Implementing Data Diode Pattern on AWS for Data Loss Prevention (DLP) and Zero Trust Access Control

Feb 26, 2023 06:00 pm Cyber Security 126
Implementing Data Diode Pattern on AWS for Data Loss Prevention (DLP) and Zero Trust Access Control


Author: Matt Venne, Solutions Director, stackArmor, Inc.

One of the biggest challenges that cloud architects and security professionals have is protecting “sensitive” data.  This challenge is multiplied when that sensitive data must move between different systems for analysis and consumption.  Data security is difficult in such a dynamic scenario that requires special tooling and techniques to prevent the sensitive digital data from leaving its designated areas. Typically these tools and techniques are called Data Loss Prevention or DLP for short.  The marketplace has no shortage of DLP solutions; they can be network-based, examining data in flight at central egress points – e.g., firewalls; or agent-based, installed on a device, such as a workstation, to examine data at rest to programmatically identity which data is sensitive.  Often, they are used in conjunction, agents identify sensitive data and network firewalls block the data identified by the agents from leaving.


Data Loss Prevention (DLP)


Data Loss Prevention (DLP) solutions whether custom or third-party must be carefully evaluated for cost, compliance, performance and solution-fit. DLP is a difficult problem to solve given the wide variety of scenarios. For example, a malicious insider can just insert a USB drive into their laptop and exfiltrate the sensitive data, bypassing all DLP mechanisms on the server in the process. This generally requires a layered approach to DLP which at times degrade the customer experience because those controls are overly prohibitive and seriously impact day-to-to productivity. Also, many DLP  of these tools were simply not designed for the cloud. An additional dimension to DLP is auditors and compliance. Many of our customers operate in highly regulated markets that require FedRAMP, FISMA/RMF, StateRAMP or CMMC 2.0 compliance. Any DLP solution implemented in such environments must comply with these requirements thereby restricting ..

Support the originator by clicking the read the rest link below.

implementing diode pattern prevention trust access control
Read The Rest from the original source
securityboulevard.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!