Essential Guide

Browse Sections

Editor's note

Storing data in the cloud has become more enticing to enterprises. Not only have prices gone up for on-premises data storage, but it can be a nightmare for IT teams to maintain the infrastructure needed to securely store growing volumes of structured and unstructured data.

AWS offers a variety of services to store, manage and analyze data. More importantly, AWS provides security and encryption options to protect data at rest and in transit. And each new product launch adds to the ever-expanding AWS data management portfolio.

IT teams need to keep pace with the twists and turns of the cloud giant's technology. While some enterprises still have concerns over data privacy and security in the cloud, AWS has made many attempts over the years to draw in those customers by assuaging their security fears while offering a more cost-effective option to on-premises hardware. In this essential guide, we explore different AWS data management services and options.

1Data encryption and security

AWS adheres to a shared responsibility security model. This means the cloud provider does what it can to secure its infrastructure and supply security tools, but customers must work to address application vulnerabilities. One way to secure data is through encryption. The AWS Key Management Service enables enterprises to manage the encryption keys or let AWS handle that process -- rendering data unreadable to anyone other than the administrator in both cases. Amazon Identity and Access Management (IAM) restricts access to files and resources, depending on roles set by cloud admins, which can further prevent data from falling into the wrong hands. Admins can establish roles with IAM and set policies with other services, such as protecting S3 buckets and using them to control encryption in motion. IT teams must evaluate the security needs of their businesses and customers and make sure AWS can accommodate those needs. AWS has a variety of compliance certifications, but customers with particularly sensitive data might choose to keep some or all of it on premises.