AWS re:Invent 2025 has just concluded, once again delivering a wave of innovation and renewed focus on how organizations can secure, scale, and modernize their cloud environments. Among the noteworthy stories emerging this year is Clumio, now part of the Commvault family, continuing to strengthen its position as a leader in cloud-native data protection.
In a landscape where ransomware, misconfigurations, accidental deletions, and region-level failures threaten business continuity, organizations need more than traditional backup tools. This is exactly where Clumio delivers value.
Backed by Commvault’s experience and expanded ecosystem, Clumio brings a modern, serverless, air-gapped architecture designed specifically for AWS. Its focus on protection, immutability, and fast, clean recovery helps customers confidently face today’s most critical cloud security challenges. Let’s see in depth.
How Clumio Delivers Air-Gapped, Secure, and Instant Recovery for AWS Workloads
DynamoDB does not support traditional versioning; instead, it relies on DynamoDB Streams, which act as a continuous transactional log capturing every change to a table. These logs make it possible to rebuild a table at any point in time, but they still live entirely inside the same AWS account and security boundary as the production workload. If the account is compromised, both the table and its native recovery options are at risk.
Clumio, now part of the Commvault family, takes a fundamentally different approach. It stores the incremental changes in an isolated environment completely outside the customer’s AWS tenancy. This creates a true air-gap that breaks the blast radius of any account-level incident. Even if an attacker disables PITR, alters IAM policies, or deletes the table itself, the Clumio copy remains intact.
From these incremental backups, Clumio can reconstruct a consistent table state at any moment and restore it into a clean AWS account. Recovery becomes independent, predictable, and safe, without relying on potentially compromised AWS-native controls. The externalized model also adds benefits like protection from misconfigurations, immutable recovery points, and the ability to rapidly rebuild a table without manually replaying logs or stitching together snapshots.
Bonus tip – As a Platform Engineering standard, you can also configure infrastructure and policies via Terraform, and probably my platform engineer labs will start from infrastructure As Code and Policies as code configuration. For further check the official provider here: https://registry.terraform.io/providers/clumio-code/clumio/latest/docs).
Recovery for DynamoDB in the Age of Agentic AI
DynamoDB organizes data across multiple partitions, and with the rise of agentic AI systems interacting continuously with tables, corruption can occur at different moments and often only within specific partitions.
In many scenarios, a full table restore is excessive and disruptive when only a subset of partitions is impacted. Clumio solves this by enabling precise, partition-level recovery rather than forcing a complete rollback.
When corruption is detected, Clumio can restore only the affected partitions either directly into the existing table (in-place) or into a clean table (out-of-place).
The in-place workflow is intentionally simple: a single API call consisting of just two parameters: partition ID and timestamp. Clumio then reconstructs and applies the correct state automatically.
This mechanism was also highlighted in the discussion between Keith Townsend and Woon Ho Jung, CTO of Commvault’s Cloud Native Division (https://www.youtube.com/watch?v=QXQfw3fiR8k), where Jung explained how Clumio rebuilds an exact partition state by replaying its externalized, immutable DynamoDB change logs.
To summarize the workflow:
1. Identify the impacted table
2. Issue a single API call specifying partition and time
3. Choose the protection mode (incremental, air-gapped, immutable)
4. Restore in-place or create a second clean copy, depending on the scenario
How Clumio Enables True Apache Iceberg Recovery
Apache Iceberg brings powerful table semantics to data lakes: schema evolution, snapshots, metadata layers, and transactional guarantees. But because Iceberg tables rely on a combination of manifest files, metadata files, and data files, simply backing up the underlying S3 objects is not enough.
A raw S3 backup only captures file objects, and it doesn’t preserve the relationships, references, or table state that Iceberg uses to guarantee consistency. The result: restoring only the S3 data does not reassemble the table, leaving broken pointers, missing manifests, or inconsistent snapshots.
This is where organizations commonly run into trouble:
Clumio bridges this gap by understanding the structure and lifecycle of an Iceberg table. Instead of treating Iceberg as a collection of files, Clumio tracks and protects the entire metadata hierarchy that defines the table’s state at any moment in time. It captures not only the data files but also the manifest lists, manifest entries, and metadata layers that Iceberg uses to build consistent snapshots.
When recovery is needed, Clumio reconstructs the complete table state, including all linked metadata files to let tables behave exactly like the original snapshot, preserving transactional consistency.
The result is a recovery workflow that respects how Iceberg works:
1. Data files are restored together with their metadata
2. Manifest relationships are preserved
3. Snapshots and schema history remain consistent
4. The table can be queried immediately without manual stitching
In other words, Clumio restores Iceberg tables the way Iceberg expects them to be restored. It overcomes the limitations of S3-level protection by understanding the table’s logical structure, ensuring that organizations can confidently recover complex lakehouse workloads without losing integrity.
Clumio’s air-gapped, metadata-aware protection for services like DynamoDB and Apache Iceberg demonstrates that modern data resilience goes far beyond simple S3 or log-based backups. By understanding the structure and behavior of these cloud-native systems, Clumio ensures clean, consistent recovery even during corruption, automation failures, or AI-driven anomalies. Now part of the broader Commvault vision, this innovation is also reflected in its recognition as 2025 AWS Global Storage Partner of the Year, highlighting leadership in advancing cloud-native data protection at scale.