SEC 8: How do you classify your data?
Classification provides a way to categorize data, based on levels of sensitivity, to help you determine appropriate protective and retention controls.
Define data classification requirements: Define data classification requirements to meet your organizational, legal, and compliance requirements.
Define data protection controls: Protect data according to its classification level; for example, secure publicly accessible data by using best practices while protecting sensitive data with additional controls.
Automate identification and classification: Automate identification and classification of data to reduce the risk of human error.
Identify the types of data: Be aware of the types of data in your workload to help you implement controls to meet organizational, legal, and compliance requirements.
Define data classification requirements
Define requirements that will help you categorize and classify data.
- Identify compliance requirements: Discover the organizational, legal, and compliance requirements your workload needs to comply with.
- Identify AWS compliance resources: Identify resources that AWS has available to assist.
AWS cloud compliance
- Define your data identification and classification schema: Identification and classification of your data is performed to assess the potential impact and type of data you store, and who can access it.
Implement data identification and classification
Implement defined data identification and classification strategy.
- Configure AWS resource tagging: Implement resource tags for S3 buckets and objects, EBS volumes, RDS databases, and other AWS services that
store data to easily identify their classification level.
AWS Tagging Strategies
- Consider Amazon Macie: Amazon Macie uses machine learning to automatically discover and classify data stored in Amazon S3.