🐾How to secure your data on AWS🐾
🤓 Protecting your data from unauthorized deletion is quite important, especially in times of social engineering progress powered by GenAI. Leveraging AWS cloud services can help with protecting your data from unauthorized access and deletes.
You can implement the following approaches to protect your data:
1️⃣ Create a standalone backup account outside AWS Organization
Establish a dedicated AWS account specifically for data backup purposes. This ensures the segregation of roles and permissions, especially when you use AWS Organizations. In this case, if someone gets access to your organization's root account - they can control SCPs, get access to other organization accounts, and even delete them.
2️⃣ Implement a two-person rule
Enforce a two-person access control mechanism. By requiring the involvement of two authorized individuals to perform actions like login to the root account, you mitigate the risk that someone can access the root account when the credentials of one person were compromized.
3️⃣ Utilize S3 Object Lock in Compliance mode
Leverage the Amazon S3 Object Lock feature in Compliance mode to prevent unauthorized deletions of your data. This setting enforces a retention policy, ensuring that objects remain immutable for a specified duration and no one can delete them despite the rights and accesses.
4️⃣ Use AWS Backup service to simplify configuration process
Explore the capabilities of the AWS Backup service, designed specifically for securely managing backups across various AWS resources. AWS Backup simplifies the process of creating and managing backups while offering features such as encryption, cross-region replication, and centralized monitoring.
Thank you for reading, let’s chat 💬
💬 Which approaches do you use to secure your backups?
💬 Have you ever experienced issues with the Backup service?
💬 Have your data ever been attacked?
I love hearing from readers 🫶🏻 Please feel free to drop comments, questions, and opinions below👇🏻
