Uploaded bySekretariat3A
22 views

20180514 _aws data-security_aws.compressed

This document discusses the importance of data security and outlines best practices for ensuring confidentiality, integrity, and availability of data in the cloud. It describes Amazon Web Services' (AWS) physical and logical security controls to prevent unauthorized access to data centers and data. AWS provides a suite of security services to help with identity and access control, detection of threats, infrastructure security, incident response, and data protection through encryption. The document emphasizes automating security checks and compliance to help customers securely use AWS cloud services.

Embed presentation

Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Myles Hosford – Principal Security Architect APAC 14th May 2018 Amazon Web Services Cloud & Data Security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY IS DATA SECURITY IMPORTANT?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Prevent unauthorized access Integrity: Prevent unauthorized change Availability: Ensure it is running to serve customers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PHYSICAL LOGICAL
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Physical • Protect unauthorized access to data center facilities • Protect insider access to sensitive data  Strong access control (approved, reviewed)  Destruction of media  Security controls (CCTV, guard, perimeter, etc)  Separation of duties How do we know a provider is doing all of the above?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Logical • Protect unauthorized access to data • Protect insider access to sensitive data  Multi-factor authentication  Role based access control (separation of duties)  Robust logging & monitoring  Encryption  Maintain ownership  Grant access to approved parties (regulators, law)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Services AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting Data - Encryption KMS KMS (Import Key) AWS CloudHSM On-Prem HSM Client-Side Encryption Cheap & Easy $12 Expensive & Complex $100k+ FIPS140-2 Level 2 FIPS140-2 Level 3 The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption with AWS KMS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AVAILABILITY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 54 Availability Zones
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Region AZ-1 AZ-2 AZ-2 DC DC DC Fully distributed infrastructure Data does not resides in a single server or data center Maximizing security, resiliency & availability
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield: DDoS Protection  Protection against most common infrastructure attacks  SYN/ACK Floods, UDP Floods, Refection attacks etc.  No additional cost DDoS mitigation systems DDoS Attack Users
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Security Checks Real Time Notification
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Regulatory Compliance Changes Compliance Engine Automated Response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption Example User launches a new server without encryption Automated response to perform encryption Automated response to terminate server AWS Config reviews change against controls you define in near real-time
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusion  Protect your data with strong physical and logical security controls  Use providers that have audited and certified controls  Encrypt all your data  Ensure availability to service your customers  Use real-time compliance checks  Classify your data……. Quint will help with this! 
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Any questions?

More Related Content

PPTX
Core services
byRichard Harvey
 
PPTX
AWS Secrets for Best Practices
byAWS User Group Bengaluru
 
PDF
Oas un llamado a la accion
byMarcela Cárdenas Hidalgo
 
PDF
Get ahead of cloud network security trends and practices in 2020
byCynthia Hsieh
 
PPTX
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
bySebastian Taphanel CISSP-ISSEP
 
PDF
Security in the cloud
byReham Maher El-Safarini
 
PDF
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
byAWS Germany
 
PDF
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
byAmazon Web Services Korea
 
Core services
byRichard Harvey
 
AWS Secrets for Best Practices
byAWS User Group Bengaluru
 
Oas un llamado a la accion
byMarcela Cárdenas Hidalgo
 
Get ahead of cloud network security trends and practices in 2020
byCynthia Hsieh
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
bySebastian Taphanel CISSP-ISSEP
 
Security in the cloud
byReham Maher El-Safarini
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
byAWS Germany
 
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
byAmazon Web Services Korea
 

Similar to 20180514 _aws data-security_aws.compressed

PDF
AWS - Security & Compliance
byAmazon Web Services LATAM
 
PDF
AWS - Security & Compliance
byAmazon Web Services LATAM
 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PPTX
Pitt Immersion Day Module 5 - security overview
byEagleDream Technologies
 
PDF
The AWS Shared Responsibility Model: Presented by Amazon Web Services
byAlert Logic
 
PDF
Security on AWS
byAmazon Web Services LATAM
 
PPTX
Cloud Security, Risk and Compliance on AWS
byKarim Hopper
 
PPTX
16h30 aws gru security deck
byinfolive
 
PPTX
Blue Chip Tek Connect and Protect Presentation #3
byKimberly Macias
 
PDF
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
byVladimir Simek
 
PDF
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
byMarcela Cárdenas Hidalgo
 
PDF
1. aws security and compliance wwps pre-day sao paolo - markry
byAmazon Web Services LATAM
 
PPTX
Modernizing Technology Governance
byAlert Logic
 
PPTX
Managing Security on AWS
byAWS Summits
 
PDF
Securing Your Customers Data From Day One
byAmazon Web Services LATAM
 
PPTX
Deep dive - AWS security by design
byRichard Harvey
 
PDF
Security and Compliance Better on AWS_John Hildebrandt
byHelen Rogers
 
PPTX
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
PPTX
LIFT OFF 2017: AWS and Cloud Computing
byRobert Herjavec
 
AWS - Security & Compliance
byAmazon Web Services LATAM
 
AWS - Security & Compliance
byAmazon Web Services LATAM
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
Pitt Immersion Day Module 5 - security overview
byEagleDream Technologies
 
The AWS Shared Responsibility Model: Presented by Amazon Web Services
byAlert Logic
 
Security on AWS
byAmazon Web Services LATAM
 
Cloud Security, Risk and Compliance on AWS
byKarim Hopper
 
16h30 aws gru security deck
byinfolive
 
Blue Chip Tek Connect and Protect Presentation #3
byKimberly Macias
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
byVladimir Simek
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
byMarcela Cárdenas Hidalgo
 
1. aws security and compliance wwps pre-day sao paolo - markry
byAmazon Web Services LATAM
 
Modernizing Technology Governance
byAlert Logic
 
Managing Security on AWS
byAWS Summits
 
Securing Your Customers Data From Day One
byAmazon Web Services LATAM
 
Deep dive - AWS security by design
byRichard Harvey
 
Security and Compliance Better on AWS_John Hildebrandt
byHelen Rogers
 
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
LIFT OFF 2017: AWS and Cloud Computing
byRobert Herjavec
 

Recently uploaded

PDF
Angry Birds film (2016).pdf panini album
byStefanFilipovic9
 
PDF
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
PDF
action man.pdf album sa slicicama panini...
byStefanFilipovic9
 
PDF
Parallel and Distributed Databases NOTES.pdf
bywrushabsirsat
 
PDF
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
PDF
anastasia panini album.pdf album sa slicicama
byStefanFilipovic9
 
PDF
alfred jonatan kvak panini album.pdf slicice
byStefanFilipovic9
 
PDF
album panini Evoksi.pdf panini album slicice
byStefanFilipovic9
 
PDF
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
PDF
Tour & Travel App Development Explained- Features, Costs, and Technologies Us...
byMike Brown
 
PDF
11 Best Sites for Buying Aged Reddit Accounts with Karma.pdf
byallseoit 143
 
PPTX
Creating content that converts into leads.
bySEONutri
 
Angry Birds film (2016).pdf panini album
byStefanFilipovic9
 
Batman Forever album sličice.pdf panini album
byStefanFilipovic9
 
action man.pdf album sa slicicama panini...
byStefanFilipovic9
 
Parallel and Distributed Databases NOTES.pdf
bywrushabsirsat
 
automobili.pdf panini album slicice ......
byStefanFilipovic9
 
anastasia panini album.pdf album sa slicicama
byStefanFilipovic9
 
alfred jonatan kvak panini album.pdf slicice
byStefanFilipovic9
 
album panini Evoksi.pdf panini album slicice
byStefanFilipovic9
 
investor pitch - iapploud | independent music platform
byVenkat Subramanian
 
Tour & Travel App Development Explained- Features, Costs, and Technologies Us...
byMike Brown
 
11 Best Sites for Buying Aged Reddit Accounts with Karma.pdf
byallseoit 143
 
Creating content that converts into leads.
bySEONutri
 

20180514 _aws data-security_aws.compressed

  • 1.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Myles Hosford – Principal Security Architect APAC 14th May 2018 Amazon Web Services Cloud & Data Security
  • 2.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. WHY IS DATA SECURITY IMPORTANT?
  • 3.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved.
  • 4.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Prevent unauthorized access Integrity: Prevent unauthorized change Availability: Ensure it is running to serve customers
  • 5.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. PHYSICAL LOGICAL
  • 6.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Physical • Protect unauthorized access to data center facilities • Protect insider access to sensitive data  Strong access control (approved, reviewed)  Destruction of media  Security controls (CCTV, guard, perimeter, etc)  Separation of duties How do we know a provider is doing all of the above?
  • 7.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
  • 8.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Logical • Protect unauthorized access to data • Protect insider access to sensitive data  Multi-factor authentication  Role based access control (separation of duties)  Robust logging & monitoring  Encryption  Maintain ownership  Grant access to approved parties (regulators, law)
  • 9.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. AWS Security Services AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection
  • 10.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Data Protection
  • 11.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Protecting Data - Encryption KMS KMS (Import Key) AWS CloudHSM On-Prem HSM Client-Side Encryption Cheap & Easy $12 Expensive & Complex $100k+ FIPS140-2 Level 2 FIPS140-2 Level 3 The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.
  • 12.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Encryption with AWS KMS
  • 13.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. AVAILABILITY
  • 14.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 54 Availability Zones
  • 15.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Region AZ-1 AZ-2 AZ-2 DC DC DC Fully distributed infrastructure Data does not resides in a single server or data center Maximizing security, resiliency & availability
  • 16.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. AWS Shield: DDoS Protection  Protection against most common infrastructure attacks  SYN/ACK Floods, UDP Floods, Refection attacks etc.  No additional cost DDoS mitigation systems DDoS Attack Users
  • 17.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Automating Security Checks Real Time Notification
  • 18.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Automating Regulatory Compliance Changes Compliance Engine Automated Response
  • 19.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Encryption Example User launches a new server without encryption Automated response to perform encryption Automated response to terminate server AWS Config reviews change against controls you define in near real-time
  • 20.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Conclusion  Protect your data with strong physical and logical security controls  Use providers that have audited and certified controls  Encrypt all your data  Ensure availability to service your customers  Use real-time compliance checks  Classify your data……. Quint will help with this! 
  • 21.
    © 2017, AmazonWeb Services, Inc. or its Affiliates. All rights reserved. Thank you! Any questions?