Cloud Storage Security (CSS)

Cloud Storage Security (CSS) is a data security platform built specifically for AWS storage environments. It runs as an automated, serverless solution deployed within a customer's own AWS environment via a private VPC endpoint, with a deployment time of approximately 15 minutes. CSS addresses the AWS shared responsibility model by helping customers manage data security obligations that AWS does not handle natively. The platform covers two primary capability areas: **Malware & Threat Prevention:** CSS scans files stored in AWS storage services for malware and viruses in real time, on demand, or on a schedule. It identifies and remediates infected files regardless of how or when they arrive in storage, and supports scanning for data ingested through AWS Transfer Family (SFTP). **Data Classification & Compliance:** CSS automatically discovers and tags sensitive data across structured and unstructured datasets at scale. It provides visibility into permission policies and encryption status across the storage environment, enabling identification and remediation of insecure configurations. Reports can be generated on demand to support audits and demonstrate compliance with regulatory frameworks. **Supported AWS Storage Services:** Amazon S3, Amazon WorkDocs, Amazon EBS, Amazon EFS, Amazon FSx. **Built Using:** AWS CloudFormation, AWS Fargate, Amazon ECS, Amazon DynamoDB, AWS AppConfig, AWS IAM, Amazon Cognito, AWS Lambda. CSS holds multiple AWS designations including Security Software Competency, Public Sector Partner, Authority to Operate, and is an AWS Marketplace Seller and ISV Accelerate Co-Sell Partner. It is available in both commercial AWS regions and AWS GovCloud.