Home icon

Preventing data exfiltration in machine learning environments with Amazon SageMaker AI

Architecture Blog



This article describes how iBusiness, an AI-driven fintech organization, built a three-layered security architecture to prevent data exfiltration in machine learning environments while maintaining data scientist productivity.

  • Layer 1: Amazon WorkSpaces Secure Browser provides controlled access with file downloads, clipboard, and printing disabled
  • Layer 2: Strict URL allowlisting restricts browser activity to AWS domains; VPC endpoints and Route 53 DNS Firewall prevent cross-account data movement
  • Layer 3: SageMaker AI VPC configured without internet access; VPC endpoint policies restrict access to organization-owned resources only
  • Achieved 80% cost reduction from $40+ to $7 per user monthly and reduced provisioning time from 2 days to minutes

This approach demonstrates how organizations can balance strict data protection with team scalability and operational efficiency in secure ML environments.



Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Related articles

Jun 8
2026
End-to-end encrypted ML inference with Amazon SageMaker AI and FHE
May 8
2024
Amazon SageMaker now integrates with Amazon DataZone to streamline machine learning governance
Jun 5
2025
Modernize and migrate on-premises fraud detection machine learning workflows to Amazon SageMaker
Jun 3
2025
Building machine learning operations framework with Amazon SageMaker: Technical Safety BC’s Journey

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.