Expand my Community achievements bar.

SOLVED

AEM in AWS - security

Avatar

Level 1

Hello, we are in process of finalizing a new architecture where AEM would be hosted in a AWS cloud. I have read somewhere that any sensitive information/data should not be stored at the AEM level (in AWS cloud) since there is potential security risk there. If anyone has any pointers as to what that risk is and how can it be addressed, please do let me know. We are planning to use AEM 6.

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Any software which runs on AWS runs on systems owned by Amazon in an Amazon Datacenter, connected via Amazon networks, and operated by Amazon's ops teams.

Depending on your security requirements you can take that risk or not. But it's hard to give such an advice knowing nearly nothing about you, the data you want to store with AEM on AWS, and your special usecase.

kind regards,
Jörg

View solution in original post

4 Replies

Avatar

Level 10

If anyone wants to learn from the experience of our AEM Managed Services team, who has been managing AEM in AWS for quite some time and has several security certifications, they should contact the AEM MS team. 

Avatar

Correct answer by
Employee Advisor

Any software which runs on AWS runs on systems owned by Amazon in an Amazon Datacenter, connected via Amazon networks, and operated by Amazon's ops teams.

Depending on your security requirements you can take that risk or not. But it's hard to give such an advice knowing nearly nothing about you, the data you want to store with AEM on AWS, and your special usecase.

kind regards,
Jörg

Avatar

Level 1

Thank you Jörg, for your reply.

At this stage I can't reveal much details, but its for a FS company, there will be a lot of transactional data, sensitive customer information that AEM would need to display/parse. I am not too sure about the AWS security around AEM, but would like to know if:

1. some sensitive information (e.g. transactional data, customer info, etc) is to be stored at AEM, then what security parameters should be taken?

2. If everything is fetched at run time and the data is being stored in a temp session then what are the security parameters that should be taken.

3. any best practices around AEM in AWS for a FS company?

regards

Suhel

Avatar

Employee Advisor

Hi,

please contact the data privacy and security officers of your customer. They are supposed to know if you can go with this kind of data to the cloud at all.

kind regards,
Jörg