<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Data-Protection | The AWS Blog</title><link>https://theawsblog.com/tags/data-protection/</link><description>Articles, tutorials and insights from the AWS community.</description><generator>Hugo</generator><language>en</language><managingEditor>@theawsblog (The AWS Blog)</managingEditor><webMaster>@theawsblog</webMaster><lastBuildDate>Mon, 29 Jun 2026 00:00:00 +0000</lastBuildDate><atom:link href="https://theawsblog.com/tags/data-protection/index.xml" rel="self" type="application/rss+xml"/><item><title>Secure ML environments need productivity and exfiltration controls together</title><link>https://theawsblog.com/news/emiliano-montesdeoca/sagemaker-ai-data-exfiltration-controls/</link><pubDate>Mon, 29 Jun 2026 00:00:00 +0000</pubDate><author>Emiliano Montesdeoca</author><guid>https://theawsblog.com/news/emiliano-montesdeoca/sagemaker-ai-data-exfiltration-controls/</guid><description>An AWS architecture using SageMaker AI, VPC endpoints, DNS controls, and WorkSpaces Secure Browser shows how ML teams can protect sensitive data without returning to expensive air-gapped workflows.</description><content:encoded>&lt;p&gt;Machine learning teams need access to sensitive data, but the old answer of isolated desktops and manual monitoring does not scale well. It is expensive, slow, and frustrating for the people trying to build models.&lt;/p&gt;
&lt;p&gt;The AWS Architecture Blog post on &lt;a href="https://aws.amazon.com/blogs/architecture/preventing-data-exfiltration-in-machine-learning-environments-with-amazon-sagemaker-ai/"&gt;preventing data exfiltration in machine learning environments with Amazon SageMaker AI&lt;/a&gt; is useful because it balances two goals that are often treated as opposites: data scientist productivity and strict exfiltration control.&lt;/p&gt;
&lt;h2 id="what-changed"&gt;What changed&lt;/h2&gt;
&lt;p&gt;The source article describes a three-layer architecture using Amazon WorkSpaces Secure Browser, SageMaker AI, VPC endpoints, DNS controls, endpoint policies, and account restrictions.&lt;/p&gt;
&lt;p&gt;The pattern is straightforward:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;data scientists access the environment through a controlled browser,&lt;/li&gt;
&lt;li&gt;browser capabilities such as upload, download, clipboard, and printing are restricted,&lt;/li&gt;
&lt;li&gt;access is limited to approved AWS and SageMaker domains,&lt;/li&gt;
&lt;li&gt;SageMaker runs without direct internet egress,&lt;/li&gt;
&lt;li&gt;VPC endpoint policies restrict access to organization-owned resources,&lt;/li&gt;
&lt;li&gt;DNS Firewall and private endpoints reduce bypass paths.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;This is not a single magic control. It is layered friction against data leaving through the browser, the network, AWS APIs, or cross-account paths.&lt;/p&gt;
&lt;h2 id="why-builders-should-care"&gt;Why builders should care&lt;/h2&gt;
&lt;p&gt;ML environments are uniquely risky because they combine sensitive data, powerful compute, notebooks, terminals, package installation, model artifacts, and curious users. Blocking everything makes teams ineffective. Allowing everything creates obvious exfiltration paths.&lt;/p&gt;
&lt;p&gt;A layered architecture gives teams a middle path. Data scientists can use managed ML tooling while the platform enforces where data can flow.&lt;/p&gt;
&lt;p&gt;This is especially relevant for fintech, healthcare, insurance, public sector, and any organization fine-tuning or evaluating models on sensitive datasets.&lt;/p&gt;
&lt;h2 id="the-trade-offs"&gt;The trade-offs&lt;/h2&gt;
&lt;p&gt;Every restriction has a productivity cost.&lt;/p&gt;
&lt;p&gt;No internet access means dependency management must be planned. Package mirrors, approved repositories, model artifact flows, and update processes become platform responsibilities. URL allowlists must be maintained. Endpoint policies must be tested. Break-glass workflows must exist for legitimate exceptions.&lt;/p&gt;
&lt;p&gt;There is also a risk of building controls that look strong but are not complete. If S3 endpoint policies block external buckets but another service path remains open, data can still move. If DNS Firewall covers only part of the environment, bypasses may remain.&lt;/p&gt;
&lt;h2 id="what-to-do-next"&gt;What to do next&lt;/h2&gt;
&lt;p&gt;Start by mapping data egress paths, not by choosing tools. For an ML workspace, list how data could leave:&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;browser download,&lt;/li&gt;
&lt;li&gt;clipboard or print,&lt;/li&gt;
&lt;li&gt;external website upload,&lt;/li&gt;
&lt;li&gt;S3 copy to another account,&lt;/li&gt;
&lt;li&gt;package manager or shell command,&lt;/li&gt;
&lt;li&gt;notebook output,&lt;/li&gt;
&lt;li&gt;model artifact export,&lt;/li&gt;
&lt;li&gt;DNS or HTTPS tunnel.&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;Then put controls around each path and test them with realistic user workflows. Involve data scientists early; controls that break normal work will be bypassed or abandoned.&lt;/p&gt;
&lt;p&gt;The practical takeaway: secure ML platforms should not be air-gapped by default or open by convenience. They should make the safe path productive and the unsafe path difficult.&lt;/p&gt;</content:encoded></item></channel></rss>