|
|
|
|
|
|
by remixz
1251 days ago
|
|
|
You've got it right! The KMS keys used to encrypt sensitive data are generated per customer, and the majority of our engineering team cannot access any sensitive production data at all. In theory, it would only be the select team members with privileged access that could access it, but as you mentioned, it would be logged in CloudTrail. We also have GuardDuty enabled, and it would likely alert on anomalous activity. Personally, I think we could do a better job explaining our security model in our FAQ. I'll bring it up with the team. |
|
|
So this is literally a lie?