Amazon S3 the popular Amazon cloud storage service is trusted by many customers right from big enterprise firms to start-ups, and everyone else between these two extremes.With the typical AWS scalability, accessibility and elasticity, S3 has everything you can ask for. If at all there was a vulnerability, it was security of the data stored here. S3 badly needed a potent weapon to combat the security threats and assuage the concerns of the customers.
To plug the security gap, Amazon has introduced Macie. In old French, Macie means “weapon” and there could not have been a better name for this service. According to Amazon, “Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS. Amazon Macie recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved. The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks. Today, Amazon Macie is available to protect data stored in Amazon S3, with support for additional AWS data stores coming later this year.”
So what is special about Amazon Macie?
It analyzes the usage and access pattern. It alerts the customer if an unusual activity takes place and if a confidential document is accessed from an unknown IP address. It takes advantage of both the supervised and unsupervised learning algorithms.
Amazon Macie also uses NLP (Natural Language Processing) which parses the data stored in documents and identifies patterns such as credit card numbers, social security numbers, emails, passwords, API keys, SSH keys and other sensitive information. It monitors high-risk data where it applies AI to understand historical data access with which it helps customers identify unauthorized access and avoid data leaks.
Key Features of Amazon Macie:
- Continuously monitors new data in your AWS environment
- Uses artificial intelligence to understand access patterns of historical data
- Automatically accesses user activity, applications, and service accounts
- Uses natural language processing (NLP) methods to understand data
- Intelligently and accurately assigns business value to data and prioritize business-critical data based on your unique organization
- Creates security alerts, and custom policy definitions Identifies and protects various data types, including PII, PHI, regulatory documents, API keys, and secret keys
- Verifies compliance with automated logs that allow for instant auditing
- Identifies changes to policies and access control lists
- Observe changes in user behavior and receive actionable alerts
- Receives notifications when data and account credentials leave protected zones
- Detects when large quantities of business-critical documents are shared internally and externally
What the customers say:
Amazon Macie has been welcomed with glee and relief by all S3 customers. One of them have said, “Since we started using Amazon Macie we’ve found that it is flexible enough to solve a range of information security challenges that would have previously required us to write custom code or build internal tools, helping us move fast with confidence.” This one comment sort of sums the general mood of the customers.
Our take on Macie:
In the recent times, as we are working with our customers implementing AWS products, we have noticed customers being apprehensive with the level of data security that they were being provided. But now, with Macie on board, data security is not a worry anymore. Amazon has sweetened the deal for customers by announcing free service for the first 100,000 events and thereafter $4 for the next 100,000 events. It’s a great deal for customers who have highly confidential data. The quality of security provided by Macie makes it more than worth to pay this subscription. After all, it is not just security, it provides peace of mind!
Author: Nisha Verghese, PreludeSys Marketing Team