Protect sensitive data using Microsoft Purview Information Protection for Amazon S3 buckets
Published Nov 15 2023 08:00 AM 2,821 Views
Microsoft

Data is one of the most valuable assets for any organization, but it also comes with many challenges and risks. Data can be stored in various formats and locations such as cloud, on-prem, and it can be accessed by different users, applications, and devices. How can organizations ensure that their data is secure and compliant with various regulations and policies?

 

Microsoft Purview is a unified data governance service that helps organizations discover, catalog, classify, and protect their data across multiple sources and platforms. With Microsoft Purview, you can apply sensitivity labels to your data assets based on their content and context and enforce label-based policies to restrict access and usage.

 

One of the key features of Microsoft Purview is the ability to create and manage label-based policies for a range of data sources, including Amazon S3 buckets. Amazon S3 is a popular cloud storage service that allows you to store and retrieve any amount of data from anywhere on the web. However, storing sensitive data in S3 buckets also poses some challenges, such as:

  • How can you identify and classify the sensitive data in your S3 buckets?
  • How can you prevent unauthorized access or leakage of your sensitive data?
  • How can compliance and data teams collaborate to protect sensitive data from unauthorized access?

Microsoft Purview helps you address these challenges by providing the following benefits:

  • You can scan your S3 buckets and automatically apply sensitivity labels to your files and folders based on predefined rules. For example, you can label files that contain personal information, financial data, or health records as “Highly confidential”.
  • You can create and apply label-based policies to your S3 buckets to restrict access and usage of your sensitive data. For example, you can deny access to everyone except a specific user for files labelled as “Highly confidential”. In case of S3, the deny actions will deny read, write, delete, copy and move based on the sensitivity labels.

To illustrate how Microsoft Purview works with S3 buckets, let’s look at an example scenario:

  • You are an Enterprise Admin of an e-commerce company that stores customer orders and transactions in an S3 bucket named “orders”.
  • You want to protect the sensitive data in your S3 bucket, such as customer names, addresses, phone numbers, email addresses, credit card numbers, etc.
  • You create and publish a sensitivity label that must be applied on both files and schematized data.

        Figure 1: Creating and publishing policyFigure 1: Creating and publishing policy

  • You use Microsoft Purview's data map to scan your S3 bucket and apply sensitivity labels to your files and folders based on the content and context. In this example, the scan is completed and data policy enforcement is enabled.  Figure 2: Enable policy enforcement and initiate scanFigure 2: Enable policy enforcement and initiate scan
  • The scan of data automatically applies sensitivity labels to your files and folders based on the content and context. For example, you label files that contain credit card numbers as “Highly confidential” and files that contain customer names as “Confidential”.

    Figure 3: The sensitivity label has been appliedFigure 3: The sensitivity label has been applied
  • You create and apply label-based policies to your S3 bucket to control access and usage of your sensitive data. For example, you deny access to everyone except the system administrator for files labelled as “Highly confidential and deny access to everyone except the customer manager for files labelled as “Confidential”.
    Figure 4: Create and publish protection policyFigure 4: Create and publish protection policy

By using Microsoft Purview with S3 buckets, you can achieve the following outcomes:

  • You can discover and classify your sensitive data in S3 buckets with ease and accuracy.
  • You can protect your sensitive data in S3 buckets with protection policies.
  • You can ensure compliance with various regulations and policies for your sensitive data in S3 buckets.

                    

Get started

  • At Ignite we are launching a gated public preview of Microsoft Purview Information Protection policies.
  • Learn more about Azure SQL and storage Microsoft Purview Information Protection policies here.
Version history
Last update:
‎Mar 31 2024 01:36 PM
Updated by: