Edmunds is a car-shopping website that provides shoppers with tools to help them decide which vehicle is the best choice for them. The company not only manages a significant amount of information from its website, it also exchanges a large quantity of data from thousands of partner systems. “Data protection is an obligation we have to our customers and business partners,” says Stephen Felisan, chief information officer for Edmunds. “Fundamental to this is ensuring effective data governance in both the authorized access and proper use, both internally and externally, of our data.”
Since fully migrating its website and backend systems to the Amazon Web Services (AWS) Cloud in early 2016, Edmunds has relied on Amazon Simple Storage Service (Amazon S3) buckets to store operational data used for customer and partner services. However, for compliance reasons, the company required confirmation of the proper access and use of that data.
“We have a lot of internal, customer, and partner data stored in Amazon S3,” says Ajit Zadgaonkar, executive director of infrastructure and engineering operations for Edmunds. “We wanted a way to classify the actual uses of our data in order to verify whether we’re in compliance with our data-access and use policies. When we share an Amazon S3 bucket with a partner, for example, we want to be sure no confidential customer information or PII is unintentionally shared. In addition, we needed a better understanding of whether the proper controls are in place by knowing exactly where our sensitive data was stored in Amazon S3.”
Edmunds chose to solve its data-access and visibility challenge using Amazon Macie (Macie), a new AWS analytical platform that helps protect user accounts and prevent data and intellectual-property theft. By implementing machine learning and natural-language processing to classify data, understand its everyday usage, and alert administrators to anomalies, Macie automatically identifies business risk by discovering data that is exposed or shared outside the organization. The security service enables companies to customize alerts to the type of data they have stored on Amazon S3. “Amazon S3 is our primary data storage,” Zadgaonkar says. “It includes website content, our data warehouse, and all other day-to-day data. Amazon Macie enables us to get much deeper insight into that data than we ever had.”
Using Macie, Edmunds has gained a new depth of visualization for the data in its security environment. “Using the interactive dashboards in Macie, we can clearly see the different patterns of use of our data, which Macie has created by automatically classifying our data’s use and flagging anomalies,” says Zadgaonkar. “From this we can determine the level of risk.”
Edmunds can also identify access problems within Amazon S3. “If there are any access keys being shared in Amazon S3, we can see that through Amazon Macie,” says Atif Manzoor, director of information security for Edmunds. “With a few clicks in Amazon Macie, it takes me only a minute to find out if keys are being shared. And we can also view the raw data in Macie to clearly see where the access sharing is coming from in our global environment. Overall, using Macie increases our critical data visibility and helps us mitigate risk in our organization.”
By taking advantage of Macie, Edmunds can better discover, classify, and protect its data, giving administrators actionable information about potential threats. Edmunds has a diverse and distributed environment, and Macie acts as an automated magnifying glass that reveals things that are otherwise difficult to notice. Additionally, Macie offers immediate and long-term benefits for Edmunds. “Right now, we can see exactly where our most sensitive data is within Amazon S3. In the future, we’ll be able to use Macie to view all our data logs and notice data-breach patterns we wouldn’t have been aware of,” says Zadgaonkar.
“AWS helps us keep pace with the rapid growth we see at Edmunds,” says Zadgaonkar. “We can move faster as a company when we want to roll out new features on the site, because of the elasticity and scalability we get by using AWS. And we are constantly exploring additional AWS services, because AWS enables us to focus on what we do well—maintain our product and create new features that make our website better for our end users.”
Learn more about Amazon Macie.