Identify How to Ensure Data Integrity
AWS Big Data Exam updated to AWS Certified Data Analytics Specialty.
Data integrity is the maintenance of, and the assurance of
- the accuracy of data
- and consistency of data
over its entire life-cycle.
A data store’s classification must consider confidentiality, availability, and integrity as a baseline for data security.
- Confidentiality – Only authorized access permitted.
- Integrity – Completeness, accuracy and freedom from unauthorized change.
- Availability – Accessibility and usability when required.
Amazon S3, by default, provides object metadata for every object including:
- Date
- Content-Length
- Last-Modified
- Content-MD5
The AWS Cloud Adoption Framework (AWS CAF) covers five key capabilities:
- AWS Identity and Access Management (IAM): Define, enforce, and audit user permissions across AWS services, actions, and resources.
- Detective control: Improve your security posture, reduce the risk profile of your environment, and gain the visibility you need to spot issues before they impact your business.
- Infrastructure security: Reduce the surface area of the infrastructure you manage and increase the privacy and control of your overall infrastructure on AWS.
- Data protection: Implement appropriate safeguards that help protect data in transit and at rest by using natively integrated encrypted services.
- Incident response: Define and execute a response to security incidents.as a guide for security planning.
The following security best practices also address data protection in Amazon S3:
- Implement server-side encryption
- Enforce encryption of data in transit
- Consider using Amazon Macie with Amazon S3
- Identify and audit all your Amazon S3 buckets
- Monitor AWS security advisories
- Implement least privilege access
- Use IAM roles for applications and AWS services that require Amazon S3 access
- Enable multi-factor authentication (MFA) Delete
- Consider encryption of data at rest
- Enforce encryption of data in transit – Allow only encrypted connections over HTTPS (TLS) using the aws:SecureTransport condition on Amazon S3 bucket policies.
- Consider Amazon S3 Object Lock – Amazon S3 Object Lock enables you to store objects using a “Write Once Read Many” (WORM) model.
- Consider VPC endpoints for Amazon S3 access
Security Monitoring and Auditing Guidelines
- Identify and audit all your Amazon S3 buckets
- Implement monitoring using AWS monitoring tools
- Enable Amazon S3 server access logging
- Use AWS CloudTrail
- Enable AWS Config
- Consider using Amazon Macie with Amazon S3
- Monitor AWS security advisories
AWS Certified Big Data - Specialty Free Practice TestTake a Quiz