* [Blog](https://www2.paloaltonetworks.com/blog) * [Cloud Security](https://www2.paloaltonetworks.com/blog/cloud-security/) * [Cloud Workload Protection Platform](https://www2.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/) * Help Protect Sensitive Da... # Help Protect Sensitive Data with a Cloud Native Security Platform [](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprotect-sensitive-cloud-data%2F) [](https://twitter.com/share?text=Help+Protect+Sensitive+Data+with+a+Cloud+Native+Security+Platform&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprotect-sensitive-cloud-data%2F) [](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fprotect-sensitive-cloud-data%2F&title=Help+Protect+Sensitive+Data+with+a+Cloud+Native+Security+Platform&summary=&source=) [](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/cloud-security/protect-sensitive-cloud-data/&ts=markdown) \[\](mailto:?subject=Help Protect Sensitive Data with a Cloud Native Security Platform) Link copied By [Patrick Chang](https://www.paloaltonetworks.com/blog/author/patrick-chang/?ts=markdown "Posts by Patrick Chang") and [Jonathan Bregman](https://www.paloaltonetworks.com/blog/author/jonathan-bregman/?ts=markdown "Posts by Jonathan Bregman") Oct 13, 2020 5 minutes [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown) [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [AWS S3](https://www.paloaltonetworks.com/blog/tag/aws-s3/?ts=markdown) [data security](https://www.paloaltonetworks.com/blog/tag/data-security/?ts=markdown) [Product Announcement](https://www.paloaltonetworks.com/blog/tag/product-announcement/?ts=markdown) The near-limitless capacity offered by cloud storage services like Amazon Web Service Simple Storage Service (AWS S3) has enabled organizations to collect massive amounts of data -- volumes that quickly exhaust traditional, manual processes for data classification. The Prisma Cloud Data Security module has been purpose-built to address these challenges. It can continuously discover and help automatically protect sensitive cloud data at the scale and velocity common in public cloud environments. Combining both [Palo Alto Networks Enterprise Data Loss Prevention (DLP)](https://www.paloaltonetworks.com/enterprise-data-loss-prevention) Engine and [Wildfire](https://www.paloaltonetworks.com/products/secure-the-network/wildfire) for malware analysis, users gain deep visibility and direct control for AWS S3 within their Prisma Cloud console. "This marks an important milestone in our commitment to bringing our customers the most [comprehensive cloud native security platform](http://blog.paloaltonetworks.com/2020/10/cloud-evolution-comprehensive-cnsp), already trusted by nearly 50% of the Fortune 100," says Rahul Sood, SVP, Prisma Cloud. "Securing sensitive data is 'job zero' when I talk to our customers, and I'm thrilled we can offer yet another best-of-breed capability for classifying and protecting data stored in public cloud." Here's what the new Data Security module can do for users. ## One-Click Activation [Prisma Cloud Data Security](https://www.paloaltonetworks.com/prisma/cloud/cloud-data-security) can be enabled with a single click under the subscriptions tab inside the Prisma Cloud console. The new module automatically provides customers an inventory of their S3 buckets, and offers two options for scanning: 1. Backward Scan - scans all *existing* objects in a bucket 2. Forward Scan - scans all *new* objects added to the bucket ![Pop-up for enabling the Data Security module in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/module-pop-up.png) Data Security module pop-up in Prisma Cloud. ## Detecting Sensitive Data in S3 Objects The new module incorporates the Palo Alto Networks Enterprise DLP engine, which uses machine learning to identify and categorize data. It can automatically recognize specific types of sensitive and regulated data within S3 objects: personally identifiable information (PII) like social security and other personal identification numbers; credit card numbers; financial information; healthcare information; and intellectual property. ![Inventory of categorized S3 object data in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/S3-object-data.png) Inventory of categorized S3 object data in Prisma Cloud. ## Detecting Malware Objects in S3 Buckets Ensuring any stored data is free from malware that can spread across cloud environments is an essential, yet often overlooked, security requirement for platform-as-a-service (PaaS) data stores. By leveraging the WildFire malware analysis engine, Prisma Cloud identifies and helps protect against known and unknown file-based threats that have infiltrated the customer's S3 buckets. ![Wildfire malware scan result detail in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/wildfire-scan-result.png) Wildfire malware scan result detail in Prisma Cloud. ## Exposure Calculation for S3 Buckets and Objects Publicly-exposed sensitive data is one of the [most commonly-seen vulnerabilities](https://unit42.paloaltonetworks.com/cloud-threat-report-intro/) across public cloud environments. The exponential growth of collected data amplifies this issue. Prisma Cloud Data Security helps solve this problem by automatically and continuously monitoring configurations for access control, policy, objects, and others to calculate the exposure of both S3 buckets and individual objects. This allows users to quickly remediate unintended settings for buckets that have been identified as containing sensitive data. ![Configuration alerts in Prisma Cloud for AWS S3.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/S3-configuration-alert.png) Configuration alerts in Prisma Cloud for AWS S3. ## AWS S3 Policy Compliance Alerts The Data Security module provides five out-of-the-box policies for detecting publicly exposed objects with sensitive data and objects that contain malware. These five policies are for healthcare information, intellectual property, financial information, malware, and PII. ![Examples of out-of-the-box data security policies in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/data-security-policies.png) Out-of-the-box data security policies. Users can also create their own customized policies and send alert notifications to Amazon Simple Queue Service (SQS), Splunk, and webhooks for remediation. ![Creating custom policies for S3 objects in Prisma Cloud.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/custom-S3-policies-1.png) Creating custom policies for S3 objects in Prisma Cloud. ## Comprehensive AWS Account Visibility Interactive dashboards provide visibility into users' data security posture across AWS accounts and regions, including the total number of buckets, number of publicly exposed objects with sensitivity, and the geographical distribution of publicly exposed objects. ![Data security dashboard in Prisma Cloud](https://www.paloaltonetworks.com/blog/wp-content/uploads/2020/10/Data-security-dashboard.png) Data security dashboard in Prisma Cloud. ## Unified DLP Policies Across the Enterprise Palo Alto Networks is your partner in helping ensure consistent data protection and internal policy compliance across the enterprise -- including networks, clouds and users. That's why the Enterprise DLP cloud service is not just limited to Prisma Cloud. It is integrated into all Palo Alto Networks Prisma and firewall products, to help extend configurations and policies consistently wherever sensitive data exists, both at-rest and in-motion. Data protection policies can be configured once, and automatically synchronized across Palo Alto Networks products, thus eliminating time-consuming duplication of processes. ## Protect Sensitive Cloud Data Using Prisma Cloud Users can enable Prisma Cloud Data Security with either a single click in the Prisma Cloud console or a single API call. Current customers can use the new Data Security module to scan up to 300GB of data at no additional cost. Learn more on our [documentation page](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html). *** ** * ** *** ## Related Blogs ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/cloud-security/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown) [#### Prisma Cloud Automatically Secures Unprotected Cloud Workloads](https://www2.paloaltonetworks.com/blog/2021/04/april-2021-release-prisma-cloud/) ### [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown) [#### Prisma Cloud 2.0: The Industry's Most Comprehensive CNSP](https://www2.paloaltonetworks.com/blog/2020/10/cloud-evolution-comprehensive-cnsp/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [#### Prisma Cloud Analysis of CVE-2022-42889: Text4Shell Vulnerability](https://www2.paloaltonetworks.com/blog/cloud-security/analysis_of_cve-2022-42889_text4shell_vulnerability/) ### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Security Posture Management](https://www.paloaltonetworks.com/blog/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [#### 6 Common Kubernetes and Container Attack Techniques and How to Prevent Them](https://www2.paloaltonetworks.com/blog/cloud-security/6-common-kubernetes-attacks/) ### [Cloud Native Application Protection Platform](https://www.paloaltonetworks.com/blog/category/cloud-native-application-protection-platforms/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [#### Zero Trust for Applications Best Practices: Securing Cloud Workloads](https://www2.paloaltonetworks.com/blog/cloud-security/zero-trust-cloud-workloads/) ### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Native Security Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-native-security-platform/?ts=markdown), [Cloud Network Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-network-security/?ts=markdown), [Cloud Posture Security](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-security-posture-management/?ts=markdown), [Cloud Workload Protection Platform](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection-platform/?ts=markdown), [DevSecOps](https://www.paloaltonetworks.com/blog/cloud-security/category/devsecops/?ts=markdown) [#### Prisma Cloud at Ignite '21: What to Know](https://www2.paloaltonetworks.com/blog/cloud-security/prisma-cloud-ignite-21/) ### Subscribe to Cloud Security Blogs! Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more. ![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up Please enter a valid email. By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder. This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply. {#footer} {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language