Spend less time building custom solutions to monitor and protect your data, focus on deriving insights from data. Amazon Redshift supports industry-leading security with built-in identity management and federation for single-sign on (SSO), multi-factor authentication, column-level access control, row-level security, role-based access control, Amazon Virtual Private Cloud (Amazon VPC), and faster cluster resize. With Amazon Redshift, your data is protected in transit and at rest. All Amazon Redshift security features are offered out-of-the-box at no additional cost to satisfy the most demanding security, privacy and compliance requirements. You get the benefit of AWS supporting more security standards and compliance certifications than any other provider, including ISO 27001, SOC, HIPAA/HITECH, and FedRAMP, helping satisfy compliance requirements for virtually every regulatory agency around the globe.
Best infrastructure security
Control network access to your data warehouse cluster through firewall rules. Using Amazon Virtual Private Cloud (VPC), you can isolate your Redshift data warehouse cluster in your own virtual network, and connect to your existing IT infrastructure using industry-standard encrypted IPSec VPN without using public IPs or requiring traffic to traverse the Internet. You can keep your data encrypted at rest and in transit. With AWS supporting more security standards and compliance certifications than any other provider, you can rest assured that compliance requirements for every regulatory agency are satifisfied.
Continuous audit and compliance
Amazon Redshift integrates with AWS CloudTrail to enable you to audit all Redshift API calls. Redshift logs all SQL operations, including connection attempts, queries, and changes to your data warehouse. It enables faster delivery of audit logs for analysis by minimizing latency while also adding Amazon CloudWatch as a new log destination. You can choose to stream audit logs directly to Amazon CloudWatch for real-time monitoring. Amazon Redshift offers a strong compliance framework and advanced tools and security measures that customers can use to evaluate, meet, and demonstrate compliance with applicable legal and regulatory requirements.
Comprehensive Identity Management
Access to Amazon Redshift requires credentials that AWS can use to authenticate your requests. Those credentials must have permissions to access AWS resources, such as an Amazon Redshift cluster. You can use AWS Identity and Access Management (IAM) and Amazon Redshift to help secure your resources by controlling who can access them.
Most granular authorization
Role-based Access Control (RBAC) helps you simplify the management of security privileges in Amazon Redshift and control end user access to data at a broad or granular level based on their job role/permission rights and level of data sensitivity. You can also map database users to IAM roles for federated access. Column-level Access Control helps manage data access on the column level. Users can only access and perform tasks on the columns, which they have privilege to based on users' roles. Row-level Security allows you to restrict row access based on roles. You can combine multiple policies. By combining column-level access control and RLS, Amazon Redshift customers can provide comprehensive protection by enforcing granular access to their data.
"We’re excited about this new and deeper level of integration with Amazon Redshift. Our joint customers in security-forward and highly regulated sectors including Financial Services, Healthcare, and Pharmaceutical need to have incredibly fine-grained control over which users are allowed to access what data, and under which specific contexts. The new role-level security (RLS) capabilities will allow our customers to precisely dictate data access controls based on their business entitlements while abstracting them away from the technical complexities. The new Amazon Redshift RLS capability will enable our joint customers to model policies at the business level, deploy and enforce them via a security-as-code model, ensuring secure and consistent access to their sensitive data."
Ganesh Kirti, founder and CEO - TrustLogix