Security & Compliance in the AWS Cloud. Amazon Web Services

Similar documents
Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Expected Learning Outcomes Introduction To AWS

Getting started with AWS security

Introduction to Amazon Cloud & EC2 Overview

Getting Started with AWS Security

Getting started with AWS security

Energy Management with AWS

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Vernetzte Fahrerassistenzsysteme (BMW + AWS ) Hazard Preview

Joakim Stolpe AWS Nordics

Grischa Baelden AWS Public Sector Account Manager, DACH. Brendan Bouffler. Worldwide Research and Technical Computing Lead

Amazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect

Amazon Linux: Operating System of the Cloud

Cloud and Storage. Transforming IT with AWS and Zadara. Doug Cliche, Storage Solutions Architect June 5, 2018

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz

AWS Well Architected Framework

Architecting for Greater Security in AWS

Morgan Independent Software Vendor Lead

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Introduction to Amazon Cloud & EC2 Overview

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Cloud Transformation and Significance of Security

AWS 101. Patrick Pierson, IonChannel

Hyper scale Infrastructure is the enabler

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Training on Amazon AWS Cloud Computing. Course Content

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

Enroll Now to Take online Course Contact: Demo video By Chandra sir

AWS Solution Architect Associate

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect

Introduction to AWS GoldBase

AWS Data Security Security Update

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Introduction to Cloud Computing

Certificate of Registration

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Cloud security 2.0: Joko nyt pilveen voi luottaa?

High School Technology Services myhsts.org Certification Courses

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Title: Planning AWS Platform Security Assessment?

Intermedia s Private Cloud Exchange

Amazon Web Services Training. Training Topics:

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Azure Everywhere. Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

Amazon Web Services (AWS) Training Course Content

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

About Intellipaat. About the Course. Why Take This Course?

Vom Server bis zum WorkSpace: Windows Anwendungen auf AWS

Developing Microsoft Azure Solutions (70-532) Syllabus

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Security by Design Running Compliant workloads in AWS

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security

Netflix OSS Spinnaker on the AWS Cloud

Accelerating the HCLS Industry Through Cloud Computing

COMPLIANCE IN THE CLOUD

CYBER SECURITY WHITEPAPER

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Microsoft Azure. The cloud platform for digital transformation

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Cloud Analytics and Business Intelligence on AWS

Migrating to the Cloud

Werden Sie ein Teil von Internet der Dinge auf AWS. AWS Enterprise Summit 2015 Dr. Markus Schmidberger -

INTRO TO AWS: SECURITY

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

VMware Cloud on AWS Adoption in the Enterprise

TECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA

BE AN SAP SUPER HERO

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Cloud Computing /AWS Course Content

Exam : Implementing Microsoft Azure Infrastructure Solutions

Cloud Customer Architecture for Securing Workloads on Cloud Services

AWS Reference Design Document

Architecting Microsoft Azure Solutions (proposed exam 535)

Amit Panchal Enterprise Technology Strategist

Securing Microservices Containerized Security in AWS

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

CS15-319: Cloud Computing. Lecture 3 Course Project and Amazon AWS Majd Sakr and Mohammad Hammoud

Developing Microsoft Azure Solutions (70-532) Syllabus

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

10 Considerations for a Cloud Procurement. March 2017

Corriendo R sobre un ambiente Serverless: Amazon Athena

Amazon Web Services. For Government, Education, and Nonprofit Organizations

The AWS Mission. Enable businesses and developers to use web services to build scalable, sophisticated applications.

AUTOMATE THE DEPLOYMENT OF SECURE DEVELOPER VPCs

Splunk & Amazon Web Services

Transcription:

Security & Compliance in the AWS Cloud Amazon Web Services

Our Culture Simple Security Controls

Job Zero

AWS Pace of Innovation AWS has been continually expanding its services to support virtually any cloud workload and now has more than 70 services that range from compute, storage, networking, database, analytics, application services, deployment, management and mobile 722 280 48 82 2009 2011 2013 2015

TECHNICAL & BUSINESS SUPPORT Support Professional Services Partner Ecosystem Training & Certification Solutions Architects HYBRID ARCHITECTURE Integrated Networking Direct Connect Identity Federation Integrated App Deployments Business Apps ANALYTICS Data Warehousing Business Intelligence Hadoop/ Spark Streaming Data Analysis Streaming Data Collection Machine Learning Elastic Search Identity Management Business Intelligence APP SERVICES Access Control Queuing & Notifications Workflow Search Email Transcoding DevOps Tools Key Management & Storage MOBILE SERVICES API Gateway Identity Sync Mobile Analytics Single Integrated Console Push Notifications MARKETPLACE Security DEVELOPMENT & OPERATIONS One-click App Deployment DevOps Resource Management Application Lifecycle Management Containers Triggers SECURITY & COMPLIANCE Monitoring & Logs Resource Templates Configuration Compliance Networking Web application firewall Databases IoT Rules Engine Device Shadows Device SDKs Device Gateway Registry Assessment and reporting Storage ENTERPRISE APPS Virtual Desktops Sharing & Collaboration Corporate Email Backup Resource & Usage Auditing Account Management Data Backups Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export CORE SERVICES CDN Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS Security & Pricing Reports Integrated Resource Management Regions INFRASTRUCTURE Availability Zones Points of Presence

SHARED

exactly GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

Customers decide how to implement Customer applications & content Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Customers have their choice of security configurations IN the Cloud AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

SECURITY IS VISIBILITY AND AUDITABILITY

How often do you map your network? RIGHT NOW?

AWS CLOUDTRAIL AWS CloudFormation Redshift AWS Elastic Beanstalk You are making API calls... On a growing set of services around the world AWS CloudTrail is continuously recording API calls And delivering log files to you

Changing Resources Recording AWS Config Continuous Change History Stream AWS Config Snapshot (ex. 2014-11-05)

SECURITY IS CONTROL

(USERS, RESOURCES,CONTENT)

Control access and segregate duties everywhere With AWS Identity Access Management you get to control who can do what in your AWS environment and from where Fine-grained control of your AWS cloud with two-factor authentication Integrate with your existing corporate directory using SAML 2.0 and single sign-on AWS account owner Network management Security management Server management Storage management

you put it US-WEST (Oregon) AWS GovCloud (US) EU-WEST (Ireland) EU-CENTRAL (Frankfurt) ASIA PAC (Korea) ASIA PAC (Tokyo) US-EAST (Virginia) CHINA (Beijing) US-WEST (N. California) ASIA PAC (Mumbai) ASIA PAC (Sydney) 13 Regions 35 Availability Zones 59 Edge Locations SOUTH AMERICA (Sao Paulo) ASIA PAC (Singapore)

Availability Zone A Availability Zone B Create your own private, isolated section of the AWS cloud AWS Virtual Private Cloud Provision a logically isolated section of the AWS cloud You choose a private IP range for your VPC Segment this into subnets to deploy your compute instances AWS network security AWS network will prevent spoofing and other common layer 2 attacks You cannot sniff anything but your own EC2 host network interface Control all external routing and connectivity

connect resiliently and in private Digital Websites Dev and Test Internet VPN Big Data Analytics Enterprise Apps YOUR AWS ENVIRONMENT AWS Direct Connect YOUR PREMISES

AWS Key Management Service Encryption key management and compliance made easy PCI DSS SP L1 Compliant Under-going FIPS140-2 Integrated with AWS Services (e.g. S3, EBS, RDS, Redshift, CloudTrail, EMR) Highly Available and durable

AUDIT EVERYTHING

Auditors

Governance Fine-grained visibility and control for accounts, resources, data Geographic data locality Visibility into resources and usage Control over deployment Control over regional replication Fine-grained access control Policies, resource level permissions, temporary credentials Service Describe* APIs and AWS CloudWatch In-depth logging AWS CloudTrail and Config AWS CloudFormation

COMPLIANCE

More accreditations & certifications than anyone SOC 1 / ISAE 3402 SOC 2 SOC 3 HIPAA CJIS DoD SRG Levels 2 & 4 MLPS Level 3 MTCS Tier 3 IRAP ISO 27001 ISO 9001 ISO 27018 GxP ITAR FERPA Section 508 / VPAT NIST FISMA, RMF, and DIACAP FedRAMP ISO 27017 PCI DSS Level 1 FIPS 140-2 G-Cloud IT-Grundschutz MPAA Cloud Security Alliance Cyber Essentials Plus

evidence

Data Sovereignty & Privacy You retain control and ownership of your content Choose your AWS region and adhere to data sovereignty laws Compliant with ISO 27001, ISO 27017, ISO 27018 Encrypt your data using AWS Services or using your own

Vibrant Partner Ecosystem Infrastructure Security Logging and Monitoring Identity and Access Control Configuration and Vulnerability Analysis Data Protection SaaS SaaS SaaS

Job Zero BETTER IN AWS

Event @ AWS Booth 설문조사이벤트 설문조사를작성하시는분들에게, AWS 티셔츠를드립니다! CLOUDSEC PoC 신청이벤트 PoC 를신청하시는분들에게, 무료컨설팅과보조배터리를드립니다!

AWS CLOUD SECURITY PARTNER In order to secure your valuable data, MEGAZONE is working together with its No.1 PARTNERS, AWS and TrendMicro, in providing diverse services. No 1. PREMIER PARTNER No 1. SECURITY PARTNER No1. Biz PARTNER

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback