Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Skip to main content

Data Layer

Safeguarding data with verified defenses

Overview

The Data Layer is the most critical point of protection because it is the only area that holds customer data. Protection begins by restricting access and maintaining a separation of privilege for each layer. In addition, we deploy threat detection devices, video surveillance and system protocols, further safeguarding this layer. 

Missing alt text value

Protection Features

Securing critical data.

Technology and people work together for added security

There are mandatory procedures to obtain authorization to enter the Data Layer. This includes review and approval of a person’s access application by authorized individuals. Meanwhile, threat and electronic intrusion detection systems monitor and automatically trigger alerts of identified threats or suspicious activity. For example, if a door is held or forced open an alarm is triggered. We deploy security cameras and retain footage in alignment with legal and compliance requirements.

Preventing physical and technological intrusion

Access points to server rooms are fortified with electronic control devices that require multi-factor authorization. We’re also prepared to prevent technological intrusion. AWS servers can warn employees of any attempts to remove data. In the unlikely event of a breach, the server is automatically disabled.

Servers and media receive exacting attention

Media storage devices used to store customer data are classified by AWS as Critical and treated accordingly, as high Impact, throughout their life-cycle. We have exacting standards on how to Install, service, and eventually destroy the deVlces when they are no longer useful. When a storage device has reached the end of Its useful life, AWS decommissions media using techniques detailed In NIST 800-88. Media that stored customer data Is not removed from AWS control until It has been securely decommissioned. 

Third-party auditors verify our procedures and systems

AWS Is audited by external auditors on more than 2,600 requirements throughout the year. When third-party auditors Inspect our data centers they do a deep dive to confirm we're following established rules needed to obtain our security certifications. Depending on the compliance program and Its requirements, external auditors may Interview AWS employees about how they handle and dispose of media. Auditors may also watch security camera feeds and observe entrances and hallways throughout a data center. And they often examine equipment such as our electronic access control devices and security cameras.