AWS Storage Blog
Category: Security, Identity, & Compliance
Automatically scan for public Amazon S3 buckets and block public access
Data is a valuable asset for an organization and users are always looking for simple tools to protect their data from unauthorized access. While some use cases do require data to be publicly accessible at times, most enterprise use cases and data privacy depend on strictly managed permissions and no public access. Enterprises use Amazon […]
Simplify Active Directory authentication with a custom identity provider for AWS Transfer Family
The secure exchange of files business-to-business is a common and important business practice in highly regulated industries. As organizations grow, maintaining separate user credentials for various platforms, such as file transfer services, can become increasingly complex and time-consuming. As customers build out Managed File Transfer (MFT) environments, often they end up having to create separate, […]
Building cyber resiliency with AWS Backup logically air-gapped vault
Enterprise users use AWS Backup for centralized data protection as part of a defense-in-depth architecture. Its features generally fulfill users’ data security and regulatory requirements, but there is demand for additional resiliency against ransomware incidents. Meeting the recovery objectives often involves creating multiple copies of data backups, developing and maintaining custom code for backup processes, […]
Automating Amazon FSx for NetApp ONTAP password rotation with AWS Lambda
Data security is a top priority for customers using AWS cloud services. Based on customer input, AWS has “designed-in” methods enabling customers to automate common security workflows such as password rotation. The principals of this automation follows the AWS Well-Architected Framework which helps cloud architects build secure, high-performing, resilient, and efficient infrastructure for a variety […]
Back up your Microsoft 365 estate with Veeam and Amazon S3
Users of productivity software and collaboration services such as Microsoft 365 want to protect their data and often tell us that data durability is one of their highest priorities. With the recent increases in reported cyber incidents, increasing data resilience against threats such as ransomware and other events that may compromise data durability is key. […]
How London Stock Exchange Group migrated 30 PB of market data using AWS DataSync
London Stock Exchange Group (LSEG) has 30 PB of Tick History-PCAP data, which is ultra-high-quality global market data that is based on raw exchange data, timestamped to the nanosecond. An additional 60 TB is generated every day. LSEG sought to migrate their data from Wasabi cloud storage, LSEG was looking for a new solution to […]
Temporarily block data transfers between AWS Regions in Amazon S3
Certain organizations may experience unexpected or outlier cross-region data transfer charges and require time to identify which of their systems or workloads are initiating them. In such cases, it may be useful to temporarily block data transfers to within a particular region. This temporary restriction can prevent further unwanted charges and allows time for audit […]
Transfer customer managed SSE-KMS encrypted objects across AWS accounts and Regions using AWS DataSync
Update (7/12/2024): Post updated to clarify that you must use a fully qualified Amazon Resource Name (ARN) when specifying your customer managed KMS keys. Some organizations have requirements to manage their own data encryption keys, both in general and during data transfer processes. In addition, when considering data transfer solutions (not just for encrypted data), […]
Using Amazon Cognito as an identity provider with AWS Transfer Family and Amazon S3
In highly regulated industries, securely exchanging files business-to-business is a crucial business practice. When building out a Managed File Transfer (MFT) environment, it is common to consider using a third-party identity solution for authenticating users. This approach offers simplicity for businesses that already use an identity service, allowing them to maintain identities for a variety […]
Faster restores on Veeam using Amazon S3 Glacier Flexible Retrieval and S3 Batch Operations
Storing multiple copies of data is often an enterprise data protection best practice and a critical part of backup and recovery solutions. The ability to quickly recover or restore data – often from backup copies in cost-effective archive storage – is critical to minimizing potential downtime or operational disruptions in disaster recovery (DR) scenarios such […]