6. VPC-A
Public Subnet
Instances
IGW
Private Subnet
Instances
VPC-B
Public Subnet
Instances
IGW
Private Subnet
Instances
IAM Account A
Services VPC
Private Subnet
Instances
Availability Zone
Security Group
RDS
Private Subnet
Security Group
Elastic IP
AutoscalingVPC NAT Gateway
ELB
VPC Peer
VPC Peer
AWS Region A
VPC-B
Public Subnet
Instances
IGW
Private Subnet
Instances
AWS Region B
VPC-B
Public Subnet
Instances
IGW
Private Subnet
Instances
AWS Region C IAM Account B
VPC Peer
VPN Gateway
S3 Buckets
7. VPC-A
Public Subnet
Instances
IGW
Private Subnet
Instances
VPC-B
Public Subnet
Instances
IGW
Private Subnet
Instances
IAM Account A
Services VPC
Private Subnet
Instances
Availability Zone
Security Group
RDS
Private Subnet
Security Group
Elastic IP
AutoscalingVPC NAT Gateway
ELB
VPC Peer
VPC Peer
AWS Region A
VPC-B
Public Subnet
Instances
IGW
Private Subnet
Instances
AWS Region B
VPC-B
Public Subnet
Instances
IGW
Private Subnet
Instances
AWS Region C IAM Account B
VPC Peer
VPN Gateway
S3 Buckets
9. AWS and you share responsibility for security
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Identity &
Access Control
Network
Security
Customer applications, Operating Systems & content
You get to
define your
controls ON
the Cloud
AWS takes
care of the
security OF
the Cloud
You
Inventory
& Config
Data Encryption
10. Copyright 2018 Trend Micro Inc.10
Why do I need additional security in the cloud?
Threats:
• Network attack
• Vulnerabilities
• Malware
• Insider threats
Compliance:
• PCI DSS
• HIPAA
• NIST
• Internal