Question

To meet the compliance norms, a consulting company is expected to store its data for three years. The company needs a tamper-proof technology/feature to keep the data protected and prevent any overwriting or data manipulation during the three-year duration.

As a Cloud Practitioner, which service/functionality will you suggest to keep the data safe?

1. Amazon S3 Object Lock
2. Amazon S3 Storage Lens
3. Amazon S3 Glacier Vault Lock
4. Amazon Macie

Answer 1

The recommended technology to ensure that a consulting company's data is stored tamper-proof and compliant for three years is Amazon S3 Glacier Vault Lock. This service ensures data remains immutable, meeting compliance requirements.

Step-by-step explanation:

To comply with the regulation that requires a consulting company to store its data for three years in a tamper-proof manner, the recommended service is Amazon S3 Glacier Vault Lock. This technology provides a compliance-driven solution by allowing you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a lockable policy. Once locked, the policy cannot be altered, ensuring your data remains unchangeable and is protected from overwrites and deletions, fulfilling the need for immutability and data preservation required in regulatory and compliance scenarios.

While Amazon S3 Object Lock can also provide WORM (Write Once Read Many) capabilities to prevent object version deletion, Amazon S3 Glacier Vault Lock is specifically designed for long-term archival and securing the data reflects the WORM model compliance. Amazon S3 Storage Lens, on the other hand, is an analytics tool to provide visibility into storage usage and activity trends, not for data protection. Amazon Macie is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS, but it doesn't enforce immutability either.