Understand how you can secure your digital assets that are stored in Amazon AWS. Get to know what is the Amazon responsibility of Amazon and what are your responsibility for completing the Shared Security Philosophy. Know what measures Amazon has taken to secure its cloud storage and premises. By insuring security and following the laid guidelines you can too insure the security of your data and instance that is hosted in Amazon cloud services.
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Amazon AWS Shared Security Model
1. Amazon Web Services
Shared Responsibility Model
1
Security &
4 Compliance 2
3
PPT by
www.EndPointVault.com
2. Amazon AWS
Amazon offers scalable cloud computing platform to
build, deploy and run wide range of application using
their servers that are spread across the globe.
4. Physical Security - AWS
AWS Facilities state of the art electronic
surveillance system.
Authentication and Authorization is done
using multi factor access control System.
Data centre is guarded by professionals
in security domain.
Hardware are fully guarded and are
destroyed before it leave the premise or
data center.
5. Virtualization Security - AWS
Security for instances or virtual server is provided on
multiple level to the user:
Host OS (Amazon)
Guest OS (User Virtual Instance)
Firewall
Signed API calls
Each of these security measures are interdependent to
provide the overall security and to prevent any
unauthorized access to the database.
6. Host OS Security - AWS
• Authorized administrator who needs to access the
management plane are required to pass through the multifactor authentication before gaining access to the
administration host.
• All such cases are logged and audited.
• Privileges are immediately revoked as soon as the work gets
completed.
7. Guest OS Security - AWS
Though virtual instances are totally controlled by the user
nevertheless Amazon still provides considerable amount of
security to it.
https/SSL enabled login and Guest OS management.
Support for SSH (Secure Shell) network protocol for secure logging in
Unix/Linux Instances.
Provides regular updates and patches for the Guest OS (Windows or
Linux).
Further security can be easily enhanced by the instance
administrator by using services available in Amazon
Marketplace.
8. Firewall Solution - AWS
• Amazon has created a robust firewall security
mechanism where by default all the ports are in deny
mode and the user explicitly open the ports to allow
the inbound traffic.
• Firewall is guest OS independent and does not reply
on the administrator instead, requires the users
X.509 certificate and relevant key to authorize
changes thus creating an extra layer of security.
9. Amazon Client Security
Responsibility
• Create and manage groups and set security policy to
insure data security and safety of your instance.
• Use of Virtual Private Network to ensure network
safety and creating Access list to manage the
inbound – outbound traffic from your instances.
• Setup VPN tunnel to your end for direct access of
your instances.
10. Identity and Access Management
• You can deny access to resources and services (EC2,
S3, Direct Connect, etc.) to those with minimum
privileges.
• Use of multi-factor authentication for authorized
access.
• API through
Access ID/ Secret Key
11. Resources and further study
Amazon Webinars:
Security https://www.youtube.com/watch?v=IedaYaKsb-4
Amazon AWS Foundation
https://www.youtube.com/watch?v=Nf-m-dKJYMQ
De-Duplication Process
http://www.endpointvault.com/de-dupe.html
12. Use the Power of Cloud to Secure Your Data
visit http://www.endpointvault.com/