Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
1. Security in the Cloud
Stephen E. Schmidt,
Vice President, Security Engineering &
Chief Information Security Officer
AWS Government, Education, and Nonprofits Symposium
Washington, DC | June 24, 2014 - June 26, 2014
14. 10 regions
26 availability zones
51 edge locations
It’s Not Just Having Services in a Couple of Regions…
15. Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RD
S
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
16. Direct Connect Route 53VPC
Networking
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
17. Direct Connect Route 53VPC
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
18. Management &
AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct Connect Route 53VPC
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
19. Elastic Beanstalk for Java, Node.js,
Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS)
Management &
AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct Connect Route 53
VP
C
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
20. Technology Partners Consulting Partners AWS MarketplaceEcosystem
Elastic Beanstalk for Java, Node.js,
Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS)
Management &
AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct Connect Route 53VPC
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
21. Support CertificationTrainingProfessional Services
Technology Partners Consulting Partners AWS MarketplaceEcosystem
Elastic Beanstalk for Java, Node.js,
Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS)
Management &
AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct Connect Route 53VPC
Networking
Analytics
Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL Server
Elastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
22. Security is Our No.1 Priority
Comprehensive Security Capabilities to Support Virtually Any Workload
PEOPLE &
PROCEDURES
NETWORK
SECURITY
PHYSICAL
SECURITY
PLATFORM
SECURITY
23. “[Enterprise customers are] skipping the
years of early getting-their-feet-wet, and
immediately jumping in with more
significant projects, with more ambitious
goals…”
42. • LEAST PRIVILEGE PRINCIPLE
CONFINE ROLES ONLY TO THE MATERIAL
REQUIRED TO DO SPECIFIC WORK
43. • LEAST PRIVILEGE PRINCIPLE
SEPARATE NETWORKS FOR CORPORATE WORK
VS. ACCESSING CUSTOMER DATA
44. • LEAST PRIVILEGE PRINCIPLE
MUST HAVE A BUSINESS NEED-TO-KNOW ABOUT
SENSITIVE INFORMATION LIKE DATACENTER
LOCATIONS
45. • LEAST PRIVILEGE PRINCIPLE
MUST HAVE A BUSINESS NEED-TO-KNOW IN
ORDER TO ACCESS DATACENTERS
46. • SIMPLE SECURITY CONTROLS
ARE THE EASIEST TO GET RIGHT, EASIEST TO
AUDIT, AND EASIEST TO ENFORCE
47.
48. • IDC Survey
• Attitudes and Perceptions Around Security and Cloud Services
• Nearly 60% of organizations agreed that CSPs [Cloud Service
Providers] provide better security than their own IT organization
• Source: IDC 2013 U.S. Cloud Security Survey
• Doc #242836, September 2013
49. • “Based on our experience, I believe that
we can be even more secure in the AWS
cloud than in our own data centers”
Tom Soderstrom – CTO – NASA JPL