With cloud storage becoming an increasingly attractive option for businesses due to cost-savings and no physical hardware management, many products & services have been moving to the cloud.
Amazon’s S3 is one of the most popular cloud storage services on the market. It offers industry-leading scalability, availability, security, and performance. S3 can integrate with websites, applications, and much more. While AWS handles many aspects of security ranging from physical hardware security to network security, the customer is still tasked with configuring S3 to meet their regulatory and compliance needs.
On October 8th, Colin Ardizzone, a software engineer on the Security Control team at Evans & Chambers, held a virtual tech talk to provide an overview of S3 tools & best practices for meeting regulatory and compliance requirements. He discussed configurations and practices you can take when managing your S3 infrastructure to provide security and redundancy when handling data in S3. He also discussed how to enable inventory reports which can be used to help identify gaps in your configuration and prove you are meeting compliance regulations. Using Amazon Athena, inventory reports were queried using SQL, allowing for a quick and easy analysis of large batches of files. Lastly, he demoed Amazon Macie, a fully managed data security and privacy service that uses machine learning and pattern matching to help identify and protect sensitive data in S3.
Security in S3 is a shared responsibility between AWS and the customer. Tools like S3 inventory, Macie, and Athena can help alleviate the customer’s burden by staying on top of security risks and helping maintain an evidence trail.
About the EC Tech Talk Series
The Tech Talk Series is an employee-led platform dedicated to EC’s core value of continual learning. These talks aim to cover a broad range of technology-based topics to promote the sharing of best practices and ideas across EC’s project teams.