KK
Uploaded byKrzysztof Kąkol
PPTX, PDF24 views

Designing for Privacy in AWS cloud

The document discusses the importance of designing for privacy in AWS cloud environments, emphasizing 'privacy by design' as a proactive approach to ensure data protection and compliance. It outlines key practices for implementing privacy measures, including secure coding, testing, and incident response planning. Additionally, it highlights the need for thorough documentation and periodic reviews to maintain security and reliability across cloud workloads.

Embed presentation

Download to read offline
xebia.com Designing for Privacy in AWS cloud Krzysztof Kąkol – Chief of Data Engineering @ Xebia Poland
xebia.com Krzysztof Kąkol Chief of Data Engineering and Solutions Architect in Xebia Poland AWS Community Builder & AWS Ambassador https://www.linkedin.com/in/krzysztofkakol/ Other stuff: Classical and jazz pianist PhD in AI-driven sound processing
xebia.com HRM systems store user personal data and lots of sensitive data like salary. Clients want to know where the data are stored, who has access to it, what we do to avoid compromising. Clients have their checklists with requirements. Strong vendor responsibility comes with great risk that must be handled. HR is about privacy Clients want to be secure Business requirements Vendor’s risk Data Privacy by Design in HRM system
xebia.com Prepare Theory is King
xebia.com Privacy by Design is a concept developed by Ann Cavoukian in 90’s. It advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation. Data Privacy by Design
xebia.com No action is required on the part of the individual to protect their privacy — it is built into the system, by default. Privacy as the Default Setting The result is that privacy becomes an essential component of the core functionality being delivered. Privacy Embedded into Design Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner – without trade-offs. Full Functionality – Positive-Sum Data Privacy by Design PbD anticipates and prevents privacy invasive events before they happen. Proactive not Reactive Its component parts and operations remain visible and transparent, to users and providers alike. Visibility and Trans- parency – Keep it Open Keeping the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Respect for User Privacy – Keep it User-Centric Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end. End-to-End Security – Full Lifecycle Protection
xebia.com The Norwegian Data Protection Authority has developed these guidelines to help organisations understand and comply with the requirement of data protection by design and by default in article 25 of the General Data Protection Regulation. Data Protection by Design and by Default
xebia.com Setting requirements for data protection and information security for the final product. Requirements Ensuring that requirements for data protection and information security are reflected in the design. Design Writing secure code by implementing the requirements for data protection and security. Coding Data Protection by Design and by Default Planning specific trainings for management and employees Training Comprehensive and final security review should be done before the software is released. Release Planning for incident response handling (prepared during the release activity) and following it. Maintenance Checking that the requirements for data protection and information security have been implemented as planned. Testing
xebia.com Put your shoes on! Prerequisites
xebia.com STRIDE is a model for identifying computer security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft. It provides a mnemonic for security threats in six categories: • Spoofing • Tampering • Repudiation • Information Disclosure • Denial of Service • Elevation of Privileges Prerequisites – Risk analysis https://www.eccouncil.org/threat-modeling/
xebia.com General review of the infrastructure and workload (including the software architecture used) should be done. It should be a high-level review, not a detailed project review: • General architecture description • Security setup (firewalls, network ACLs etc.) • High-level recommendations Prerequisites – Workload review
xebia.com Well-Architected Review (WAR) should be done periodically. It can be performed using the Well-Architected Tool in AWS WAR describes key concepts, design principles, and best practices for creating and running workloads in the cloud. Most important pillars from Data Privacy perspective: Security and Reliability. Prerequisites – Well-Architected Review
xebia.com • Securely operating workloads • Managing permissions • Protecting infrastructure • Protect data at rest and in transit • Testing against security issues • Responding to security incidents Security Pillar • Managing workloads • Designing high-available, resilient and self-healing infrastructure • Reliable deployment processes • Business continuity • Managing failures, disaster recovery Reliability Pillar Prerequisites – Well-Architected Review
xebia.com  Draw the borders of your "world of concerns" first – model your threats with simple yet comprehensive tools like STRIDE. Once you have done it, you know what you need to focus on!  Use available tools and sources to obtain as much knowledge about security and reliability perspectives as possible. One of the best tools (if not the best) in this area is the AWS Well-Architected Tool. Prerequisites – Summary
xebia.com Let’s dance! Implementation
xebia.com Confidentiality Integrity Accessibility Resilience Traceability
xebia.com Limited access to production infra and DB Using IaaC to manage infrastructure Managed access to codebase Secrets stored in vault (eg. Secrets Manager) Good password policy 2FA used and enforced wherever possible Access restriction policies (like bastion hosts, VPNs etc.) Resources encryption (EBS, RDS, S3 etc.) Content encryption Communication encryption Control of the key – KMS CMK Permission model must be flexible enough Sensitive data – special behavior Elevating privileges should be impossible Tested permission model Principle of least privilege Authentication policies Encryption Well-designed features Confidentiality Confidentiality refers to protecting sensitive data from unauthorized access
xebia.com Versioning is a default setting Used for all files, including contracts, internal documents, agreements etc. No long-living AWS credentials Only roles applied to resources Semantic roles Validation for all incoming data Defined allowed values for most fields (eg. min/max for numeric fields) Cloud Trail for API activity Logs for S3, database, workload – sent to Cloudwatch Audit trail in the application S3 object versioning IAM roles Data validation Monitoring and logging Integrity Integrity means that data is protected against unwanted alteration, destruction, or loss.
xebia.com Using landing zones or Identity Center Managing access through IaaC Limited and defined access to production resources Flexible permission model Using RBAC, ABAC, ACL and access levels Data and infrastructure redundancy Access to data during contingency plans Data lifecycle policies (eg. in S3) Documentation of the incident management process Well-described scenarios for potential incidents (STRIDE) Access to infrastructure Permission model Availability of data Incident management Accessibility Personal data must be available to authorised personnel who require it for their work.
xebia.com Workload in multiple AZs Self-healing infrastructure All components highly- available: ALB, multi-AZ RDS, EKS nodes in ASG, replicated NATs Using managed services Well-chosen strategy for DR (B&R, pilot light, warm standby, multisite) Preparing DR plan – pilot light Testing DR plan Backup for database – automatic snapshots, PITR, manual snapshots Object replication in S3 (multi-region) Backup retention Using DDoS protection (CDN) Resources firewall setup – using semantic Security Groups Application firewalls – WAF Workload in private subnets High availability Disaster recovery Backup strategy Resilience to attacks Resilience Software that is processing personal data must be able to resist vulnerabilities, attacks, and accidents.
xebia.com VPC flow logs, S3 logs, ALB logs etc. Meaningful application logs Request tracking (X-Ray) Analyze logs – Cloudwatch Logs Insights Notify when something is detected (SNS) History of inserts, updates and deletes Every trail record contains ”before” and „after” state Who and when made the change Some data have historical changes and planned changes (eg. employees) Implementing SCD is difficult but builds a history of the record Log everything Analyse & notify Audit trail Slowly Changing Dimensions Traceability Traceability is documentation of changes made within the software, infrastructure and to personal data.
xebia.com Record the memories Documentation
xebia.com Security documentation • OWASP Top 10 review • Personal Data Access – document describing the processes to access personal/private data, who has access to it, where they are stored etc. • Personal Data Management rules, based on Requirements from NDPA checklist – generally speaking, what is the reason of storing personal data, what is the legal basis of storing them, what preventive measures have been implemented in terms of securing the data, how the data should be accessed, what are the requirements of data backup etc. Documentation
xebia.com Implementation practices documentation • Coding practices – describing the current coding practices in the project, including libraries used, vulnerability scanning, code review process, branching model and all other components mentioned in NDPA checklist. • Testing practices – describing the current testing implemented in the project – testing frameworks, unit, integration, end-to-end, system, performance testing practices etc. (NDPA checklist). Documentation
xebia.com Maintenance practices documentation • Disaster Recovery plan (with test) • Backup strategy • Incident management plan - what to do after an incident occurs in terms of formal and implementation practices • Release management – what are the rules of release process, who’s responsible for it, how the process is generally handled, since it usually implies accessing personal data directly or indirectly • Maintenance process – what are the rules of accessing production environment in case of failure or hotfix. Documentation
xebia.com Summary
xebia.com • Prepare well – define your world of concerns • Analyse the risks • Recognize best practices • Document everything • Evolution over revolution Key takeaways
xebia.com Questions? https://www.linkedin.com/in/krzysztofkakol/
xebia.com Thank you! kkakol@xebia.com

More Related Content

PPTX
Data Privacy By Design with AWS
byKrzysztof Kąkol
 
PPTX
Designing for Privacy in Amazon Web Services
byKrzysztofKkol1
 
PDF
It's All About the Data - Tia Dubuisson
byCatalina Arango
 
PDF
The What, Why, and How of DevSecOps
byCprime
 
PPTX
Privacies are Coming
byErnest Staats
 
PPTX
Privacies are coming
byErnest Staats
 
PDF
3 guiding priciples to improve data security
byKeith Braswell
 
PDF
Additionally, it has enhanced the resources such as RAM, CPU, network bandwid...
byosamaadve
 
Data Privacy By Design with AWS
byKrzysztof Kąkol
 
Designing for Privacy in Amazon Web Services
byKrzysztofKkol1
 
It's All About the Data - Tia Dubuisson
byCatalina Arango
 
The What, Why, and How of DevSecOps
byCprime
 
Privacies are Coming
byErnest Staats
 
Privacies are coming
byErnest Staats
 
3 guiding priciples to improve data security
byKeith Braswell
 
Additionally, it has enhanced the resources such as RAM, CPU, network bandwid...
byosamaadve
 

Similar to Designing for Privacy in AWS cloud

PDF
Security-and-Privacy-in-Architectural-Modeling (2).pdf
bypatidararnav007
 
PPTX
crisc_wk_5.pptx
bydotco
 
PDF
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
byCapgemini
 
PPTX
Amazon S3.pptx, three tier architecture in Amazon we services
bymyutestnotification
 
PDF
GDPR: The Application Security Twist
bySecurity Innovation
 
PPT
Security Overview - Updates and Trends In Detail
byMohanArumugam24
 
PDF
Data Privacy: A runbook for engineers 1st Edition Nishant Bhajaria
bycaxajdoisehm
 
DOCX
Maintain data privacy during software development
byMuhammadArif823
 
PPTX
Security Incident machnism Security Incident machnismSecurity Incident machni...
bykarthikvcyber
 
PDF
Presentation topic for Philippines SAP user group forum
byWilliam Ho (何添福)
 
PPSX
Introduction to threat_modeling
byPrabath Siriwardena
 
PPTX
GDPR - Top 10 AWS Security and Compliance Best Practices
byAhmad Khan
 
PPT
Lecture 2 - Security Requirments.ppt
byDrBasemMohamedElomda
 
PPTX
Data Management - NA CACS 2009
byCISA1567
 
PPTX
Big data, security, and the cloud
byPano Xinos
 
PPTX
Solnet dev secops meetup
bypbink
 
PPTX
Securing Your Digital Transformation: Cybersecurity and You
bySAP Ariba
 
PPT
Software Security in the Real World
byMark Curphey
 
PPTX
Privacy for tech startups
byMarc Gallardo
 
PPTX
Enterprise Security Architecture
byPriyanka Aash
 
Security-and-Privacy-in-Architectural-Modeling (2).pdf
bypatidararnav007
 
crisc_wk_5.pptx
bydotco
 
Failing and Failing Fast in AppDev – How Do We Keep up in AppSec?
byCapgemini
 
Amazon S3.pptx, three tier architecture in Amazon we services
bymyutestnotification
 
GDPR: The Application Security Twist
bySecurity Innovation
 
Security Overview - Updates and Trends In Detail
byMohanArumugam24
 
Data Privacy: A runbook for engineers 1st Edition Nishant Bhajaria
bycaxajdoisehm
 
Maintain data privacy during software development
byMuhammadArif823
 
Security Incident machnism Security Incident machnismSecurity Incident machni...
bykarthikvcyber
 
Presentation topic for Philippines SAP user group forum
byWilliam Ho (何添福)
 
Introduction to threat_modeling
byPrabath Siriwardena
 
GDPR - Top 10 AWS Security and Compliance Best Practices
byAhmad Khan
 
Lecture 2 - Security Requirments.ppt
byDrBasemMohamedElomda
 
Data Management - NA CACS 2009
byCISA1567
 
Big data, security, and the cloud
byPano Xinos
 
Solnet dev secops meetup
bypbink
 
Securing Your Digital Transformation: Cybersecurity and You
bySAP Ariba
 
Software Security in the Real World
byMark Curphey
 
Privacy for tech startups
byMarc Gallardo
 
Enterprise Security Architecture
byPriyanka Aash
 

Recently uploaded

PDF
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
PDF
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
PPTX
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
PPTX
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
PDF
Beacon Kit paper date: 11 February 2026 pdf
bySteven McGee
 
PPTX
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
PDF
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 
Weaponizing the Neutral Web: Analyzing Adversary Botnets for Offensive Cyber ...
byJoe Slowik
 
The Girl Who Left a Mark - Deep Impact of Kindness to a person
byAnoop Singh Nagi
 
Your Complete Brand Protection Guide with Fieldwatch.ai!
byFieldwatch ai
 
AWS Architecture Design Icons Template.pptx
bybiqtor1
 
Beacon Kit paper date: 11 February 2026 pdf
bySteven McGee
 
Living in IT Era Module 5 - (DIGITAL TECHNOLOGY AND SOCIAL CHANGES).pptx
bycjregua03
 
Top 3 Snapchat Monitoring Apps of 2026 for Activity Tracking
byMichael Carter
 

Designing for Privacy in AWS cloud

  • 1.
    xebia.com Designing for Privacy inAWS cloud Krzysztof Kąkol – Chief of Data Engineering @ Xebia Poland
  • 2.
    xebia.com Krzysztof Kąkol Chief ofData Engineering and Solutions Architect in Xebia Poland AWS Community Builder & AWS Ambassador https://www.linkedin.com/in/krzysztofkakol/ Other stuff: Classical and jazz pianist PhD in AI-driven sound processing
  • 3.
    xebia.com HRM systems store userpersonal data and lots of sensitive data like salary. Clients want to know where the data are stored, who has access to it, what we do to avoid compromising. Clients have their checklists with requirements. Strong vendor responsibility comes with great risk that must be handled. HR is about privacy Clients want to be secure Business requirements Vendor’s risk Data Privacy by Design in HRM system
  • 4.
  • 5.
    xebia.com Privacy by Designis a concept developed by Ann Cavoukian in 90’s. It advances the view that the future of privacy cannot be assured solely by compliance with regulatory frameworks; rather, privacy assurance must ideally become an organization’s default mode of operation. Data Privacy by Design
  • 6.
    xebia.com No action isrequired on the part of the individual to protect their privacy — it is built into the system, by default. Privacy as the Default Setting The result is that privacy becomes an essential component of the core functionality being delivered. Privacy Embedded into Design Privacy by Design seeks to accommodate all legitimate interests and objectives in a positive-sum “win-win” manner – without trade-offs. Full Functionality – Positive-Sum Data Privacy by Design PbD anticipates and prevents privacy invasive events before they happen. Proactive not Reactive Its component parts and operations remain visible and transparent, to users and providers alike. Visibility and Trans- parency – Keep it Open Keeping the interests of the individual uppermost by offering such measures as strong privacy defaults, appropriate notice, and empowering user-friendly options. Respect for User Privacy – Keep it User-Centric Privacy by Design ensures cradle to grave, secure lifecycle management of information, end-to-end. End-to-End Security – Full Lifecycle Protection
  • 7.
    xebia.com The Norwegian DataProtection Authority has developed these guidelines to help organisations understand and comply with the requirement of data protection by design and by default in article 25 of the General Data Protection Regulation. Data Protection by Design and by Default
  • 8.
    xebia.com Setting requirements for dataprotection and information security for the final product. Requirements Ensuring that requirements for data protection and information security are reflected in the design. Design Writing secure code by implementing the requirements for data protection and security. Coding Data Protection by Design and by Default Planning specific trainings for management and employees Training Comprehensive and final security review should be done before the software is released. Release Planning for incident response handling (prepared during the release activity) and following it. Maintenance Checking that the requirements for data protection and information security have been implemented as planned. Testing
  • 9.
    xebia.com Put your shoeson! Prerequisites
  • 10.
    xebia.com STRIDE is amodel for identifying computer security threats developed by Praerit Garg and Loren Kohnfelder at Microsoft. It provides a mnemonic for security threats in six categories: • Spoofing • Tampering • Repudiation • Information Disclosure • Denial of Service • Elevation of Privileges Prerequisites – Risk analysis https://www.eccouncil.org/threat-modeling/
  • 11.
    xebia.com General review ofthe infrastructure and workload (including the software architecture used) should be done. It should be a high-level review, not a detailed project review: • General architecture description • Security setup (firewalls, network ACLs etc.) • High-level recommendations Prerequisites – Workload review
  • 12.
    xebia.com Well-Architected Review (WAR)should be done periodically. It can be performed using the Well-Architected Tool in AWS WAR describes key concepts, design principles, and best practices for creating and running workloads in the cloud. Most important pillars from Data Privacy perspective: Security and Reliability. Prerequisites – Well-Architected Review
  • 13.
    xebia.com • Securely operatingworkloads • Managing permissions • Protecting infrastructure • Protect data at rest and in transit • Testing against security issues • Responding to security incidents Security Pillar • Managing workloads • Designing high-available, resilient and self-healing infrastructure • Reliable deployment processes • Business continuity • Managing failures, disaster recovery Reliability Pillar Prerequisites – Well-Architected Review
  • 14.
    xebia.com  Draw theborders of your "world of concerns" first – model your threats with simple yet comprehensive tools like STRIDE. Once you have done it, you know what you need to focus on!  Use available tools and sources to obtain as much knowledge about security and reliability perspectives as possible. One of the best tools (if not the best) in this area is the AWS Well-Architected Tool. Prerequisites – Summary
  • 15.
  • 16.
  • 17.
    xebia.com Limited access to productioninfra and DB Using IaaC to manage infrastructure Managed access to codebase Secrets stored in vault (eg. Secrets Manager) Good password policy 2FA used and enforced wherever possible Access restriction policies (like bastion hosts, VPNs etc.) Resources encryption (EBS, RDS, S3 etc.) Content encryption Communication encryption Control of the key – KMS CMK Permission model must be flexible enough Sensitive data – special behavior Elevating privileges should be impossible Tested permission model Principle of least privilege Authentication policies Encryption Well-designed features Confidentiality Confidentiality refers to protecting sensitive data from unauthorized access
  • 18.
    xebia.com Versioning is adefault setting Used for all files, including contracts, internal documents, agreements etc. No long-living AWS credentials Only roles applied to resources Semantic roles Validation for all incoming data Defined allowed values for most fields (eg. min/max for numeric fields) Cloud Trail for API activity Logs for S3, database, workload – sent to Cloudwatch Audit trail in the application S3 object versioning IAM roles Data validation Monitoring and logging Integrity Integrity means that data is protected against unwanted alteration, destruction, or loss.
  • 19.
    xebia.com Using landing zonesor Identity Center Managing access through IaaC Limited and defined access to production resources Flexible permission model Using RBAC, ABAC, ACL and access levels Data and infrastructure redundancy Access to data during contingency plans Data lifecycle policies (eg. in S3) Documentation of the incident management process Well-described scenarios for potential incidents (STRIDE) Access to infrastructure Permission model Availability of data Incident management Accessibility Personal data must be available to authorised personnel who require it for their work.
  • 20.
    xebia.com Workload in multipleAZs Self-healing infrastructure All components highly- available: ALB, multi-AZ RDS, EKS nodes in ASG, replicated NATs Using managed services Well-chosen strategy for DR (B&R, pilot light, warm standby, multisite) Preparing DR plan – pilot light Testing DR plan Backup for database – automatic snapshots, PITR, manual snapshots Object replication in S3 (multi-region) Backup retention Using DDoS protection (CDN) Resources firewall setup – using semantic Security Groups Application firewalls – WAF Workload in private subnets High availability Disaster recovery Backup strategy Resilience to attacks Resilience Software that is processing personal data must be able to resist vulnerabilities, attacks, and accidents.
  • 21.
    xebia.com VPC flow logs,S3 logs, ALB logs etc. Meaningful application logs Request tracking (X-Ray) Analyze logs – Cloudwatch Logs Insights Notify when something is detected (SNS) History of inserts, updates and deletes Every trail record contains ”before” and „after” state Who and when made the change Some data have historical changes and planned changes (eg. employees) Implementing SCD is difficult but builds a history of the record Log everything Analyse & notify Audit trail Slowly Changing Dimensions Traceability Traceability is documentation of changes made within the software, infrastructure and to personal data.
  • 22.
  • 23.
    xebia.com Security documentation • OWASPTop 10 review • Personal Data Access – document describing the processes to access personal/private data, who has access to it, where they are stored etc. • Personal Data Management rules, based on Requirements from NDPA checklist – generally speaking, what is the reason of storing personal data, what is the legal basis of storing them, what preventive measures have been implemented in terms of securing the data, how the data should be accessed, what are the requirements of data backup etc. Documentation
  • 24.
    xebia.com Implementation practices documentation •Coding practices – describing the current coding practices in the project, including libraries used, vulnerability scanning, code review process, branching model and all other components mentioned in NDPA checklist. • Testing practices – describing the current testing implemented in the project – testing frameworks, unit, integration, end-to-end, system, performance testing practices etc. (NDPA checklist). Documentation
  • 25.
    xebia.com Maintenance practices documentation •Disaster Recovery plan (with test) • Backup strategy • Incident management plan - what to do after an incident occurs in terms of formal and implementation practices • Release management – what are the rules of release process, who’s responsible for it, how the process is generally handled, since it usually implies accessing personal data directly or indirectly • Maintenance process – what are the rules of accessing production environment in case of failure or hotfix. Documentation
  • 26.
  • 27.
    xebia.com • Prepare well– define your world of concerns • Analyse the risks • Recognize best practices • Document everything • Evolution over revolution Key takeaways
  • 28.
  • 29.