AWS Backup adds OTP verification for Multi-party approval on logically air-gapped vaults
Amazon Web Services has enhanced the security of its AWS Backup service by adding mandatory one-time password (OTP) verification to the multi-party approval process for logically air-gapped vaults. Under the new system, when an approver attempts to vote on multi-party approval requests for these protected backup environments, they must enter a six-digit verification code that is automatically sent to their registered email address in AWS IAM Identity Center. The OTP requirement represents an additional authentication layer designed to ensure that only verified individuals can authorize critical operations on protected vault infrastructure. AWS has implemented this security enhancement automatically across all existing and new multi-party approval sessions for logically air-gapped vaults without requiring additional setup or incurring extra charges. The feature is now available in all AWS regions where logically air-gapped vaults are currently supported, and can be accessed through the AWS Backup console, SDKs, or command-line interface.
Why It Matters
This enhancement addresses a critical security gap in backup infrastructure protection, where compromised credentials could potentially lead to unauthorized access to air-gapped backup systems. By requiring email-based OTP verification, AWS is adding defense-in-depth to what are typically considered the most secure backup environments, making it significantly harder for attackers to manipulate backup operations even if they gain access to approver accounts. This move reflects the increasing sophistication of ransomware attacks that specifically target backup systems as part of their attack chains.
This summary is generated using AI analysis of the original press release. Always refer to the original source for complete details.