SlideShare a Scribd company logo

20180514 _aws data-security_aws.compressed

S
Sekretariat3A

This document discusses the importance of data security and outlines best practices for ensuring confidentiality, integrity, and availability of data in the cloud. It describes Amazon Web Services' (AWS) physical and logical security controls to prevent unauthorized access to data centers and data. AWS provides a suite of security services to help with identity and access control, detection of threats, infrastructure security, incident response, and data protection through encryption. The document emphasizes automating security checks and compliance to help customers securely use AWS cloud services.

Internet
1 of 21
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Myles Hosford – Principal Security Architect APAC 14th May 2018 Amazon Web Services Cloud & Data Security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY IS DATA SECURITY IMPORTANT?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Prevent unauthorized access Integrity: Prevent unauthorized change Availability: Ensure it is running to serve customers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PHYSICAL LOGICAL
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Physical • Protect unauthorized access to data center facilities • Protect insider access to sensitive data  Strong access control (approved, reviewed)  Destruction of media  Security controls (CCTV, guard, perimeter, etc)  Separation of duties How do we know a provider is doing all of the above?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Logical • Protect unauthorized access to data • Protect insider access to sensitive data  Multi-factor authentication  Role based access control (separation of duties)  Robust logging & monitoring  Encryption  Maintain ownership  Grant access to approved parties (regulators, law)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Services AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting Data - Encryption KMS KMS (Import Key) AWS CloudHSM On-Prem HSM Client-Side Encryption Cheap & Easy $12 Expensive & Complex $100k+ FIPS140-2 Level 2 FIPS140-2 Level 3 The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption with AWS KMS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AVAILABILITY
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 54 Availability Zones
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Region AZ-1 AZ-2 AZ-2 DC DC DC Fully distributed infrastructure Data does not resides in a single server or data center Maximizing security, resiliency & availability
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield: DDoS Protection  Protection against most common infrastructure attacks  SYN/ACK Floods, UDP Floods, Refection attacks etc.  No additional cost DDoS mitigation systems DDoS Attack Users
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Security Checks Real Time Notification
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Regulatory Compliance Changes Compliance Engine Automated Response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption Example User launches a new server without encryption Automated response to perform encryption Automated response to terminate server AWS Config reviews change against controls you define in near real-time
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusion  Protect your data with strong physical and logical security controls  Use providers that have audited and certified controls  Encrypt all your data  Ensure availability to service your customers  Use real-time compliance checks  Classify your data……. Quint will help with this! 
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Any questions?

Recommended

AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 

Recommended

AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...The Automation of Supervision: How Regulators and Audit Teams are using AWS t...
The Automation of Supervision: How Regulators and Audit Teams are using AWS t...Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017
Best Security Practices in the Intelligence Community - SID214 - re:Invent 2017Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...
AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta ...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Amazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets ManagerAmazon Web Services
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceAmazon Web Services
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & ComplianceAmazon Web Services
 
Oas un llamado a la accion
Oas un llamado a la accionOas un llamado a la accion
Oas un llamado a la accionMarcela Cárdenas Hidalgo
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS User Group Bengaluru
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloudReham Maher El-Safarini
 
Core services
Core servicesCore services
Core servicesRichard Harvey
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAmazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security FundamentalsAmazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 

More Related Content

What's hot

Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Amazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionAmazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAmazon Web Services
 

What's hot (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
Keep It Secret, Keep It Safe Credentials and Secrets Management on AWS - AWS ...
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPR
 
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident ResolutionA Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
 
AWS Secrets Manager
AWS Secrets ManagerAWS Secrets Manager
AWS Secrets Manager
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
Oas un llamado a la accion
Oas un llamado a la accionOas un llamado a la accion
Oas un llamado a la accion
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
 
AWS Secrets for Best Practices
AWS Secrets for Best PracticesAWS Secrets for Best Practices
AWS Secrets for Best Practices
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Core services
Core servicesCore services
Core services
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
 

Similar to 20180514 _aws data-security_aws.compressed

AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveKristana Kane
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesAmazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsBela Sojina MBA, PMP
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS StorageAmazon Web Services
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloudAmazon Web Services
 
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksCloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 

Similar to 20180514 _aws data-security_aws.compressed (20)

AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloud
 
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech TalksCloud-Native DDoS Mitigation - AWS Online Tech Talks
Cloud-Native DDoS Mitigation - AWS Online Tech Talks
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 

Recently uploaded

1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxGal Baras
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfSiskaFitrianingrum
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shoplaozhuseo02
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxabhinandnam9997
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理aagad
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxlaozhuseo02
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyDamar Juniarto
 

Recently uploaded (12)

1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
The Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI StudioThe Best AI Powered Software - Intellivid AI Studio
The Best AI Powered Software - Intellivid AI Studio
 
The AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdfThe AI Powered Organization-Intro to AI-LAN.pdf
The AI Powered Organization-Intro to AI-LAN.pdf
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
Article writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptxArticle writing on excessive use of internet.pptx
Article writing on excessive use of internet.pptx
 
Stay Ahead with 2024's Top Web Design Trends
Stay Ahead with 2024's Top Web Design TrendsStay Ahead with 2024's Top Web Design Trends
Stay Ahead with 2024's Top Web Design Trends
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
一比一原版UTS毕业证悉尼科技大学毕业证成绩单如何办理
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
The Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case StudyThe Use of AI in Indonesia Election 2024: A Case Study
The Use of AI in Indonesia Election 2024: A Case Study
 

20180514 _aws data-security_aws.compressed

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Myles Hosford – Principal Security Architect APAC 14th May 2018 Amazon Web Services Cloud & Data Security
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. WHY IS DATA SECURITY IMPORTANT?
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Prevent unauthorized access Integrity: Prevent unauthorized change Availability: Ensure it is running to serve customers
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PHYSICAL LOGICAL
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Physical • Protect unauthorized access to data center facilities • Protect insider access to sensitive data  Strong access control (approved, reviewed)  Destruction of media  Security controls (CCTV, guard, perimeter, etc)  Separation of duties How do we know a provider is doing all of the above?
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Confidentiality: Logical • Protect unauthorized access to data • Protect insider access to sensitive data  Multi-factor authentication  Role based access control (separation of duties)  Robust logging & monitoring  Encryption  Maintain ownership  Grant access to approved parties (regulators, law)
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Services AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting Data - Encryption KMS KMS (Import Key) AWS CloudHSM On-Prem HSM Client-Side Encryption Cheap & Easy $12 Expensive & Complex $100k+ FIPS140-2 Level 2 FIPS140-2 Level 3 The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules.
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption with AWS KMS
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AVAILABILITY
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 54 Availability Zones
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Region AZ-1 AZ-2 AZ-2 DC DC DC Fully distributed infrastructure Data does not resides in a single server or data center Maximizing security, resiliency & availability
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shield: DDoS Protection  Protection against most common infrastructure attacks  SYN/ACK Floods, UDP Floods, Refection attacks etc.  No additional cost DDoS mitigation systems DDoS Attack Users
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Security Checks Real Time Notification
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Regulatory Compliance Changes Compliance Engine Automated Response
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption Example User launches a new server without encryption Automated response to perform encryption Automated response to terminate server AWS Config reviews change against controls you define in near real-time
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Conclusion  Protect your data with strong physical and logical security controls  Use providers that have audited and certified controls  Encrypt all your data  Ensure availability to service your customers  Use real-time compliance checks  Classify your data……. Quint will help with this! 
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! Any questions?