• Save
SEC102 Security and Compliance in the AWS Cloud - AWS re: Invent 2012
Upcoming SlideShare
Loading in...5
×
 

SEC102 Security and Compliance in the AWS Cloud - AWS re: Invent 2012

on

  • 2,616 views

To properly evaluate cloud computing services, there are several industry resources to manage cloud provider security, risk, and compliance. This session discusses AWS collateral you can use to ...

To properly evaluate cloud computing services, there are several industry resources to manage cloud provider security, risk, and compliance. This session discusses AWS collateral you can use to accomplish this and allow you to build an environment that can conform to a wide range of compliance and security requirements. If you’re already using AWS and need to perform an audit on your cloud assets, this session demonstrates a feasible validation approach that works for AWS.

Statistics

Views

Total Views
2,616
Views on SlideShare
1,963
Embed Views
653

Actions

Likes
6
Downloads
0
Comments
0

8 Embeds 653

http://www.michaelyung.com 610
http://www.ipv6.michaelyung.com 24
http://ipv6.michaelyung.com 13
http://199.238.135.186 2
http://107.21.216.234 1
https://www.michaelyung.com 1
http://www.google.com.hk 1
http://prlog.ru 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

SEC102 Security and Compliance in the AWS Cloud - AWS re: Invent 2012 SEC102 Security and Compliance in the AWS Cloud - AWS re: Invent 2012 Presentation Transcript

  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • AWS Customer© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • • AWS Responsibility: • Customer Responsibility:© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • Parameter Customer Provider Responsibility Responsibility 1. Service availability X 2. Incident response X 3. Service elasticity and load tolerance X 4. Data lifecycle X 5. Technical compliance and vulnerability X management 6. Change management X 7. Isolation X 8. Log management and forensics X© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • Areas Customer Provider Responsibility Responsibility Governance X Compliance X Trust X Architecture X Identity and Access Management X Software Isolation X Data Protection X Availability X Incident Response X X© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • Domain Customer Provider Responsibility Responsibility Governance and Enterprise Risk Management X Legal issues: Contracts and E-Discovery X Compliance and Audit X Information Management and Data Security X Portability and Interoperability X Traditional Security, Business Continuity, and DR X X Data Center Operations X Incident Response, Notification, and Remediation X X Application Security X Encryption and Key Management X Identity and Access Management X Virtualization X Security as a Service X© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • Certifications & Accreditations Physical Security Multi-level, multi-factor controlled access SOC 1 (previously SAS 70) Type II environment SOC 2 Type II Security Controlled, need-based access for AWS employees Audit, supporting SOX compliance (least privilege) ISO 27001 Certification Management Plane Administrative Access PCI DSS Level I Compliance Multi-factor, controlled, need-based access to administrative host FISMA Moderate ATO (currently pursuing FedRAMP) All access logged, monitored, reviewed DIACAP MAC III-Sensitive AWS administrators DO NOT have logical access Aligned to CSA’s control matrix inside a customer’s VMs, including applications and MPAA compliant data HIPAA compliant architecture VM Security Network Security Multi-factor access to Amazon account Instance firewalls can be configured in security Instance isolation groups • Customer-controlled firewall at the hypervisor The traffic may be restricted by protocol, by service level port, as well as by source IP address (individual IP or • Neighboring instances prevented access classless inter-domain routing (CIDR) block) • Virtualized disk management layer ensure only Virtual Private Cloud (VPC) provides IPSec VPN account owners can access storage disks access from existing enterprise data center to a set of logically isolated AWS resources Support for SSL end point encryption for API calls© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • Applications/Bu PCI DSS SSAE 16 SOC 2 SOX FFIEC Federal, Tax, GLBA Non-US HIPAA/ 7216 HITECH Business App 1 X X(4) Unit (BU) #1 App 2 X X X X(5) App 3 X X(1) X(1) X X(6) X(9) App 4 X App 5 X(2) X(2) X(8) X(8) BU #2 App A X X X(7) App B X X App C X BU #3 X BU #4 X X X Global BU X X Shared Services X X(3) X(9) CIO office App 6 X X X(9) BU #5 X X X X© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • • PE - Physical and Environmental Protection • PL – Planning • PS – Personnel Security • RA – Risk Assessment • SA – System and Services Acquisition • SC – System and Communications Protection • SI – System and Information Integrity • PM – Program Management© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  •  AWS account security roles  Protecting data at rest  Manage IAM users  Protecting data in flight  AWS credentials  Security zoning and segmentation  Initial OS-level access to EC2  Secure periphery systems: User instances repositories, DNS, NTP  Managing AWS groups  Threat protection layers  Temporary credentials  Testing security  Identity federation & replication  Measurement and metrics  Data classification  DoS & DDoS mitigation and protection  Security controls /access to data  Manage security monitoring alerting, classes audit trail and incident response  Data storage requirements and secure access© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • © 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • We are sincerely eager to hear your feedback on thispresentation and on re:Invent. Please fill out an evaluation form when you have a chance.© 2012 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.