Sign in
Your Saved List Become a Channel Partner Sell in AWS Marketplace Amazon Web Services Home Help

Data Loss Prevention (DLP) for Amazon S3 & EC2 - PAYG 90 DAY FREE TRIAL

Data Loss Prevention (DLP) for Amazon S3 & EC2 - PAYG 90 DAY FREE TRIAL

By: Cloud Storage Security Latest Version: 7.10.001

Product Overview

Data Loss Prevention (DLP) for Amazon S3 and Amazon EC2 is a cloud-based in-tenant solution that leverages data classification to identify sensitive data at petabyte scale and quarantine objects / files across all S3 buckets and EC2 (EBS volumes). Knowing what PII exists and automatically protecting it enables you to proactively manage data privacy and protection as well as compliance with frameworks such as SOC 2, PCI DSS, and HIPAA.


We have harnessed three decades of DLP experience to give you an automated solution that:

  • Deploys using an automated serverless architecture
  • Provides real-time & on-demand DLP scanning
  • Identifies hundreds of sensitive data types and PII
  • Covers 11 regional localizations: USA, UK, France, Germany, Ireland, Spain, Australia, Canada, Japan, China, Global
  • Allows you to tag and quarantine files identified as sensitive or that have PII
  • Supports robust notifications & integrations - this solution integrates with third party ticketing, Slack, Microsoft Teams, Amazon Chime, SIEM, Amazon SNS, AWS Security Hub, AWS CloudTrail, AWS Control Tower, AWS Transfer Family, and more

DLP for Amazon S3 and EC2 scales automatically to efficiently scan the largest of datasets, with no file size limit. For the next 90 days we are offering this solution completely free. All we ask is that you share your product feedback with us at

A streamlined installation via an AWS Fargate Container and deployment via an AWS CloudFormation template means you are up and running in about 15 minutes. From there, a few clicks is all it takes to initiate a DLP scan on demand or to schedule it later in the day, week, or month (scanning agents can be configured to meet a wide range of compliance requirements).

Once a scan is complete, a report of the files containing PII and sensitive data is generated, allowing you to see the type of data each file contains as well as the bucket in which it resides.

Additionally, you can identify bucket attributes such as whether it is publicly accessible or encrypted. Cross reference classification and bucket protection findings to determine whether a bucket containing sensitive data is exposed; when combined, data points such as these can be used to assess data risk and prioritize vulnerability management.

You will be alerted to findings via real-time notifications within the console or through AWS SNS. Findings can also be sent to AWS Security Hub, third party ticketing systems, SIEM solutions, Slack, Microsoft Teams, or Amazon Chime.

To further support security and performance, the solution runs in tenant, meaning your sensitive data remains in your AWS account.


In addition to data privacy and protection requirements, many compliance frameworks and regulations require organizations to implement procedures that protect against advanced threats. Specifically, by scanning for malware and PII. In line with the AWS Shared Responsibility Model, it is the responsibility of the organization using S3 and EC2 to do so.

Through our other solution Antivirus for Amazon S3 solution, Cloud Storage Security provides you with assurance that the files shared across their applications and data lakes are free from malware and risk of data breaches by scanning each item for advanced threats and PII. You can find Antivirus for Amazon S3 in AWS Marketplace at

If you would like to make a long-term purchase of this solution plus our Antivirus for Amazon S3, your organization is eligible to receive discounted pricing; contact us to learn more at



Operating System


Delivery Methods

  • Container

Pricing Information

Usage Information

Support Information

Customer Reviews