AWS S3 Connector

Feature: AWS S3 Connector

Getvisibility® is pleased to announce the release of our AWS S3 Connector. This feature allows customers to scan, classify, and tags files, as well as assess user access.

Date of Full Release:

25th October 2023

Product: Getvisibility Focus & Enterprise

Components:

• connector-generic 4.17.0

• scan-data-manager 1.0.0

• scan-manager 4.1.0

• dashboard 3.177.0

Summary

Getvisibility's new AWS S3 connector feature offers seamless integration of tailored Machine Learning technology with AWS S3. The connector facilitates better data management and security, allowing organisations more control over their AWS S3 data storage. The new connector offers customers the flexibility to choose persistent tagging, cloud-only tagging, or both for their files. This means metadata can be written directly to files or labels can be applied to the files in AWS S3.

Guide

Credentials & Scanning

• Using the appropriate admin level account, navigate to the IAM Dashboard

  • Open

    

• From here selects Users in the left panel

  • Open

    

    Here select the admin user. The example user above is called S3 Connector

• From the user page select Create access key

  •  

• Select Other then Next

  •  

• Enter a description if you wish and select Create access key

  •  

• The Access and Secret Access Keys have now been created. These can be downloaded as a CSV. Use this information to set up a scan.

  •  

• On the Focus UI navigate to Administration > Connections > AWS S3 > NEW SCAN SHARE

  •  

• A modal window will appear where the Access key and Secret Access key can be entered. Users can then select the start point for the scan by selecting Path. Save the scan when the correct path is chosen.

  •  

• Select the scan icon to begin classifying your S3 files

  •  

Tagging

Both tagging procedures are initiated by selecting the tagging button in the AWS S3 connector UI shown below:

Once selected, users will be presented with two options for Cloud-Only and Persistent tagging. Cloud-Only tags exist only in the cloud storage provider’s UI and are not persisted with a file after downloading. Persistent tagging is written directly to a file’s metadata and remains with the file after downloading from the cloud service.

Examples will be shown of this example file that has been classified by Getvisibility’s ML in AWS S3:

Cloud-Only Tagging

To add tags to files within AWS S3 users need only begin a cloud-only tagging job. Getvisibility’s AWS S3 connector will create the labels according to the customer’s taxonomy. When these attributes are found by the ML they will be written as keys and values to the files in S3. By default Getvisibility uses: Compliance, Classification, and Distribution tags where configured.

When a files is tagged using the cloud-only option, tags can be viewed on the files through the S3 interface shown below:

Persistent Tagging

To write metadata directly onto files in AWS S3, choose a persistent tagging job. The tags are written according to the customer’s taxonomy. By default Getvisibility uses: Compliance, Classification, and Distribution tags. When a file is tagged in this manner it is downloaded, written to, and then re-uploaded to S3; please make sure to align this procedure with your AWS S3 costing strategy.

The file types that are currently supported for ML metadata writing are: docx, pptx, xlsx, xlsm, pdf, png, jpg

When a file is tagged using the persistent option, tags can be read and viewed by numerous third-party solutions, including DLP. The tags also seamlessly integrate with Getvisibility Synergy. An example is shown below:

Third-party Metadata Reader:

Getvisibility Synergy: