implementing-cloud-dlp-for-data-protection

Featured

Implementing Cloud Data Loss Prevention (DLP) using Amazon Macie, Azure Information Protection, and Google Cloud DLP API to discover, classify, and protect sensitive data across cloud storage, databases, and data pipelines.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Cloud DLP for Data Protection ## When to Use - When compliance frameworks (GDPR, HIPAA, PCI DSS) require automated sensitive data discovery and protection - When building data governance programs that classify and label data across cloud storage - When implementing data loss prevention controls for cloud-based data pipelines - When auditing cloud environments for unprotected sensitive data (PII, PHI, financial data) - When integrating DLP scanning into CI/CD pipelines to prevent sensitive data from reaching production **Do not use** for endpoint DLP (use Microsoft Purview or Symantec DLP agents), for email DLP (use Microsoft 365 DLP or Google Workspace DLP), or for network-level data exfiltration prevention (use VPC endpoint policies and network firewalls). ## Prerequisites - Amazon Macie enabled with appropriate S3 bucket permissions - Google Cloud DLP API enabled (`gcloud services enable dlp.googleapis.com`) - Azure Information Protection or Microsoft Purview configured - IAM permissions for DLP service administration and data access - Knowledge of data sensitivity categories relevant to the organization (PII, PHI, PCI, proprietary) ## Workflow ### Step 1: Deploy Amazon Macie for S3 Data Discovery Enable Macie and configure automated sensitive data discovery jobs for S3 buckets. ```bash # Enable Amazon Macie aws macie2 enable-macie # List all S3 buckets Macie can scan aws macie2 describe-buckets \ --query 'buckets[*].[bucketName,classifiableSizeIn...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Google Cloud · Cloud Azure · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

DevOps & Infrastructure Featured

implementing-aws-macie-for-data-classification

Implement Amazon Macie to automatically discover, classify, and protect sensitive data in S3 buckets using machine learning and pattern matching for PII, financial data, and credentials detection.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-endpoint-dlp-controls

Implements endpoint Data Loss Prevention (DLP) controls to detect and prevent sensitive data exfiltration through email, USB, cloud storage, and printing. Use when deploying DLP agents, creating content inspection policies, or preventing unauthorized data movement from endpoints. Activates for requests involving DLP, data exfiltration prevention, content inspection, or sensitive data protection on endpoints.

13,115 Updated today
mukul975
AI & Automation Featured

implementing-data-loss-prevention-with-microsoft-purview

Implements data loss prevention policies using Microsoft Purview to protect sensitive information across Exchange Online, SharePoint, OneDrive, Teams, endpoint devices, and Power BI. The analyst configures sensitivity labels with encryption and content marking, creates DLP policies using built-in and custom sensitive information types with regex patterns, deploys endpoint DLP rules to control file operations on Windows and macOS devices, and monitors policy effectiveness through Activity Explorer and DLP alert management. Uses PowerShell cmdlets and the Microsoft Graph API for programmatic policy management. Activates for requests involving DLP policy creation, sensitivity label configuration, data classification, endpoint data protection, or Microsoft Purview compliance administration.

13,115 Updated today
mukul975
DevOps & Infrastructure Featured

implementing-azure-defender-for-cloud

Implementing Microsoft Defender for Cloud to enable cloud security posture management, workload protection across VMs, containers, databases, and storage, configure security recommendations, and set up adaptive security controls with automated remediation.

13,115 Updated today
mukul975
AI & Automation Featured

detecting-s3-data-exfiltration-attempts

Detecting data exfiltration attempts from AWS S3 buckets by analyzing CloudTrail S3 data events, VPC Flow Logs, GuardDuty findings, Amazon Macie alerts, and S3 access patterns to identify unauthorized bulk downloads and cross-account data transfers.

13,115 Updated today
mukul975