Compliance and Security in a Cloud-First Era

Similar documents
AWS Data Security Security Update

Getting started with AWS security

Introduction to AWS GoldBase

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Security & Compliance in the AWS Cloud. Amazon Web Services

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Mid-Atlantic CIO Forum

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Awareness Technologies Systems Security. PHONE: (888)

Layer Security White Paper

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Certificate Certificate number:

Twilio cloud communications SECURITY

Certificate. Certificate number: Certified by EY CertifyPoint since: February 28, 2017

Information Security at Veritext Protecting Your Data

Certificate. Certificate number: Certified by EY CertifyPoint since: November 20, 2015

GEANT Cloud Framework Agreement

zsah Cloud Offering Security FAQ In partnership with Clearswift

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Cloud Transformation and Significance of Security

Getting started with AWS security

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

10 Considerations for a Cloud Procurement. March 2017

Global Deployment of SD-WAN. Mike Howell October 2017

Dimension Data IaaS Services. Gary Ramsay

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

Whitepaper on EU Data Protection October 2014

Getting Started with AWS Security

Deploying to the Cloud: A Case study on the Development of EHNAC s Cloud Enabled Accreditation Program (CEAP)

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Accelerating the HCLS Industry Through Cloud Computing

Microsoft Azure Security, Privacy, & Compliance

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

Title: Planning AWS Platform Security Assessment?

Hosting Your Data. Website Hosting, Security, Data Protection & Information Governance (IG)

ISO/IEC ISO/IEC White Paper

ASD CERTIFICATION REPORT

Magento GDPR Frequently Asked Questions

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

EO Ground Segment Evolution Reflections by

A compliance journey to the cloud how to build a medical cloud platform regulatory- and ISO27000-compliant. Carl Zeiss Meditec AG Thorsten Bischoff

Certificate of Approval

BSI C5 Status Quo. Dr. Clemens Doubrava, BSI,

Better, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services

Amazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

KantanMT.com. Security & Infra-Structure Overview

Compliant. Secure. Dependable.

Security Architecture Models for the Cloud

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Automate sharing. Empower users. Retain control. Utilizes our purposebuilt cloud, not public shared clouds

about us bandwidth changes everything

The Added Value of IBM for your Business Continuity Management Program. Paul Heinz GTS BCRS Business Manager. IBM Global Services

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti

Custom hosting solutions orchastrated for your needs.

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

locuz.com SOC Services

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

hybrid cloud for science Kickoff Phase 3 Pilot FeBRUARY, 6 th / 7 th 2018 Team T-Systems/Huawei/Cyfronet/Divia

The Nasuni Security Model

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

LOGmanager and PCI Data Security Standard v3.2 compliance

Continuous Innovation DevOps and agile Deployment with AWS. Mickael Zewde

The Common Controls Framework BY ADOBE

OptiSol FinTech Platforms

EU General Data Protection Regulation (GDPR) Achieving compliance

Cisco Cloud Security Privacy Data Sheet

Morgan Independent Software Vendor Lead

Cloud Computing Lectures. Cloud Security

ISO Implementation

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Tieto Compliance Cloud For a more secure IT environment

AT FIRST VIEW C U R R I C U L U M V I T A E. Diplom-Betriebswirt (FH) Peter Konrad. Executive Partner Senior Consultant

CONTINUOUS COMPLIANCE. Your next cloud compliance audit could be your last. With LayerV s Continuous Compliance Service you re covered

HP Education Services Bulgaria

NAVIFY. Cloud Security with the NAVIFY Tumor Board. Compliant. Secure. Dependable.

La certificazione ISO27001

Cogeco Peer 1 PCI DSS Compliance. Overview

Estonian Security System Overview

PCI DSS Compliance. White Paper Parallels Remote Application Server

Compliance & Security in Azure. April 21, 2018

CC withinthe Context of the EU Privacy Seal - EuroPriSe

Intermedia s Private Cloud Exchange

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Security Principles for Stratos. Part no. 667/UE/31701/004

IT Attestation in the Cloud Era

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

Cisco Meraki Privacy and Security Practices. List of Technical and Organizational Measures

TÜV Informationstechnik GmbH

Transcription:

Compliance and Security in a Cloud-First Era

Regions: Dublin (EU-West) 3 x Availability Zones Launched in 2007 Frankfurt (EU-Central) 2 x Availability Zones Launched 2014 Edge Locations: Amsterdam, The Netherlands (2), Dublin, Ireland, Frankfurt, Germany (3), London, England (3), Madrid, Spain, Marseille, France, Milan, Italy, Paris, France (2), Stockholm, Sweden, and Warsaw, Poland Direct Connect POPs: Dublin, London, Frankfurt

Customers shared responsibility Customer applications & content Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Customers are responsible for their security IN the Cloud AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

Customers Customer content Platform & Applications Management Operating System, Network & Firewall Configuration Client-Side Data encryption & Data Integrity Authentication Server-Side Encryption Fire System and/or Data Network Traffic Protection Encryption / Integrity / Identity Customer IAM Managed by AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Optional Opaque data: 1 s and 0 s (in transit/at rest) Availability Zones Regions Edge Locations AWS IAM Managed by

Customers Client-Side Data encryption & Data Integrity Authentication Customer content Network Traffic Protection Encryption / Integrity / Identity Optional Opaque data: 1 s and 0 s (in transit/at rest) Platform & Applications Management Operating System, Network Configuration Firewall Configuration Customer IAM Managed by Managed by AWS Foundation Services Compute Storage Database Networking AWS IAM AWS Global Infrastructure Availability Zones Regions Edge Locations

Customers Managed by Optional Opaque Data: 1 s and 0 s (in flight / at rest) AWS Foundation Services Customer content Client-Side Data Encryption & Data Integrity Authentication Server Side Encryption by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit Platform & Applications Management Operating System, Network & Firewall Configuration Compute Storage Database Networking AWS IAM Managed by AWS Global Infrastructure Availability Zones Regions Edge Locations

Security cannot be a blocker of innovative business

We ll also see organizations adopt cloud services for the improved security protections and compliance controls that they otherwise could not provide as efficiently or effectively themselves. - Security s Cloud Revolution Is Upon Us, Forrester Research, Inc., August 2, 2013

Singapore MTCS

Customers Your own accreditation Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts AWS Foundation Services Compute Storage Database Networking Built on AWS consistent baseline controls AWS Global Infrastructure Availability Zones Regions Edge Locations

TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA

Defining the information domain Structure analysis Modeling the domain Based on the whitepaper IT Grundschutz compliance on Amazon Web Services. TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 30

Source: BSI-Standard 100-1, Information Security Management Systems (ISMS), Version 1.5, p. 10 TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 31

Information domain: infrastructure, organization, staff and technical objects that are used for information processing. Organization Infrastructure IT systems Applications Employees Information domain can include: entire institutions or single areas or focus on e.g. certain applications. Information domain is essentially the scope of an ISMS and the related certification. Noteworthy: IT Grundschutz is certified on the basis of ISO 27001; therefore, IT Grundschutz is fully compatible with ISO 27001 and 27002. TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 32

Detailed description of any part of the information domain. Generally based on a network plan. When using external providers ( outsourcing ), interfaces must be included in the documentation. Result: a list of components that are relevant for the IT Grundschutz methodology. In an AWS context, the components are located both at the customer and at AWS. TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 33

Security IN the cloud Responsibility of the customer As customers retain control of what security they choose to implement to protect their own: content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter Security OF the cloud Security of the cloud refers to how AWS manages the security of the cloud s underlying infrastructure. AWS operates, manages and controls the components from the host operating system and virtualization layer down to the physical security of the facilities in which the AWS services operate Conclusion - IT Grundschutz modules to be addressed by the customer (security in the cloud) Modules to be delivered by AWS (security of the cloud). TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 34

Replicating the information domain using the modules and related instructions found in the IT Grundschutz catalogues. Modules are used for structuring the recommendations of the IT- Grundschutz catalogues into: technical components or organizational measures, with respective security measures. Based on protection requirements of the components. Examples for modules that need to be addressed by the customer: M 1.11 Outsourcing M 1.12 Archiving TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 35

The customer does not have to implement the respective modules if a task has been completely transferred to AWS. Some modules need to be addressed by both sides. Examples for modules that need to be addressed by AWS: M 2.1 General building M 2.2 Electric cabling M 2.9 Data centers M 2.12 IT-cabling The Whitepaper IT Grundschutz compliance on Amazon Web Services contains more details on modules. TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 36

Contents of the whitepaper: Abstract Section 1 Customer View Description of the IT-Grundschutz catalogues to be modeled Modules to be addressed by the customer Implementing catalogue M 1.11 Outsourcing Modules to be delivered by AWS Section 2 AWS View Description of what needs to be provided by the customer Covering requirements with existing AWS certifications or measures AWS Alignment to BSI IT-Grundschutz TÜV TRUST IT GmbH Unternehmensgruppe TÜV AUSTRIA Page 37

Company: UK-based global communications platform for call centers to capture communications data Challenge: must comply with PCI DSS so their customers can process payment card data on the platform Results: PCI certified on AWS; also SOC 1 Type 2 audited, ISO 27001 certified http://d36cz9buwru1tt.cloudfront.net/cognia-case-study.pdf

Company: France-based insurance and healthcare coverage company, responsible for secure use and storage of confidential customer information Challenge: move critical IT to AWS and comply with the Solvency II Directive (EU insurance regulation) Results: Moved to AWS, realized cloud benefits (financial, security, scalability, availability, resiliency) and remain fully compliant with Solvency II and other compliance requirements. They are moving their other environments onto AWS. http://aws.amazon.com/solutions/case-studies/smatis/

https://run.qwiklab.com/

awscompliance

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback