AWS Security & Compliance



Similar documents
SECURITY IS JOB ZERO. Security The Forefront For Any Online Business Bill Murray Director AWS Security Programs

Introduction to Amazon Web Services! Leo Senior Solutions Architect

Introduction to AWS in Higher Ed

CLOUD COMPUTING FOR THE ENTERPRISE AND GLOBAL COMPANIES Steve Midgley Head of AWS EMEA

Security Essentials & Best Practices

How To Use Aws.Com

Leveraging the Hybrid Cloud For Complete Data Protec:on. Private Public Managed

AWS Benefits, Regions & Across. Paul Yung Head of Territory Development HK, Macau & TW pyung@amazon.com

Service Organization Controls 3 Report

Introduction to DevOps on AWS

AIST Data Symposium. Ed Lenta. Managing Director, ANZ Amazon Web Services

Thing Big: How to Scale Your Own Internet of Things.

Getting Started with SAP BI on AWS

Amazon Web Services Annual ALGIM Conference. Tim Dacombe-Bird Regional Sales Manager Amazon Web Services New Zealand

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

AWS Directory Service. Simple AD Administration Guide Version 1.0

Application Security Best Practices. Matt Tavis Principal Solutions Architect

LONDON. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

MICROSTRATEGY ON AWS

Amazon Cloud Storage Options

PATCH MANAGER what does it do?

Service Organization Controls 3 Report

Extending your Enterprise IT with Amazon Virtual Private Cloud. Oyvind Roti Principal Solutions Architect, AWS

DLT Solutions and Amazon Web Services

Internet Storage Sync Problem Statement

Securing Amazon It s a Jungle Out There

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Financial Services Grid Computing on Amazon Web Services January 2013 Ian Meyers

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Chapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok

Pega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect

Proactively Secure Your Cloud Computing Platform

AWS Key Management Service. Developer Guide

Best Practices for Siebel on AWS

Amazon Web Services. Lawrence Berkeley LabTech Conference 9/10/15. Jamie Baker Federal Scientific Account Manager AWS WWPS

Enterprise IT in the Cloud How to accelerate your business and be an IT hero

AWS for M&E. Bhavik Vyas / bhavikv@amazon.com Amazon Web Services M&E Partner Eco-System Manager DEG Up in the Clouds May 2015

Encrypting Data at Rest

Background on Elastic Compute Cloud (EC2) AMI s to choose from including servers hosted on different Linux distros

Scalable Application. Mikalai Alimenkou

Razvoj Java aplikacija u Amazon AWS Cloud: Praktična demonstracija

AWS Performance Tuning

UNIFIED, END- TO- END EDISCOVERY

ways to enhance security in AWS ebook

Scalability in the Cloud HPC Convergence with Big Data in Design, Engineering, Manufacturing

Case Studies in Solving Testing Constraints using Service Virtualization

PCI on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for PCI on AWS

Cost Optimization with AWS

Primex Wireless OneVue Architecture Statement

Innovative Geschäftsmodelle Ermöglicht durch die AWS Cloud

Amazon Web Services Fredrik Rapp, Partner Manager. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved.

U.S. Securities and Exchange Commission s Office of Compliance Inspections and Examinations (OCIE)

How To Manage An Orgsync Database On An Amazon Cloud 2 Instance

AWS Storage: Minimizing Costs While Retaining Functionality

Amazon Relational Database Service. User Guide API Version

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Enterprise Cloud Security via DevSecOps

Deploying for Success on the Cloud: EBS on Amazon VPC. Phani Kottapalli Pavan Vallabhaneni AST Corporation August 17, 2012

Encryption, Key Management, and Consolidation in Today s Data Center

TECHNOLOGY WHITE PAPER Jan 2016

DoD-Compliant Implementations in the AWS Cloud

AWS CodePipeline. User Guide API Version

Amazon WorkDocs. Administration Guide Version 1.0

AWS Worldwide Public Sector

Migration Scenario: Migrating Backend Processing Pipeline to the AWS Cloud

CLOUD COMPUTING WITH AWS An INTRODUCTION. John Hildebrandt Solutions Architect ANZ

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Servers. Servers. NAT Public Subnet: /20. Internet Gateway. VPC Gateway VPC: /16

Private Cloud Website Solu2on

Using AWS in the context of Australian Privacy Considerations October 2015

How To Protect Your Data From Harm

Data Center Evolu.on and the Cloud. Paul A. Strassmann George Mason University November 5, 2008, 7:20 to 10:00 PM

Microservices on AWS

Financial Services Grid Computing on Amazon Web Services. January, 2016

AWS Well-Architected Framework. October 2015

An Econocom Group company. Your partner in the transi4on towards Mobile IT

UTILIZING CLOUDCHECKR FOR SECURITY

AWS Security Best Practices

AWS Cloud for HPC and Big Data

Compliance for the Road Ahead

AWS Criminal Justice Information Services (CJIS) Workbook

AWS Database Migration Service. User Guide Version API Version

Cloud models and compliance requirements which is right for you?

ArcGIS 10.3 Server on Amazon Web Services

Transcription:

AWS Public Sector Jerusalem 19 Nov 2014 AWS Security & Compliance CJ Moses General Manager, Government Cloud Solu3ons

Security Is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload PHYSICAL SECURITY NETWORK SECURITY PLATFORM SECURITY PEOPLE & PROCEDURES

SECURITY IS SHARED

WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE

WHAT WE DO FOR YOU WHAT YOU DO YOURSELF

EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES CHOOSE WHAT S RIGHT FOR YOUR ENTERPRISE

Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers Tom Soderstrom CTO NASA JPL

IDC Survey APtudes and Percep3ons Around Security and Cloud Services Nearly 60% of organiza3ons agreed that CSPs [Cloud Service Providers] provide beyer security than their own IT organiza3on Source: IDC 2013 U.S. Cloud Security Survey Doc #242836, September 2013

AWS SECURITY OFFERS MORE VISIBILITY AUDITABILITY CONTROL

MORE VISIBILITY

CAN YOU MAP YOUR NETWORK? WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?

TRUSTED ADVISOR

MORE AUDITABILITY

LOGS OBTAINED, RETAINED, ANALYZED

AWS CLOUDTRAIL You are making API calls... On a growing set of services around the world CloudTrail is continuously recording API calls And delivering log files to you

Security Analysis Use log files as an input into log management and analysis solu3ons to perform security analysis and to detect user behavior payerns. Track Changes to AWS Resources Track crea3on, modifica3on, and dele3on of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot Opera@onal Issues Quickly iden3fy the most recent changes made to resources in your environment. Compliance Aid Easier to demonstrate compliance with internal policies and regulatory standards.

MORE CONTROL

Defense in Depth Mul3 level security Physical security of the data centers Network security System security Data security DATA

AWS Security Delivers More Control & Granularity Customize the implementa3on based on your business needs AWS IAM Amazon VPC AWS Storage Gateway AWS Direct Connect AWS CloudHSM Defense in depth Rapid scale for security Automated checks with AWS Trusted Advisor Fine grained access controls Server side encryption Multi-factor authentication Dedicated instances Direct connection, Storage Gateway HSM-based key storage

LEAST PRIVILEGE PRINCIPLE AT AWS

LEAST PRIVILEGE PRINCIPLE CONFINE ROLES ONLY TO THE MATERIAL REQUIRED TO DO SPECIFIC WORK

LEAST PRIVILEGE PRINCIPLE SEPARATE NETWORKS FOR CORPORATE WORK VS. ACCESSING CUSTOMER DATA

LEAST PRIVILEGE PRINCIPLE MUST HAVE A BUSINESS NEED- TO- KNOW ABOUT SENSITIVE INFORMATION LIKE DATA CENTER LOCATIONS

LEAST PRIVILEGE PRINCIPLE MUST HAVE A BUSINESS NEED- TO- KNOW IN ORDER TO ACCESS DATA CENTERS

SIMPLE SECURITY CONTROLS ARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT, AND EASIEST TO ENFORCE

AWS IAM IDENTITY & ACCESS MANAGEMENT

CONTROL WHO CAN DO WHAT WITH YOUR AWS ACCOUNT

MFA DELETE PROTECTION

YOUR DATA STAYS WHERE YOU PUT IT

AWS Global Infrastructure! 11 Regions 28 Availability Zones 54 Edge Locations

USE MULTIPLE AZs AMAZON S3 AMAZON DYNAMODB AMAZON RDS MULTI- AZ AMAZON EBS SNAPSHOTS

ENCRYPT YOUR DATA AWS CLOUDHSM AWS Key Management Service AMAZON EBS AMAZON S3 SSE AMAZON GLACIER AMAZON REDSHIFT AMAZON RDS

DATA ENCRYPTION CHOOSE WHAT S RIGHT FOR YOU: Automated AWS manages encryp3on (e.g. S3 SSE) Enabled user manages encryp3on using AWS (e.g. AWS CloudHSM, AWS KMS) Client- side user manages encryp3on using their own means

AWS CloudHSM Managed and monitored by AWS, but you control the keys AWS CloudHSM Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection EC2 Instance AWS CloudHSM

AWS Key Management Service Managed service that makes it easy for you to create and control the encryp3on keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. Integrated with other AWS services including Amazon EBS, Amazon S3, Amazon Redshim and AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.

AWS CodeDeploy AWS CodeDeploy is a service that automates code deployments to Amazon EC2 instances. AWS CodeDeploy makes it easier for you to rapidly release new features, helps you avoid down3me during deployment, and handles the complexity of upda3ng your applica3ons. You can use AWS CodeDeploy to automate deployments, elimina3ng the need for error- prone manual opera3ons, and the service scales with your infrastructure so you can easily deploy to one EC2 instance or thousands. AWS CodeCommit AWS CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. CodeCommit eliminates the need for you to operate your own source control system or worry about scaling its infrastructure. You can use CodeCommit to store anything from code to binaries, and it supports the standard func3onality of Git allowing it to work seamlessly with your exis3ng Git- based tools. Your team can also use CodeCommit s online code tools to browse, edit, and collaborate on projects. CodeCommit will be available in early 2015. AWS CodePipeline AWS CodePipeline is a con@nuous delivery and release automa@on service that aids smooth deployments. You can design your development workflow for checking in code, building the code, deploying your applica3on into staging, tes3ng it, and releasing it to produc3on. You can integrate 3rd party tools into any step of your release process or you can use CodePipeline as an end- to- end solu3on. CodePipeline enables you to rapidly deliver features and updates with high quality through the automa3on of your build, test, and release process. CodePipeline will be available in early 2015.

MORE AUDITABILITY MORE VISIBILITY MORE CONTROL

AWS Security Whitepapers AUDITING SECURITY CHECKLIST SECURITY BEST PRACTICES SECURITY PROCESSES RISK & COMPLIANCE

AWS Government Jerusalem 19 Nov 2014! Thank You! CJ Moses General Manager, Government Cloud Solu3ons AWS.AMAZON.COM / SECURITY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information