This document summarizes a presentation about security on AWS. It discusses that security is a shared responsibility between AWS and customers. AWS provides security capabilities across people and procedures, network security, physical security, and platform security. Customers are responsible for security controls like access management, data handling, and incident response. The presentation emphasizes that customers have visibility, auditability, and control over their environments on AWS to securely manage access, encrypt data, and monitor systems. It provides examples of how AWS services like CloudTrail, IAM, and encryption help customers securely use AWS.
2. Different customer viewpoints on security
PR exec
keep out of the news
CEO
protect shareholder
value
CI{S}O
preserve the
confidentiality, integrity
and availability of data
3. Security is Our No.1 Priority
Comprehensive Security Capabilities to Support Virtually Any Workload
PEOPLE &
PROCEDURES
NETWORK
SECURITY
PHYSICAL
SECURITY
PLATFORM
SECURITY
27. You are making
API calls...
On a growing set of
services around the
world…
CloudTrail is
continuously
recording API
calls…
And delivering
log files to you
28. Security Analysis
Use log files as an input into log management and analysis solutions to perform
security analysis and to detect user behavior patterns.
Track Changes to AWS Resources
Track creation, modification, and deletion of AWS resources such as Amazon EC2
instances, Amazon VPC security groups and Amazon EBS volumes.
Troubleshoot Operational Issues
Quickly identify the most recent changes made to resources in your environment.
Compliance Aid
Easier to demonstrate compliance with internal policies and regulatory standards.
39. AWS STAFF ACCESS
‣ Staff vetting
‣ Staff has no logical access to customer instances
‣ Staff control-plane access limited & monitored
Bastion hosts, Least privileged model, Zoned data center access
‣ Business needs
‣ Separate PAMS
53. Amazon DynamoDB Fine Grained
Access Control
Directly and securely access application
data in Amazon DynamoDB
Specify access permissions at table, item
and attribute levels
With Web Identity Federation, completely
remove the need for proxy servers to
perform authorization
64. DATA ENCRYPTION
CHOOSE WHAT’S RIGHT FOR YOU:
Automated – AWS manages encryption
Enabled – user manages encryption using AWS
Client-side – user manages encryption using their own mean
65. ENCRYPT YOUR DATA
AWS CLOUDHSM
AMAZON S3 SSE
AMAZON GLACIER
AMAZON REDSHIFT
AMAZON RDS
…