Achieve Optimal Data Security, Privacy, and Compliance in AWS

Unlocking data’s full potential in cloud environments requires organizations to balance data security, privacy, and regulatory compliance all at once. But this task is far from simple— teams find themselves grappling with potential data security and privacy vulnerabilities because of misconfigurations that inadvertently introduce security risks and data exposure.

There are several options to keep data secure, private, and compliant in AWS, or any other on-prem or cloud environment for that matter. Encryption offers powerful means of obfuscating Personally Identifiable Information (PII) and controlling unauthorized access to it.

However, complete data encryption can sometimes make data unreadable and unavailable for analytics.

Data tokenization, by means of vaultless, Format Preserving Encryption (FPE), has emerged as a state-of-the-art data obfuscation strategy that allows teams to work with data while keeping it private, secure, and compliant. This is why data tokenization is being widely appreciated and adopted.

Data tokenization uses an algorithm and a centrally managed symmetric encryption key to generate encrypted data, or tokens, with a specific format. Those tokens are recognized as original data, such as a social security number, credit card number, etc., but have no intrinsic value.

Take a “shift-left” approach to data security with Fortanix

For data tokenization best practices, it should be applied as early in the data lifecycle as possible. This helps to minimize sensitive data footprints and ensure its anonymity right from the moment of creation or ingestion.

Therefore, when sending data to AWS, it is best that the data is tokenized as it is ingested in AWS Glue, or other ETL tools, so users can easily prepare and load anonymized data that is ready for analytics. This way when data lands in S3 bucket, AWS Redshift, or AWS RDS, it is already secure, private, and compliant.

Choosing the right data tokenization solutions is critical to achieve the desired balance. Fortanix offers FPE under a unified data security and privacy platform.

The Fortanix Data Security Manager™ (DSM) delivers key lifecycle management, data masking and tokenization, and secure DevOps from a single modern, intuitive user experience. It comes with natively integrated with a FIPS 140-2 level 3 certified HSM, which offers a ​customer​ choice​ of deployment ​models:​ on-premises,​ virtual​ appliances ​running ​in ​private or ​public​ cloud, or as a fully managed SaaS across multiple global regions.

The ​DSM​ platform​ is ​powered​ by ​Confidential ​Computing,​ which ​ensures ​all ​cryptographic ​operations ​happen ​in​ a rusted execution environment, so all data in use is protected, even if the infrastructure is compromised.

Fortanix offers customizable tokenization policies that make it ​easy​ to ​create ​proprietary ​formats ​with ​delimiters, ​prefix,​ suffix,​ etc, as well as pre-build data tokenization formats for:

The tokenized data can be shared with 3rd parties or used internally with partial detokenization, depending on the application, users, and applied RBAC. Fortanix supports quorum control, where multiple admins must approve high-privilege actions such as viewing full original data.

For AWS environments, Fortanix offers External Key Store (XKS). This joint solution offered by AWS and Fortanix helps organizations with cloud sovereignty requirements and to meet data security and privacy regulations such as the GDPR and Schrems II.

To learn more about best practices for keeping sensitive data secure, private, and compliant in a structured, semi-structured and ​unstructured ​format​ inside​ an ​AWS​ environment, download Data Security and Sovereignty in AWS Cloud with Fortanix DSM ebook now.