Amazon Macie will run in the background of your AWS data storage, quietly identifying anomalies, and keep you instantly informed when there has been a breach of policy. And the best part? It’s fast and simple to setup, saving you hours of custom development.
What does Amazon Macie actually do?
One of Macie's first tasks is to search through your S3 buckets and identify any PII (Personally Identifiable Information – for example, date of birth, email addresses, social security numbers) and other sensitive data types. If it does find any, it assesses whether this is a secure enough environment, and if not, alerts you. This is vital for when sensitive personal details are being introduced into your environment by mistake, which could be costly to fix, and difficult to find.
Next, Macie learns what user accounts and operations have access to your data. Using Natural Language Processing (NLP) to learn what is “normal” behaviour, it establishes a baseline and begins its constant background monitoring. This machine intelligence excels at spotting patterns of access and behaviour for your data so it quickly knows when something has gone wrong.
Macie, (pronounced may-see), can be used with your AWS CloudWatch Dashboards to provide rich and detailed reporting service that enables fine-grained control. You can set up custom policies and alerts for your PII and other confidential data, such as secret keys, or configuration information, and check for your own concerns, such as spikes in usage.
The benefits of Amazon Macie in practice.
User accounts that suddenly see a spike in activity, or unusual patterns of access, are highlighted by Macie in real time. Hackers and malware that attempt cross-site attacks, perhaps using one compromised account to gain access to sensitive information like credit card numbers, will be immediately visible to you in your CloudWatch Dashboard, and by a series of notifications. The security service can even spot vulnerabilities that were a result of bugs in development, such as a packet of sensitive data accidentally crossing from a secure domain to an unsecured one.
Fast, flexible, and accurate security and compliance.
Macie will classify data according to how sensitive it is as a high, medium or low risk, and alert you accordingly. Because it knows your data inside and out, the accuracy is much higher than might be available from a custom coded attempt to do the same. Companies such as Netflix and Autodesk trust Macie to offer a simple and speedy solution that might take months to hand build, so offering a better ROI.
Another advantage is the help it will bring to companies that need to comply with data protection, especially the new General Data Protection Regulation (GDPR) in Europe, or the Payment Card Industry Data Security Standard (PCI DSS) worldwide will need to ensure they have extra safeguards in place.
Simply put, you need Macie in your AWS cloud now.