Best practices for Clumio include using AWS resource tags and setting up BYOK encryption with customer-managed keys.
Use AWS resource tags, with a standard naming convention for keys and values
To efficiently and effectively protect your assets across all the accounts and regions in your organization, use AWS resource tags with standard naming conventions for the tag keys and values.
For example, you might want to use tags that represent the levels of your Clumio backup policies:
| Backup policy | Tag key | Tag value |
|---|---|---|
| Gold backup policy | Clumio | Gold |
| Silver backup policy | Clumio | Silver |
| Bronze backup policy | Clumio | Bronze |
Monitor Clumio functions
After you complete the quick start, start monitoring Clumio to verify that your assets are backed up as expected.
Reports
Use Clumio reports to monitor Clumio daily. For consistent monitoring, set up the Compliance Report and Activity Report.
-
Compliance report: Evaluate your asset backup and retention policy implementation to meet compliance requirements.
-
Consumption report: Displays the credit consumption details of all assets backed up by Clumio. You can view your consumption data in credits, dollars (cost per credit), or usage metrics (GB consumed).
-
Operational tasks report: Displays the SecureVault backup, Clumio snapshot, and restore activities of all assets protected by Clumio.
-
Audit report: Displays a history of the system activities that users have performed through the Clumio UI or REST API. Use the audit report to find out which users made which changes in Clumio, and to ensure that all changes comply with your organization's needs and requirements.
Tasks
The Tasks page, available in the Activity widget on the left pane menu, displays the status of all of the tasks that are queued, underway, completed, or aborted. The Activity widget displays a number highlighted in blue to indicate the number of tasks currently running on your system. See Tasks for more information
Alerts
The Alerts page, available in the Activity widget on the left pane menu, shows you when there are issues affecting the assets in your Clumio environment, for example if a backup or a restore fails. The Activity widget displays a number highlighted in red to indicate the number of alerts raised on your system that require attention. See Alerts for more information.
Configure security and establish access management
User provisioning
Identify who needs access to Clumio, and then invite them using access management settings.
SSO / MFA
You can set up Multi-Factor Authentication (MFA) or Single Sign-On (SSO) to provide an additional layer of security. Any SAML 2.0-compliant identity provider can be configured with Clumio. See Authentication for more information.
BYOK encryption
For additional security and compliance needs, you can encrypt the backup data stored in Clumio using AWS customer-managed keys (CMKs), giving you the ability to control and monitor access to your backup data. See Encryption for more information.
Organizational units
Organizational units (OUs) allow you to create logical buckets of assets within your organization made up of groupings, such as departments, so that users can access and manage only the assets relevant to their work. Group data sources into OUs to reflect how users are permitted to access information, for example by AWS accounts. See Organizational units for detailed instructions.
Roles
Roles provide different levels of access to different types of users within your organization. Roles range from a Super Admin who has full access to all operations within the Clumio UI, to a Reporting/Audit Admin who has view-only access to the UI and can generate reports. See Roles for more information.