AWS with relief at changes in GDPR – AWS GuardDuty, Macie and Inspector, AWS services, which will help in compliance with changes in the law on personal data.
The imminent entry of the Regulation on Personal Data Protection into force [Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data and the repeal of Directive 95/46 / EC (General Regulation on Data Protection) https://giodo.gov.pl/pl/569/9276], freezes blood in the veins of many inspectors dealing with the supervision of this area. Actions taken by the European Commission aim to improve processes related to data management and storage. Amazon Web Services focused primarily on data encryption and the method of depositing them in the cloud. The possibilities of encryption protection are one of the most effective methods of security. It is used in AWS for such services as EC2 or S3 and through the management of the key customer key.
The following diagram shows the described solution proposed to enable EC2 to encrypt the instance store. Source: GDPR Compliance on AWS
But is it all that AWS prepared for its clients? Taking into account the possibilities and consequences of the regulation on the protection and processing of personal data, Amazon Web Services has introduced a range of services and solutions that allow them to be adapted to the needs of the user. According to the main assumptions of the regulation:
- the right to transfer the data
- the right to be forgotten
- privacy by design – a principle that takes into account the protection of personal data in the design phase
- notifications of data protection violations
such tools as GuardDuty, Macie or Inspector were created.
They are compatible and effective in the preparation and implementation of regulations that are to come into force.
Being an AWS partner in the Advanced status, we can offer a service project based on the best AWS security practices (AWS Security Best Practices). We help in ensuring the highest quality of data protection and ensure compliance with the GDPR. We are also prepared to verify and monitor any alerts related to data security.
When conducting security measures, it is also worth looking at the CISPE code (Cloud Service Providers in Europe). This regulation of 27 April 2016, created on the initiative of CISPE, adopted by the European Parliament, which relates to the field of personal data protection and is in line with the requirements of GDPR for the processing and storage of data within the EU.
It specifies the guidelines for proper use of the cloud, among others for defining roles between the client and the cloud infrastructure provider. Recommendations of the Code also ensure the transparency of the service provider, who is obliged to immediately notify all inaccuracies, such as data deletion or improper processing. All information regarding practices and the treatment of personal data protection and processing can be found directly on the CISPE website. Codes, regulations and principles of good practice set a certain range of activities to ensure security – AWS actively seeks new solutions by using AWS Security Best Practices to design their services, which they share on their blog (AWS Security Blog).
Every change in the law requires specially adapted actions and their implementation in such a way that they meet the most stringent criteria. These transformations have affected every industry, and in today’s world of continuous development of new technologies and the age of information, Amazon Web Services meets all requirements. In preparation for exacerbations in the regulations, our Partner focused on such services as Amazon GuardDuty, Amazon Macie and Amazon Inspector, complementing the proposals – AWS Config Rules. Let’s take a closer look at each tool and their operation.
Amazon GuardDuty is designed to protect AWS accounts and manage threats. The service itself does not require software implementation and infrastructure maintenance. The client only pays for the analyzed events. Just a few clicks on the console to set up the whole process, which virtually instantly takes millions of billions of events on your accounts under the microscope, detecting any threats. The entire process has been designed to optimize the service and minimize costs. In addition, the automated process of resource management and AWS accounts allows you to design an economical architecture whose performance ensures safety at no additional cost to the customer.
How it’s working? Below is a diagram prepared by AWS.
Another service is Amazon Macie – it is based on the assumptions of machine learning and aims to protect data that allow for easy identification of a person or intellectual property. Its main task is to protect cumulative data in S3.
- ease and simplicity in implementation and use
- automation of data security
- monitoring of custom alerts
And how does it work? Below is a diagram from AWS.
The last, fully automated, service is Amazon Inspector. It allows for an accurate assessment of the security and compliance of the services being implemented. It uses the EC2 instance and analyzes all threats and vulnerabilities using a special agent placed on them. During the evaluation, it is also possible to prioritize the rules that are included in the subsequent conclusions in the report.
The operation of the entire service can be seen in the video below.
In terms of the overall theme, GDPR is not “as terrible as it is painted”. It is enough to take up the subject of analysis of existing solutions and supplement them with new ones. Sometimes a change to a completely innovative concept may be required – I will gladly help you with this. The compliance of our services and the solutions provided by AWS is commensurate with the requirements of the forthcoming regulation.