Cloud Storage Security

Additional Info

CompanyCloud Storage Security
Company size (employees)10 to 49
Headquarters RegionNorth America
Type of solutionCloud/SaaS


Given the flexibility and performance of managed storage services such as Amazon S3, a growing number of organizations use them as data stores for files uploaded by application users and file transfers, or to build data lakes to cost-effectively scale and analyze data.

Ingesting data from external sources without scanning it for advanced threats can become a vector for virus payloads. According to the AWS Shared Responsibility Model, the organization using the storage service is responsible for the security of the data. This includes ensuring that the data is free of malware; AWS does not automatically scan for advanced threats.

What’s more, the data may contain sensitive information, which requires additional safeguards to meet data privacy requirements, prevent compliance violations, and ensure security. But finding, classifying, and managing sensitive data is not an easy task.

Traditionally, organizations have had to purchase an expensive and complex data security platform or build their own solution in house to detect ransomware and viruses or prevent data loss. Today they use Cloud Storage Security (CSS).

Key Capabilities / Features

AWS storage support: Protects data in Amazon S3, Amazon WorkDocs, Amazon EBS, Amazon EFS and Amazon FSx. CSS solutions are built for and powered by AWS.

Automated serverless solution: This container-based solution provides the ability to scale to meet any data volume with a lower cost for AWS infrastructure, no downtime, no interruptions, and no patching.

Multiple virus detection engines: Customers have the ability to use premium, industry-trusted engines that employ signature-based, behavioral genotype, or signature-less, machine learning detection methodologies. Multiple engines may be used to increase scanning accuracy and efficiency while keeping costs and management work to a minimum. No volume or file size limits.

Harnesses three decades of DLP experience: CSS provides an automated solution that leverages data classification to identify sensitive data at petabyte scale and quarantine objects / files across all S3 buckets and EC2 (EBS volumes). Knowing what PII exists and automatically protecting it enables customers to proactively manage data privacy and protection as well as compliance with frameworks such as SOC 2, PCI DSS, and HIPAA.

Visibility into configurations: Users can identify secure and insecure permission policies as well as see encryption status.

Multiple accounts and cross-account scanning support: Manage CSS from a centralized security services account and extend protection to additional accounts and workloads automatically; CSS auto discovers data in storage.

SIEM integrations: Can send notifications to email, ticketing systems, Splunk, Slack; ingest logs into existing SIEM integrations; manage incidents through AWS Security Hub and its third party integrations. Plus, all intelligence can easily be exported.

Fully-featured free trials in AWS Marketplace.

How we are different

Instead of sending data to an outside location for scanning as with SaaS solutions, Cloud Storage Security solutions run directly in the customer’s AWS account, which meets compliance and data residency requirements. Moreover, VPC endpoint and private deployment options meet the most stringent security requirements. Plus, CSS runs in AWS GovCloud and Commercial regions.

Multiple scan models allow customers to easily integrate the solution into any workflow running on AWS without disruption—scan data in real-time as it’s added to storage; scan existing data on a scheduled basis; or scan new data before it’s written. Organizations can baseline scan all existing data quickly to ensure security or if they suspect a breach as well as meet rescanning requirements (as mandated in frameworks such as NIST).

CSS’s Antivirus and Data Loss Prevention solutions can be accessed as standalone solutions or used together. Users can get up and running from AWS Marketplace in under 15 minutes via a CloudFormation template or Terraform.