GDPR-compliant S3 usage for digital assets - protecting end user data

X

Customer success stories
GDPR-compliant S3 usage for digital assets - protecting end user data

The challenge

The client, which operates several well-known brands and a popular social network on AWS public cloud technology, wanted to migrate additional services to increase security. However, the termination of the EU-US Privacy Shield posed a significant business risk as concerns arose about compliance with EU laws when using cloud services. The protection of personal data in social networks became a top priority and required the implementation of legal requirements in technical solutions.

Contact usBook an appointment

Our solution

Alice&Bob.Company provided comprehensive support to the client and ensured that its cloud services strictly adhered to GDPR requirements. An important aspect was the encryption of all personally identifiable information (PII) both at rest and in transit. One of the biggest challenges was to achieve the secure and encrypted use of the S3 service in conjunction with CloudFront. In particular, providing encrypted S3 assets to authorized non-AWS entities, such as user profile pictures, required the use of pre-signed URLs. However, pre-signed URLs with key rotation were not readily available when using customer-managed keys (SSE-KMS) with Amazon S3.

Cloud technologies used

AWS Lambda

Execute code without server provisioning.

Amazon Elastic Compute Cloud (EC2)

Scalable virtual servers in the cloud.

AWS Key Management Service (AWS KMS)

Managed service for creating and managing encryption keys

Amazon CloudFront

Content delivery network (CDN) for fast data transfer

AWS CloudFormation

Infrastructure as code for AWS resources.

Results

Alice&Bob.Company implemented highly configurable and encrypted S3 buckets utilizing the AWS KMS CMK feature. This implementation provided the customer with flexible access controls to S3 buckets while adhering to best practices for data protection. In addition, a bespoke asset server was developed that allowed the customer to use signed URLs to authorize access to protected assets stored in encrypted S3 buckets within CloudFront. In particular, the solution provided a convenient and maintenance-free approach to automating key rotation, further enhancing security measures.

After a successful collaboration with Alice&Bob.Company's experts, the client was able to demonstrate its commitment to data protection and compliance, ensure a trustworthy platform for its users and strengthen its position as a responsible industry leader.

Our solutions

Discover our solutions and formats that support you in the areas of digitalization, innovation & cloud:
All solutions
Arrow to the rightArrow to the right

Grafana Cloud Platform

Real-time monitoring with Grafana

Grafana Implementation Consulting

Set up the Grafana Cloud platform

Managed Service for Grafana

Continuous management and expansion of the Grafana platform

OKTA Customer Identity Cloud (CIC)

Secure and seamless authentication of your customer platform

OKTA Customer Identity Implementation Consulting (CIC)

Customer identities in your digital product? We can help!

NIS2 for AWS Workshop

What does NIS2 mean for your AWS deployment?

AWS introduction for the public sector

Getting started with AWS for the public sector made easy!

AWS Account Management for the Public Sector

AWS Account Housekeeping as the basis for your digital foundation.

AWS Landing Zone Development for the public sector

Secure, scalable, well-architected multi-account AWS environments

AWS GenAI Consulting

Discover the future with generative artificial intelligence from AWS!

Alice&Bob.YOU - Your Digital Foundation

Accelerate innovation. Reduce complexity.

Backup & Disaster Recovery

Your data, safely stored!

Kubernetes Consulting

Efficient management of Kubernetes clusters

Penetration testing

We are your friendly hackers next door

Agile Threat Modeling Workshop

Identify threats in the development process at an early stage

AWS Well-Architected Review

6 pillars that support your AWS setup

AWS Security Assessment

How secure is your AWS deployment?

AWS Consulting

Get your Black Belt AWS Support!

GDPR compliance in the AWS Cloud

GDPR compliance in AWS. What works? What does not work?

AWS Web Application Firewall (WAF) Consulting

Protect your web application against attacks

AWS Control Tower Consulting

Scalable environments with integrated control and guidelines

Digital Foundation Workshop

Build your digital foundation with Alice&Bob.YOU

Cloud Migration Workshop

Use the speed and innovative power of the cloud!

Digital Foundation - Alice&Bob.YOU

Your Digital Foundation to get started right away

Backup and disaster recovery

Protect and quickly restore your data

OKTA Workforce Identity Cloud (WIC)

Efficient identity management for employees

AWS RDS Database Consulting

Our experts take your database to the next level

DDoS protection with AWS

We build your shield against DDoS attacks to keep you online

Security Champions Program

Strengthen your company's safety culture

Cloud Security Training

We help you to protect yourself

CI/CD Pipeline Building

Automate your deployments via CI/CD pipelines

Smart City Starter Package

Efficiently drive innovation with Alice&Bob.Company

Audit Preparation

Your solution for compliance challenges
Arrow to the right

AWS Housekeeping

Continuous improvement and increased efficiency of your cloud platform
Arrow to the right

AWS Cloud Security Assessment

Maximum security for your AWS environment
Arrow to the right
Questions?
We look forward to getting to know you!
Thank you - your message has been sent.
Unfortunately something went wrong when sending the form :(