SAP Defends Against Ransomware Attacks with AWS Snapshot-Based Architecture

SAP has implemented a new ransomware recovery framework built on Amazon Web Services (AWS), utilizing native features in Amazon Elastic Block Store (EBS) to improve data protection for its clients. A recently published AWS case study explains how SAP employs Amazon EBS Snapshots, EBS Snapshot Lock, Fast Snapshot Restore, and gp3 volumes to secure data and defend against ransomware attacks.

SAP attaches an Amazon EBS volume, a durable block-level storage device, to every virtual machine it migrates to AWS. Most of these are Amazon EBS General Purpose volumes, which are designed to balance cost and performance for a wide variety of workloads. SAP uses Amazon EBS Snapshots, a point-in-time copy of data that helps with disaster recovery, migrating data across regions and accounts.

The new storage and backup framework is based on Amazon EBS Snapshots; however, SAP wanted additional safeguards against unintentional data deletions, so they requested a new feature to enhance resiliency from malicious attacks. As a result, EBS Snapshot Lock was created, a feature that uses the Amazon Data Lifecycle Manager to automate the creation, retention, and deletion of snapshots according to predefined schedules and retention policies.

To enhance performance and control costs, SAP also transitioned to Amazon EBS gp3 volumes, which provide higher price performance for many workloads at a lower price compared to earlier-generation volumes. For recovery, SAP employs Amazon EBS Fast Snapshot Restore, allowing systems to be restored faster than earlier solutions. This helps SAP minimize potential downtime and ensures continuity of operations during a system disruption.

“With Amazon EBS Snapshot Lock, we can now say that our snapshots are ransomware protected,” says Jayaprakasan Velusamy, senior enterprise architect at SAP Enterprise Cloud Services. “This capability helps boost our clients’ confidence and decisiveness in choosing to host their data with SAP, helping us potentially seal the deal.”

SAP’s deployment of EBS Snapshots offers a dependable way to recover data, while Snapshot Lock enforces retention controls that help prevent malicious or accidental data loss. These features are especially useful for SAP workloads, where data integrity is critical for financial operations, supply chain management, and customer transactions.

What This Means for SAPinsiders

Locked snapshot backups improve SAP’s defense against ransomware. SAP’s internal use of Amazon EBS Snapshots and Snapshot Lock offers a model for enhancing ransomware preparedness with cloud-native tools. Although the case study provided few implementation details, locked snapshots enable customers to establish secure restore points that are resistant to deletion for defined periods of time. This helps reduce the risk of data loss and allows for quicker recovery during incidents.

Fast Snapshot Restore minimizes downtime for SAP workloads. A key insight from SAP’s architecture is the use of Fast Snapshot Restore to cut recovery times. For SAPinsiders managing applications like SAP S/4HANA, fast recovery is essential to meet service-level agreements and keep operations running smoothly. The case study shows how AWS-native services can support recovery strategies without adding new backup systems or external complexity.

Cloud storage optimization boosts performance and reduces costs. SAP’s move to gp3 volumes highlights the need for cost-performance tuning in SAP cloud environments. For customers handling large datasets or performance-sensitive applications, this type of storage provides more flexibility to set throughput and IOPS separately from volume size. SAPinsiders evaluating similar strategies should review their current storage setups and look for opportunities to switch to newer volume types that better match their operational requirements.