This chapter covers
- Modelling applications with data flow diagrams
- Using AWS Key Management Service for encryption at rest
- Enabling backups or versioning to protect against and remediate attacks
- Using and enforcing secure protocols when transferring data
- Keeping detailed logs with built-in AWS services
- Identifying and protecting potentially sensitive data with Amazon Macie
It seems that every week or so there’s another high-profile data breach in the news. Just in the last couple of weeks, I’ve seen announcements from a major hotel chain, a large video game company, and two cruise lines about leaks of customer data. The alarming rate at which these breaches occur is evidence of how common vulnerabilities in data security are as well as the persistence of the attackers looking for your data. The information in this chapter can help you protect your organization from the attacks that have put these companies in the headlines.