Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014
-
Upload
amazon-web-services -
Category
Travel
-
view
512 -
download
0
description
Transcript of Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014
![Page 1: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/1.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Security Assurance: DoD Community
Chris Gile
Bill [email protected]
![Page 2: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/2.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security in the Cloud
Bill MurraySr. Manager AWS Security Programs
![Page 3: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/3.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Different Customer Viewpoints on Security
Public Affairskeep out of the news
Leaderprotect shareholder
value
CI{S}Opreserve the
confidentiality, integrity and availability of data
![Page 4: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/4.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security Is Our No.1 PriorityComprehensive Security Capabilities to Support Virtually Any Workload
PEOPLE & PROCEDURES
NETWORK SECURITY
PHYSICAL SECURITY
PLATFORM SECURITY
![Page 5: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/5.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
SECURITY IS SHARED
![Page 6: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/6.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
![Page 7: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/7.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
WHAT WE DO
FOR YOU
WHAT YOU DO YOURSELF
![Page 8: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/8.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
EVERY CUSTOMER HAS ACCESS
TO THE SAME SECURITY
CAPABILITIES
CHOOSE WHAT’S RIGHT FOR YOUR ENTERPRISE
![Page 9: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/9.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
“Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers”
Tom Soderstrom – CTO NASA JPL
![Page 10: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/10.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS SECURITY OFFERS MORE
VISIBILITY
AUDITABILITY
CONTROL
![Page 11: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/11.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
MORE VISIBILITY
![Page 12: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/12.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
CAN YOU MAP YOUR NETWORK?
WHAT IS IN YOUR ENVIRONMENT
RIGHT NOW?
![Page 13: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/13.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 14: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/14.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 15: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/15.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
TRUSTED ADVISOR
![Page 16: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/16.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 17: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/17.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
MORE AUDITABILITY
![Page 18: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/18.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 19: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/19.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS CLOUDTRAILNOW IN
EU-W
EST
![Page 20: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/20.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
You are making API calls...
On a growing set of services around
the world…
CloudTrail is continuously recording API
calls…
And delivering log files to you
![Page 21: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/21.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security AnalysisUse log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns.
Track Changes to AWS ResourcesTrack creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes.
Troubleshoot Operational IssuesQuickly identify the most recent changes made to resources in your environment.
Compliance AidEasier to demonstrate compliance with internal policies and regulatory standards.
![Page 22: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/22.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
LOGSOBTAINED, RETAINED,
ANALYZED
![Page 23: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/23.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
MORE CONTROL
![Page 24: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/24.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Defense in Depth
Multi level security• Physical security of the data centers• Network security• System security• Data security
DATA
![Page 25: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/25.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Security Delivers More Control & GranularityCustomize the implementation based on your business needs
AWS CloudHSM
Defense in depth
Rapid scale for security
Automated checks with AWS Trusted
Advisor
Fine grained access controls
Server side encryption
Multi-factor authentication
Dedicated instances
Direct connection, Storage Gateway
HSM-based key storage
AWS IAM
Amazon VPC
AWS Direct Connect
AWS Storage Gateway
![Page 26: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/26.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
LEAST PRIVILEGE PRINCIPLE
AT AWS
![Page 27: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/27.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
LEAST PRIVILEGE PRINCIPLE
CONFINE ROLES ONLY TO THE MATERIALREQUIRED TO DO SPECIFIC WORK
![Page 28: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/28.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
LEAST PRIVILEGE PRINCIPLE
SEPARATE NETWORKS FOR CORPORATE WORK VS. ACCESSING CUSTOMER DATA
![Page 29: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/29.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
LEAST PRIVILEGE PRINCIPLE
MUST HAVE A BUSINESS NEED-TO-KNOW ABOUT SENSITIVE INFORMATION LIKE DATA CENTER
LOCATIONS
![Page 30: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/30.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
LEAST PRIVILEGE PRINCIPLE
MUST HAVE A BUSINESS NEED-TO-KNOW IN ORDER TO ACCESS DATA CENTERS
![Page 31: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/31.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
SIMPLE SECURITY CONTROLS
ARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT, AND EASIEST TO ENFORCE
![Page 32: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/32.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 33: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/33.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS IAMIDENTITY & ACCESS MANAGEMENT
BEST PRACTIC
E
![Page 34: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/34.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
CONTROL WHO CAN DO WHAT
WITH YOUR AWS ACCOUNT
![Page 35: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/35.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 36: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/36.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
MFA DELETE PROTECTIONBEST P
RACTICE
![Page 37: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/37.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 38: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/38.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
YOUR DATA STAYSWHERE YOU PUT IT
![Page 39: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/39.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 40: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/40.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
USE MULTIPLE AZs
AMAZON S3
AMAZON DYNAMODB
AMAZON RDS MULTI-AZ
AMAZON EBS SNAPSHOTS
BEST PRACTIC
E
![Page 41: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/41.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
DATA ENCRYPTIONCHOOSE WHAT’S RIGHT FOR YOU:
Automated – AWS manages encryption Enabled – user manages encryption using AWS
Client-side – user manages encryption using their own mean
![Page 42: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/42.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS CloudHSM
Managed and monitored by AWS, but you control the keys
Increase performance for applications that use HSMs for key storage or encryption
Comply with stringent regulatory and contractual requirements for key protection
EC2 Instance
AWS CloudHSM
AWS CloudHSM
![Page 43: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/43.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
ENCRYPT YOUR DATA
AWS CLOUDHSM
AMAZON S3 SSE
AMAZON GLACIER
AMAZON REDSHIFT
AMAZON RDS
BEST PRACTIC
E
![Page 44: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/44.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
MORE AUDITABILITY
MORE VISIBILITY
MORE CONTROL
![Page 45: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/45.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
IDC Survey
Attitudes and Perceptions Around Security and Cloud Services
Nearly 60% of organizations agreed that CSPs [Cloud Service Providers] provide better security than their own IT organization
Source: IDC 2013 U.S. Cloud Security Survey
Doc #242836, September 2013
![Page 46: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/46.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS.AMAZON.COM /
SECURITY
![Page 47: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/47.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
RISK & COMPLIANCE
AUDITING SECURITY CHECKLIST
SECURITY PROCESSES
SECURITY BEST PRACTICES
AWS Security Whitepapers
![Page 48: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/48.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Security Assurance: DoD Community
Chris Gile
![Page 49: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/49.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Increasing Security and
Operating Requirement
s
DoD Cloud Security Model(Administered via DISA)
15 FedRAMP Compliant CSP1
10 – IaaS, 3- PaaS, 2- SaaS
FedRAMP Authority to OperateCSM ATO Levels 1-2
(Public)
CSM ATO Levels 3-5
(NIPR)
CSM ATO Level 6 (SIPR)
1
2
3
4
5
6
Providers are a mix of IaaS, PaaS, SaaS(Initial Focus on IaaS)
3 ProvisionalAuthorizations
granted1
0 Provisional
Authorization granted2
100’s of Cloud Service Providers
(CSP)
System-Specific
ATO
John DoeDoD DAA
The DoD provisionally authorized
commercial CSP offering is eligible to be included in
the Enterprise Cloud Service
Catalog
1 Source: http://www.gsa.gov/portal/content/131931
2 Provisional ATO granted as of 2/15/2014
Cloud Services ProviderDoD Cloud Security Model (CSM) - ATO Process
![Page 50: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/50.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Shared Security Responsibility
• AWS & Customers both have security/compliance obligations
• Logical assessment & accreditation boundaries
• How are our ATOs consumed?– Agencies & Partners
Cross-service Controls
Service-specific Controls
Managed by AWS
Managed by Customer
Compliance of the Cloud
Compliance in the Cloud
Cloud Service Provider Controls
Optimized Network/OS/App Controls
![Page 51: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/51.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Availability Zone C
Sample US Region
- Multiple Isolated locations within a Region
- Availability Zone = 1 or more “data center”
- Independent Failure Zone
- Physically separated
- On separate Low Risk Flood Plains
- Discrete UPS
- Onsite backup generation facilities
- Fed from different segments of utility provider
- Redundantly connected to multiple tier-1 ISP’s
- No “Disaster Recovery Datacenter”
- Built for Continuous Availability
- Customer decides Availability Zone for Compute
~ DoD Data Center
Availability Zone B
Availability Zone A
AWS Availability Zone (AZ) View
![Page 52: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/52.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS FedRAMP Program• AWS has two Agency ATOs granted by HHS; assessment reviewed by HHS, FDA, CDC, and NIH covering:
– All AWS US Regions (US East/West, & GovCloud (US))
– EC2, S3, EBS, VPC, IAM
– New: Amazon Redshift (US East/West only)
• Assessed against all FedRAMP-Moderate controls (298)
• Agency ATO packages have reciprocity with federal agencies
• AWS will directly field FedRAMP package requests from all customers, though agencies can still request AWS FedRAMP package from FedRAMP PMO if desired
– AWS provides customers a FedRAMP SSP Template, inherited/shared control matrix, as well as FedRAMP package
• AWS Security Assurance supports the lifecycle of customer engagements with supporting personnel and resources
cloud.cio.gov/fedramp/amazon
![Page 53: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/53.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS DoD CSM Program• 2/6/14 Provisional Authorization for Levels 1-2 • DISA managed Cloud Security Model (CSM)• 68 additional control enhancements overlaid on
FedRAMP Moderate• Partners have achieved MAC II Sensitive DIACAP ATOs
![Page 54: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/54.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Building Solutions on AWS• Partners & Agencies can leverage FedRAMP compliant AWS• AWS’ FedRAMP package covers AWS infrastructure and underlying
management of services• Partner’s FedRAMP package includes inherited controls; shared
controls documents partner’s application/service built on AWS• To support partners we can provide:
– Partner FedRAMP package: ATO Letters, CIS spreadsheet, FIPS 199, etc.– SSP Template: Pre-populated with inherited control language, guidance on
completing shared controls– ATO Letters as stand alone documents– Support: Security Solutions Architects, Security Assurance Architects,
Professional Services
![Page 55: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/55.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Documentation Support
• AWS Package is specific to the AWS Infrastructure
• Partner’s Package is specific to the Partner’s Application or managed services
• Inherited vs. Shared Controls
![Page 56: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/56.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Certifications & Compliance• AWS Environment
– SOC 1/2/3
– ISO 27001 Certification
– Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider
– FedRAMP (up to Moderate)
– AWS GovCloud (US) – ITAR compliant region
• Customers have deployed various compliant applications– Sarbanes-Oxley (SOX)
– HIPAA (healthcare)
– FISMA/FedRAMP (US Federal Government)
– DIACAP – up to MAC II Sensitive
– International Traffic in Arms Regulations (ITAR)
![Page 57: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/57.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Customer Resources• Whitepapers
– Risk & Compliance Whitepaper– Overview of Security Processes– “Security at Scale” series
• Governance in AWS• Logging in AWS
• Template– FedRAMP SSP Template
• Workbooks– FISMA-High– CJIS
![Page 58: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/58.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Other Compliance Programs
• FISMA-High Handbook– Workbook available for partners under NDA– 84 additional control enhancements [21 inherited, 54
shared, 9 customer]
• CJIS Handbook– Available under NDA– 121 security requirements; 10 inherited, 87 shared,
and 24 customer-responsible requirements
• Both are partner-based approaches to build a portfolio of authorizations
![Page 59: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/59.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Compliance & Security Centers• Answers to many security and compliance
questions• Security whitepaper• Risk and Compliance whitepaper• Overview of Security Processes whitepaper• “Security at Scale” whitepaper series
• Security bulletins• Customer penetration testing requests• Security best practices• Request more information by contacting us
aws.amazon.com/securityaws.amazon.com/compliance
![Page 60: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/60.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Additional AWS Security & Compliance References
• https://aws.amazon.com/security• https://aws.amazon.com/compliance• https://aws.amazon.com/compliance/#whitepapers • https://aws.amazon.com/compliance/fedramp-faqs• https://aws.amazon.com/govcloud-us • https://aws.amazon.com/documentation • https://aws.amazon.com/iam
![Page 61: Move Away From the Worry-Based Fiction of the Cloud - AWS Washington D.C. Symposium 2014](https://reader038.fdocuments.in/reader038/viewer/2022110115/54b6c6454a795991608b45d2/html5/thumbnails/61.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Thank YouChris Gile
Bill [email protected]