• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
AWS Governance Overview - Beach
 

AWS Governance Overview - Beach

on

  • 1,018 views

 

Statistics

Views

Total Views
1,018
Views on SlideShare
1,016
Embed Views
2

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 2

http://bslkb.elasticbeanstalk.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    AWS Governance Overview - Beach AWS Governance Overview - Beach Presentation Transcript

    • AWS CloudGovernance Overview Nathan Beach Principle Solution Architect AWS Worldwide Public SectorOctober 2012
    • centralized decentralized hybrid AWS Cloud Governance data infrastructure application A Shared Responsibility Model scalable highly available accessible
    • Governance…“Governance implies control and oversight overpolicies, procedures, and standards for applicationdevelopment, as well as thedesign, implementation, testing, and monitoring ofdeployed services.”Wayne Jansen, Timothy Grace, NIST SP 800-144: Guidelines on Security and Privacy inPublic Cloud Computing, January 2011.URL: http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
    • …is a Shared Responsibility “Cloud Providers and Cloud Consumers collaboratively design, build, deploy, and operate cloud-based systems. The split of control means both parties now share the responsibilities in providing adequate protections to the cloud-based systems. Security is a shared responsibility.”Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger and DawnLeaf, NIST SP 500-292: NIST Cloud Computing Reference Architecture, September2011.
    • AWS Investments Establish a TrustedFoundationCertifications Physical Security HW, SW, Network SOC 1 Type 2 Datacenters in Systematic change (formerly SAS-70) nondescript facilities management ISO 27001 Physical access Phased updates strictly controlled deployment PCI DSS for EC2, S3, EBS, VPC, Must pass two-factor Safe storage RDS, ELB, IAM authentication at decommission least twice for floor Automated access monitoring and self- Physical access audit logged and audited Advanced network protection
    • Authorizations and ATOs FISMA Moderate ITAR Compliant Region (GovCloud) DIACAP MAC III/Sensative
    • Statement on Auditing Standards No. 70(SAS 70) Type II report. Conducted in accordance with the Statement on Standards for Attestation Engagements No. 16 (SSAE 16) and the International Standards for Assurance Engagements No. 3402 (ISAE 3402) professional standards. Attests that AWS’ control objectives are appropriately designed and that the individual controls defined to safeguard customer data are operating effectively. Our commitment to the SOC 1 report is on-going with planned periodic audits. SOC 1 Type 2 Replaces Statement on Auditing Standards No. 70 (SAS 70) Type II report.
    • ISO 27001 Certification AWS achieved ISO 27001 certification of our Information Security Management System (ISMS) covering our infrastructure, data centers, and services including Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3) and Amazon Virtual Private Cloud (Amazon VPC). Certifies our systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. AWS’s ISO 27001 certification includes all AWS data centers in all regions worldwide and AWS has established a formal program to maintain the certification. A copy of our ISO certificate, available to AWS customers, describes the ISMS services and geographic scope.
    • Payment Card Industry (PCI) Data SecurityStandard (DSS) Certification PCI-DSS is a standard that specifies best practices and various security controls. Certification in the standard requires organizations to:  Build and maintain a secure network  Protect cardholder data  Maintain a vulnerability management program  Implement strong security measures  Regularly test and monitor networks  Maintain an information security policy
    • Shared Responsibility to Implement Controls
    • AWS Cloud Governance Service EnablersGovernance Area AWS TechnologiesRoles and Responsibilities • Identity and Access Management: Policies, RolesConfiguration Management • Cloud Formation Templates • Elastic Beanstalk • Private AMIsFinancial Controls • Consolidated Billing • Linked Accounts • CloudWatch Billing AlarmsNetwork Security • Virtual Private Cloud • Network ACLs • Security Groups • Virtual Private Gateways • VPN Connections • Route Tables and Subnets
    • AWS Cloud Governance Service Enablers (cont.)Governance Area AWS TechnologiesInformation Assurance • Corporate “Gold” Operating System ImagesProcessing • VPC Workload Isolation • Dedicated EC2 InstancesInformation Assurance • S3 AES 256 bit EncryptionStorage • Partner Extensions offer Boot Volume and EBS Volume EncryptionInformation Assurance • HW/SW VPN ConnectionsTransmission • DirectConnectNetwork Security • Virtual Private Cloud • Network ACLs • Security Groups • Virtual Private Gateways • VPN Connections
    • AWS Cloud Governance Service Enablers (cont.)Governance Area AWS TechnologiesAccess Controls • Identity and Access Management Policies • Bucket Policies • EC2 Instance Roles • Query String Authentication • Access Control ListsIdentification and • Identity and Access ManagementAuthentication • Multi-Factor Authentication • Group Policies and Roles • Federated Identity Management API
    • AWS Cloud Governance Service Enablers (cont.)Governance Area AWS TechnologiesDisaster Recovery and DataContinuity of Operations • EBS Snapshots • S3 Near-Line Storage • Glacier Near-Offline Storage • Storage Gateway • Bulk Data Import/Export • Managed AWS No-SQL/SQL Database Services • Extensive 3rd Party Solutions Workload • Elastic load Balancers • EC2 Auto Scaling • Route 53 – Latency Based Routing • Cloud Front – Content Delivery Network • Multi-AZ, Multi-Region Workload Deployment
    • AWS Cloud Governance Service Enablers (cont.)Governance Area AWS TechnologiesMonitoring and Reporting • Cloud Watch • Cloud Watch Alarms • Simple Notification Service
    • References and Further Reading Wayne Jansen, Timothy Grace, NIST SP 800-144: Guidelines on Security and Privacy in Public Cloud Computing, January 2011. URL: http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf Fang Liu, Jin Tong, Jian Mao, Robert Bohn, John Messina, Lee Badger and Dawn Leaf, NIST SP 500-292: NIST Cloud Computing Reference Architecture, September 2011.URL: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=909505 NIST SP 800-53 R3: Recommended Security Controls for Federal Information Systems and Organizations, August 2009. URL: http://csrc.nist.gov/publications/nistpubs/800-53-Rev3/sp800-53-rev3- final_updated-errata_05-01-2010.pdf Amazon Web Services: Security and Accreditation Center: Certifications URL: http://aws.amazon.com/security/#certifications
    • AWS Cloud Governance Overview Nathan Beach Principle Solution Architect AWS Worldwide Public Sector E-Mail: nsbeach@amazon.com