Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
GxP @ AWS
Bertram Dorn – Specialized Solutions Architect
Security/Compliance
Amazon Web Services EMEA
©Amazon.com, Inc. an...
 Healthcare and Life Sciences customers are rapidly adopting AWS
 Initial usage concentrated in Research, Digital Market...
The Benefits to Using the AWS Cloud
?Move from operational to
variable cost
Lower variable cost than most companies
can ac...
AWS Service Build
 Tennant Isolation
 Deep Network Security
 Scaling Crypto Services
 Detailed Monitoring
 Access Con...
12 Regions
33 Availability Zones
54 Edge Locations
Coming Soon:
5 Regions
11 Availability Zones
AWS Operates Globally, as ...
ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data...
ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data...
ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data...
The main AWS Compliance Frameworks of today
Certificates: Programmes:
ISO
27000
ISO
9001
GxP SDLC and Deployment Scenarios
Develop Validate Operate
COTS App
Virtual
Infrastructure
Custom App
Virtual
Infrastructu...
User
Needs
Application
Requirements &
SLA
Server
Requirements
Amazon EC2
Instance
Amazon EC2
Product Spec &
SLA
Solution
A...
AWS Shared Responsibility Model in GxP
Human
Interface Support
Equipment
Interface Support
Instrument
Interface Support
Ap...
AWS’s New GxP Compliance Resources
GxP Cloud on AWS FAQ
Considerations for Using AWS
Products in GxP Systems
AWS Qualit...
Cloud Technology
Software-defined infrastructure?
 Cloud users replace physical IT infrastructure with
virtual IT infrast...
AWS Cloud Advantages
IT Benefits
 Trade capital expense for
variable expense
 Benefit from massive
economies of scale
 ...
Cybersecurity of AWS Products
 Security Features Built-in
 Security Bulletins
 Security Guidance
 AWS Trusted Advisor
...
Data Integrity with AWS Products
API
service
web
API
Request
API Response
includes a Message
Digest, a unique
fingerprint ...
Supplier Assessments of AWS
Customers with GxP systems have
completed their supplier assessments of
AWS based on our perfo...
Agreements with AWS
 Customer Agreement
 Service Terms
 Acceptable Use Policy
 Customer Support Agreement
 Product SL...
Cloud Solution Validation (CSV)
Hardware Era Cloud EraVirtualization Era
Protocol-driven
manual activities
Procedure-drive...
Operations of GxP Systems
 Reduce human access to
your production IT
environment through
deployment automation
 Track an...
Auditing GxP Systems
An IAM user, Alice,
employed the
CreateUser action to
create a new user
account for Bob.
AWS CloudTra...
Resources
 https://aws.amazon.com
 https://aws.amazon.com/compliance/
 https://aws.amazon.com/security/
 https://aws.a...
Thank you!
Upcoming SlideShare
Loading in …5
×

Warum ist Cloud-Sicherheit und Compliance wichtig?

567 views

Published on

Wer seine IT-Projekte in die Cloud bringen möchte, muss auf ein paar Fallstricke achten. Herausforderungen finden Sie vor allem im Bereich der Sicherheit. Ihre Daten müssen vor dem Zugriff Unberechtigter absolut sicher sein. Trotzdem muss das Zugriffsmanagement für Ihre Mitarbeiter gut funktionieren. Zu diesen technischen Aufgaben kommen handfeste Vorgaben aus Ihren betrieblichen Richtlinien sowie wichtige gesetzliche Auflagen hinzu. Diese Compliance-Fragen sollten Sie unbedingt kennen und zuverlässig erfüllen. Denn nur, wenn Sie alle Compliance-Vorgaben korrekt einhalten, kann Ihr Cloud-Projekt ein voller Erfolg werden.

Published in: Health & Medicine
  • Be the first to comment

Warum ist Cloud-Sicherheit und Compliance wichtig?

  1. 1. GxP @ AWS Bertram Dorn – Specialized Solutions Architect Security/Compliance Amazon Web Services EMEA ©Amazon.com, Inc. and its affiliates. All rights reserved.
  2. 2.  Healthcare and Life Sciences customers are rapidly adopting AWS  Initial usage concentrated in Research, Digital Marketing and core IT  GxP solutions are now incredibly important to our customers  Development and Manufacturing are beginning the adoption curve  AWS’s GxP approach comes directly from our customers and partners  We want to educate, engage and deliver further value to our customers Business Context of AWS and GxP
  3. 3. The Benefits to Using the AWS Cloud ?Move from operational to variable cost Lower variable cost than most companies can achieve No need to guess capacity Agility, speed & innovation Remove undifferentiated heavy lifting Go global in minutes
  4. 4. AWS Service Build  Tennant Isolation  Deep Network Security  Scaling Crypto Services  Detailed Monitoring  Access Control  Mandatory  Fine Grade  MFA Possible AWS Global Infrastructure Application Services Networking Deployment & Administration DatabaseStorageCompute I n h e r i t C o n t r o l Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall Access Control
  5. 5. 12 Regions 33 Availability Zones 54 Edge Locations Coming Soon: 5 Regions 11 Availability Zones AWS Operates Globally, as do our Customers
  6. 6. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
  7. 7. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Access Control Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics
  8. 8. ENTERPRISE APPS DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS Data Warehousing Hadoop/ Spark Streaming Data Collection Machine Learning Elastic Search Virtual Desktops Sharing & Collaboration Corporate Email Backup Queuing & Notifications Workflow Search Email Transcoding One-click App Deployment Identity Sync Single Integrated Console Push Notifications DevOps Resource Management Application Lifecycle Management Containers Triggers Resource Templates TECHNICAL & BUSINESS SUPPORT Account Management Support Professional Services Training & Certification Security & Pricing Reports Partner Ecosystem Solutions Architects MARKETPLACE Business Apps Business Intelligence Databases DevOps Tools NetworkingSecurity Storage Regions Availability Zones Points of Presence INFRASTRUCTURE CORE SERVICES Compute VMs, Auto-scaling, & Load Balancing Storage Object, Blocks, Archival, Import/Export Databases Relational, NoSQL, Caching, Migration Networking VPC, DX, DNS CDN Identity Management Key Management & Storage Monitoring & Logs Assessment and reporting Resource & Usage Auditing SECURITY & COMPLIANCE Configuration Compliance Web application firewall HYBRID ARCHITECTURE Data Backups Integrated App Deployments Direct Connect Identity Federation Integrated Resource Management Integrated Networking API Gateway IoT Rules Engine Device Shadows Device SDKs Registry Device Gateway Streaming Data Analysis Business Intelligence Mobile Analytics Access Control
  9. 9. The main AWS Compliance Frameworks of today Certificates: Programmes: ISO 27000 ISO 9001
  10. 10. GxP SDLC and Deployment Scenarios Develop Validate Operate COTS App Virtual Infrastructure Custom App Virtual Infrastructure AWS Products AWS Products Scenario 1 Scenario 2 AWS Account AWS Account SaaS Virtual Infrastructure AWS Products Scenario 3 AWS Account GxP End Users Pharma, Device AWS ISV PartnerRoles:
  11. 11. User Needs Application Requirements & SLA Server Requirements Amazon EC2 Instance Amazon EC2 Product Spec & SLA Solution Architecture Database Requirements Solution Architecture Amazon RDS DB Instance Amazon RDS Product Spec & SLA Customer AWS Development Starts with Your User Needs
  12. 12. AWS Shared Responsibility Model in GxP Human Interface Support Equipment Interface Support Instrument Interface Support Application Data Software-defined Infrastructure AWS Account Amazon IAM Amazon VPC Amazon EC2 Amazon S3 Amazon RDS Other AWS Products Manual I/O Automated I/O Step 1 Step 2 Step 3 Customer AWS Automated I/O GxP Process Validation GxP Software Validation GxP Infrastructure Qualification Commercial IT Standards G o o d L a b o r a t o r y , C l i n i c a l , M a n u f a c t u r i n g P r o c e s s On-Premises Infrastructure Products
  13. 13. AWS’s New GxP Compliance Resources GxP Cloud on AWS FAQ Considerations for Using AWS Products in GxP Systems AWS Quality Management System Overview (available to NDA-holders)  Technical Product Documentation  Introduction to Auditing the Use of AWS  Security by Design Program
  14. 14. Cloud Technology Software-defined infrastructure?  Cloud users replace physical IT infrastructure with virtual IT infrastructure  SDI can be managed like any other software code  Users control their virtual infrastructure and data via web service API, CLI, GUI  Users integrate applications with virtual infrastructure through SDKs and APIs  Users and applications interact with SDI programmatically with .json scripts instead of manually with .doc files {API}
  15. 15. AWS Cloud Advantages IT Benefits  Trade capital expense for variable expense  Benefit from massive economies of scale  Stop guessing capacity  Increase speed and agility  Stop spending money on data centers  Go global in minutes Compliance Benefits  Designed for Security & Quality  Constantly Monitored  Highly Automated  Highly Available  Highly Accredited ISO 9001:2008, ISO 27001:2013 ISO 27017:2015, ISO 27018:2014
  16. 16. Cybersecurity of AWS Products  Security Features Built-in  Security Bulletins  Security Guidance  AWS Trusted Advisor  Penetration Testing/Scanning  Vulnerability Reporting  AWS Professional Services  AWS Partner Network "The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers." -Rob Alexander, CIO, Capital One
  17. 17. Data Integrity with AWS Products API service web API Request API Response includes a Message Digest, a unique fingerprint for each API request AWS Product Features for Data Integrity End-to-end authenticated encryption, API message digests, file object hashing, file object integrity monitoring, log file integrity validation, account configuration rules and alarms, fine-grained access controls, VPC flow logs, application deployment and testing tools to enforce application input validations, multi-region redundancy and backup capability, multiple methods of bulk data transfer to and from the AWS cloud…
  18. 18. Supplier Assessments of AWS Customers with GxP systems have completed their supplier assessments of AWS based on our performance history, compliance reports, and extensive documentation of our products.  Product Documentation  Product Training Materials  Customer Support  Service Health Dashboard  Security & Compliance Whitepapers  Quality Management System Overview  Supplier Questionnaires & RFIs  ISO Certification  SOC Auditor Reports  FedRAMP Compliant Status  Public Company Reporting (AMZN)
  19. 19. Agreements with AWS  Customer Agreement  Service Terms  Acceptable Use Policy  Customer Support Agreement  Product SLAs  Addendums: oSecurity oData Processing oBusiness Associate Change notification Security notification Your data Data privacy Support case SLA No minimum spend or term Customer responsibilities
  20. 20. Cloud Solution Validation (CSV) Hardware Era Cloud EraVirtualization Era Protocol-driven manual activities Procedure-driven manual activities Code-driven automated activities  Application Validation  Software Defined Infrastructure Qualification  Web Service API Qualification AWS qualifies our products to commercial IT standards like ISO, SOC and NIST, Customers qualify their use of AWS Products to industry-specific standards like GxP, QSR and Part 11.
  21. 21. Operations of GxP Systems  Reduce human access to your production IT environment through deployment automation  Track and monitor 100% of your assets, changes, and configurations  Software-defined infrastructure makes synchronizing environments easy  Feed end user requests back into the development process. GxP end usersGxP engineers production
  22. 22. Auditing GxP Systems An IAM user, Alice, employed the CreateUser action to create a new user account for Bob. AWS CloudTrail
  23. 23. Resources  https://aws.amazon.com  https://aws.amazon.com/compliance/  https://aws.amazon.com/security/  https://aws.amazon.com/premiumsupport/  http://status.aws.amazon.com/
  24. 24. Thank you!

×