Issue link: https://read.uberflip.com/i/1464228
24 © 2022 Amazon Web Services, Inc. or its affiliates. All rights reserved | 5 © 2022 Amazon Web Services, Inc. or its affiliates. All rights reserved | 1. Data protection is by design and by default : Data protection issues are part of the design and implementation of systems, services, products, and business practices . 數據 保護是設計 和內建的 :數據保護問題是系統、服務、產品和業務實踐的設計和實施的一 部分 。 2. Least privilege and minimize direct human access to sensitive data . 最小權限和最小化對敏感數據的直接人工 訪問 3. Transparent and Audited : always know who accessed data, for what purpose, what policies were applied, and the specific data that was accessed . 透明 且經過審計:始終了解誰訪問了數據、出於什麼目的、應用了哪些策略以及訪問了哪些 特定數據 。 4. Proactive not reactive, preventative not remedial: Risks and privacy invasive events are anticipated before they occur, and we take steps to prevent harm to individuals and business . 主動而非被動,預防而非補救:風險和侵犯隱私的事件在發生之前就已預料到,我們會採取 措施防止對個人和企業造成傷害。 7 © 2022 Amazon Web Services, Inc. or its affiliates. All rights reserved | Data Sec Ops Protect Sensitive data Data quality Data lineage mastering Enrichment / meta data lifecycle management AAA (AuthN/AuthZ/Audit) Data Policy Risk & Control Management Legal Compliance Cyber Security Data Leakage Plan Infrastructure as Code Observability Automation Backup and DR System Healthy Job Scheduling Data Engineers / Researchers Develop privacy tools Improve ML Models Select 3 rd solutions Refine architecture Sensitive dataset / Suspicious Data in Quarantine Area Improve capabilities & User Experiences DataSecOps DataEng /Researchers Modern Digital Data Team 新世代的數位資料團隊 – DataSecOps & Researchers 9 © 2022 Amazon Web Services, Inc. or its affiliates. All rights reserved | Corporate data center AWS Cloud Departure lobby DMZ data area Check - in Counter Check boarding Pass Scan Data Actions on Sanative Data Emigrate Clearance Verify sanitized data Encrypt data Quarantine Area Inspect suspicious data Alert & Human Check Boarding Gates Encrypted sanitized - data Ready to move Cloud Control Tower Key/Risk management Data Catalog/metadata/AAA Logs, Jobs, Observability Landing Zone Encrypted sanitized - data DMZ Data Immigrate clearance Decrypt sanitized - data Verify data Quarantine Area Inspect suspicious data Alert & Human Check Baggage Claim Encrypt and Dispatch data to subscriber's folder / Notification Arrival lobby Decrypt & Import Data is ready to use Control Tower Key/Risk management Data Catalog/metadata/AAA Logs, Jobs, Observability Well Design for Data Sharing Process 不同單位要做資料分享也建議用這流程架構 17 © 2022 Amazon Web Services, Inc. or its affiliates. All rights reserved | Structured data Non - Structured data Know - Schema Unknown - Schema /Schema - less Rule based Regex • Text: ML( ie . NER, NLP) • Pre - defined printed form: ML ( ie . TextTract ) • Images of known cards: driver licenses / social security card / healthcare card / credit card (ML: CV, and NLP) • Arbitrary Images • Voice, Phone calls • Hand - writing forms • TSV, CSV, JSON, XML: Data - Crawler, Schema Analyzer, Parser Hard parts Remove Mask/redact Hash/coding Encrypt fields Pseudonymous Anonymous Protect Sensitive Data Options Meta - data Context Understanding Use Machine Learning to Extend Your Data Protection for Unknow - Schema and No - Structured Data