Preventing data exfiltration in machine learning environments with Amazon SageMaker AI
Architecture Blog
This article describes how iBusiness, an AI-driven fintech organization, built a three-layered security architecture to prevent data exfiltration in machine learning environments while maintaining data scientist productivity.
- Layer 1: Amazon WorkSpaces Secure Browser provides controlled access with file downloads, clipboard, and printing disabled
- Layer 2: Strict URL allowlisting restricts browser activity to AWS domains; VPC endpoints and Route 53 DNS Firewall prevent cross-account data movement
- Layer 3: SageMaker AI VPC configured without internet access; VPC endpoint policies restrict access to organization-owned resources only
- Achieved 80% cost reduction from $40+ to $7 per user monthly and reduced provisioning time from 2 days to minutes
This approach demonstrates how organizations can balance strict data protection with team scalability and operational efficiency in secure ML environments.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
2026
2024
2025
2025
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.