AWS Security & Compliance in the AWS Cloud IP Expo 2013
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

AWS Security & Compliance in the AWS Cloud IP Expo 2013

on

  • 1,052 views

Services Enterprise IT Success in the Cloud Security must be the number one priority for any cloud provider and that's no different for Amazon Web Services. Dob Todorov will share AWS insights into ...

Services Enterprise IT Success in the Cloud Security must be the number one priority for any cloud provider and that's no different for Amazon Web Services. Dob Todorov will share AWS insights into cloud security and how AWS meets the needs of today's IT security challenges.

Statistics

Views

Total Views
1,052
Views on SlideShare
1,051
Embed Views
1

Actions

Likes
2
Downloads
27
Comments
0

1 Embed 1

http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

AWS Security & Compliance in the AWS Cloud IP Expo 2013 Presentation Transcript

  • 1. Amazon Web Services Security & Compliance Overview Dob Todorov Principal Security & Compliance Architect EMEA
  • 2. undifferentiated heavy lifting
  • 3. utility computing
  • 4. Hundreds of Thousands of Customers in 190 Countries…
  • 5. GovCloud US West US West US East (US ITAR Region)(Northern California) (Oregon) (Northern Virginia) South America EU (Sao Paulo) (Ireland) Asia Pacific Asia Pacific (Singapore) (Tokyo) Asia Pacific (Sydney) AWS Regions AWS Edge Locations
  • 6. EU West US East Asia Pacific Asia Pacific (Dublin) (Virginia) (Tokyo) (Australia) A B A B A C A B A C B A B B A B C B A US West US West South America Asia Pacific (Northern California) (Oregon) (Sao Paolo) (Singapore)
  • 7. Personal Data Protection in Europe • EC Directive 95/46/EC: Personal Data Protection • Use Amazon Web Services Dublin Region • Safe Harbour EU Compliant • Safe Harbour Switzerland Compliant
  • 8. The Shared Responsibility Model in the Cloud Customer Data Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Optional -- Opaque Data: 0s and 1s (in flight/at rest) Foundation Services Compute AWS Global Infrastructure Database Storage Networking Availability Zones Edge Locations Regions
  • 9. User Identification, Authentication and Authorisation in the Cloud Enterprise Applications Active Directory/ LDAP Corporate Systems AD/LDAP Users EC2 DynamoDB Amazon Identity & Access Management S3 IAM Users
  • 10. User Identification, Authentication and Authorisation in the Cloud Enterprise Applications Corporate Systems Active Directory/ LDAP AD/LDAP Users EC2 DynamoDB Amazon Identity & Access Management Access Token for Federated Access S3
  • 11. The Shared Responsibility Model in the Cloud Customer Data Security IN the Cloud Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Optional -- Opaque Data: 0s and 1s (in flight/at rest) Foundation Services Compute Security OF the Cloud AWS Global Infrastructure Database Storage Networking Availability Zones Edge Locations Regions
  • 12. Customer-managed Controls on Amazon EC2 Data Applications Platforms Operating Systems OS-level Firewalls/IDS/IPS Systems/Deep Security Security Groups & Network Access Control Lists Industry Standard Protocols: IPSec, SSL, SSH OS-level: Encrypted File System, Bitlocker, dm-crypt, Secure Cloud Network Security Encryption of data in Flight Encryption of Data at Rest Security IN the Cloud Security OF the Cloud
  • 13. Data Protection at Rest and in Flight Data Applications Platforms Application-level Encryption Platform-level Encryption Operating Systems OS-level Firewalls/IDS/IPS Systems/Deep Security Security Groups & Network Access Control Lists Industry Standard Protocols: IPSec, SSL, SSH OS-level: Encrypted File System, Bitlocker, dm-crypt, Secure Cloud Network Security Encryption of data in Flight Encryption of Data at Rest Network Traffic Encryption Volume-level Encryption
  • 14. AWS Certifications & Accreditations ISO 27001 SOC 1 (SSAE 16 & ISAE 3402) Type II Audit SOC 2 SOC 3 Audit (new in 2013) Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider Security IN the Cloud Security OF the Cloud
  • 15. Q&A