Open in app

Sign in

Write

Sign in

Data Protection — Amazon S3

DianaOpanga
2 min readJan 23, 2023

--

What is Data Privacy?

This is an area of data protection that concerns with the proper handling of sensitive data including personal data but also other confidential data. It basically involves handling of PII data and to safely store the information.

What is S3?

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

Because of S3 reliable features in terms of cost, data availability and easy retrieval, most organisations rely on S3 to store data from financial records, medical records, logs e.t.c.

So how can you enforce data protection in S3 buckets?

The following ways can be used to enforce data protection in S3. These might seem like everyday security best practices but they do come along in ensuring that data stored in your bucket is secure and not to be tampered with by malicious actors.

  • Implement least privilege access

Ensure that when granting permissions, you decide who is getting what permissions to which Amazon S3 resources. Permissions should be granted based on the task needed to be performed.

  • Enforce encryption of data at rest and in transit

Server-Side Encryption, you can request Amazon S3 to encrypt your object before saving it on disks in its data centers and then decrypt it when you download the objects. As for data in transit you can use HTTPS to help prevent potential attackers from eavesdropping on or manipulating network traffic using person-in-the-middle or similar attacks.

  • Enable use of Amazon Macie

Amazon Macie is a data security and data privacy service that uses machine learning and pattern matching to help you discover, monitor, and protect sensitive data in your AWS environment.

  • Enable monitoring and logging of your S3 buckets

Ensure that monitoring of your AWS environment and S3 buckets is done by Cloudwatch. Alarms can be created to trigger an alert when API calls are made to your bucket ensuring all activity is monitored in case of malicious API calls.

You can also enable Amazon GuardDuty for S3 that will continuously monitor your environment for malicious and unauthorized behaviours to protect your data.

These are just a few examples on how a user can enforce data protection and data privacy of their objects in the bucket. AWS whitepapers provide a much more detailed approach on how to enforce security of your objects.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/DataDurability.html

--

--

DianaOpanga

Written by DianaOpanga

6 Followers

#Security #AWS #AppSec #DevSecOps

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams