With the increasing number of security breaches affecting large and small enterprises, having a well-rounded security platform is more important than ever. Protecting sensitive data like Personal Identifiable Information (PII) is a high priority. You’ll feel motivated to automate findings as the amount of data stored in the AWS Cloud rises, so you don’t waste time manually classifying data and allocating rights.
Amazon Macie can help you become more conscious of your data and the level of protection you have. We’ll look at what Amazon Macie is, how to set it up in the AWS Management Console, and more in this blog post.
In this blog, you will learn:
- What is Amazon Macie?
- How does Macie work?
- Macie benefits
- Macie use cases
- Macie set up
- Macie pricing
- Amazon Macie vs Amazon GuardDuty
- Integration with AWS Security Hub
What is Amazon Macie?
Amazon Macie is a security service that uses machine learning to locate, categorize, and protect sensitive data in the Amazon Web Services (AWS) cloud. It currently supports only Amazon Simple Storage Service (Amazon S3), while other AWS data stores are being developed.
In your S3 buckets, Macie can distinguish any personally identifiable information (PII) or protected health information (PHI). Macie also keeps an eye on the security and access management of the S3 buckets. All of this can help you comply with requirements such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Privacy Regulation (GDPR), as well as retain the AWS Cloud security you require.
In general, Macie helps you answer these questions about your data:
- What methods can I use to classify data in real-time?
- What is its location?
- How do I create remediation workflows for my security and compliance requirements?
- In my S3 buckets, what data do I have?
- What personally identifiable information (PII) or protected health information (PHI) could be made public?
- Data is exchanged and kept in two ways: publicly and privately.
How does Macie work?
Macie will produce your S3 bucket list in the region where you enabled it within a few minutes of allowing Macie for your AWS account. Macie will also begin to keep an eye on the buckets’ security and access control. It generates thorough findings when it identifies the potential of illegal access or any inadvertent data disclosure.
Macie has three main features:
1. Macie summary dashboard
The dashboard gives you a quick overview of how the data is accessed and moved. The total number of buckets, objects, and S3 storage consumed are all displayed on this dashboard.
It also divides S3 buckets into public, encrypted, and private buckets, as well as buckets shared within and outside your AWS account or AWS company.
2. Macie Jobs
Create and run sensitive data discovery jobs in Amazon S3 buckets to automatically discover, record, and report sensitive data.
You can set the job to run only once for on-demand analysis or schedule it to run on a regular basis for recurring analysis and monitoring.
3. Macie’s Findings
A finding is a detailed report of potential policy violations for sensitive data in S3 buckets or S3 objects. Macie provides two types of findings: policy findings and sensitive data findings.
Macie can also send all findings to Amazon CloudWatch Events so you can build custom remediation and alert management.
Examples of policy findings are below.
Examples of sensitive data findings below
In every Macie finding, you will find detailed info.
Macie benefits
- Easy to set up: Macie can be quickly set up in the AWS Management Console with a single click, and it supports multiple accounts with AWS Organizations, allowing you to enable Macie across all of your accounts with a few clicks. This helps compliance by eliminating the need for an IT team to classify and assign access to data manually.
- Constant monitoring of S3 buckets: Macie monitors your Amazon S3 environment and generates an S3 buckets summary for all of your AWS accounts on a regular basis. If there are any unencrypted buckets, buckets that are publicly available, or buckets that are shared outside of your AWS Organization, Macie will detect and inform you. Macie allows you to run data discovery jobs on a one-time, daily, weekly, or monthly basis for all or a subset of objects in an Amazon S3 bucket. It also tracks changes to the bucket over time, evaluating just new or modified objects.
- Meet privacy regulations: Amazon Macie keeps track of a growing range of sensitive data types, including typical personally identifiable information (PII) and other types of sensitive data as defined by data protection rules including GDPR, PCI-DSS, and HIPAA.
- Custom-defined sensitive data types: You can use regular expressions to add custom-defined data types to Amazon Macie, allowing it to identify unique sensitive data for your organization.
Macie use cases
Simplify your data privacy and security procedures.
Amazon Macie makes data privacy across the whole Amazon S3 environment simple, delivering insights that you may utilise to respond promptly as needed. Macie also allows you to identify sensitive data in other data repositories by temporarily transferring it to S3.
Maintaining compliance
To help you fulfill and maintain your data privacy and compliance standards, Macie offers a variety of options for scheduling your data analysis, including one-time, daily, weekly, or monthly sensitive data discovery jobs.
Discover your sensitive data at the scale
Macie employs machine learning and pattern matching to discover sensitive data in the targeted region at a low cost, and it performs well even in a complex S3 environment. Macie recognizes a growing number of sensitive data categories, such as personally identifiable information (PII) including names, addresses, and credit card numbers, automatically.
Macie set up
The easiest way to set Macie up is by using the AWS Management Console:
1. Sign in to the Macie Console. Remember to choose the right AWS Region where you want to start.
2. Choose “Get started”.
3. Choose “Enable” Macie.
4. And then just click on “Get started” in the menu and select which “Job” you want to start.
Macie pricing
Macie’s free tier includes:
- Each account gets a 30-day free trial with S3 buckets assessment (breaks down S3 buckets by whether they are shared publicly, encrypted or not, and shared inside and outside your AWS account).
- You also get the first 1 GB of sensitive data discovery per month for free.
The monthly cost of Macie is calculated as follows:
- The amount of Amazon S3 buckets that have been evaluated: the cost is the same across all AWS Regions.
- The first 30-days of evaluation are free for all buckets.
- $0.10 every S3 bucket and month after the first 30 days.
- The cost of processing a large amount of data for sensitive data discovery varies by AWS Region.
Amazon Macie vs. Amazon GuardDuty
Amazon GuardDuty and Amazon Macie are not the same things. Macie only looks at S3 buckets and intelligently classifies data to help you ensure the proper access controls are in place.
Amazon GuardDuty uses sophisticated and continuous threat monitoring of your AWS accounts, Amazon S3 data, and workloads to manage risk
Monitors from GuardDuty:
- API activity that is abnormal
- Attempts to turn off the AWS CloudTrail logging service
- Unauthorized deployment and instances that have been compromised
- Compromise S3 bucket.
Integration with AWS Security Hub
Macie is compatible with AWS Security Hub. Security Hub is a single location in the AWS environment where security warnings and findings from several AWS security services can be aggregated, organized, and prioritized.
Related Links/References
- AWS Free Tier Limits
- Overview of Amazon Web Services & Concepts
- How to create a free tier account in AWS
- AWS Certified Solutions Architect Associate SAA-CO3
- Storage – Amazon Elastic Compute Cloud – AWS Documentation
- Amazon Elastic File System User Guide
- AWS Management Console Walkthrough
- AWS Certified Solution Architect Associate SAA-C03 Step By Step Activity Guides (Hands-On Labs)
- AWS EFS, EBS, and S3: Best AWS Storage Option
- AWS Trusted Advisor Best Practices
- AWS Certificate Manager (ACM): Overview, Features, and How it Works?
- AWS Route 53 Introduction
Next Task For You
Begin your journey towards an AWS Cloud by joining our FREE Informative Class on Amazon Cloud Free Class by clicking on the below image.
Leave a Reply