IP Expo 2009 - Dell Services Deliver Virtualisation in the Real World
AWS Security & Compliance in the AWS Cloud IP Expo 2013
-
Upload
amazon-web-services -
Category
Technology
-
view
640 -
download
0
description
Transcript of AWS Security & Compliance in the AWS Cloud IP Expo 2013
![Page 1: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/1.jpg)
Amazon Web Services Security & Compliance Overview
Dob Todorov Principal Security & Compliance Architect EMEA
![Page 2: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/2.jpg)
undifferentiated heavy lifting
![Page 3: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/3.jpg)
utility computing
![Page 4: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/4.jpg)
Hundreds of Thousands of Customers in 190 Countries…
![Page 5: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/5.jpg)
US West (Northern California)
US East (Northern Virginia)
EU (Ireland)
Asia Pacific (Singapore)
Asia Pacific (Tokyo)
AWS Regions
AWS Edge Locations
GovCloud (US ITAR Region)
US West (Oregon)
South America (Sao Paulo)
Asia Pacific (Sydney)
![Page 6: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/6.jpg)
A B
A B
C
A B
C
A B
C A B
A B A B A B
US West (Northern California)
US West (Oregon)
South America (Sao Paolo)
Asia Pacific (Singapore)
EU West (Dublin)
US East (Virginia)
Asia Pacific (Tokyo)
Asia Pacific (Australia)
![Page 7: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/7.jpg)
Personal Data Protection in Europe
• EC Directive 95/46/EC: Personal Data Protection • Use Amazon Web Services Dublin Region
• Safe Harbour EU Compliant
• Safe Harbour Switzerland Compliant
![Page 8: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/8.jpg)
The Shared Responsibility Model in the Cloud
Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Client-side Data Encryption & Data Integrity Authentication
Server-side Encryption (File System and/or Data)
Network Traffic Protection (Encryption/Integrity/Identity)
Optional -- Opaque Data: 0s and 1s (in flight/at rest)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
![Page 9: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/9.jpg)
User Identification, Authentication and Authorisation in the Cloud
Amazon Identity &
Access Management
IAM Users
EC2
DynamoDB
S3
Active Directory/
LDAP
AD/LDAP Users
Enterprise
Applications
Corporate
Systems
![Page 10: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/10.jpg)
User Identification, Authentication and Authorisation in the Cloud
Amazon Identity &
Access Management
Access Token for
Federated
Access
EC2
DynamoDB
S3
Active Directory/
LDAP
AD/LDAP Users
Enterprise
Applications
Corporate
Systems
![Page 11: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/11.jpg)
The Shared Responsibility Model in the Cloud
Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Client-side Data Encryption & Data Integrity Authentication
Server-side Encryption (File System and/or Data)
Network Traffic Protection (Encryption/Integrity/Identity)
Optional -- Opaque Data: 0s and 1s (in flight/at rest)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
Security OF the Cloud
Security IN the Cloud
![Page 12: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/12.jpg)
Customer-managed Controls on Amazon EC2
OS-level Firewalls/IDS/IPS Systems/Deep Security
Data
Security Groups &
Network Access Control Lists
Industry Standard Protocols:
IPSec, SSL, SSH
OS-level: Encrypted File System,
Bitlocker, dm-crypt, Secure Cloud
Security OF the Cloud
Security IN the Cloud
Applications
Platforms
Operating Systems
Network Security
Encryption of Data at Rest
Encryption of data in Flight
![Page 13: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/13.jpg)
Data Protection at Rest and in Flight
OS-level Firewalls/IDS/IPS Systems/Deep Security
Data
Security Groups &
Network Access Control Lists
Industry Standard Protocols:
IPSec, SSL, SSH
OS-level: Encrypted File System,
Bitlocker, dm-crypt, Secure Cloud
Applications
Platforms
Operating Systems
Network Security
Encryption of Data at Rest
Encryption of data in Flight
Application-level
Encryption
Platform-level
Encryption
Volume-level Encryption
Network Traffic
Encryption
![Page 14: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/14.jpg)
AWS Certifications & Accreditations
SOC 1 (SSAE 16 & ISAE 3402) Type II Audit
SOC 2
SOC 3 Audit (new in 2013)
ISO 27001
Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider
Security IN the Cloud
Security OF the Cloud
![Page 15: AWS Security & Compliance in the AWS Cloud IP Expo 2013](https://reader036.fdocuments.in/reader036/viewer/2022081800/55757850d8b42adb7e8b49c0/html5/thumbnails/15.jpg)
Q&A