AWS provides enterprises numerous ways to migrate to the cloud, based on your business needs. Because AWS was built with the most data-sensitive, regulated industries in mind, enterprises have access to the most robust networking and security controls to safeguard a protected and seamless migration. In this session, AWS security professionals provide an overview of what security essentials you need to consider when migrating to the cloud. We will also provide a compliance update on what you need to consider in relation to regulatory issues.

1. Amazon Web Services &
Cloud Security
Bill Shinn
Principal Security Solutions Architect
May 1, 2017

2. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/Sp
ark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security &
Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling, &
Load Balancing
Storage
Object, Blocks, Archival,
Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access Control
Identity
Management
Key Management
& Storage
Monitoring
& Logs
Assessment and
reporting
Resource & Usage
Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data Backups
Integrated App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API Gateway
IoT
Rules Engine
Device Shadows
Device SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics

3. More Secure in the Cloud
Agility Through Security Automation
Integrated Security and ComplianceMaintain Your Privacy and Ownership
Security Innovation at Scale Visibility and Control to Grow
with Confidence

4. CUSTOMER
CUSTOMER DATA
OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION
AWS PLATFORM, APPLICATIONS, IDENTITY & ACCESS MANAGEMENT
RESPONSIBILITY FOR
SECURITY
“IN” THE CLOUD
COMPUTE STORAGE DATABASE NETWORKING
CLIENT-SIDE DATA
ENCRYPTION & DATA
INTEGRITY AUTHENTICATION
SERVER-SIDE ENCRYPTION
(FILE SYSTEM AND / OR
DATA)
NETWORKING TRAFFIC
PROTECTION (ENCRYPTION
/ INTEGRITY / IDENTITY)
RESPONSIBILITY FOR
SECURITY
“OF” THE CLOUD
AWS GLOBAL
INFRASTRUCTURE
EDGE
LOCATIONS
REGIONS
AVAILABILITY ZONES
Security is a Shared Responsibility

5. Region & Number of Availability Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California (3)
Asia Pacific
US East Singapore (2)
N. Virginia (5), Ohio (3) Sydney (2), Tokyo (3),
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3)
Announced Regions
Paris, Ningxia
16 Regions – 42 Availability Zones – 68 Edge Locations
AWS Global Infrastructure

6. AWS maintains a formal control environment
• SOC 1 Type II
• SOC 2 Type II and public SOC 3 report
• ISO 27001, 27017, 27018 Certification
• Certified PCI DSS Level 1 Service Provider
• FedRAMP Authorization
• Architect for HIPAA compliance
AWS Assurance Programs

7. Lack of visibility Low degree of automation
Why Is Security Traditionally Hard?

8. Choosing security does not mean giving up on
convenience or introducing complexity
Making Life Easier

9. AND
Move Fast
Stay Secure

10. * As of 1 January 2017
2010
61
516
1,017
159
2012 2014 2016
AWS has been continually expanding its services to support virtually any cloud workload, and it
now has more than 90 services that range from compute, storage, networking, database,
analytics, application services, deployment, management, developer, mobile, Internet of Things
(IoT), Artificial Intelligence (AI), security, hybrid and enterprise applications. AWS has launched
a total of 1,017 new features and/or services year to date* - for a total of 2,913 new features
and/or services since inception in 2006.
AWS Pace of InnovationAWS Pace of Innovation

11. Prescriptive Approach – Get Started!
Understand AWS
Security Approach
Build Strong
Compliance
Foundations
Integrate Identity &
Access Management
Enable Detective
Controls
Establish Network
Security
Implement Data
Protection
Optimize Change
Management
Automate
Security Functions

12. Worldwide | N. America | LATAM | UK/IR | EMEA | APAC | Japan | China
Bill Shinn
Principal Security Solutions Architect