The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
You are making
On a growing set of
services around the
log files to you
Use log files as an input into log management and analysis solutions to perform
security analysis and to detect user behavior patterns.
Track Changes to AWS Resources
Track creation, modification, and deletion of AWS resources such as Amazon EC2
instances, Amazon VPC security groups and Amazon EBS volumes.
Troubleshoot Operational Issues
Quickly identify the most recent changes made to resources in your environment.
Easier to demonstrate compliance with internal policies and regulatory standards.
‣ CloudTrail records API calls and
delivers a log file to your S3 bucket.
‣ Typically, delivers an event within 15
minutes of the API call.
‣ Log files are delivered approximately
every 5 minutes.
‣ Multiple partners offer integrated
solutions to analyze log files.
Defense in Depth
Multi level security
• Physical security of the data centers
• Network security
• System security
• Data security
AWS Security Delivers More Control & Granularity
Customize the implementation based on your business needs
Defense in depth
Rapid scale for security
Automated checks with AWS Trusted Advisor
Fine grained access controls
Server side encryption
Direct connection, Storage Gateway
HSM-based key storage
Amazon DynamoDB Fine Grained
Directly and securely access application
data in Amazon DynamoDB
Specify access permissions at table, item
and attribute levels
With Web Identity Federation, completely
remove the need for proxy servers to
CHOOSE WHAT’S RIGHT FOR YOU:
Automated – AWS manages encryption
Enabled – user manages encryption using AWS
Client-side – user manages encryption using their own mean
Managed and monitored by AWS, but you
control the keys
Increase performance for applications that
use HSMs for key storage or encryption
Comply with stringent regulatory and
contractual requirements for key protection
ENCRYPT YOUR DATA
AMAZON S3 SSE
Attitudes and Perceptions Around Security and Cloud Services
Nearly 60% of organizations agreed that CSPs [Cloud Service
Providers] provide better security than their own IT organization
Source: IDC 2013 U.S. Cloud Security Survey
Doc #242836, September 2013