Cloud-Native Data Security Posture Management Deployments on AWS with Symmetry Systems

This blog originally appeared here:

With Amazon Web Services (AWS), you can manage the privacy of your data, control how it’s used, where it’s stored, who has access to it, and how it’s encrypted.

Services such as AWS Identity and Access Management (IAM) allows you to securely manage access to AWS services and resources. AWS CloudTrail and Amazon Macie enable compliance, detection, and auditing, while AWS CloudHSM and AWS Key Management Service (AWS KMS) allow you to securely generate and manage encryption keys. AWS Control Tower provides governance and controls for data residency.

Symmetry Systems is a modern data security company and AWS Specialization Partner with the Security Competency. Symmetry Systems DataGuard is a data security posture management (DSPM) solution available on AWS Marketplace that specializes in data flow and data security.

Cloud security at AWS is the highest priority and AWS follows a Shared Responsibility Model where AWS is responsible for security of the cloud, including protecting the infrastructure hardware, software, networking, and facilities that run AWS cloud services. AWS customers, meanwhile, are responsible for security in the cloud, including managing their data (including encryption options), classifying assets, developing the correct security groups, and using IAM tools to apply appropriate permissions.

In this post, we will show how Symmetry DataGuard extends the zero trust security philosophy and provides customers an automated solution to enhance data security on AWS, in every region, including AWS GovCloud (US).

Customer Challenge

Knowing who does which operations against which data is critical to understand how to move to least privilege operations, enforce zero trust security, and simplify incident response. Lack of visibility into where sensitive data is located, understanding all IAM permissions, and visualizing the relation between users and data without any data leaving your environment has been the key concerns for many organizations.

Traditionally, deploying any data platform in customers’ AWS account required a lot of customer input, extensive installation procedures, and manual configuration. This can lead to delays in obtaining the details of the environment and unexpected compatibility issues.

The aim is to overcome these challenges by creating a solution that can quickly adapt to each customer’s AWS environment, significantly reducing deployment time and complexity.

Symmetry Systems DataGuard Overview

Symmetry’s primary objective is to help organizations better secure their data. DataGuard is easily deployed within any customer’s AWS (and hybrid cloud) environments without data leaving the environment.

Symmetry-How Symmetry Systems revolutionized customer cloud native DSPM deployments-1

Figure 1 – DataGuard example deployment.

The DataGuard deployment process aims to reduce complexity and save time. Deployment is broken down into three phases:

  • Determine initial set of AWS accounts, log sources such as AWS CloudTrail logs in data stores such as Amazon S3 for deployment.
  • Set up a separate AWS account owned by the customer and deployment of DataGuard using Docker images from Amazon Elastic Container Registry (Amazon ECR).
  • Create a service role using a defined AWS CloudFormation template to enable DataGuard to query your AWS accounts, log sources, and data stores. DataGuard deployment and service roles all remain underneath the purview of your organization.

As soon as the above tasks are completed, DataGuard is able to interact directly with the AWS environment to gather additional required information in a streamlined manner. This approach eliminates the need for extensive manual research of the environment and manual configuration, enabling to set up the solution quickly. This can also reduce installation time and minimizes prerequisites.

By aligning with AWS and utilizing its native services, APIs, and best practices, Symmetry has created a deployment experience that’s seamless, efficient, and fully controlled by the customers.

Insights Gained and Lessons Learned

DataGuard’s cloud-native deployment journey was not without its share of challenges and lessons. The biggest challenge was that customers didn’t really know the full scope of their environments or had inaccurate information on the amount of accounts, what external accounts had access to their environment, or even how many third-party users could access their data.

By designing a solution to learn from the AWS environment, DataGuard could minimize the potential for errors and optimize deployment efficiency, thus simplifying the experience for the customer.

Additionally, customers use multiple AWS services and databases which operate differently and require robust mechanisms to handle effectively. Through continuous learning, collaboration with customers, and rigorous testing, Symmetry refined its deployment model to ensure a seamless experience across a variety of AWS environments.

Symmetry-How Symmetry Systems revolutionized customer cloud native DSPM deployments-2

Figure 2 – Sample Symmetry System output.

By eliminating the need for extensive prerequisites and reducing installation time through automation scripts, Symmetry empowers users to focus on their core objectives. Organizations can now dedicate more time to strategic initiatives, innovation, and other critical aspects of their business, rather than being burdened with time-consuming deployment tasks.

Unleashing the Full Potential of DataGuard

Symmetry’s cloud-native deployment model within each customer’s cloud unlocks the full potential of AWS. By harnessing the scalability and reliability of AWS services, DataGuard itself can continuously and effortlessly adapt to changing business demands, ensuring optimal performance and availability.

DataGuard integrates into customers’ AWS environments and empowers organizations to comply with their own data governance policies, establish granular access controls, and meet industry regulations while maintaining complete control over their valuable data, regardless of what regions, number of accounts, or size of the data footprint.


Ready to experience the power of data security posture management (DSPM) and unlock the full potential of your AWS environment? DataGuard from Symmetry Systems can help protect your valuable data without compromising control, and the solution’s seamless integration with AWS can transform your data security.

To see where your sensitive data lives and what are risks to that data, contact [email protected] to schedule a personalized demo. You can also learn more about DataGuard in AWS Marketplace.