Keep your data safe, confidently knowing that encryption and backup will persist the integrity of your information.
Keep your data safe outside of your data center as well
Data is one of the most valuable assets in your organization. A company should always keep in mind the need to protect information, regardless of its content. Protecting data should be a constant concern. The risk of losing information must be mitigated at all costs. Further, threats from unfriendly actors can lead to a leak of sensitive data which could impact the viability of the organization or negatively affect brand sentiment or market value. These risks need to be actively mitigated and proactively resolved with active alerts and notifications.
The first step in protecting data is encryption. By encrypting your information, you are transforming the human-readable format into a hard to decipher or comprehend format. The advantage of encryption is that even if the information is leaked, it is still rendered useless. Therefore, encryption must be a key aspect of any data security mechanism. Encryption can occur both at rest (when data is stored) or at transfer (when being shared).
The encrypted data is the guarded and monitored like a precious piece of art. Alarms are configured to trigger if unauthorized users touch or attempt to remove the information. Monitoring logs track all users who have access to the data or attempt to gain access. Event trackers patrol the networks’ perimeters for broken access points or unauthorized penetrations. At this point the spectrum from digital and physical begins to disappear, since we also configure alerts to track the hardware devices and any change in the environment. For instance, we had a financial client who configured alarms to trigger if a flash-drive is introduced into any USB port. The alarm would then begin a security protocol that disabled the flash drive from either introducing data into the server or downloading information.
Remember that the responsibility to protect the information is shared. The only way to properly protect information is to work collaboratively between partners, cloud providers, and community at large. We cannot underestimate the capabilities of unfriendly actors and that is why we implement the AWS Shared Responsibility Model in which the areas of responsibilities are clearly outlined for all participating parties. The model has been proven to be the best protection protocol and reminds every participant that the responsibility is commonly shared. We are only as safe as our weakest link. See the AWS Shared Responsibility Model.
DFX5 will help you to protect your data in all domains including:
- Data access protection
- Data protection in rest
- Data protection in transit
Data access protection
Proper authentication and authorization mechanisms are essential to the proper configuration of the foundational blocks for cloud data security. Always bear in mind the least privilege principle when providing access, which limits access to the least amount of privileges possible. Provide just what is needed and nothing more. In fact, think of it as prohibiting all except what you need to do. So instead of ‘gaining’ access, think in terms of ‘removing prohibitions’ and ask yourself is it ok to remote this prohibition? Having this mindset will protect the overall security of the organization. Firms who over-provision privileges tend to lose control of the organizational guardrails. To assist in protection AWS provides services as AWS IAM or AWS Trusted Advisory which control access privileges.
Data protection in rest
Data needs to be encrypted when stored since if its lost it is still useless and cannot be exploited. AWS provides four common methods for encryption of files: server-side encryption with managed keys using AWS KMS (SSE-KMS), server-side encryption with implicit keys (SSE-S3), server-side encryption with clients provided keys (SSE-C), and client-side encryption. SSEs encrypt data on the server side and client upload unencrypted data (within this approach you need to ensure data protection in transit). Methods differ in the way how the keys are managed – either on the AWS side or on the client side. In SSE-C client encrypt the data on their his own and upload encrypted data to the cloud. To be sure that every data in your AWS storage are encrypted you can setup user’s guardrails for organizational units. For example, you should enforce a usage of encryption of the files uploaded on AWS S3.
Data protection in transit
Most of the communication within your organization will likely travel through unsecure public internet channels. It is of the utmost importance to protect these communications with encryption. If the communication is intercepted, the captured data is useless. While some organizations have invested in dedicated private networks or use secure virtual private networks, there are still vulnerabilities for exchanging raw information. Use AWS Snowball to migrate large volumes of data in secure channels. Regardless if you use a secure network or a service like AWS Snowball, always remember to encrypt the transferred data. When we talk about protection in transit, we configure control measures like the Transport Layer Security (TLS, formerly called Secure Sockets Layer [SSL]) between AWS resources, services, and external environments.
DFX5’s certified security specialists will help you to protect your most valuable assets against undesired and unauthorized uses. We work directly with financial institutions, government agencies, and other highly secure industries that exchange the most sensitive and secure data in the planet. Our deliverables are industry-compliant and integrate best-practices which include routine and unplanned security audits, drills, and test scenarios.
DFX5 is a global company with offices in Miami, Prague, and San Juan. Focused on technology consulting, DFX5 specializes in the use of innovative solutions, offered by Amazon Web Services. The DFX5 team is composed of cloud experts who are certified as Solutions Architects, Professionals, and Specialists in fields like Data, Analytics, Machine Learning, and more.
DFX5 delivers best-in-class solutions following best-practices and well-architected frameworks. Our proven success with Fortune 500 companies around the world is a testament to the utmost commitment we have with our clients. At DFX5 we are honored that our clients bestow upon us the confidence to manage their technology infrastructure. We are emboldened to continue growing and expanding our services following our proven methodologies.
Do not hesitate to contact us, and we can emerge on the journey together!