Protecting Data on Your Device - Amazon Snowcone User Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Protecting Data on Your Device

Consider the following recommendations to help protect the data on your Amazon Snowcone device.

Securing Your Amazon Snowcone

Following are some security points that we recommend you consider when using Snowcone, in addition to some high-level information on other security precautions that we take when a device arrives at Amazon for processing.

We recommend the following security approaches:

  • You should make an effort to protect your job credentials from disclosure. Any individual who has access to a job's manifest and unlock code can access the contents of the device sent for that job.

  • Don't leave the device sitting on a loading dock. Left on a loading dock, it can be exposed to the elements. Although each Snowcone device is rugged, weather can damage the sturdiest of hardware. Report stolen, missing, or broken devices as soon as possible. The sooner such an issue is reported, the sooner another one can be sent to complete your job.

We perform the following security steps:

  • When transferring data with the file interface, object metadata is persisted.

  • When a device arrives at Amazon, we inspect it for any signs of tampering and to verify that no changes were detected by the Trusted Platform Module (TPM). Snowcone uses multiple layers of security designed to protect your data, including tamper-resistant enclosures, 256-bit encryption, and an industry-standard TPM designed to provide both security and full chain of custody for your data.

  • After the data transfer job has been processed and verified, Amazon performs a software erasure of the Snowcone device following the National Institute of Standards and Technology (NIST) guidelines for media sanitization.

Validating NFC Tags

Amazon Snowcone devices have NFC tags built into them. You can scan these tags with the Snowcone Verification App, available on Android. Scanning and validating these NFC tags can help you verify that your device has not been tampered with before you use it.

Validating NFC tags includes using the Snowball Edge client to generate a device-specific QR code to verify that the tags you're scanning are for the right device. For information, see Getting Your QR Code for NFC Validation.

The following procedure describes how to validate the NFC tags on a Snowcone device. Before you get started, make sure you've performed the following first steps of the getting started exercise:

  1. Create your first job. For more information, see Creating a job to order a Snow Family device.

  2. Receive the device.

  3. Connect to your local network.

  4. Get your credentials and tools. For more information, see Getting Credentials.

  5. Download and install the Snowball Edge client. For more information, see Using the Amazon Snowball Edge Client.

To validate the NFC tags in an Amazon Snowcone device
  1. Run the snowballEdge get-app-qr-code Snowball Edge client command. For more information on using this command, see Getting Your QR Code for NFC Validation.

    The QR code is saved to a location of your choice as a .png file.

  2. Navigate to the .png file that you saved, and open it so that you can scan the QR code with the app.

  3. To scan the NFC tags with your phone, download and install the Snowcone Verification App. Download the app from the Google Play store if you are using an Android phone.

  4. Start the app, and follow the on-screen instructions.

You've now successfully scanned and validated the NFC tags for your device.

If you encounter issues while scanning, try the following:

  • Download the app on another phone, and try again.

  • Move the device to an isolated area of the room, away from interference from other NFC tags, and try again.

  • If issues persist, contact Amazon Web Services Support.