Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS

1,708 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS

  1. 1. Security of your data in AWS Stephen Schmidt VP Security Engineering & Chief Information Security Officer
  2. 2. • Universal • Visible • Auditable • Transparent • Shared • Familiar Cloud Security is:
  3. 3. Every customer has access to the same security capabilities, and gets to choose what’s right for their business. – Governments – Financial Sector – Pharmaceuticals – Entertainment – Start-Ups – Social Media – Home Users – Retail Universal Cloud Security
  4. 4. AWS allows the customer to see their ENTIRE infrastructure at the click of a mouse Visible Cloud Security This Or This?
  5. 5. • How does a customer know AWS is right for their business? – 3rd Party Audits • Independent auditors • Artifacts – Plans, Policies and Procedures • Logs – Obtained – Retained – Analyzed Auditable Cloud Security
  6. 6. Choose the audit/certification that’s right for them: – ISO-27001 – SOC-1, SOC-2, SOC-3 – FedRAMP – PCI Transparent Cloud Security
  7. 7. Control Objective 1: Security Organization – Who we are – Proper control & access within the organization Control Objective 2: Amazon User Access – How we vet our staff – Minimization of access Security & Compliance Control Objectives
  8. 8. Control Objective 3: Logical Security – Our staff start with no systems access – Need-based access grants – Rigorous systems separation – Systems access grants regularly re-evaluated & automatically revoked Security & Compliance Control Objectives
  9. 9. Control Objective 4: Secure Data Handling – Storage media destroyed before being permitted outside our datacenters – Media destruction consistent with US Dept. of Defense Directive 5220.22 Control Objective 5: Physical Security and Environmental Safeguards – Keeping our facilities safe – Maintaining the physical operating parameters of our datacenters Security & Compliance Control Objectives
  10. 10. Control Objective 6: Change Management – Continuous Operation Control Objective 7: Data Integrity, Availability and Redundancy – Ensuring your data remains safe, intact & available Control Objective 8: Incident Handling – Processes & procedures for mitigating and managing potential issues Security & Compliance Control Objectives
  11. 11. • Let AWS do the heavy lifting • This is what we do – and we do it all the time • The customer can focus on their business and not be distracted by the muck AWS Shared Responsibility Model
  12. 12. • Large non-descript facilities • Robust perimeter controls • 2 factor authentication for entry • Controlled, need-based access for AWS employees • All access is logged and reviewed Physical Security
  13. 13. Physical Security Asia Pacific (Sydney)
  14. 14. • DDoS attacks defended at the border • Man in the Middle attacks • SSL endpoints • IP Spoofing prohibited • Port scanning prohibited • Packet Sniffing prevented Network Security
  15. 15. • AWS offers several data protection mechanisms including access control, encryption, etc. • AWS data encryption solutions allow customers to: – Encrypt and decrypt sensitive data inside or outside AWS – Decide which data to encrypt • AWS CloudHSM complements existing AWS data protection and encryption solutions • With AWS CloudHSM customers can: – Encrypt data inside AWS – Store keys in AWS within a Hardware Security Module – Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions and key storage for customer applications – Use third party validated hardware for key storage – AWS CloudHSMs are designed to meet Common Criteria EAL4+ and FIPS 140-2 standards) AWS Data Protection Solutions
  16. 16. • http://aws.amazon.com/security/ – Security Whitepaper – Risk and Compliance Whitepaper – Regularly Updated – Feedback is welcome • http://blogs.aws.amazon.com/security AWS Security Center

×