Amazon Web Services
Security & Compliance Overview
Dob Todorov
Principal Security & Compliance Architect EMEA
undifferentiated
heavy lifting
utility
computing
Hundreds of Thousands of Customers in 190 Countries…
GovCloud

US West

US West

US East

(US ITAR Region)(Northern California) (Oregon) (Northern Virginia)

South America

EU...
EU West

US East

Asia Pacific

Asia Pacific

(Dublin)

(Virginia)

(Tokyo)

(Australia)

A

B A

B A

C

A

B A

C

B A

...
Personal Data Protection in Europe
• EC Directive 95/46/EC: Personal Data Protection
• Use Amazon Web Services Dublin Regi...
The Shared Responsibility Model in the Cloud
Customer Data

Platform, Applications, Identity & Access Management

Operatin...
User Identification, Authentication and Authorisation in the Cloud
Enterprise
Applications

Active Directory/
LDAP

Corpor...
User Identification, Authentication and Authorisation in the Cloud
Enterprise
Applications

Corporate
Systems

Active Dire...
The Shared Responsibility Model in the Cloud
Customer Data

Security IN the Cloud
Platform, Applications, Identity & Acces...
Customer-managed Controls on Amazon EC2
Data

Applications

Platforms

Operating Systems

OS-level Firewalls/IDS/IPS Syste...
Data Protection at Rest and in Flight
Data

Applications

Platforms

Application-level
Encryption
Platform-level
Encryptio...
AWS Certifications & Accreditations
ISO 27001

SOC 1 (SSAE 16 & ISAE 3402) Type II Audit
SOC 2
SOC 3 Audit (new in 2013)

...
Q&A
Upcoming SlideShare
Loading in...5
×

AWS Security & Compliance in the AWS Cloud IP Expo 2013

672

Published on

Services Enterprise IT Success in the Cloud Security must be the number one priority for any cloud provider and that's no different for Amazon Web Services. Dob Todorov will share AWS insights into cloud security and how AWS meets the needs of today's IT security challenges.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
672
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
36
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

AWS Security & Compliance in the AWS Cloud IP Expo 2013

  1. 1. Amazon Web Services Security & Compliance Overview Dob Todorov Principal Security & Compliance Architect EMEA
  2. 2. undifferentiated heavy lifting
  3. 3. utility computing
  4. 4. Hundreds of Thousands of Customers in 190 Countries…
  5. 5. GovCloud US West US West US East (US ITAR Region)(Northern California) (Oregon) (Northern Virginia) South America EU (Sao Paulo) (Ireland) Asia Pacific Asia Pacific (Singapore) (Tokyo) Asia Pacific (Sydney) AWS Regions AWS Edge Locations
  6. 6. EU West US East Asia Pacific Asia Pacific (Dublin) (Virginia) (Tokyo) (Australia) A B A B A C A B A C B A B B A B C B A US West US West South America Asia Pacific (Northern California) (Oregon) (Sao Paolo) (Singapore)
  7. 7. Personal Data Protection in Europe • EC Directive 95/46/EC: Personal Data Protection • Use Amazon Web Services Dublin Region • Safe Harbour EU Compliant • Safe Harbour Switzerland Compliant
  8. 8. The Shared Responsibility Model in the Cloud Customer Data Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Optional -- Opaque Data: 0s and 1s (in flight/at rest) Foundation Services Compute AWS Global Infrastructure Database Storage Networking Availability Zones Edge Locations Regions
  9. 9. User Identification, Authentication and Authorisation in the Cloud Enterprise Applications Active Directory/ LDAP Corporate Systems AD/LDAP Users EC2 DynamoDB Amazon Identity & Access Management S3 IAM Users
  10. 10. User Identification, Authentication and Authorisation in the Cloud Enterprise Applications Corporate Systems Active Directory/ LDAP AD/LDAP Users EC2 DynamoDB Amazon Identity & Access Management Access Token for Federated Access S3
  11. 11. The Shared Responsibility Model in the Cloud Customer Data Security IN the Cloud Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Optional -- Opaque Data: 0s and 1s (in flight/at rest) Foundation Services Compute Security OF the Cloud AWS Global Infrastructure Database Storage Networking Availability Zones Edge Locations Regions
  12. 12. Customer-managed Controls on Amazon EC2 Data Applications Platforms Operating Systems OS-level Firewalls/IDS/IPS Systems/Deep Security Security Groups & Network Access Control Lists Industry Standard Protocols: IPSec, SSL, SSH OS-level: Encrypted File System, Bitlocker, dm-crypt, Secure Cloud Network Security Encryption of data in Flight Encryption of Data at Rest Security IN the Cloud Security OF the Cloud
  13. 13. Data Protection at Rest and in Flight Data Applications Platforms Application-level Encryption Platform-level Encryption Operating Systems OS-level Firewalls/IDS/IPS Systems/Deep Security Security Groups & Network Access Control Lists Industry Standard Protocols: IPSec, SSL, SSH OS-level: Encrypted File System, Bitlocker, dm-crypt, Secure Cloud Network Security Encryption of data in Flight Encryption of Data at Rest Network Traffic Encryption Volume-level Encryption
  14. 14. AWS Certifications & Accreditations ISO 27001 SOC 1 (SSAE 16 & ISAE 3402) Type II Audit SOC 2 SOC 3 Audit (new in 2013) Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider Security IN the Cloud Security OF the Cloud
  15. 15. Q&A
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×