Security & Compliance
-
Upload
amazon-web-services -
Category
Technology
-
view
107 -
download
0
Transcript of Security & Compliance
1© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Istanbul
November 8, 2016
Security and Compliance
Toros Gökkurt
Solutions Architect, Amazon Web Services
@torosgokkurt
3© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Overview
AWS audits and attestations
Shared responsibility model
Security control framework of the AWS cloud
AWS security services and features
Security and auditing best practices in the AWS cloud
4© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Security: Top Priority
Customer
Data
Integrity
AWS
Infrastructure
Platforms
Controls
5© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Security: Benefits
Build an environment for the most security- sensitive
organizations.
Benefit ALL customers.
Validate design & operational effectiveness through AWS
third party audits.
6© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AW
S
Responsible for security
‘of’ the cloud
AWS Shared Responsibility Model
Custo
mer
Responsible for security
‘in’ the cloud
Customer Data
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Server-side Encryption(File System and/or Data)
Client-side Data
Encryption & Data
Integrity Authentication
Network Traffic Protection(Encryption / Integrity / Identify)
Compute Storage Database Networking
AWS Global
Infrastructure
Edge
Locations
Regions
Availability Zones
7© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Security of the Cloud
8© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Responsible for security
‘of’ the cloud
Securing Your AWS Infrastructure
Responsible for security
‘in’ the cloud
• AWS Security Services
• Asset Management
• Data Security
• Network Security
• Access Controls
• Physical & Environmental Security
• IT Operations
• Access Controls
• Security Policy & Governance
• Change Management
9© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Physical & Environmental Security: Physical Security
Building
Perimeter and entry
Security staff and surveillance
Two-factor authentication
Escort
10© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Physical & Environmental Security: Environmental Security
Fire detection and suppression
Power
Climate and temperature
Monitoring equipment
Storage device decommissioning
11© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
IT Operations Controls
Audit Logging Capacity
Management
Vulnerability
Management
Incident
Management
Prevent unauthorized
access going undetected
Prevent system
outages
Detect unauthorized
access
Recover and reconstitute
incidents quickly and
effectively
12© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
IT Operations Controls
Backup &
Recovery
Business
Continuity and
Disaster Recovery
Secure
Communication
Data
Management
Prevent loss of critical
dataRespond to & recover
from major disruptions
Prevent sensitive
information from being
disclosed to unauthorized
parties
Detect suspicious
activities & unauthorized
tampering of the system
13© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Access Controls
Segregation
Account Review & Audit
Background Checks
Credentials Policy
Restrict access to
information resources
+Prevent unauthorized
disclosure
14© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Security Policy & Governance Controls
Security
Policy
Risk
Assessment
Training &
Awareness
Guide operations &
information security in the
organization
Mitigate risks & reduce
exposure to
vulnerabilities
Enhance awareness of
AWS policies &
procedures
15© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Security Policy & Governance Controls
Communication Compliance HR Security Third Party
Management
Prevent unauthorized
modification or disclosure
of information
Prevent inadvertent
violation of laws &
regulations
Prevent potential security
breaches resulting from
human resource
Prevent potential
compromise of information
due to misuse
16© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Change Management Controls
Document the change
Communicate the change to the business
Test changes in non-production environments
Review changes for both technical rigor and business impact
Attain approval for the change by authorized team members
17© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Audits & Attestations
Maintain alignment with thousands of global
requirements and best practices.
Validate a ubiquitous security control
environment.
Enable customers to assess their organization’s
compliance with industry and government
requirements.
18© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Security in the Cloud
19© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Responsible for security
‘of’ the cloud
Securing Your AWS Infrastructure
Responsible for security
‘in’ the cloud
• AWS Security Services
• Asset Management
• Data Security
• Network Security
• Access Controls
• Physical & Environmental Security
• IT Operations
• Access Controls
• Security Policy & Governance
• Change Management
20© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Security Services
AWS
CloudHSM
AWS
Config
21© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Security Services
AWS IAM
AWS KMS
AWS
CloudTrail
22© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Logging in AWS
AWS
CloudTrail
• Control access to log files
• Obtain alerts on log file creation & misconfiguration
• Storage of log files
• Generate customized reporting of log data
23© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Asset Management
Asset Identification
Asset Inventory
Secure Management
Change Mangement
Audit Assets
Amazon
CloudWatch
AWS
Config
24© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Data Security
Understand
where data
resides
Identify key
management
policies
Ensure
appropriate
controls
Review: * Connection methods
* Internal policies and procedures for key management
* Encryption methods
25© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Network Security
Always use security groups
Augment security groups with Network ACLs
Use trusted connections
Design network security in Layers
Best
Practices
26© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Access Controls
Create individual IAM users
Use groups to assign permissions to IAM users
Grant least privilege
Configure a strong password policy for your users
Enable MFA for privileged users
Use roles for applications that run on Amazon EC2 instances
27© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Access Controls
Delegate by using roles instead of by sharing credentials
Rotate credentials regularly
Remove unnecessary credentials
Use policy conditions for extra security
Monitor activity in your AWS account
Demonstration: AWS Security
28© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Global Compliance
AWS Customers
Certifications
/ AttestationsLaws, Regulations,
and Privacy
Alignments /
Frameworks
Global United States Europe Asia Pacific
30© 2016 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Break