Resources Referenced

GDPR Compliance Webinar

AWS Regional Product Service Table

Lecture Transcript

Hello and welcome to this lecture, which will answer the question, what is Amazon Macie? 

Amazon Macie was introduced in August of 2017 as a powerful security and compliance enabling service which sits within the security identity and compliance category of the AWS management consult. The main function of the service is to provide an automatic method of detecting, identifying, and also classifying data that you are storing within your AWS account. Macie currently supports Amazon S3 storage. However, additional support for other storage systems will be developed and added over time. The service is backed by machine learning, allowing your data to be actively reviewed as different actions are taken within your AWS account. Machine learning can spot access patterns and user behavior by analyzing cloud trail event data to alert against any unusual or irregular activity. Any findings made by Amazon Macie are presented within a dashboard which can trigger alerts, allowing you to quickly resolve any potential threat of exposure or compromise of your data. 

There are a number of key features that are offered by Amazon Macie during its detection and classification process. These can be summarized as follows. Amazon Macie will automatically and continuously monitor and detect new data that is stored in Amazon S3. Using the abilities of machine learning and artificial intelligence, this service has the ability to familiarize over time, access patterns to data. Amazon Macie also uses natural language processing methods to help classify and interpret different data types and content. NLP uses principles from computer science and computational linguistics to look at the interactions between computers and the human language. In particular, how to program computers to understand and decipher language data. The service can automatically assign business values to data that is assessed in the form of a risk score. This enables Amazon Macie to order findings on a priority basis, enabling you to focus on the most critical alerts first. In addition to this, Amazon Macie also has the added benefit of being able to monitor and discover security changes governing your data. As well as identify specific security-centric data such as access keys held within an S3 bucket. 

This protective and proactive security monitoring enables Amazon Macie to identify critical, sensitive, and security focused data such as API keys, secret keys, in addition to PII and PHI data. It can detect changes and alterations to existing security policies and access control lists which effect data within your S3 buckets. It will also alert against unusual user behavior and maintain compliance requirements as required. 

Over the past few months, you will have likely heard about numerous occurrences whereby huge quantities of PII data being stored in the cloud, have been exposed unnecessarily. Many of these instances can be attributed to a lack of understanding of key security controls offered by Amazon S3 by those storing data within the service, in addition to simple human error. Also, the sensitivity of the data may not of been understood before being stored. Understanding your data and its business value is essential. Therefore, having a managed service which provides in essence, a double-check, against your sensitive business data is invaluable. 

For example, checking to ensure you are not allowing sensitive data to be accessible via the internet, which will almost certainly have adverse negative effects. There are a wide variety of compliance programs that need to be adhered to and ensuring you maintain your compliance is crucial to your business. For example, from a general data protection regulation, GDPR perspective, you are required to keep any personal information of EU citizens protected and secured at all times with adequate protection. If you inadvertently expose data of EU citizens, you could be faced with significant financial penalties, which can total 4% of your annual global turnover or up to 20 million euros, whichever is greater. So maintaining compliance and having the available tools and services to help you enable this, is fundamental for businesses storing data in the cloud. 

If you would like to learn more about GDPR, you can listen to our existing webinar here, entitled Establishing a Privacy Program GDPR Compliance and Beyond. Currently, Amazon Macie is not available in all regions of AWS, so I recommend you check the AWS regional product service table found here before relying on a service to work with your S3 data, which is also a regional service.