The European Union’s General Data Protection Regulation (GDPR) protects European Union citizens’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance. Come learn how to work with AWS to build your security and data protection strategy, and how to transform the way your organisation processes data. In this session, we will examine GDPR as the baseline for data protection, with the belief that organisations should aim higher. The cloud makes this a realistic goal.
The General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. This webinar is hosted by a GDPR compliance expert who will explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles will be matched to tooling, so knowledge of both will be helpful in understanding the material. A Q&A will follow.
The EU’s General Data Protection Regulation (GDPR) introduces mandatory requirements for data controllers and processors. Join this webinar to learn more about the AWS Shared Responsibility Model in the context of the GDPR. Find how AWS services can help you realise data protection by design principles under the GDPR.
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It explains key aspects of the GDPR such as its territorial scope and requirements for organizations to implement appropriate technical and organizational measures to ensure security of personal data. It outlines AWS services like GuardDuty, Macie, and Trusted Advisor that help customers automate security controls to meet GDPR requirements for ongoing data protection, monitoring, and incident response. The document emphasizes that AWS and customers share responsibility for security and compliance under the GDPR.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
"Il Regolamento generale sulla protezione dei dati (GDPR) dell'Unione Europea tutela il diritto fondamentale alla privacy e alla protezione dei dati personali dei cittadini dell'Unione europea. Esso costituisce una grande opportunità ed una grande sfida, specie per la PA, perché introduce requisiti rigorosi che definiscono e armonizzano nuovi standard in materia di compliance, sicurezza e protezione dei dati.
L’obiettivo di questa sessione è quello di esplorare le misure tecniche ed organizzative (TOM) indicate dal regolamento e di illustrare come AWS può aiutare i titolari ed i responsabili del trattamento dei dati all’interno delle organizzazioni nel loro percorso di conformità al GDPR."
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It provides an overview of the GDPR, what it regulates, and potential consequences for non-compliance. It then outlines specific AWS services, tools, and features that can help customers implement appropriate technical and organizational measures for security, encryption, access control, monitoring, and logging as required by the GDPR. The document emphasizes that GDPR compliance is a shared responsibility between AWS as the processor and customers as controllers.
This document discusses cloud security and addresses common myths about cloud security. It is presented by Ahmed Gouda from AWS and includes an interview with Henry Neira from StarzPlay. The document aims to show that the cloud can be secure for businesses by addressing 11 common myths about cloud security, specifically related to general cloud security, specific service security, and data security. It also discusses StarzPlay's approach to security and how AWS has helped the company manage security as a born-in-the-cloud business.
The General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. This webinar is hosted by a GDPR compliance expert who will explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles will be matched to tooling, so knowledge of both will be helpful in understanding the material. A Q&A will follow.
The EU’s General Data Protection Regulation (GDPR) introduces mandatory requirements for data controllers and processors. Join this webinar to learn more about the AWS Shared Responsibility Model in the context of the GDPR. Find how AWS services can help you realise data protection by design principles under the GDPR.
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It explains key aspects of the GDPR such as its territorial scope and requirements for organizations to implement appropriate technical and organizational measures to ensure security of personal data. It outlines AWS services like GuardDuty, Macie, and Trusted Advisor that help customers automate security controls to meet GDPR requirements for ongoing data protection, monitoring, and incident response. The document emphasizes that AWS and customers share responsibility for security and compliance under the GDPR.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
"Il Regolamento generale sulla protezione dei dati (GDPR) dell'Unione Europea tutela il diritto fondamentale alla privacy e alla protezione dei dati personali dei cittadini dell'Unione europea. Esso costituisce una grande opportunità ed una grande sfida, specie per la PA, perché introduce requisiti rigorosi che definiscono e armonizzano nuovi standard in materia di compliance, sicurezza e protezione dei dati.
L’obiettivo di questa sessione è quello di esplorare le misure tecniche ed organizzative (TOM) indicate dal regolamento e di illustrare come AWS può aiutare i titolari ed i responsabili del trattamento dei dati all’interno delle organizzazioni nel loro percorso di conformità al GDPR."
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It provides an overview of the GDPR, what it regulates, and potential consequences for non-compliance. It then outlines specific AWS services, tools, and features that can help customers implement appropriate technical and organizational measures for security, encryption, access control, monitoring, and logging as required by the GDPR. The document emphasizes that GDPR compliance is a shared responsibility between AWS as the processor and customers as controllers.
This document discusses cloud security and addresses common myths about cloud security. It is presented by Ahmed Gouda from AWS and includes an interview with Henry Neira from StarzPlay. The document aims to show that the cloud can be secure for businesses by addressing 11 common myths about cloud security, specifically related to general cloud security, specific service security, and data security. It also discusses StarzPlay's approach to security and how AWS has helped the company manage security as a born-in-the-cloud business.
Here is the list of key factors you should consider before choosing a cloud service provider for your business. Learn more about Cloud service providers: https://www.netsolutions.com/insights/how-to-choose-cloud-service-provider/
Level: Intermediate
In this session, we’ll look at best practices for using the security features of AWS IoT to protect your devices, communications and cloud services. We will examine key device features, the layers of protection available and other AWS services that complement security.
Who Should Attend: Developers, Coders, Engineers, System Administrators, IT Managers, Solutions Architects and Product Heads.
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
by Fritz Kunstler, Sr. AWS Security Consultant, AWS
In AWS, identity comes first. Before you can provision buckets, instances, VPCs, or any other infrastructure, you have to have an identity to authenticate and authorize those API calls. In this session, we'll rapidly immerse you in the fundamental primitives, mental models, and implementation patterns of the core AWS identity services such as AWS Identity & Access Management and AWS Organizations. With this knowledge in hand you'll be able to confidently construct a solid identity foundation for your workloads to sit atop. Level 200
The document discusses encryption options when using AWS services. It describes classifying data based on sensitivity and using tags and IAM policies for access control. It also discusses encrypting data at rest using services like S3, EBS, RDS, and Redshift, as well as encrypting data in transit using options like VPN connectivity to VPCs, TLS, and AWS Certificate Manager. Finally, it outlines three models for managing encryption and keys: customer managed, AWS managed storage with customer controlled keys, and fully AWS managed.
Learning Objectives:
- Understand how IoT is transforming home automation and how you can use it to your advantage
- Learn how the AWS IoT service suite can be used in smart home devices with Alexa integration
- Learn how Hunter Douglas used AWS IoT and Alexa to build a new innovative product
The document discusses security best practices for AWS. It outlines AWS's shared responsibility model where AWS is responsible for security of the cloud and customers are responsible for security in the cloud. It describes AWS security services, controls for physical security, IT operations, access management, policies and governance, and change management. It also discusses AWS audits, compliance with regulations, and logging and monitoring tools.
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Amazon Web Services
AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. In this session, we dive into Device Defender Detect, the feature that monitors metrics collected on device and cloud-side to identify anomalous behaviors. We get into the details of how Device Defender Detect works and metrics that it supports. The session includes a demo of how best to leverage Device Defender Detect for keeping your devices secure.
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Amazon Web Services
Helping you manage the security of your IoT fleet is a top priority for AWS. You can use AWS IoT Device Defender to audit device fleets for best practices and drift in security settings, detect abnormal device behavior, and receive alerts to investigate issues. In this session, we will show you how you can use AWS IoT Device Defender to implement and maintain secure policies and controls to keep data and devices secure. Come away understanding how to spot insecure device configurations and how to set up metrics that can be used to spot a DDoS and botnet attacks. We will also look at how AWS IoT Device Defender works with AWS IoT Core and AWS IoT Device Management to respond to security alerts.
One of the most important factors to success is an organization’s ability to extract actionable information from their data. Forward-thinking organizations are building data lakes on AWS to store data and run applications for analytics, machine learning, and high performance computing. Learn why AWS hosts 10,000+ data lakes and how organizations are using them to discover insights every minute.
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...Amazon Web Services
The document discusses Payment Card Industry Data Security Standard (PCI DSS) compliance on Amazon Web Services (AWS). It provides an overview of PCI DSS requirements and guidelines for protecting cardholder data. It then describes how AWS services like Lambda, Step Functions, and a segmented cardholder data environment can help achieve PCI DSS compliance by leveraging the AWS shared responsibility model. Finally, it mentions the AWS PCI Quick Start, which automates deployment of a standardized architecture for PCI DSS workloads on AWS.
Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.
Automating Document Information Extraction and Content UnderstandingHenrik Brattlie
Simen Aakhus and Arayan Naqid took to the main stage at AIM North 2019 and gave a great presentation fon augmenting the work force with AI to support triple-win for your customers, employees and shareholders
As organisations’ cloud environments continue to scale and grow, how do you ensure that access to resources are being managed securely? How do you scope permissions to achieve least-privilege access control across your AWS environment? This webinar answers these questions, delving into the AWS Identity and Access Management (IAM) web service and looking at how it can help you securely control access to AWS resources.
Top Cloud Security Myths Dispelled
In this session we will cover the most common cloud security questions that we hear from customers. We provide detailed answers for each question distilled from our practical experience working with organisations around the world. This session is for everyone curious about the cloud, cautious about the cloud, or excited about the cloud.
Myles Hosford, Security Solutions Architect APAC, Amazon Web Services and Phil Rodrigues, Principal Security Solutions Architect ANZ, Amazon Web Services
The importance of security topic in the cloud and you should responsible of your data type in the cloud, covering AWS compilance and design, Detecting threats
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV304 - C...Amazon Web Services
In this session, we explore features and functions of AWS IoT services. We first cover AWS IoT fundamentals and our partner ecosystem. Then we discuss AWS IoT services in greater detail, review best practices for IoT solutions, and look at some common architectural patterns. With this foundation in place, we explore a use case for IoT applications. Leave this session with an understanding of how to start building IoT applications with AWS IoT.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops.
Speaker: Bill Reid - Sr Mgr, Solutions Architecture, AWS
Public cloud spending is growing rapidly, with the public cloud market expected to reach $236 billion by 2020. While public cloud platforms are growing the fastest, cloud and on-premises environments still need to co-exist. There are different hybrid models organizations can choose from based on their environment, tiers, load requirements, and cloud readiness. A hybrid multi-cloud environment provides capabilities across infrastructure, security, integration, service operation, and service transition to manage applications and data across on-premises and multiple cloud platforms.
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn about General Data Protection Regulation (GDPR)
- Learn how AWS supports your journey to GDPR compliance
- Examples of how the GDPR articles may map to your own business activities
This document provides an overview of the General Data Protection Regulation (GDPR) and how Amazon Web Services (AWS) can help customers achieve compliance. It discusses what the GDPR is, its key requirements, who it applies to, and the shared responsibilities of controllers and processors. It outlines various AWS services and tools that can help with encryption, access control, monitoring, logging, and maintaining records of processing activities. It also discusses AWS' view of supporting GDPR compliance through its global infrastructure and compliance programs. Finally, it discusses how AWS professional services and partners can assist customers with GDPR requirements.
Here is the list of key factors you should consider before choosing a cloud service provider for your business. Learn more about Cloud service providers: https://www.netsolutions.com/insights/how-to-choose-cloud-service-provider/
Level: Intermediate
In this session, we’ll look at best practices for using the security features of AWS IoT to protect your devices, communications and cloud services. We will examine key device features, the layers of protection available and other AWS services that complement security.
Who Should Attend: Developers, Coders, Engineers, System Administrators, IT Managers, Solutions Architects and Product Heads.
Foundations - Understanding the Critical Building Blocks of AWS Identity & Go...Amazon Web Services
by Fritz Kunstler, Sr. AWS Security Consultant, AWS
In AWS, identity comes first. Before you can provision buckets, instances, VPCs, or any other infrastructure, you have to have an identity to authenticate and authorize those API calls. In this session, we'll rapidly immerse you in the fundamental primitives, mental models, and implementation patterns of the core AWS identity services such as AWS Identity & Access Management and AWS Organizations. With this knowledge in hand you'll be able to confidently construct a solid identity foundation for your workloads to sit atop. Level 200
The document discusses encryption options when using AWS services. It describes classifying data based on sensitivity and using tags and IAM policies for access control. It also discusses encrypting data at rest using services like S3, EBS, RDS, and Redshift, as well as encrypting data in transit using options like VPN connectivity to VPCs, TLS, and AWS Certificate Manager. Finally, it outlines three models for managing encryption and keys: customer managed, AWS managed storage with customer controlled keys, and fully AWS managed.
Learning Objectives:
- Understand how IoT is transforming home automation and how you can use it to your advantage
- Learn how the AWS IoT service suite can be used in smart home devices with Alexa integration
- Learn how Hunter Douglas used AWS IoT and Alexa to build a new innovative product
The document discusses security best practices for AWS. It outlines AWS's shared responsibility model where AWS is responsible for security of the cloud and customers are responsible for security in the cloud. It describes AWS security services, controls for physical security, IT operations, access management, policies and governance, and change management. It also discusses AWS audits, compliance with regulations, and logging and monitoring tools.
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Amazon Web Services
AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. In this session, we dive into Device Defender Detect, the feature that monitors metrics collected on device and cloud-side to identify anomalous behaviors. We get into the details of how Device Defender Detect works and metrics that it supports. The session includes a demo of how best to leverage Device Defender Detect for keeping your devices secure.
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Amazon Web Services
Helping you manage the security of your IoT fleet is a top priority for AWS. You can use AWS IoT Device Defender to audit device fleets for best practices and drift in security settings, detect abnormal device behavior, and receive alerts to investigate issues. In this session, we will show you how you can use AWS IoT Device Defender to implement and maintain secure policies and controls to keep data and devices secure. Come away understanding how to spot insecure device configurations and how to set up metrics that can be used to spot a DDoS and botnet attacks. We will also look at how AWS IoT Device Defender works with AWS IoT Core and AWS IoT Device Management to respond to security alerts.
One of the most important factors to success is an organization’s ability to extract actionable information from their data. Forward-thinking organizations are building data lakes on AWS to store data and run applications for analytics, machine learning, and high performance computing. Learn why AWS hosts 10,000+ data lakes and how organizations are using them to discover insights every minute.
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...Amazon Web Services
The document discusses Payment Card Industry Data Security Standard (PCI DSS) compliance on Amazon Web Services (AWS). It provides an overview of PCI DSS requirements and guidelines for protecting cardholder data. It then describes how AWS services like Lambda, Step Functions, and a segmented cardholder data environment can help achieve PCI DSS compliance by leveraging the AWS shared responsibility model. Finally, it mentions the AWS PCI Quick Start, which automates deployment of a standardized architecture for PCI DSS workloads on AWS.
Security by design examines a wide range of issues, such as: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. This standardized, automated, prescriptive and repeatable design can be deployed for common use cases, security standards and audit requirements across multiple industries and workloads.
Automating Document Information Extraction and Content UnderstandingHenrik Brattlie
Simen Aakhus and Arayan Naqid took to the main stage at AIM North 2019 and gave a great presentation fon augmenting the work force with AI to support triple-win for your customers, employees and shareholders
As organisations’ cloud environments continue to scale and grow, how do you ensure that access to resources are being managed securely? How do you scope permissions to achieve least-privilege access control across your AWS environment? This webinar answers these questions, delving into the AWS Identity and Access Management (IAM) web service and looking at how it can help you securely control access to AWS resources.
Top Cloud Security Myths Dispelled
In this session we will cover the most common cloud security questions that we hear from customers. We provide detailed answers for each question distilled from our practical experience working with organisations around the world. This session is for everyone curious about the cloud, cautious about the cloud, or excited about the cloud.
Myles Hosford, Security Solutions Architect APAC, Amazon Web Services and Phil Rodrigues, Principal Security Solutions Architect ANZ, Amazon Web Services
The importance of security topic in the cloud and you should responsible of your data type in the cloud, covering AWS compilance and design, Detecting threats
Overview of Data Loss Prevention Policies in Office 365Dock 365
Presentation about identifying, monitoring, and automatically protect sensitive information across Office 365.
With a DLP Policy, you can:
- Identify sensitive information across many locations, such as SharePoint Online and OneDrive for Business.
- Prevent the accidental sharing of sensitive information.
- Monitor and protect sensitive information in the desktop versions of Excel 2016, PowerPoint 2016, and Word 2016.
- Help users learn how to stay compliant without interrupting their workflow.
- View DLP reports showing content that matches your organization's DLP policies.
Visit www.mydock365.com to learn more about SharePoint with Dock.
IoT Building Blocks: From Edge Devices to Analytics in the Cloud - SRV304 - C...Amazon Web Services
In this session, we explore features and functions of AWS IoT services. We first cover AWS IoT fundamentals and our partner ecosystem. Then we discuss AWS IoT services in greater detail, review best practices for IoT solutions, and look at some common architectural patterns. With this foundation in place, we explore a use case for IoT applications. Leave this session with an understanding of how to start building IoT applications with AWS IoT.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops.
Speaker: Bill Reid - Sr Mgr, Solutions Architecture, AWS
Public cloud spending is growing rapidly, with the public cloud market expected to reach $236 billion by 2020. While public cloud platforms are growing the fastest, cloud and on-premises environments still need to co-exist. There are different hybrid models organizations can choose from based on their environment, tiers, load requirements, and cloud readiness. A hybrid multi-cloud environment provides capabilities across infrastructure, security, integration, service operation, and service transition to manage applications and data across on-premises and multiple cloud platforms.
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Learn about General Data Protection Regulation (GDPR)
- Learn how AWS supports your journey to GDPR compliance
- Examples of how the GDPR articles may map to your own business activities
This document provides an overview of the General Data Protection Regulation (GDPR) and how Amazon Web Services (AWS) can help customers achieve compliance. It discusses what the GDPR is, its key requirements, who it applies to, and the shared responsibilities of controllers and processors. It outlines various AWS services and tools that can help with encryption, access control, monitoring, logging, and maintaining records of processing activities. It also discusses AWS' view of supporting GDPR compliance through its global infrastructure and compliance programs. Finally, it discusses how AWS professional services and partners can assist customers with GDPR requirements.
AWS welcomes the GDPR and views it positively as raising standards for data protection. AWS services are compliant with GDPR requirements. The GDPR is a new EU regulation that strengthens data protection for individuals and harmonizes regulations across EU states. It gives individuals rights over their personal data including access, deletion, and portability. AWS helps customers achieve compliance through services, tools for access control, encryption, monitoring, and records of processing activities. Customers retain responsibility for their own compliance while using AWS services.
The General Data Protection Regulation (GDPR) comes into force on May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. In this session, we'll explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles will be matched to tooling, so knowledge of both will be helpful in understanding the material.
The General Data Protection Regulation (GDPR) takes effect May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. In this session we explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles are matched to tooling, so knowledge of both is helpful in understanding the material.
Accelerate your Cloud journey with security and compliance by design - Margo ...Net4All
What is the GDPR, and what does it imply ? How can AWS help customers achieve GDPR compliance ?
Margo Cronin, Cloud Architect for Amazon Web Services, answers these questions to ease your mind about security on AWS !
Cloud Security Day - May 17th, 2018
The document discusses how AWS can help customers achieve compliance with the General Data Protection Regulation (GDPR). It explains that GDPR introduces new requirements for data protection and security in the EU. It also notes that GDPR compliance is a shared responsibility between controllers and processors. The document then outlines specific AWS tools and services that can help with GDPR requirements such as encryption, access controls, activity monitoring and auditing. It also discusses the AWS compliance program and partner network support for customers' GDPR compliance efforts.
Navigating GDPR Compliance on AWS & Data Regulations in ChinaAmazon Web Services
As the most stringent privacy regulation ever enacted, compliance with the General Data Protection Regulation (GDPR) has enterprise customers assessing their current mechanisms for deletion, PII detection, and customer consent. While on-prem, hybrid, and all-in environments involve different challenges, the AWS cloud offers services and features that are consistent with GDPR considerations, including encryption, pseudonymisation, confidentiality, resilience, and availability. In this webinar we’ll walk customers through potential GDPR obligations as well as the specific tooling and benchmarking that should be considered in the ramp-up to the May 25th, 2018 enforcement date. Also, we will top it up with data regulations in China you should be on the lookout for.
This document summarizes how AWS supports customers' compliance with the General Data Protection Regulation (GDPR). It discusses key GDPR requirements, AWS' preparation efforts, the role of AWS as both a data processor and controller, AWS services that provide data access controls and monitoring capabilities, and AWS' adherence to security standards and codes of conduct to help customers meet their GDPR obligations.
AWS Finland User Group Meetup 2017-05-23Rolf Koski
This document discusses how adopting AWS can help customers with security and compliance. It notes that AWS manages over 1,800 security controls to secure the cloud infrastructure, allowing customers to focus on security within their applications. The document outlines key AWS security services like IAM, encryption, firewalls and more that provide automated protections. It also discusses the shared security responsibility model between AWS and customers.
Essere conformi al GDPR, il regolamento generale sulla protezione dei dati personali entrato in vigore il 25 maggio 2018, può risultare complicato ma AWS ha gli strumenti per guidarti attraverso tutto il processo. In questa sessione approfondiremo i meccanismi di automazione che AWS offre ai propri clienti per aiutarli nell'implementazione dei propri programmi di sicurezza e privacy e vedremo quali sono gli strumenti specifici messi a disposizione da AWS per indirizzare alcuni requisiti del GDPR.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
Security & Compliance are very important for most businesses. Learn how AWS enables you to securely use the cloud for you most vital business applications and how you can ensure that you are compliant with a large set of security standards and government regulations like GDPR.
This document discusses security and compliance when using cloud services like AWS. It provides an introduction to AWS and an overview of AWS security features. It discusses how AWS meets various compliance standards and regulations like GDPR. It explains that customers are responsible for security and compliance of their own content, while AWS is responsible for the security of the cloud infrastructure. The document is intended to help public sector organizations understand how to securely use cloud services.
Critical Hong Kong Banking, Securities and Insurance Workloads on the Cloud –...Amazon Web Services
• What’s a critical workload?
• Cloud = outsourcing, or something more?
• Data protection in the cloud
• How we can help you achieve your goals
Speaker: Iolaire McKinnon, Senior Consultant, Security, Risk & Compliance, AWS
In this session, AWS will cover our Shared Responsibility Model in relations to Security and our Compliance Program. Customers can expect to learn about how AWS works with customers to build solutions to secure their cloud-based environments. They will also come away with an understanding of our compliance program and what security assurances they inherit as customers
1) The EU Data Protection Directive of 1995 requires EU member states to enact data protection laws and establish authorities to enforce these laws. It applies to any personal data.
2) Under the Directive, data controllers are responsible for protecting personal data and ensuring any processors also protect the data. Data cannot be transferred outside the EEA without adequate protections.
3) To comply when using AWS, customers are responsible for their own data and must implement appropriate security, access controls, and encryption. AWS provides security tools and follows best practices.
This document discusses security and compliance when using AWS. It makes three main points:
1. AWS and customers share responsibility for security, with AWS managing security of the cloud infrastructure and customers responsible for security in their use of AWS services.
2. AWS provides security tools and features that customers can use to protect their cloud resources and data. Customers can architect for security and follow security best practices.
3. AWS offers certifications and assurance programs to help customers meet various compliance standards and regulations.
Similar to GDPR: Raising the Bar for Security & Compliance Across the EU (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
3. What is the GDPR?
• The "GDPR" is the General Data Protection Regulation, a significant, new
EU Data Protection Regulation
• Introduces robust requirements that will raise and harmonize standards for
data protection, security, and compliance across the EU
• The GDPR is enforceable 25 May 2018, and it replaces the EU Data
Protection Directive (Directive 95/46/EC)
• Territorial scope: Organisations established in the EU and those without an
EU presence who target or monitor EU individuals
4. Content vs. Personal Data
Content
= anything that a customer
(or any end user) stores or
processes using AWS
services, including:
Software ǀ Data ǀ Text ǀ Audio ǀ Video
Personal Data
= information from which a
living individual may be
identified or identifiable
(under EU data protection
law)
• Customer’s “content” might
include “personal data”
5. What Else Comes With GDPR?
Individuals have the right to a copy of all of the personal
data that controllers have regarding him or herself. It also
must be provided in a way that facilitates reuse.
6. What Else Comes With GDPR?
This gives individuals the right to have certain personal
data deleted so third parties can no longer trace them.
7. This helps to facilitate the inclusion of policies, guidelines,
and work instructions related to data protection in the
earliest stages of projects, including personal data.
What Else Comes With GDPR?
8. Controllers must report personal data breaches to the
relevant supervisory authority within 72 hours. If there is a
high risk to the rights and freedoms of data subjects, they
must also notify the data subjects.
What Else Comes With GDPR?
9. How AWS can help customers
achieve GDPR compliance?
11. Bringing it all together
Data Subjects Customers are
Controllers
AWS as
Processor
Controllers and Processors have
obligations under GDPR
12. Data Subjects
Customer as
Processor
AWS as Processor
Controllers and Processors have
obligations under GDPR
Customer’s customer
as Controller
Bringing it all together
13. Transferring Content
Region and number
of availability zones
New region
(coming soon)
Customers decide where their data will be stored
Customers may choose to transfer content that
includes personal data
From EEA to a country outside the EEA: Data Processing
Addendum includes the Standard Contractual Clauses/Model
Clauses
From EU to US: EU-US Privacy Shield Framework
14. Under GDPR, controllers and processors are required to implement appropriate technical
and organisational measures (TOMs) …
(1) Pseudonymisation and
encryption of personal data
(2) Ensure ongoing confidentiality,
integrity, availability, and resilience
of processing systems and
services
(3) Ability to restore availability and
access to personal data in a timely
manner in the event of a physical
or technical incident
(4) Process for regularly testing,
assessing, and evaluating the
effectiveness of TOMs
GDPR in Practice: Implementing TOMs
15. What AWS provides
Tools and Services
Compliance Framework
Partner Network
§§ Data Protection Terms§§
16. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers
AWS Shared Responsibility Model
Customers are
responsible for
their security and
compliance IN
the cloud
AWS is
responsible for
the security OF
the cloud
17. GDPR is also a “shared responsibility”
Legal Compliance
(both controllers and processors)
System Security and Data Protection by Design
(both controllers and processors; AWS has tooling to help)
Records of Processing Activities
(both controllers and processors; AWS has tooling to help)
Encryption
(both controllers and processors; AWS has have tooling to help)
Security of Personal Data
(controller responsibility)
Managing Data SubjectConsent
(controller responsibility)
Managing Personal Data Deletion
(both controllers and processors; AWS has tooling to help)
Managing Personal Data Portability
(controller responsibility)
19. The controller “shall implement appropriate technical and
organisational measures for ensuring that, by default, only
personal data which are necessary for each specific purpose of
the processing are processed.”
Multi-factor authentication
API-Request Authentication
Temporary Access Tokens
GDPR Compliance Tools
21. GDPR Compliance Tools
“Each controller and, where applicable, the
controller’s representative, shall maintain a record of
processing activities under its responsibility.”
CloudTrail
Amazon Inspector
Macie
AWS Config
24. GDPR Compliance Tools
Organisations must “implement appropriate technical and organisational
measures to ensure a level of security appropriate to the risk, including the
pseudonymisation and encryption of personal data.”
Encryption of your data at rest with AES256 (EBS/S3/Amazon Glacier/RDS)
Centralised (by Region) with Key Management (AWS KMS)
IPsec tunnels into AWS with the VPN-Gateways
Dedicated HSM modules in the cloud with CloudHSM
26. GDPR Compliance Tools
Appropriate technical and organisational measures may need to
include “the ability to ensure the ongoing confidentiality, integrity,
availability, and resilience of the processing systems and services.”
SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3
PCI DSS Level 1
ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018
FIPS 140-2
C5
27. AWS Foundation Services
AWS Global
Infrastructure
Your own
accreditation
Meet your own security objectives
Your own
certifications
Your own
external audits
Customer scope
and effort is
reduced
Better results
through focused
efforts
Built on AWS
consistent
baseline controls
Customers
GDPR
Code of
Conduct
28. GDPR – Code of Conduct
CISPE Code (Cloud Infrastructure Service Providers in Europe)
The CISPE Code of Conduct:
• An effective, easily accessed framework for complying with the
EU’s GDPR
• Excludes the re-use of customer data
• Enables data storage and processing exclusively within the EU
• Identifies cloud infrastructure services suitable for different types of data
processing
• Helps citizens to retain control of their personal and sensitive data
• AWS CISPE certified
• CISPE Code of Conduct in evaluation by Article 29 WP
30. AWS Partner Network (APN) & the GDPR
Consulting Partners
APN consulting partners can help your
customers get ready for GDPR.
Technology Partners
APN technology partners offer security
& identity solutions to help with GDPR.
/
Let’s take some time to go over some of the basics of the General Data Protection Regulation.
1. Applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not.
2. Applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to:
(a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or
(b) the monitoring of their behaviour as far as their behaviour takes place within the Union.
3. Applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.
Content [CLICK]
<<read contents of the box>>
For example, a customer’s “content” includes objects that the customer stores using S3, files sorted on EBS or the contents of an Amazon DynamoDB table.
Personal Data [CLICK]
<<read contents of the box>>
“Personal data” includes names, email addresses, social security numbers, payroll ID numbers, etc. There’s also a recent line of cases in Europe that have determined that, in some cases, IP addresses can be “personal data”.
The Right to data portability
The GDPR creates a new right for individuals to have more control over their own personal data. In practice this means that controllers have to have the ability to provide the data subject with a copy of all the personal data that they have regarding him or her; and the ability to transfer the data to another data controller or service provider. It’s important to ensure the portability of all personal data that the individual has provided actively and knowingly. This includes information the individual has provided to you by using the service or device, such as location data or their heartbeat from a fitness tracker. This could therefore be a large collection of data. Furthermore, the data must be provided in a way that facilitates reuse. An example of this would be an email being provided in a format that preserves all the meta-data to allow effective reuse.
The right to be forgotten
The right to be forgotten gives individuals the right to have certain personal data deleted so that third parties can no longer trace them. In practice, this means that such personal data needs to be deleted entirely from the controller’s system and, if the controller has made the information public,such as on the internet, then the controller has to ensure that all links to the information has been erased.
Privacy by design
The concepts of privacy by design and privacy by default help to promote compliance with data protection laws and regulations from the earliest stages of projects involving personal data. Clear policies, guidelines, and work instructions related to data protection should be developed and the input of a privacy specialist should be sought to assist with applying these requirements. Development methods that are used within the organization, such as agile or waterfall methodologies, must be taken into account in order to apply the concepts throughout the entire development process. This will enable the development teams to take appropriate measures in the relevant phases. Finally, when a design has been completed, it must be adopted by the organization and monitored throughout its lifetime.
Data breach notification
If security measures are breached and personal data is unlawfully processed, the controller must report such a breach to the supervisory authority within 72 hours. Also, if there is a high risk to the rights and freedoms of data subjects or other individuals, the controller must also notify the data subjects.
Let’s take some time to go over some of the basics of the General Data Protection Regulation.
The Right to data portability
The GDPR creates a new right for individuals to have more control over their own personal data. In practice this means that controllers have to have the ability to provide the data subject with a copy of all the personal data that they have regarding him or her; and the ability to transfer the data to another data controller or service provider. It’s important to ensure the portability of all personal data that the individual has provided actively and knowingly. This includes information the individual has provided to you by using the service or device, such as location data or their heartbeat from a fitness tracker. This could therefore be a large collection of data. Furthermore, the data must be provided in a way that facilitates reuse. An example of this would be an email being provided in a format that preserves all the meta-data to allow effective reuse.
Customers decide where their content will be stored.
The AWS infrastructure is built around Regions and Availability Zones. A Region is a location in which there are multiple Availability Zones. Availability Zones consist of one or more discrete data centres. AWS currently has three Regions in the EU—Ireland (Dublin), UK (London) and Germany (Frankfurt)
This set-up allows customers with specific geographic requirements to establish environments in a location of their choice. For example, AWS customers in Europe can choose to deploy their AWS services exclusively in the Germany region.
[CLICK]
Customers may choose to transfer content that includes personal data cross border. AWS offers customers a data processing addendum that includes the Standard Contractual Clauses/Model Clauses that would apply where a customer transfers data containing personal data from the EEA to a country outside the EEA.
The EU data protection authority, known as the Article 29 Working Party, has approved the AWS Data Processing Addendum and Model Clauses. This approval means that customers who require the Model Clauses can rely on the AWS DPA as providing sufficient contractual commitments to enable international data flows in compliance with the EU data protection Directive.
In addition to the AWS DPA and the Model Clauses, customers who wish to transfer content that includes personal data from an EU Region to a US region benefit from AWS’ participation in the EU-US Privacy Shield Framework.
Let’s take some time to go over some of the basics of the General Data Protection Regulation.
We look after the security OF the cloud, and you look after your security IN the cloud.
To protect your application, AWS invests in a broad portfolio of security, identity, and management tools to help ensure your applications are secure and operate in a compliant manner.
--NETWORKING--
Amazon VPC: Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. With Amazon VPC, you can make the Amazon cloud a seamless extension of your existing on-premises resources.
AWS WAF: AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
--ENCRYPTION—
AWS KMS: AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS Key Management Service is integrated with several other AWS services to help you protect your data you store with these services. AWS Key Management Service is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
AWS CloudHSM: The AWS CloudHSM service helps you meet corporate, contractual and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM.
Server-side Encryption: AWS allows data to be encrypted with AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys. We also make the AWS Encryption SDK freely available to help developers correctly generate and use encryption keys, as well as protect the key after it has been used.
--IDENTITY--
AWS IAM: AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
AWS Directory Service: AWS Directory Service makes it easy to setup and run Microsoft Active Directory (AD) in the AWS cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, domain join Amazon EC2 instances, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads.
SAML Federation: AWS IAM supports SAML 2.0 to allow identity integration with most major identity management solutions. [http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html]
--COMPLIANCE—
AWS Service Catalog: AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. AWS Service Catalog allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need.
AWS CloudTrail: AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
AWS Config: AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
Segway to talk about FedRAMP potentially and share your experiences from around the world!
As Esther mentioned, GDPR encourages industries to develop codes of conduct to help enable the Controller to demonstrate their compliance.
The CISPE code is one such code of conduct
Data Collection: Have you taken into account the definition of “personal data” to determine what your organization is collecting? From where? & What mechanisms are used?
Access Controls: Can you identify who has access to personal data?
Data Storage/Retention: Can you inform on where personal data is stored?
Data Rights: Do you support means for customers to control access to their data?
Breach Notification: Is your organization currently supporting a breach notification program and does it meet/exceed the GDPR timelines?
Data Transfer: Do you use transfer mechanisms to process personal data?