How to Secure and Simplify End User Access to Amazon S3 Object Storage for Remote Workers

AmazonS3As remote working settles into becoming more and more of a reality for many companies our experience is that many companies wish to facilitate direct end user access to Amazon’s Simple Object Storage, Amazon S3.

The reasons they want to do this are:

    1. Amazon S3 can handle extremely large files unlike consumer storage services and consumer Apps like Microsoft Teams which has a 2GB file size limit.
    2. Amazon do not implement bandwidth throttling like the consumer file service providers do. Working from home with large’ish files means that such caps can quickly become a problem
    3. As more people work from home on consumer style services the services have slowed down as they hit capacities not envisioned. Amazon S3 was built to scale and offers stellar performance capabilities.
    4. Cost and ROI are of course another big factor as Amazon S3 is one of the cheapest storage services around.

Companies do hit challenges with how they can put Amazon S3 into the hands of their end users in a way that satisfies cybersecurity and data compliance polices. Many of these challenges break out into the following:

    1.  Amazon Authentication and policy management is complex. Companies want ‘simple but secure’. We wrote a prior blog post about this which you can read here.
    2. Companies want their end user workflows to remain similar to how users worked from the office ie.  to use Amazon S3 more as a tradition Posix based file system  accessible on both Web and Desktop.
    3. Companies want to ensure there is a way to facilitate Compliance and Governance of end user data.
    4. No Lock in – Companies do not want their data obfuscated in a way that it becomes unusable to them and they therefore become more and more locked in the more data is consumed.
    5.  Strong, secure sharing controls – companies need their remote employees to collaborate, both internally and externally but they want to ensure that it is done in a way which is secure and controllable, after all they do not want to be come the next high profile ‘Amazon breach’ victim.

The Enterprise File Fabric was designed form the ground up to work with object storage as well as file storage. In fact of the 60 storage solutions we now connect to, Amazon S3 was the very first storage connector we built , all the way back in 2010 !

Here at Storage Made Easy we have a short mantra ‘ Connect, Index, Protect’. Essentially the product ‘smart indexes’ the remote s3 content creating a virtual file system that users access to interact with the Amazon data. Once the data is indexed a lot of the other services we provide kick in, such as the deep content indexing, and the PHI / PII content discovery etc.

Lets map what the File Fabric does to offset the challenges we talked about above:

    1. Authentication: The File Fabric integrate directly into a companies existing Active Directory, LDAP or SAML authentication enabling single-sign-on with existing domain credentials to Amazon S3 data for users. It also pulls back the existing roles/groups and offers sophisticated Access Controls (ACL’s) just like what administrators of file based storage are used to. Additionally the File Fabric can add TOTP Two-Factor Authentication for additional security.

    S3 SAML.

    2. Retain existing end user workflows to make IT support easier:  Whereas the File Fabric enables Amazon S3 data to be available from a web browser or mobile device , it also integrates directly into a users desktop as a native ‘home drive’ just like users had when they were in the office connected to the NAS or SAN. Additionally the File Fabric is integrated with best of breed applications such as Microsoft Office 365 so users can easily collaboratively edit documents with their chosen services.

    AmazonS3 Web

    3. Strong Compliance and Governance:  Every action that a user takes with the File Fabric is audited, no matter whether it is web, mobile or desktop. These are exportable, searchable, and can be used for SAR’s (Subject Access Requests) for Compliance purposes. Additionally there are strong policy controls for all aspects of end user interactions with data.

    File Fabric Policies

    4. No Lock In: There is zero lock-in with the File Fabric. It does not transcode or obfuscate data at all. Even the File Fabric’s fast file transfer, feature, M-Stream, is implemented in a totally non-proprietary way.

    5. Strong Secure Sharing Controls: The business will never need to make a bucket public or create a temp url again ! The File Fabric has sharing controls and sharing control policies that make it easier and more granular to share Amazon S3 data securely.

    Amazon S3 File Sharing

The Enterprise File Fabric is available directly on the Amazon Marketplace and/or it is available to be downloaded and installed in a companies own DataCentre or IaaS vendor of choice. Both options offer a free no-obligation trial.

If you would like to schedule a demo then please just reach out – we have a very friendly team who would be delighted to demo the File Fabric and answer your questions.

Facebooktwitterredditpinterestlinkedinmailby feather
The following two tabs change content below.
The Leading Enterprise File Fabric