AWS Security & Compliance in the AWS Cloud IP Expo 2013

  • 499 views
Uploaded on

Services Enterprise IT Success in the Cloud Security must be the number one priority for any cloud provider and that's no different for Amazon Web Services. Dob Todorov will share AWS insights into …

Services Enterprise IT Success in the Cloud Security must be the number one priority for any cloud provider and that's no different for Amazon Web Services. Dob Todorov will share AWS insights into cloud security and how AWS meets the needs of today's IT security challenges.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
499
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
29
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Amazon Web Services Security & Compliance Overview Dob Todorov Principal Security & Compliance Architect EMEA
  • 2. undifferentiated heavy lifting
  • 3. utility computing
  • 4. Hundreds of Thousands of Customers in 190 Countries…
  • 5. GovCloud US West US West US East (US ITAR Region)(Northern California) (Oregon) (Northern Virginia) South America EU (Sao Paulo) (Ireland) Asia Pacific Asia Pacific (Singapore) (Tokyo) Asia Pacific (Sydney) AWS Regions AWS Edge Locations
  • 6. EU West US East Asia Pacific Asia Pacific (Dublin) (Virginia) (Tokyo) (Australia) A B A B A C A B A C B A B B A B C B A US West US West South America Asia Pacific (Northern California) (Oregon) (Sao Paolo) (Singapore)
  • 7. Personal Data Protection in Europe • EC Directive 95/46/EC: Personal Data Protection • Use Amazon Web Services Dublin Region • Safe Harbour EU Compliant • Safe Harbour Switzerland Compliant
  • 8. The Shared Responsibility Model in the Cloud Customer Data Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Optional -- Opaque Data: 0s and 1s (in flight/at rest) Foundation Services Compute AWS Global Infrastructure Database Storage Networking Availability Zones Edge Locations Regions
  • 9. User Identification, Authentication and Authorisation in the Cloud Enterprise Applications Active Directory/ LDAP Corporate Systems AD/LDAP Users EC2 DynamoDB Amazon Identity & Access Management S3 IAM Users
  • 10. User Identification, Authentication and Authorisation in the Cloud Enterprise Applications Corporate Systems Active Directory/ LDAP AD/LDAP Users EC2 DynamoDB Amazon Identity & Access Management Access Token for Federated Access S3
  • 11. The Shared Responsibility Model in the Cloud Customer Data Security IN the Cloud Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Optional -- Opaque Data: 0s and 1s (in flight/at rest) Foundation Services Compute Security OF the Cloud AWS Global Infrastructure Database Storage Networking Availability Zones Edge Locations Regions
  • 12. Customer-managed Controls on Amazon EC2 Data Applications Platforms Operating Systems OS-level Firewalls/IDS/IPS Systems/Deep Security Security Groups & Network Access Control Lists Industry Standard Protocols: IPSec, SSL, SSH OS-level: Encrypted File System, Bitlocker, dm-crypt, Secure Cloud Network Security Encryption of data in Flight Encryption of Data at Rest Security IN the Cloud Security OF the Cloud
  • 13. Data Protection at Rest and in Flight Data Applications Platforms Application-level Encryption Platform-level Encryption Operating Systems OS-level Firewalls/IDS/IPS Systems/Deep Security Security Groups & Network Access Control Lists Industry Standard Protocols: IPSec, SSL, SSH OS-level: Encrypted File System, Bitlocker, dm-crypt, Secure Cloud Network Security Encryption of data in Flight Encryption of Data at Rest Network Traffic Encryption Volume-level Encryption
  • 14. AWS Certifications & Accreditations ISO 27001 SOC 1 (SSAE 16 & ISAE 3402) Type II Audit SOC 2 SOC 3 Audit (new in 2013) Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider Security IN the Cloud Security OF the Cloud
  • 15. Q&A