Protecting your customers’ personal data is a legal and moral obligation for any business that collects and stores personal information about their customers. There are a growing number of attack vectors being used by criminals to obtain sensitive and personal data, and so you must do all you can to ensure the right security measures are in place.
The Challenge of Privacy
In the offline world, a potential attacker could look through the trash for a discarded hard drive, then try and recover any data that remains on it. There are plenty of businesses like Secure Data Recovery who can recover data from a hard drive, and there are even more basic ways of recovering data using free software. Because of this, it is vital that businesses take the extra step of securely erasing any hard drives before disposing of them.
Similarly, when you ask your users to entrust their data to an AWS-based cloud application, there are some extra things you need to take into consideration.
Some data is more important than other data, particularly from a privacy standpoint. If your AWS app handles information covered by HIPAA, for example, you will need to ensure that your data protection measures are HIPAA compliant. While you should aim to ensure that every piece of personal data is only ever available to people or routines that need access to it, it is important to understand which pieces of data are the most likely to be of interest to an attacker.
This sounds more complicated than it is. Security-zone modeling is something we touched on above – keeping all your sensitive data contained so that it is only accessed when it is needed. Think of these zones as being like literal containers. As long as your sensitive data is in a container, no one can read it. As long as you make sure that the only things that ever look in the container are routines that need to access that data, you will massively reduce the chances of anyone being able to steal it.
AWS gives you a good deal of control over your policies via AWS network access control lists. Combining an effective security-zone model with a solid data classification policy will go a long way to keeping your customer data secure in the cloud.
Defense in-depth strategies use multiple layers of security combined together, ensuring that there are redundancies in place should any layer fail. There are two types of security control available to you – preventative and detective.
Preventative controls include things like distributed denial of service (DDOS) protection, network isolation, application-layer threat prevention, and identity and access management.
Detective measures, on the other hand, enable you to identify potential threats and incidents in real-time. Detective measures include things like detecting unauthorized traffic on your network and conducting live audits of your systems to identify any unauthorized activity.
If your AWS apps are collecting, storing, or even just handling sensitive customer data, it is imperative that you put effective security measures in place. Failing to protect your customers’ data could result in you facing serious repercussions to both your reputation and your bottom line.