Your SlideShare is downloading. ×
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS

914

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
914
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
57
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Security of your data in AWS Stephen Schmidt VP Security Engineering & Chief Information Security Officer
  • 2. • Universal • Visible • Auditable • Transparent • Shared • Familiar Cloud Security is:
  • 3. Every customer has access to the same security capabilities, and gets to choose what’s right for their business. – Governments – Financial Sector – Pharmaceuticals – Entertainment – Start-Ups – Social Media – Home Users – Retail Universal Cloud Security
  • 4. AWS allows the customer to see their ENTIRE infrastructure at the click of a mouse Visible Cloud Security This Or This?
  • 5. • How does a customer know AWS is right for their business? – 3rd Party Audits • Independent auditors • Artifacts – Plans, Policies and Procedures • Logs – Obtained – Retained – Analyzed Auditable Cloud Security
  • 6. Choose the audit/certification that’s right for them: – ISO-27001 – SOC-1, SOC-2, SOC-3 – FedRAMP – PCI Transparent Cloud Security
  • 7. Control Objective 1: Security Organization – Who we are – Proper control & access within the organization Control Objective 2: Amazon User Access – How we vet our staff – Minimization of access Security & Compliance Control Objectives
  • 8. Control Objective 3: Logical Security – Our staff start with no systems access – Need-based access grants – Rigorous systems separation – Systems access grants regularly re-evaluated & automatically revoked Security & Compliance Control Objectives
  • 9. Control Objective 4: Secure Data Handling – Storage media destroyed before being permitted outside our datacenters – Media destruction consistent with US Dept. of Defense Directive 5220.22 Control Objective 5: Physical Security and Environmental Safeguards – Keeping our facilities safe – Maintaining the physical operating parameters of our datacenters Security & Compliance Control Objectives
  • 10. Control Objective 6: Change Management – Continuous Operation Control Objective 7: Data Integrity, Availability and Redundancy – Ensuring your data remains safe, intact & available Control Objective 8: Incident Handling – Processes & procedures for mitigating and managing potential issues Security & Compliance Control Objectives
  • 11. • Let AWS do the heavy lifting • This is what we do – and we do it all the time • The customer can focus on their business and not be distracted by the muck AWS Shared Responsibility Model
  • 12. • Large non-descript facilities • Robust perimeter controls • 2 factor authentication for entry • Controlled, need-based access for AWS employees • All access is logged and reviewed Physical Security
  • 13. Physical Security Asia Pacific (Sydney)
  • 14. • DDoS attacks defended at the border • Man in the Middle attacks • SSL endpoints • IP Spoofing prohibited • Port scanning prohibited • Packet Sniffing prevented Network Security
  • 15. • AWS offers several data protection mechanisms including access control, encryption, etc. • AWS data encryption solutions allow customers to: – Encrypt and decrypt sensitive data inside or outside AWS – Decide which data to encrypt • AWS CloudHSM complements existing AWS data protection and encryption solutions • With AWS CloudHSM customers can: – Encrypt data inside AWS – Store keys in AWS within a Hardware Security Module – Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions and key storage for customer applications – Use third party validated hardware for key storage – AWS CloudHSMs are designed to meet Common Criteria EAL4+ and FIPS 140-2 standards) AWS Data Protection Solutions
  • 16. • http://aws.amazon.com/security/ – Security Whitepaper – Risk and Compliance Whitepaper – Regularly Updated – Feedback is welcome • http://blogs.aws.amazon.com/security AWS Security Center

×