Expand my Community achievements bar.

SOLVED

AEM in AWS - security

Avatar

Level 1
Level 1
10/15/15 7:27:24 PM

Hello, we are in process of finalizing a new architecture where AEM would be hosted in a AWS cloud. I have read somewhere that any sensitive information/data should not be stored at the AEM level (in AWS cloud) since there is potential security risk there. If anyone has any pointers as to what that risk is and how can it be addressed, please do let me know. We are planning to use AEM 6.

Views

606

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:27:24 PM

Any software which runs on AWS runs on systems owned by Amazon in an Amazon Datacenter, connected via Amazon networks, and operated by Amazon's ops teams.

Depending on your security requirements you can take that risk or not. But it's hard to give such an advice knowing nearly nothing about you, the data you want to store with AEM on AWS, and your special usecase.

kind regards,
Jörg

View solution in original post

Views

495

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
4 Replies

Avatar

Level 10
Level 10
10/15/15 7:27:24 PM

If anyone wants to learn from the experience of our AEM Managed Services team, who has been managing AEM in AWS for quite some time and has several security certifications, they should contact the AEM MS team. 

Views

495

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Correct answer by
Employee Advisor
Employee Advisor
10/15/15 7:27:24 PM

Any software which runs on AWS runs on systems owned by Amazon in an Amazon Datacenter, connected via Amazon networks, and operated by Amazon's ops teams.

Depending on your security requirements you can take that risk or not. But it's hard to give such an advice knowing nearly nothing about you, the data you want to store with AEM on AWS, and your special usecase.

kind regards,
Jörg

Views

496

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 1
Level 1
10/15/15 7:27:24 PM

Thank you Jörg, for your reply.

At this stage I can't reveal much details, but its for a FS company, there will be a lot of transactional data, sensitive customer information that AEM would need to display/parse. I am not too sure about the AWS security around AEM, but would like to know if:

1. some sensitive information (e.g. transactional data, customer info, etc) is to be stored at AEM, then what security parameters should be taken?

2. If everything is fetched at run time and the data is being stored in a temp session then what are the security parameters that should be taken.

3. any best practices around AEM in AWS for a FS company?

regards

Suhel

Views

498

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Employee Advisor
Employee Advisor
10/15/15 7:27:24 PM

Hi,

please contact the data privacy and security officers of your customer. They are supposed to know if you can go with this kind of data to the cloud at all.

kind regards,
Jörg

Views

505

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
Responsive Table AEM component

Views

54

Likes

0

Replies

1
AEM 6.5.15 - which version of SLF4J is compatiable

Views

82

Likes

0

Replies

1
CDN YAML Origin Filter Issue Causing Pipeline Failure in AEM Cloud

Views

73

Likes

0

Replies

1
How to register resource mapping configuration to aem context?

Views

96

Likes

0

Replies

3
Use log4j 2.x.x with SLF4J on AEM 6.5.15

Views

98

Likes

0

Replies

2