AWS re:Invent 2022
New Launch Automate Data Discovery with Amazon Macie Sec215

Title

AWS re:Invent 2022 - [NEW LAUNCH!] Automate data discovery with Amazon Macie (SEC215)

Summary

  • Introduction: Himanshu Verma, leader of a team of worldwide security specialists at Amazon, introduces the session on Automate Data Discovery with Amazon Macie, joined by Anuj Gupta, a principal solutions architect, and Carlos Carlos, Director of Data Security at OPPORTUNE.
  • Data Protection Needs: The session discusses the challenges organizations face in identifying sensitive data to comply with various data protection regulations like GDPR and CCPA.
  • Amazon Macie Overview: Amazon Macie, relaunched in 2020, uses machine learning and pattern matching to discover sensitive data at scale, integrated with Amazon S3, and provides an interactive dashboard for data security posture.
  • Automated Sensitive Data Discovery: A new feature launched at re:Invent 2022, enabling automatic discovery of sensitive data across all S3 buckets in an AWS account, reducing the need for manual scans and significantly lowering costs.
  • Customer Story: Carlos Carlos shares OPPORTUNE's experience with Macie, emphasizing the importance of finding sensitive data, reducing risk, and improving data security posture.
  • Key Takeaways: The session concludes with recommendations to opt into the new feature, leverage managed data identifiers, define custom identifiers, and take action on the continuous visibility provided by Macie.

Insights

  • Cost Optimization: The new feature of automated sensitive data discovery is designed to be cost-effective, reducing the need for full bucket scans and offering a 30-day free trial.
  • Customization: Organizations can tailor Macie's capabilities by using managed data identifiers for common data types or creating custom identifiers for organization-specific sensitive data.
  • Integration and Automation: Macie's findings can be integrated with AWS Security Hub for a centralized view of security posture and can trigger automated workflows using Amazon EventBridge.
  • Continuous Monitoring: The service emphasizes the need for ongoing monitoring and remediation, as sensitive data can continuously enter S3 buckets.
  • Real-World Application: OPPORTUNE's use case demonstrates the practical benefits of Macie in a regulated financial environment, highlighting improved accuracy, reduced time for data discovery, and prioritized risk remediation.
  • Future Expansion: There is an interest in expanding Macie's capabilities to other data sources beyond S3, indicating a potential direction for AWS to enhance data discovery and governance across a wider range of services.
New Launch Amazon Datazone Democratize Data W Governance Ant344New Launch Aws Simspace Weaver for Large Scale Spatial Simulation Cmp332