SlideShare a Scribd company logo
AWS S3 Security Considerations
Omid Vahdaty, Big Data ninja
Concepts
● protecting data while
○ in-transit (as it travels to and from Amazon S3) , 2 ways:
■ by using SSL
■ client-side encryption.
○ at rest (while it is stored on disks in Amazon S3 data centers) 2 ways:
■ Server Side encryption. (SSE)
■ client-side encryption.
Encryption Types
● Server Side
○ encrypt your object before saving it on S3 disks
○ decrypt it when you download the objects from S3.
● Client Side
○ Client-side encryption refers to encrypting data before sending it to Amazon S3
■ Use an AWS KMS-managed customer master key
■ Use a client-side master key
■ Disadvantage: Less matching the AWS ecosystem. You need to manage keys.
Client side master key
● Your client-side master keys and your unencrypted data are never sent to AWS
● manage your own encryption keys
● If you lose them, you won't be able to decrypt your data.
● When uploading an object
○ You provide a client-side master key to the Amazon S3 encryption client
○ for each object,encryption client locally generates a one-time-use symmetric key
○ The client uploads the encrypted data key and its material description as part of the object metadata
○ The material description helps the client later determine which client-side master key to use for decryption
○ The client then uploads the encrypted data to Amazon S3 and also saves the encrypted data key as object
metadata
● When downloading an object
○ The client first downloads the encrypted object from Amazon S3 along with the metadata
○ Using the material description in the metadata, the client first determines which master key to use to decrypt
○ the encrypted data key.
Client Side KMS–Managed Customer Master
Key (CMK)
● you provide only an AWS KMS customer master key ID (CMK ID)
● you don't have to worry about providing any encryption keys to the Amazon S3 encryption client (for example, the
AmazonS3EncryptionClient in the AWS SDK for Java). 2options
○ A plain text version
○ A cipher blob
● unique data encryption key for each object it uploads.
Server Side Encryption (SSE)
● Server-side encryption is about data encryption at rest
○ Amazon S3 encrypts your data at the object level as it writes it to disks
○ decrypts it for you when you access it.
○ As long as you authenticate your request and you have access permissions
○ You can't apply different types of server-side encryption to the same object simultaneously.
● 3 methods
○ Server-Side Encryption with Customer-Provided Keys (SSE-C)
■ You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and
decryption, when you access your objects
○ S3-Managed Keys (SSE-S3)
○ AWS KMS-Managed Keys (SSE-KMS)
S3-Managed Keys (SSE-S3)
● Each object is encrypted with a unique key employing strong multi-factor encryption
● it encrypts the key itself with a master key that it regularly rotates
● 256-bit Advanced Encryption Standard (AES-256), to encrypt
AWS KMS-Managed Keys (SSE-KMS)
● Similar to SSE-S3
● There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption
key)
● provides you with an audit trail of when your key was used and by whom
● you have the option to create and manage encryption keys yourself, or use a default key that is unique to you, the
service you're using, and the region you're working in.
Additional Safeguards
1. VPN (site to site)
2. Identity
3. IP ACL
4. Write Only permissions.
Security Diagram
Destination
AWS S3
Source
Datacenter
(secured)
Data in Transit
Client side encryption
or
HTTPS / SSL
Data at Rest
(Server/Client side encryption)

More Related Content

What's hot

금융 회사를 위한 클라우드 이용 가이드 – 신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...
금융 회사를 위한 클라우드 이용 가이드 –  신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...금융 회사를 위한 클라우드 이용 가이드 –  신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...
금융 회사를 위한 클라우드 이용 가이드 – 신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...
Amazon Web Services Korea
 
Deep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksDeep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech Talks
Amazon Web Services
 
고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)
고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)
고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)
Amazon Web Services Korea
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
Amazon Web Services
 
E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...
E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...
E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...
Amazon Web Services Korea
 
높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019
높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019 높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019
높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019
Amazon Web Services Korea
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
Amazon Web Services Korea
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
Amazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon Web Services Korea
 
Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
Ashay Shirwadkar
 
AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기
AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기
AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기
Amazon Web Services Korea
 
AWS Cost Control: Cloud Custodian
AWS Cost Control: Cloud CustodianAWS Cost Control: Cloud Custodian
AWS Cost Control: Cloud Custodian
OlinData
 
Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈
Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈
Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈
Amazon Web Services Korea
 
[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...
[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...
[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...
AWSKRUG - AWS한국사용자모임
 
세션 3: IT 담당자를 위한 Cloud 로의 전환
세션 3: IT 담당자를 위한 Cloud 로의 전환세션 3: IT 담당자를 위한 Cloud 로의 전환
세션 3: IT 담당자를 위한 Cloud 로의 전환
Amazon Web Services Korea
 
AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...
AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...
AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...
Amazon Web Services Korea
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 

What's hot (20)

금융 회사를 위한 클라우드 이용 가이드 – 신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...
금융 회사를 위한 클라우드 이용 가이드 –  신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...금융 회사를 위한 클라우드 이용 가이드 –  신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...
금융 회사를 위한 클라우드 이용 가이드 – 신은수 AWS 솔루션즈 아키텍트, 김호영 AWS 정책협력 담당:: AWS Cloud Week ...
 
Deep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech TalksDeep Dive on Amazon S3 - AWS Online Tech Talks
Deep Dive on Amazon S3 - AWS Online Tech Talks
 
고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)
고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)
고객 경험을 통한 AWS 클라우드 이전을 위한 지름길 - 김효정 (AWS 솔루션즈 아키텍트)
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
 
E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...
E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...
E-Commerce 를 풍성하게 해주는 AWS 기술들 - 서호석 이사, YOUNGWOO DIGITAL :: AWS Summit Seoul ...
 
높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019
높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019 높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019
높은 가용성과 성능 향상을 위한 ElastiCache 활용 팁 - 임근택, SendBird :: AWS Summit Seoul 2019
 
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트) IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
IDC 서버 몽땅 AWS로 이전하기 위한 5가지 방법 - 윤석찬 (AWS 테크에반젤리스트)
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
 
Introduction to Amazon EC2
Introduction to Amazon EC2Introduction to Amazon EC2
Introduction to Amazon EC2
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
 
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
Amazon EMR과 SageMaker를 이용하여 데이터를 준비하고 머신러닝 모델 개발 하기
 
Introduction to Amazon S3
Introduction to Amazon S3Introduction to Amazon S3
Introduction to Amazon S3
 
AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기
AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기
AWS Summit Seoul 2023 | 생성 AI 모델의 임베딩 벡터를 이용한 서버리스 추천 검색 구현하기
 
AWS Cost Control: Cloud Custodian
AWS Cost Control: Cloud CustodianAWS Cost Control: Cloud Custodian
AWS Cost Control: Cloud Custodian
 
Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈
Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈
Amazon EC2 서비스 살펴보기 (박철수) - AWS 웨비나 시리즈
 
[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...
[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...
[AWS Hero 스페셜] Amazon Personalize를 통한 개인화/추천 서비스 개발 노하우 - 소성운(크로키닷컴) :: AWS C...
 
세션 3: IT 담당자를 위한 Cloud 로의 전환
세션 3: IT 담당자를 위한 Cloud 로의 전환세션 3: IT 담당자를 위한 Cloud 로의 전환
세션 3: IT 담당자를 위한 Cloud 로의 전환
 
AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...
AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...
AWS 를 활용한 저지연 라이브 (Low Latency Live) 서비스 구현 - 류재춘 컨설턴트/에반젤리스트, GS Neot다 :: AW...
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 

Similar to Aws s3 security

Amazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptx
Amazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptxAmazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptx
Amazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptx
ujjwalsoni23
 
Protect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfProtect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdf
Zen Bit Tech
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_aws
saifam
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
AWS Key Management
AWS Key ManagementAWS Key Management
AWS Key Management
Nantha Kumar Rajasekaren
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
Amazon Web Services
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Amazon Web Services
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
Amazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
Amazon Web Services
 
Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptx
Ashish210583
 
Aws securing data_at_rest_with_encryption (1)
Aws securing data_at_rest_with_encryption (1)Aws securing data_at_rest_with_encryption (1)
Aws securing data_at_rest_with_encryption (1)
CMR WORLD TECH
 
AWS Big Data Demystified #4 data governance demystified [security, networ...
AWS Big Data Demystified #4   data governance demystified   [security, networ...AWS Big Data Demystified #4   data governance demystified   [security, networ...
AWS Big Data Demystified #4 data governance demystified [security, networ...
Omid Vahdaty
 
Crypto-Options on AWS | Security Roadshow Dublin
Crypto-Options on AWS | Security Roadshow DublinCrypto-Options on AWS | Security Roadshow Dublin
Crypto-Options on AWS | Security Roadshow Dublin
Amazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
Amazon Web Services
 

Similar to Aws s3 security (20)

Amazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptx
Amazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptxAmazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptx
Amazon S3 Server-Side Encryption with S3-Managed Keys – SSE-S3.pptx
 
Protect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdfProtect your Data on AWS using the Encryption method.pdf
Protect your Data on AWS using the Encryption method.pdf
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_aws
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS Key Management
AWS Key ManagementAWS Key Management
AWS Key Management
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
 
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 
Big data security in AWS.pptx
Big data security in AWS.pptxBig data security in AWS.pptx
Big data security in AWS.pptx
 
Aws securing data_at_rest_with_encryption (1)
Aws securing data_at_rest_with_encryption (1)Aws securing data_at_rest_with_encryption (1)
Aws securing data_at_rest_with_encryption (1)
 
AWS Big Data Demystified #4 data governance demystified [security, networ...
AWS Big Data Demystified #4   data governance demystified   [security, networ...AWS Big Data Demystified #4   data governance demystified   [security, networ...
AWS Big Data Demystified #4 data governance demystified [security, networ...
 
Crypto-Options on AWS | Security Roadshow Dublin
Crypto-Options on AWS | Security Roadshow DublinCrypto-Options on AWS | Security Roadshow Dublin
Crypto-Options on AWS | Security Roadshow Dublin
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 

More from Omid Vahdaty

Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup
Omid Vahdaty
 
Couchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data DemystifiedCouchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data Demystified
Omid Vahdaty
 
Machine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data DemystifiedMachine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data Demystified
Omid Vahdaty
 
Machine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data DemystifiedMachine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data Demystified
Omid Vahdaty
 
The technology of fake news between a new front and a new frontier | Big Dat...
The technology of fake news  between a new front and a new frontier | Big Dat...The technology of fake news  between a new front and a new frontier | Big Dat...
The technology of fake news between a new front and a new frontier | Big Dat...
Omid Vahdaty
 
Big Data in 200 km/h | AWS Big Data Demystified #1.3
Big Data in 200 km/h | AWS Big Data Demystified #1.3  Big Data in 200 km/h | AWS Big Data Demystified #1.3
Big Data in 200 km/h | AWS Big Data Demystified #1.3
Omid Vahdaty
 
Making your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data DemystifiedMaking your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data Demystified
Omid Vahdaty
 
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
Omid Vahdaty
 
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
Omid Vahdaty
 
Aerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data DemystifiedAerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data Demystified
Omid Vahdaty
 
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
Omid Vahdaty
 
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
Omid Vahdaty
 
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
AWS big-data-demystified #1.1  | Big Data Architecture Lessons Learned | EnglishAWS big-data-demystified #1.1  | Big Data Architecture Lessons Learned | English
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
Omid Vahdaty
 
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
Omid Vahdaty
 
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 |  Athena, Spectrum, Emr, Hive AWS Big Data Demystified #2 |  Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
Omid Vahdaty
 
Amazon aws big data demystified | Introduction to streaming and messaging flu...
Amazon aws big data demystified | Introduction to streaming and messaging flu...Amazon aws big data demystified | Introduction to streaming and messaging flu...
Amazon aws big data demystified | Introduction to streaming and messaging flu...
Omid Vahdaty
 
AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned
Omid Vahdaty
 
Emr spark tuning demystified
Emr spark tuning demystifiedEmr spark tuning demystified
Emr spark tuning demystified
Omid Vahdaty
 
Emr zeppelin & Livy demystified
Emr zeppelin & Livy demystifiedEmr zeppelin & Livy demystified
Emr zeppelin & Livy demystified
Omid Vahdaty
 
Zeppelin and spark sql demystified
Zeppelin and spark sql demystifiedZeppelin and spark sql demystified
Zeppelin and spark sql demystified
Omid Vahdaty
 

More from Omid Vahdaty (20)

Data Pipline Observability meetup
Data Pipline Observability meetup Data Pipline Observability meetup
Data Pipline Observability meetup
 
Couchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data DemystifiedCouchbase Data Platform | Big Data Demystified
Couchbase Data Platform | Big Data Demystified
 
Machine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data DemystifiedMachine Learning Essentials Demystified part2 | Big Data Demystified
Machine Learning Essentials Demystified part2 | Big Data Demystified
 
Machine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data DemystifiedMachine Learning Essentials Demystified part1 | Big Data Demystified
Machine Learning Essentials Demystified part1 | Big Data Demystified
 
The technology of fake news between a new front and a new frontier | Big Dat...
The technology of fake news  between a new front and a new frontier | Big Dat...The technology of fake news  between a new front and a new frontier | Big Dat...
The technology of fake news between a new front and a new frontier | Big Dat...
 
Big Data in 200 km/h | AWS Big Data Demystified #1.3
Big Data in 200 km/h | AWS Big Data Demystified #1.3  Big Data in 200 km/h | AWS Big Data Demystified #1.3
Big Data in 200 km/h | AWS Big Data Demystified #1.3
 
Making your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data DemystifiedMaking your analytics talk business | Big Data Demystified
Making your analytics talk business | Big Data Demystified
 
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
BI STRATEGY FROM A BIRD'S EYE VIEW (How to become a trusted advisor) | Omri H...
 
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
AI and Big Data in Health Sector Opportunities and challenges | Big Data Demy...
 
Aerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data DemystifiedAerospike meetup july 2019 | Big Data Demystified
Aerospike meetup july 2019 | Big Data Demystified
 
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
ALIGNING YOUR BI OPERATIONS WITH YOUR CUSTOMERS' UNSPOKEN NEEDS, by Eyal Stei...
 
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
AWS Big Data Demystified #1.2 | Big Data architecture lessons learned
 
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
AWS big-data-demystified #1.1  | Big Data Architecture Lessons Learned | EnglishAWS big-data-demystified #1.1  | Big Data Architecture Lessons Learned | English
AWS big-data-demystified #1.1 | Big Data Architecture Lessons Learned | English
 
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
AWS Big Data Demystified #3 | Zeppelin + spark sql, jdbc + thrift, ganglia, r...
 
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 |  Athena, Spectrum, Emr, Hive AWS Big Data Demystified #2 |  Athena, Spectrum, Emr, Hive
AWS Big Data Demystified #2 | Athena, Spectrum, Emr, Hive
 
Amazon aws big data demystified | Introduction to streaming and messaging flu...
Amazon aws big data demystified | Introduction to streaming and messaging flu...Amazon aws big data demystified | Introduction to streaming and messaging flu...
Amazon aws big data demystified | Introduction to streaming and messaging flu...
 
AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned AWS Big Data Demystified #1: Big data architecture lessons learned
AWS Big Data Demystified #1: Big data architecture lessons learned
 
Emr spark tuning demystified
Emr spark tuning demystifiedEmr spark tuning demystified
Emr spark tuning demystified
 
Emr zeppelin & Livy demystified
Emr zeppelin & Livy demystifiedEmr zeppelin & Livy demystified
Emr zeppelin & Livy demystified
 
Zeppelin and spark sql demystified
Zeppelin and spark sql demystifiedZeppelin and spark sql demystified
Zeppelin and spark sql demystified
 

Recently uploaded

一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理
一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理
一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理
twqryq79
 
SOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptx
SOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptxSOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptx
SOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptx
anmolbansal1969
 
原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样
原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样
原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样
mvrpcz6
 
按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理
按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理
按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理
xeexm
 
Emerging Earth Observation methods for monitoring sustainable food production
Emerging Earth Observation methods for monitoring sustainable food productionEmerging Earth Observation methods for monitoring sustainable food production
Emerging Earth Observation methods for monitoring sustainable food production
CIFOR-ICRAF
 
一比一原版美国贝翰文大学毕业证(BU学位证)如何办理
一比一原版美国贝翰文大学毕业证(BU学位证)如何办理一比一原版美国贝翰文大学毕业证(BU学位证)如何办理
一比一原版美国贝翰文大学毕业证(BU学位证)如何办理
sf3cfttw
 
Climate change & action required action
Climate change &  action required actionClimate change &  action required action
Climate change & action required action
hando2845
 
一比一原版美国迈阿密大学毕业证如何办理
一比一原版美国迈阿密大学毕业证如何办理一比一原版美国迈阿密大学毕业证如何办理
一比一原版美国迈阿密大学毕业证如何办理
yfvet
 
Exploring low emissions development opportunities in food systems
Exploring low emissions development opportunities in food systemsExploring low emissions development opportunities in food systems
Exploring low emissions development opportunities in food systems
CIFOR-ICRAF
 
一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理
一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理
一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理
7kvwgv0y
 
Green Wealth Management - UBS A world of access and opportunuty
Green Wealth Management - UBS A world of access and opportunutyGreen Wealth Management - UBS A world of access and opportunuty
Green Wealth Management - UBS A world of access and opportunuty
adrianmaruntelu
 
Lessons from operationalizing integrated landscape approaches
Lessons from operationalizing integrated landscape approachesLessons from operationalizing integrated landscape approaches
Lessons from operationalizing integrated landscape approaches
CIFOR-ICRAF
 
一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理
一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理
一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理
lyurzi7r
 
POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...
POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...
POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...
AdelinePdelaCruz
 
一比一原版美国丹佛大学毕业证(ud学位证)如何办理
一比一原版美国丹佛大学毕业证(ud学位证)如何办理一比一原版美国丹佛大学毕业证(ud学位证)如何办理
一比一原版美国丹佛大学毕业证(ud学位证)如何办理
43ekmxzp
 
Ch-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdf
Ch-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdfCh-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdf
Ch-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdf
RhemanRaphael
 
A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...
A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...
A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...
Aussie Hydro-Vac Services
 
REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...
REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...
REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...
pareeksulkash
 
Good Agricultural Practices Presentation PDF.pdf
Good Agricultural Practices Presentation PDF.pdfGood Agricultural Practices Presentation PDF.pdf
Good Agricultural Practices Presentation PDF.pdf
ronnelapilado23
 
一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理
aonx8o5f
 

Recently uploaded (20)

一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理
一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理
一比一原版美国加州大学欧文分校毕业证(uci学位证)如何办理
 
SOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptx
SOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptxSOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptx
SOIL AND ITS FORMATION bjbhjbhvhvhjvhj .pptx
 
原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样
原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样
原版制作(Manitoba毕业证书)曼尼托巴大学毕业证学位证一模一样
 
按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理
按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理
按照学校原版(UAL文凭证书)伦敦艺术大学毕业证快速办理
 
Emerging Earth Observation methods for monitoring sustainable food production
Emerging Earth Observation methods for monitoring sustainable food productionEmerging Earth Observation methods for monitoring sustainable food production
Emerging Earth Observation methods for monitoring sustainable food production
 
一比一原版美国贝翰文大学毕业证(BU学位证)如何办理
一比一原版美国贝翰文大学毕业证(BU学位证)如何办理一比一原版美国贝翰文大学毕业证(BU学位证)如何办理
一比一原版美国贝翰文大学毕业证(BU学位证)如何办理
 
Climate change & action required action
Climate change &  action required actionClimate change &  action required action
Climate change & action required action
 
一比一原版美国迈阿密大学毕业证如何办理
一比一原版美国迈阿密大学毕业证如何办理一比一原版美国迈阿密大学毕业证如何办理
一比一原版美国迈阿密大学毕业证如何办理
 
Exploring low emissions development opportunities in food systems
Exploring low emissions development opportunities in food systemsExploring low emissions development opportunities in food systems
Exploring low emissions development opportunities in food systems
 
一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理
一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理
一比一原版美国堪萨斯大学毕业证(KU学位证)如何办理
 
Green Wealth Management - UBS A world of access and opportunuty
Green Wealth Management - UBS A world of access and opportunutyGreen Wealth Management - UBS A world of access and opportunuty
Green Wealth Management - UBS A world of access and opportunuty
 
Lessons from operationalizing integrated landscape approaches
Lessons from operationalizing integrated landscape approachesLessons from operationalizing integrated landscape approaches
Lessons from operationalizing integrated landscape approaches
 
一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理
一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理
一比一原版美国亚利桑那大学毕业证(ua学位证)如何办理
 
POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...
POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...
POPE FRANCIS 2ND ENCYCLICAL "Laudato Si" is the second encyclical of Pope Fra...
 
一比一原版美国丹佛大学毕业证(ud学位证)如何办理
一比一原版美国丹佛大学毕业证(ud学位证)如何办理一比一原版美国丹佛大学毕业证(ud学位证)如何办理
一比一原版美国丹佛大学毕业证(ud学位证)如何办理
 
Ch-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdf
Ch-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdfCh-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdf
Ch-2-Forest_And_Wildlife_Resources_Full_Chapter_Explanation_pdf_.pdf
 
A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...
A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...
A Comprehensive Guide on Cable Location Services Detections Method, Tools, an...
 
REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...
REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...
REPORT-PRESENTATION BY CHIEF SECRETARY, ANDAMAN NICOBAR ADMINISTRATION IN OA ...
 
Good Agricultural Practices Presentation PDF.pdf
Good Agricultural Practices Presentation PDF.pdfGood Agricultural Practices Presentation PDF.pdf
Good Agricultural Practices Presentation PDF.pdf
 
一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理
一比一原版(Glasgow毕业证)英国格拉斯哥大学毕业证如何办理
 

Aws s3 security

  • 1. AWS S3 Security Considerations Omid Vahdaty, Big Data ninja
  • 2. Concepts ● protecting data while ○ in-transit (as it travels to and from Amazon S3) , 2 ways: ■ by using SSL ■ client-side encryption. ○ at rest (while it is stored on disks in Amazon S3 data centers) 2 ways: ■ Server Side encryption. (SSE) ■ client-side encryption.
  • 3. Encryption Types ● Server Side ○ encrypt your object before saving it on S3 disks ○ decrypt it when you download the objects from S3. ● Client Side ○ Client-side encryption refers to encrypting data before sending it to Amazon S3 ■ Use an AWS KMS-managed customer master key ■ Use a client-side master key ■ Disadvantage: Less matching the AWS ecosystem. You need to manage keys.
  • 4. Client side master key ● Your client-side master keys and your unencrypted data are never sent to AWS ● manage your own encryption keys ● If you lose them, you won't be able to decrypt your data. ● When uploading an object ○ You provide a client-side master key to the Amazon S3 encryption client ○ for each object,encryption client locally generates a one-time-use symmetric key ○ The client uploads the encrypted data key and its material description as part of the object metadata ○ The material description helps the client later determine which client-side master key to use for decryption ○ The client then uploads the encrypted data to Amazon S3 and also saves the encrypted data key as object metadata ● When downloading an object ○ The client first downloads the encrypted object from Amazon S3 along with the metadata ○ Using the material description in the metadata, the client first determines which master key to use to decrypt ○ the encrypted data key.
  • 5. Client Side KMS–Managed Customer Master Key (CMK) ● you provide only an AWS KMS customer master key ID (CMK ID) ● you don't have to worry about providing any encryption keys to the Amazon S3 encryption client (for example, the AmazonS3EncryptionClient in the AWS SDK for Java). 2options ○ A plain text version ○ A cipher blob ● unique data encryption key for each object it uploads.
  • 6. Server Side Encryption (SSE) ● Server-side encryption is about data encryption at rest ○ Amazon S3 encrypts your data at the object level as it writes it to disks ○ decrypts it for you when you access it. ○ As long as you authenticate your request and you have access permissions ○ You can't apply different types of server-side encryption to the same object simultaneously. ● 3 methods ○ Server-Side Encryption with Customer-Provided Keys (SSE-C) ■ You manage the encryption keys and Amazon S3 manages the encryption, as it writes to disks, and decryption, when you access your objects ○ S3-Managed Keys (SSE-S3) ○ AWS KMS-Managed Keys (SSE-KMS)
  • 7. S3-Managed Keys (SSE-S3) ● Each object is encrypted with a unique key employing strong multi-factor encryption ● it encrypts the key itself with a master key that it regularly rotates ● 256-bit Advanced Encryption Standard (AES-256), to encrypt
  • 8. AWS KMS-Managed Keys (SSE-KMS) ● Similar to SSE-S3 ● There are separate permissions for the use of an envelope key (that is, a key that protects your data's encryption key) ● provides you with an audit trail of when your key was used and by whom ● you have the option to create and manage encryption keys yourself, or use a default key that is unique to you, the service you're using, and the region you're working in.
  • 9. Additional Safeguards 1. VPN (site to site) 2. Identity 3. IP ACL 4. Write Only permissions.
  • 10. Security Diagram Destination AWS S3 Source Datacenter (secured) Data in Transit Client side encryption or HTTPS / SSL Data at Rest (Server/Client side encryption)