FAQ: Cloud Optimization and Cost Savings in AWS
Q: Why does unstructured data need protection?
A: Unstructured data makes up at least 80% of all enterprise data, and it’s growing at a rate of 55 to 65% annually. This is four times faster than structured data — and yet unstructured data is still underserved in the encryption space.
The privacy of unstructured data relies on the filesystem or the storage service it resides in. This can create privacy issues, as infrastructure administrators (e.g., cloud storage admins) will always have access to that data.
Q: How does ShardSecure offer companies flexibility in AWS?
As the world’s largest cloud service provider, AWS offers many different storage tiers within broad categories like Amazon Elastic Block Store (EBS), Amazon Elastic File System (EFS), and Amazon Simple Storage Service (S3).
ShardSecure’s technology allows companies to utilize any AWS storage type they want — even if they have a legacy application that otherwise couldn’t switch to cheaper object storage without being rewritten.
Q: How does ShardSecure support cost savings in AWS?
Costs vary widely in AWS. Compare the price of S3 Infrequent Access at $0.013 per GB per month, with the cost of EFS Standard at $0.3 per GB per month. These fractions of a cent add up for large amounts of data. At those prices, 250 TB of data per year would cost $38,400 in S3 versus $921,600 in EFS — a factor of 24.
ShardSecure provides the flexibility for your company to store data in the cheapest tier that works for you.
Q: What other issues can arise in AWS?
A: Misconfigurations and breaches are unfortunately common in AWS. Data is regularly left exposed by errors like public access to S3 buckets, outdated IAM policies, key rotation problems, and unsecured backups.
Some recent high-profile AWS misconfigurations include:
- The exposure of more than 1.6 million files containing personal identifiable information (PII) from 80 US municipalities in 2021.
- The exposure of 6.5 TB of airport data, including navigation information, proprietary software, and airline crew PII, in 2022.
- The exposure of personal data for 3 million senior citizens via the website SeniorAdvisor.
- The exposure of personal data for 3 million people via the online booking website FlexBooker.
Fortunately, strong data protection software can mitigate the impact of not only misconfigurations but also AWS outages, ransomware attacks, and more.
Q: How does ShardSecure provide advanced data security in AWS?
A: Our technology protects unstructured data and metadata in specific files, folders, and storage locations. By splitting data into very small pieces (microshards) and then distributing those containers to multiple customer-owned storage locations, we ensure that data is unintelligible to everyone from cloud providers to cyberattackers. That way, even if buckets are misconfigured and PII or other critical data are left exposed, third parties cannot actually read or reconstruct that data.
Our solution works with multiple AWS buckets, a mix of AWS and other storage providers, or even AWS and on-prem data centers to store their material. Regardless of the configuration you choose, your data will remain secure from internal and external threats.
Q: Can sensitive data be reconstructed by an external user?
A: Even in the highly unlikely scenario that an unauthorized user is able to gain access to all the microshards from every storage location for a given data set, that data still cannot be reassembled. Here’s why:
- Our solution strips file content, filenames, file extensions, and all other metadata, meaning that there is not enough identifying information for a third party to reconstruct anything.
- Our solution allows organizations to configure the amount of poison data they add to their own data before it’s distributed.
- Finally, our technology requires multiple components to be used in concert with both each other and the complete data set for reassembly, meaning that it’s not possible for anyone to deploy their own instance of ShardSecure to reassemble data.
Q: How difficult is it to implement ShardSecure?
A: ShardSecure is quick and seamless to integrate, with only one line of code change needed to get started. It’s also easy to manage, with “set and forget management.”
Our technology functions transparently, so workflows don’t change for users. It is vendor-agnostic and works in the background as a zero-downtime event without the overhead and complexity of traditional file-level encryption.
Q: ShardSecure supports cost savings and security in AWS. What else does it do?
A: Quite a lot. Our technology was designed to provide advanced data protection while keeping control in the hands of data owners. It can:
- Neutralize ransomware in the cloud, including the threat of double extortion.
- Support compliance with cross-border data regulations like the GDPR, Canada’s PIPEDA, Japan’s APPI, Brazil’s LGPD, and many more.
- Offer unbeatable data resilience in the face of outages and attacks with self-healing data and high availability.
- Provide secure cold-storage migration from on-premises to the cloud for cost savings.
- And more.