Best Practice 7.2 – Use data classification strategies to categorize data access based on levels of sensitivity - IoT Lens Checklist

Best Practice 7.2 – Use data classification strategies to categorize data access based on levels of sensitivity

Data classification and governance is the customer’s responsibility.

  1. Identify and classify data based on sensitivity collected throughout your IoT workload and learn their corresponding business use-case.

  2. Identify and act on opportunities to stop collecting unused data, or adjusting data granularity and retention time.

  3. Consider a defense in depth approach and reduce human access to device data.

See the following for more details:

Recommendation 7.2.1 – Implement data classification strategies for all data stored on devices or in the cloud, as well as all data sent over the network. Process data based on the level of sensitivity (for example, highly classified, personally identifiable data, etc.)

Before architecting an IoT application, data classification, governance, and controls must be designed and documented to reflect how the data can be persisted on the edge or in the cloud, and how data should be encrypted throughout its lifecycle. For example:

  • By using AWS IoT Greengrass stream manager, you can define policies for storage type, size, and data retention on a per-stream basis. For highly classified data, you can define a separate data stream.

  • By using AWS IoT Analytics, you can create different workflows for storing classified data. For highly classified data, you can define a separate pipeline and data store.