This blog post is about AWS cloud information security policies on data privacy.
AWS customer maintains ownership and control of their content, including control over what content they choose to store or process using AWS services, which AWS services they use with their content, the Region(s) where their content is stored, the format, structure and security of their content, including whether itis masked, anonymized or encrypted, and who has access to their AWS accounts and content and how those access rights are granted, managed and revoked.
AWS provides customers with native and third-party tools to assist customer in securing and safeguarding their cloud accounts. Alternatively, “customers are also free to design and execute security assessments according to their own preferences, and can request permission to conduct scans of their cloud infrastructure as long as those scans are limited to the customer’s compute instances.”
Because customers might have geographic and other regional compliance requirements, customers have the freedom to choose the AWS Region or Regions in which their content and servers will be located. AWS clearly state, they will not move customer contents from a chosen region without the customer’s consent, except as legally required.
On who is allowed to access customer data in AWS, customers have the complete control to manage access controls, such as identity access management, permissions and security credentials which allow them to control the entire life-cycle of their content on AWS, and manage their content in accordance with their own specific needs, including content classification, access control, retention and deletion.
AWS will not access or use customer content without the customer’s consent, except as legally required and will never uses customer content or derives information from it for other purposes such as marketing or advertising. AWS states it is their practice is to notify customers where practicable before disclosing their content so they can seek protection from disclosure, unless we are legally prohibited from doing so or there is clear indication of illegal conduct in
connection with the use of AWS services.
More reading about Amazon Web Services Data Privacy can be found using the below reference:
Using AWS in the Context of Common Privacy & Data Protection Considerations, 2018