MLSEC-08: Secure governed ML environment
Protect ML operations environments using managed services with best practices including: detective and preventive guardrails, monitoring, security, and incident management. Explore data in a managed and secure development environment. Centrally manage the configuration of development environments and enable self-service provisioning for the users.
Implementation plan
-
Break out ML workloads by organizational unit access patterns. This will enable delegating required access to each group, such as administrators or data analysts.
-
Use guardrails and service control policies (SCPs) to enforce best practices for each environment type. Limit infrastructure management access to administrators.
-
Verify all sensitive data has access through restricted, isolated environments. Ensure network isolation, dedicated resources, and check service dependencies.
-
Secure ML algorithm implementation using a restricted development environment. Secure model training and hosting containers by following the security processes required for your organization.
Documents
Blogs
-
Setting up secure, well-governed machine learning environments on AWS
-
Securing Amazon SageMaker AI Studio Connectivity using a private VPC
-
Enable self-service, secured data science using Amazon SageMaker AI notebooks and AWS Service
Catalog -
Accelerating Machine Learning Development with Data Science as a Service from Change Healthcare
