Sensitive Data

Detection Pipelines

Luke Hedger

AWS Community Builder

AWS Summit London - April 2022

@level_out

@level_out

Amazon Macie

Fully managed data security service that uses machine learning to discover sensitive data in AWS workloads

Architecture

@level_out

Operational Excellence

@level_out

- Monitor key pipeline metrics in CloudWatch

- Alert with visibility and actionability (ChatOps)

- Test in production with CloudWatch Synthetics

Cost Optimisation

@level_out

- Compress Kinesis data delivered to S3 (GZIP)

- Reduce S3 objects analysed by Macie (Lifecycle Policy)

- Archive infrequently accessed S3 objects (Intelligent Tiering)

Security

@level_out

- Encrypt all data at rest and in transit with KMS

- Record activity via CloudTrail, CloudFormation

- Aggregate security findings in Security Hub

Resources

@level_out

- Deployable pipeline github.com/lukehedger/cdk-macie

- More from me twitter.com/level_out

- These slides 🤳👇

Thanks!

Made with Slides.com