, exclude different resources
even when you have the common union of tags specified on your backup plan.
So the reason we went this comprehensive is so that once you configure a data protection policy, you can really rest assured that, hey, I've done everything in my power to make sure that these resources, this application data that is so critical to my business is being protected.
And oh, by the way, I can see these backups or as we call it in our lexicon, recovery points
directly in my console, in my account. And there's tremendous value to doing that. That is the sort
of thing that customers like to see. If you have to move up the stack somewhere, this feels like
the place to begin doing it just because it's so critical to the rest of it.
We all have side projects as well.
For example, I wind up making insulting parody music videos for people's birthdays when they're not expecting it.
You have 80 hours of training content on Coursera.
What is that about?
Because I don't think it's all about backups.
No, although at some point we should probably get AWS Backup as one of the modules in AWS certification, but I digress. The reason why
training is so important to me is one of the ways actually that folks find me online is through my
presence in the nonprofit world. So I'm the founder and CEO of a 501c3 organization that's called Advancing Women
in Technology, or AWIT, or A-W-I-T for short. The mission of AWIT is really to get more women
leaders into visible, into senior tech leadership roles, right? So frankly, and from a selfish
perspective, I'm not the only woman in a room many of the times when decisions are
being made, right? And that's not just, you know, I'm talking about my current role, right? But in
various roles that I've had throughout the tech industry. So where does that start, right? And
there's a lot of different amazing organizations that focus on the early career beginning of the
pipeline, which is super important, right? Because it is important to get women underrepresented groups in the door so that they can advance and they can accelerate
their careers to becoming leaders. But the areas where AWIT focus is actually in that mid-career
because once folks, and especially women in underrepresented groups, are in the door 10 to 15
years, they're maybe in their first managerial role or
they're in their first leadership role. That's the core time when you want to retain that population,
where you want to advance that population so that in the next, I would say, generation or
hopefully it doesn't even take that long, the next five, 10 years, we see a much more representative
leadership room or board table, right? So that's really where that goal starts.
And so why do we have 80 hours of training content?
Because part of advancing your career and accelerating your career
is having the right skills.
Of course, having a right network is also very important,
and that's something else that we preach.
But upskilling yourself, constantly learning about new technologies.
I mean, the tech world changes by the minute, right?
And so being familiar with new technologies, new frameworks, new ways of thinking about
product problems is really what we focus on.
So we were the first to create the real-world product management specialization, which you
can check out on Coursera.
You'll see my mugshot in a lot of those videos, but actually also of those of some of the best
and brightest underrepresented leaders in the industry,
such as Sandy Carter, Mylon Thompson-Bukovac,
Sabrina Farmer.
I mean, the list goes on and on,
including a personal friend who created Coffee Meets Bagels.
So hey, for all those connections made out there
on that platform, she's also a woman CEO
and used to be a product manager at Amazon.
Your friend met his partner on Coffee Meets Bagel.
I hear good things.
Oh, awesome.
Fortunately, I was married before it launched, so I've never used the service myself.
If I were a reference customer now, that would raise questions.
Well, let's just say I'm not on the platform either, so I can't verify or deny that you have a profile.
Yeah. So just having those underrepresented groups, right, and individuals, really stellar rock stars, role models that we would all consider, right, to be super inspirational
as speakers, as instructors on the courses have given so many folks the inspiration,
right, the encouragement that they need to upskill themselves.
And so yes, now educated over 20,000 learners worldwide using those courses. And I still
receive just amazing notes from them on a daily basis all over LinkedIn about how they've managed
to get promotions from doing taking these courses, or how they've managed to get jobs in FANG tech companies as a result of
taking these courses. And really, that's the impact that I want to make, is one-to-end,
right? Being able to impact a global audience, upskilling a global audience. And so again,
in the future, and not so distant future, the leadership room gets so much more representative.
And to complete the trifecta of interesting things you do,
you are also a early angel investor
and a limited partner in a number of startups.
Tell me a little bit about that.
It's odd to, at least in my experience,
to see folks who are heavily involved
in the nonprofit space, the corporate space,
at a giant tech company,
and doing investment all at the same time. It seems like
that that is a not particularly common combination, at least in the circles in which I travel.
You could also probably blame it on my extreme ADHD. That's probably very true. Don't worry,
I try to control it most of the time. I've been struggling to control my own my entire life,
which probably explains a lot about why I do the things that I do. I hear you.
It makes sense, right? From one to another. It honestly makes me better at my job,
and I'll explain why. So if you look at some of the new joint marketing campaigns that AWS Backup or Data Protection Team has done this past year with various startups, namely OpenRaven,
there'll be others we're working with in the new year, being able to just get some of that inspiration from founders, right?
Thinking about how can we have a better together story, right?
You specialize in, let's say, with the case of OpenRaven, in data visibility, and let's
say scanning S3 buckets for vulnerabilities, for different content.
And hey, we specialize in
that data recovery process or in that data protection policy creation process. How do we
come together to form a really awesome solution for our highly regulated customers or compliance
minded customers? That's the story that I love to tell. And frankly, I just get so inspired from talking to startup founders.
The reason why I have also advised a few venture capitalists,
namely Felice's Ventures,
on, for example, their investment theses
is I just see so much potential
in this environment, right?
And there's really that adage
where it's a big enough sandbox
for a lot of players, right?
Just like, for example, how Snowflake and Redshift
have managed to coexist together on the AWS platform.
There's a lot of just goodness, too,
that exists between the data security world,
how customers think about securing their data,
to the data protection world,
because, hey, you can't protect what you can't see,
so you need to make sure that you have that data visibility angle, along with that protection angle, along with that recovery angle. And hey,
all of this needs to be within your data perimeter, within a secure zone, right? How do you
securitize your data? So all of that really comes together in this melding world. And of course,
there's also adjacent themes such as, well, once you protect your data, how can you also make sure that your data is, or the quality of your data is high, right? And that's where pretty interesting
startups in the data observability space, such as Monte Carlo have come up, right? Which is,
hey, I need to rely on my business data to make important decisions that affect my customers.
So how can I make sure that what's ever coming out of my data lake or data warehouse
is correct, right? It truly reflects the state of the business. So all of that is converging.
And that's why, you know, it's just super exciting to be a part of this space to not only create net
new, I would say, greenfield opportunities on the AWS platform, but also use this as an opportunity
to partner with startup CEOs and various startups in the data space,
data infrastructure space, to create more use cases, right?
More solutions for customers who otherwise would have to rely on either custom scripts
or simply not having any solutions in this space at all.
There's something to be said for doing the, how do I frame this?
The boring work that's always behind the scenes that is never top of
mind. People don't get excited about things like data protection, about compliance, about cost
optimization, about making sure that the fire insurance is paid up on the building before you
wind up insulting execs at big companies, et cetera, et cetera. And that, but it is incredibly
important in my case, especially that last one, just because it's, if you don't get that done, there's massive risk and managing that risk is important.
It's nice to see that it's not just the shiny features that are getting the attention.
It's the stuff of, okay, how do we do this safely and securely?
That is the area that I think is not being particularly well served these days.
So it's honestly refreshing to see someone focusing on that as an area of active investment.
I mean, absolutely.
Perhaps one data point I should also share, because I do get questions asked of, what
gets you so excited, right, about compliance, about audit?
Well, I used to work for the US government.
So if that tells you anything, and I used to hold an active secret clearance that
hopefully explains some things about why I'm passionate about the areas I am. But that's
really where, you know, back to your comment that you made on the core tenant or the ethos of the
AWS backup service, which is set it, forget it, make it super simple, is I want to design systems or solutions
that enable customers to focus on developing applications, working on building business logic,
whereas we will create the comprehensive data protection policies that protect your data.
And especially in the world of ever-evolving cyber attacks, where the attackers are getting
more and more sophisticated.
They have more backdoor methods, right, that go undetected for many months,
as was the case in attacks, right,
over the past recent years.
Or in the case of pesky ransomware attacks
where certain insurance companies
have even stopped paying ransoms, right?
And you're wondering, well, how do I get my data back, right?
This is the world that we live in. And so, yes, there might be ever-evolIST cybersecurity framework, is actually having a good way to restore.
And that goes back to something that you mentioned in the beginning of this recording, Corey, which is making sure that you're regularly testing your backups.
Because as you said, no one cares that you're taking backups, but people do care about the ability to restore. So having known good bits that exist in a secure vault, that exists maybe in some air
gap account or region where you know that it's going to be there for you, that it's
restorable, is going to be super key.
And we're already seeing that trend in a lot of customers that I speak with.
And by the way, these aren't just customers in
highly regulated industries. They're really customers that now are increasingly relying on
data to make business decisions. Just like, for example, there's that adage that says,
software is eating the world. Well, now most businesses are data-driven businesses. And so
data is core to their business mission.
And so protecting that,
it should also be core to their business mission.
I really wish that that were the case
a bit more than it is.
True that.
So I would have to say, here, here.
And this is actually what makes my job so just fun,
frankly, is that I get to have these conversations
with thought leaders at various different companies who are my clients or customers of AWS.
And these are different, I would say, leaders ranging from IT leaders to compliance leaders to CISOs who I have these conversations with.
And oftentimes, it does start with this very, I would say, innocuous question, which is, well, why should I think about protecting my data?
Right. And then we're able to go into, well, this is how you think about tiering your data.
This is how you think about different SLAs that you might have for your data. And then finally,
this is how you would think about architecting a data protection solution into your environment.
Nancy, I want to thank you for taking so much time out of your day to speak with me.
If people want to learn more about what you're up to and how you're viewing these things,
where can they find you? Feel free to connect with me on LinkedIn. Whether you have a service
that you desperately want AWS Backup to protect, yes, I got a lot of those tweets or LinkedIn posts,
absolutely happy to consider them and to prioritize them on the future roadmap. Or if you want to give me a feedback about your experience, more than happy to take those as well.
Also, if you're a startup founder and you have a brilliant new idea in data infrastructure, always happy to grab coffee or drinks and hear about those ideas. looking to upskill yourself in either product management or cloud tech skills, find us on
Coursera at Coursera.org slash AWIT or on LinkedIn as Advancing Women in Technology.
Either way, whether you fit into one or more or all of these buckets, I'd love to hear from you.
And we will, of course, put links to that in the show notes. Thank you so much for speaking
with me today. I really appreciate it. Well, thank you, Corey. It's always a pleasure, and I'll see you very soon in person in SF.
I look forward to it. Nancy Wong, General Manager of AWS Backup and AWS Data Protection.
I'm cloud economist Corey Quinn, and this is Screaming in the Cloud. If you've enjoyed this
podcast, please leave a five-star review on your podcast platform of choice. Whereas if you've
hated this podcast, please leave a five-star review on your podcast platform of choice. Whereas if you've hated this podcast, please leave a five-star review on your podcast platform of choice,
along with an insulting comment that I will then delete because it wasn't backed up.
If your AWS bill keeps rising and your blood pressure is doing the same,
then you need the Duck Bill Group. We help companies fix their AWS bill
by making it smaller and less horrifying.
The Duck Bill Group works for you, not AWS.
We tailor recommendations to your business,
and we get to the point.
Visit duckbillgroup.com to get started.