AWS Webcast - AWS Compliance Forum Introduction

3,275 views

Published on

Amazon Web Services (AWS) has developed a customer compliance forum to facilitate in-depth compliance discussions between you and with AWS Compliance. The webinar focuses on the AWS shared responsibility security model and how your organization can achieve security and compliance within your use of AWS services. This initial AWS Compliance Forum webinar will provide an overview of AWS compliance programs, use cases, and the various compliance verticals AWS can support both through current certification and attestations (i.e., PCI, SOC, FedRAMP, and ISO) as well as areas AWS can illustrate use cases for workloads related to Life Sciences, Financial Services, and state/federal government compliance requirements. From there we will discuss the goals of the AWS Compliance Forum and plans for future webinars and small-group compliance discussions.

Published in: Technology
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,275
On SlideShare
0
From Embeds
0
Number of Embeds
23
Actions
Shares
0
Downloads
44
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide
  • Talking points:As you can see from the graph,88% of you are not fully comfortable navigating compliance requirements. In your choice to join the AWS Compliance Forum, you see the value to you and your organization. However, we wanted to provide you a broader perspective on how this unique community is feeling by sharing the survey results and what our plans are to address your needs. The Forum has three tenets, all focused on helping you feel more comfortable navigating your compliance requirements in the cloud: To connect you with AWS specialists, other AWS customers, and industry-specific content
  • Talking points:AWS Security Solutions Architects are security-focused AWS specialists who have worked with customers to build out environments architected with an emphasis on achieving security and compliance requirements AWS Compliance Architects are <Chad to phrase how he wants to say this>AWS Security, Risk, Compliance consultants are focused on providing one-on-one consultative services for your organization around security engineering assistance and governance, risk, and compliance consultation. That being said, we would like to learn more about what among what we just shared interests you the most. Do to so, we’re going to ask a series of polling questions.
  • AWS_Training_ILT_Template_Version1.2
  • AWS Webcast - AWS Compliance Forum Introduction

    1. 1. AWS Compliance Forum Introduction October 22, 2013 Session AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    2. 2. Your cloud compliance comfort and the AWS Compliance Forum tenets Connect you with AWS specialists Connect you with other AWS customers Provide you with industry/standard-specific compliance resources Very comfortable 12% Not comfortable 23% Somewhat comfortable 65% AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    3. 3. Delivering on the AWS Compliance Forum tenets What you shared How we plan to meet your needs 97% of you want to connect with AWS specialists on how to architect your environment for compliance Who: • AWS Security Solutions Architects • AWS Compliance Architects • AWS Security, Risk, Compliance consultants How: • Case studies • Use-case reference architectures • Discussion groups 98% want to connect with other AWS customers navigating compliance in the cloud Who: • Customers in your industry • Customers pursuing similar compliance certifications How: • Small discussion groups based on industry and/or certification • ‘Anonymized’ stories about successes and challenges 99% want to learn how to interpret and implement your specific control requirements in the cloud Who: • AWS Compliance Architects • AWS Security, Risk, Compliance consultants How: • One-on-one connection points between you and AWS • Use-case reference architectures AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    4. 4. Which are you most interested in? A. Connecting with AWS Security Solutions Architect B. Connecting with AWS Compliance Architect C. Connecting with AWS Security, Risk and Compliance professional services consultant AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    5. 5. Sample of Industries Using AWS http://aws.amazon.com/solutions/case-studies/all/ AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    6. 6. Dutch National Bank – A Key Milestone for the Cloud AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    7. 7. Security is a Shared Responsibility Customer Data Users and Roles Account Management Applications Firewalls Managed by Customer Network Configuration Guest Operating System Virtualization Layer Compute Infrastructure Storage Infrastructure Network Infrastructure Managed by AWS Facilities Physical Security AWS Global Infrastructure AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    8. 8. Building a Robust Program Understand your Cloud Boundary What services are you using? What is the Business Case / Use Case? For example: For example: Amazon EC2 Route 53 Amazon VPC • • • • Amazon S3 Amazon EBS Big Data Analytics High performance Compute Sensitive Data Archiving & Storage Web Applications DynamoDB AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    9. 9. Building a Robust Program – Your Control Set Optimized Network/OS/App Controls Compliance in the Cloud Service-specific Controls Managed by Customer Cross-service Controls Cloud Service Provider Controls Managed by AWS AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved. Compliance of the Cloud
    10. 10. Compliance of the Cloud – CSP Controls Optimized Network/OS/App Controls Service-specific Controls Identify All Controls Validate CSP Controls Cross-service Controls Cloud Service Provider Controls Internal Controls + Industry Standards AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    11. 11. Compliance in the Cloud – Cross Service Controls Optimized Network/OS/App Controls Service-specific Controls IAM Cross-service Controls Control Implementation Guidance Multi-factor authentication must be used to secure IAM users http://docs.aws.amazon. com/IAM/latest/UserGui de/Using_ManagingMFA .html Cloud Service Provider Controls AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    12. 12. Compliance in the Cloud – Servicespecific Controls Optimized Network/OS/App Controls Service-specific Controls Amazon S3 Cross-service Controls Control Implementation Guidance Server Side Encryption (SSE) is enabled for all objects classified per [customer] data classification policy as Confidential. http://docs.aws.amazon. com/AmazonS3/latest/d ev/UsingServerSideEncry ption.html Cloud Service Provider Controls AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    13. 13. Compliance in the Cloud – Traditional, AWS Optimized Optimized Network/OS/App Controls Control Implementation Guidance 1. Harden machine images 2. Use an approved OS image [Customer] Server Secure hardening rules Service-specific Controls Cross-service Controls Cloud Service Provider Controls Optimized by AWS: Share Private AMIs http://docs.aws.amazon. com/AWSEC2/latest/Use rGuide/ebs-modifyingsnapshotpermissions.html AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    14. 14. Scaling Security in Growth AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    15. 15. Scaling Security in Scope On-boarded Service New Service Assessment Network/OS/App Controls Service Specific Controls New Network/OS/App Control Service Specific Controls Network/OS/App Controls New service specific Control Cross Service Security Controls Cross Service Security Controls Cloud Service Provider Controls Cloud Service Provider Controls AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    16. 16. Additional Resources • Available at aws.amazon.com/compliance – AWS Risk & Compliance Whitepaper – AWS Auditing Security Checklist for AWS • Available at aws.amazon.com/security – AWS Security Whitepaper AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    17. 17. Key Takeaways 1.Global companies are innovating on AWS with regulated data. 2.You can be more secure in the AWS cloud by: a. Using the secure AWS cloud infrastructure b. Using the automated software controls AWS services provide 3.Layered assurance provides an effective approach to cloud security AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    18. 18. What’s next? Compliance-requirement-specific webinars with AWS specialists Segmenting industry-specific discussion groups with other AWS Compliance Forum customers Compliance-requirement-specific and industry-specific control mapping workbooks AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
    19. 19. Copyright © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved. This work may not be reproduced or redistributed, in whole or in part, without prior written permission from Amazon Web Services, Inc. Commercial copying, lending, or selling is prohibited. Questions? Email us at awscompliance@amazon.com AWS INTERNAL ONLY © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.

    ×