Home > Quick Wins > Defined Data Policies - Control with Amazon Macie

Defined Data Policies - Control with Amazon Macie

Actively define where to store your sensitive data

Remember, telling users or developers “don’t store your sensitive information here” is not as useful as explicitly telling them where to store each type of sensitive information, that avoids confusion, users or developers might find a worse place to host that data if you do not specify where it’s safe.

Verify that sensitive data is not publicly exposed or shared with unknown accounts outside your organization

Activating Amazon Macie you will see how many buckets are open to the world, how many are shared outside your organization, how many of them are encrypted and you will be able to identify which ones need corrections to align with your security policy

Amazon Macie Dashboard

The QuickWin around Amazon Macie is only enabling it and viewing periodically the dashboard to ensure that all your S3 buckets are configured properly and there is no misconfiguration that could lead to a security event. Only costs 0.10 USD per bucket per month, can be implemented in a few clicks, and will help you to identify when your data security policies are not properly set up.

Amazon Macie Demo

View Demo

Amazon Macie Mindmap

https://www.xmind.net/m/BDQYjp

Workshops

https://data-discovery-and-classification.workshop.aws/

Pricing

https://aws.amazon.com/macie/pricing
The service has a 30-day trial period (free trial) for the assessment of Buckets and Access Controls (data security posture), and 1 GB per month of free data discovery included in Free Tier. If you only activate the service (Quick win) and do not set up discovery jobs greater than 1 GB, you will not be charged during the trial period.

The service has a page to verify current usage and estimate future usage.