Amazon Web Services announced a series of major enhancements to Amazon Macie, delivering important new features, greater availability worldwide, and substantially reduced pricing. The new features include updated machine learning models for more accurate detection of Personally Identifiable Information (PII), support for customer-defined data types, and native multi-account management with AWS Organizations.
Amazon Macie now expands to 17 AWS Regions worldwide, with more regions coming online over the next few months. And, new Amazon Macie service optimizations enable customers to discover and protect their sensitive data in AWS at an 80% or greater discount compared to previous pricing. There are no additional charges or upfront commitments required to use Amazon Macie, and customers pay only for the data processed and Amazon Simple Storage Service (Amazon S3) buckets evaluated.
As organizations continue to manage growing volumes of information, they need to identify and locate their sensitive data to ensure it is properly protected and being maintained in accordance with various regulatory compliance requirements. However, discovering and protecting this data at scale is an expensive and time-consuming process that can be prone to error.
Amazon Macie reduces this burden by providing a scalable and cost-efficient service that helps customers more easily discover and protect their sensitive data in AWS. Once enabled with one click in the AWS Management Console, Amazon Macie automatically provides customers with a full inventory of their Amazon S3 buckets. Customers simply select the buckets they would like to submit for sensitive data discovery, and Amazon Macie scans these buckets using machine learning and pattern matching to identify and categorize the data against a predefined set of common sensitive data types. Customers receive actionable security findings enumerating any data that fits these sensitive data types, including PII (e.g. customer names and credit cards numbers) and categories defined by privacy regulations, such as The General Data Protection Regulation (GDPR) and The Health Insurance Portability and Accountability Act (HIPAA).
Amazon Macie also automatically and continually evaluates bucket-level preventative controls for any buckets that are unencrypted, publicly accessible, or shared with accounts outside of a customer’s organization, allowing customers to quickly address unintended settings on buckets that have been identified to contain potentially sensitive data.
Over the last several months, Amazon Macie’s data discovery engine has been completely rearchitected to make better use of the underlying storage and compute resources and perform even faster and more scalable detection. These optimizations have enabled an 80% reduction in price from $5 per GB processed to $1 per GB, with the price decrease exceeding 90% for high-volume customers. Complementing the price reduction, the service now features several new or evolved capabilities. Amazon Macie’s machine learning models have been updated to deliver even more accurate detection across a growing list of PII types. For example, the models have been enhanced to better support international customers by more effectively recognizing geographic variations in data types, such as the differences in mailing address formats in the U.S. and Germany or regional naming conventions that are difficult to detect through standard pattern matching.
Customers can also now create their own data types using regular expression – a widely used standard for defining search patterns – enabling Amazon Macie to discover sensitive data that is specific to a customer’s business or formatted uniquely within an organization (e.g. patient ID numbers or internal product designations). And, with the new integration between Amazon Macie and AWS Organizations, a single administrator can now manage up to 5,000 member accounts (for centralized administration across large enterprises), automatically enable and link all future accounts (without needing to manually onboard new users), create and administer Amazon Macie data discovery jobs across accounts, and manage findings across an entire organization.
“Virtually every customer we talk to says they can benefit from having more complete visibility into their sensitive data, but it’s currently expensive and time-consuming to discover and catalog this information on their own,” said Dan Plastina, Vice President for External Security Services at AWS. “Customers have consistently told us that Amazon Macie solves this challenge much better than other tools, but that it needed to be more cost-effective to use at the scale they wanted. Today’s launch culminates a year of rearchitecting work to make Macie 80% to over 90% less expensive, giving far more customers around the world the ability to use Macie to protect their sensitive data at scale and effectively meet compliance requirements like GDPR.”
Getting started with Amazon Macie is fast and easy with one click in the AWS Management Console or a single API call. Customers can try Amazon Macie now with a 30-day free trial using this same simple process. The trial includes 30 days of Amazon S3 bucket inventory and bucket-level security assessment at no cost.
Customers can view a cost estimate in the Amazon Macie console to see what their estimated total monthly spend would be once the trial ends. Amazon Macie also includes 1 GB of data processed for sensitive data discovery per month at no cost. This free tier offer does not expire and is not bound by the 30-day free trial period.
Amazon Macie is available today in the US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with availability in additional Regions in the coming months.
TIBCO Software Inc. unlocks the potential of real-time data for making faster, smarter decisions. “The security of our customers’ data is a top priority for TIBCO and we developed comprehensive data privacy policies to ensure sensitive information in Amazon S3 is continuously protected using encryption and access control,” said Matt Quinn, Chief Operating Officer, TIBCO. “With its enhancements and lower cost, we look forward to using Amazon Macie to help us identify sensitive data at scale, and use its findings to help ensure that our sensitive data is where it should be – tagged according to our security policies – and under tight access controls at all times.”
Edmunds guides car shoppers online from research to purchase. “We prefer AWS-native security services because of their seamless integration with other AWS services, their cost effectiveness, and ease of use,” said Stephen Felisan, CTO, Edmunds. “Amazon Macie’s full API coverage for programmatic use of the service and its integration with AWS Organizations helps us to easily use the service and allows us to manage data security across all our accounts from a single place.”
Digital Guardian delivers enterprise-class data loss prevention (DLP) spanning endpoints to cloud storage.
“We’re focused on a comprehensive approach to safeguarding our customers’ sensitive data from all threats, so providing seamless integrations with the best complementary technologies available is an important part of that strategy,” said Mo Rosen, CEO, Digital Guardian. “Amazon Macie has always been a powerful tool for discovering and protecting sensitive data in AWS, and these updates make it even more valuable. Our integration will provide unified data protection by recognizing Macie classification tags and mirroring the required security controls when data moves from the AWS cloud to an endpoint device.”