AWS Announces Major Enhancements to Amazon Macie
May 2020 by Marc Jacob
Amazon Web Services Inc. (AWS), an Amazon.com company, announced a series of major enhancements to Amazon Macie, delivering important new features, greater availability worldwide, and substantially reduced pricing. The new features include updated machine learning models for more accurate detection of Personally Identifiable Information (PII), support for customer-defined data types, and native multi-account management with AWS Organisations. As of today, Amazon Macie expands to 17 AWS Regions worldwide, with more regions coming online over the next few months. And, new Amazon Macie service optimisations enable customers to discover and protect their sensitive data in AWS at an 80% or greater discount compared to previous pricing. There are no additional charges or upfront commitments required to use Amazon Macie, and customers pay only for the data processed and Amazon Simple Storage Service (Amazon S3) buckets evaluated.
As organisations continue to manage growing volumes of information, they need to identify and locate their sensitive data to ensure it is properly protected and being maintained in accordance with various regulatory compliance requirements. However, discovering and protecting this data at scale is an expensive and time-consuming process that can be prone to error. Amazon Macie reduces this burden by providing a scalable and cost-efficient service that helps customers more easily discover and protect their sensitive data in AWS. Once enabled with one click in the AWS Management Console, Amazon Macie automatically provides customers with a full inventory of their Amazon S3 buckets. Customers simply select the buckets they would like to submit for sensitive data discovery, and Amazon Macie scans these buckets using machine learning and pattern matching to identify and categorise the data against a predefined set of common sensitive data types. Customers receive actionable security findings enumerating any data that fits these sensitive data types, including PII (e.g. customer names and credit cards numbers) and categories defined by privacy regulations, such as The General Data Protection Regulation (GDPR) and The Health Insurance Portability and Accountability Act (HIPAA). Amazon Macie also automatically and continually evaluates bucket-level preventative controls for any buckets that are unencrypted, publicly accessible, or shared with accounts outside of a customer’s organisation, allowing customers to quickly address unintended settings on buckets that have been identified to contain potentially sensitive data.
Over the last several months, Amazon Macie’s data discovery engine has been completely rearchitected to make better use of the underlying storage and compute resources and perform even faster and more scalable detection. These optimisations have enabled an 80% reduction in price from $5 per GB processed to $1 per GB, with the price decrease exceeding 90% for high-volume customers. Complementing the price reduction, the service now features several new or evolved capabilities. Amazon Macie’s machine learning models have been updated to deliver even more accurate detection across a growing list of PII types. For example, the models have been enhanced to better support international customers by more effectively recognising geographic variations in data types, such as the differences in mailing address formats in the U.S. and Germany or regional naming conventions that are difficult to detect through standard pattern matching. Customers can also now create their own data types using regular expression – a widely used standard for defining search patterns – enabling Amazon Macie to discover sensitive data that is specific to a customer’s business or formatted uniquely within an organization (e.g. patient ID numbers or internal product designations). And, with the new integration between Amazon Macie and AWS Organisations, a single administrator can now manage up to 5,000 member accounts (for centralised administration across large enterprises), automatically enable and link all future accounts (without needing to manually onboard new users), create and administer Amazon Macie data discovery jobs across accounts, and manage findings across an entire organisation.
Getting started with Amazon Macie is fast and easy with one click in the AWS Management Console or a single API call. Customers can try Amazon Macie now with a 30-day free trial using this same simple process. The trial includes 30 days of Amazon S3 bucket inventory and bucket-level security assessment at no cost. Customers can view a cost estimate in the Amazon Macie console to see what their estimated total monthly spend would be once the trial ends. Amazon Macie also includes 1 GB of data processed for sensitive data discovery per month at no cost. This free tier offer does not expire and is not bound by the 30-day free trial period.
Amazon Macie is available today in the US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Canada (Central), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Hong Kong), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), and South America (Sao Paulo) regions, with availability in additional Regions in the coming months.