SlideShare a Scribd company logo
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Todd Gleason, Executive Cloud Strategist, AWS
October, 25 2016
Modernizing Technology
Governance
Reducing Security Surface Area Through
AWS Shared Responsibility and Applying Security-by-Design
Over A Million Active Customers and Every Imaginable Use Case
1500+
Government
Agencies
3600+
Education
Institutions
190 Countries
11,200+
Nonprofits
Security is Job Zero
Customer - Financial Services
"The financial services industry attracts some of the worst
cyber criminals. We work closely with AWS to develop a
security model, which we believe enables us to operate
more securely in the public cloud than we can in our own
data centers."
CIO
Capital One
Customer - PCI-DSS
Using AWS, Vodafone created TopUp, a secure, PCI-
compliant solution that makes it easy for its customers to
buy credit for mobile phone SIM cards.
Customer - Healthcare
Oscar Insurance built a technology and data-driven health
insurance company from the ground up in just three
months on AWS while meeting HIPAA compliance
requirements.
The Forrester Wave™: Public Cloud Platform
Service Providers' Security, Q4 2014
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market
and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available
resources. Opinions reflect judgment at the time and are subject to change.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Assurance Programs
Certifications / Attestations Laws / Regulations / Privacy Alignments / Frameworks
DoD SRG DNB [Netherlands] CIS
FedRAMP EAR CLIA
FIPS EU Model Clauses CJIS
IRAP EU Data Protection Directive CMS EDGE
ISO 9001 FERPA CMSR
ISO 27001 GLBA CSA
ISO 27017 HIPAA FDA
ISO 27018 HITECH FedRAMP TIC
MLPS Level 3 IRS 1075 FISC
MTCS ITAR FISMA
PCI DSS Level 1 My Number Act [Japan] G-Cloud
SEC Rule 17-a-4(f) Privacy Act [Australia] GxP (FDA CFR 21 Part 11)
SOC 1 Privacy Act [New Zealand] IT Grundschutz
SOC 2 PDPA - 2010 [Malaysia] MITA 3.0
SOC 3 PDPA - 2012 [Singapore] MPAA
UK Cyber Essentials U.K. DPA - 1988 NERC
VPAT / Section 508 NIST
EU-US Privacy Shield PHR
Spanish DPA Authorization UK Cloud Security Principles
Comprehensive Security and Compliance
Foundational Certifications
ISO 9001
Global Quality
Standard
ISO 27001
Security
Management
Standard
ISO 27017
Cloud Specific
Controls
ISO 27018
PII Specific
Controls
SOC 1
Audit Controls
Report
SOC 2
Compliance
Controls Report
SOC 3
General Controls
Report
PCI DSS Level 1
Payment Card
Standards
NIST 800-53
Risk Management
Framework
Financial Services Compliance Enablers
Federal Financial Institutions Examination Council
(FFIEC) published a guide for financial services institutions,
examiners, and advisors on the use and security
architecture of AWS.
U.S. Securities and Exchange Commission's (SEC) Office
of Compliance Inspections and Examinations (OCIE)
published an overview of the OCIE Cybersecurity Initiative on
cybersecurity preparedness in the securities industry. Outlines
customer compliance responsibilities in relation to AWS.
U.S. Securities and Exchange Commission's (SEC) 17a-
4(f) & CFTC 1.31(b)-(c) Compliance Assessment Report for
Amazon Glacier with Vault Lock
AWS Privacy and Data Security
Now that the Safe Harbor
compliance scheme has been
ruled invalid, can customers
still use AWS and comply with
EU law?
Yes – the EU data protection
authorities’ approval of the AWS
Data Protection Agreement and
Model Clauses enable transfer of
data outside Europe – including to
the US
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Global Infrastructure
AWS Global Infrastructure
14 Regions
38 Availability Zones
63 Edge Locations
You decide where you want to put content and controls
Requirements From Every Industry
Nothing better for the
entire community than a
tough set of customers…
Everyone’s Systems and Applications
Financial Health Care Government
Global Infrastructure
Requirements Requirements Requirements
AWS Foundational Security Applies to Every Customer
AWS maintains a formal control environment
• SOC 1 (SSAE 16 & ISAE 3402) Type II (was SAS70)
• SOC 2 Type II and SOC 3 report
• ISO Certification (27001, 270017, 270018)
• Certified PCI DSS Level 1 Service Provider
• FedRAMP Authorization
• HIPAA and MPAA capable
Accredited experts audit and validate the AWS cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions Availability Zones Edge Locations
AWS is
responsible for
the security OF
the Cloud
Auditor
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS Shared Responsibility
Security is a Shared Responsibility
Customer Applications & Content
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Customers are
responsible for
their security
IN the Cloud
AWS is
responsible for
the security
OF the Cloud
NetworkingDatabasesStorageCompute
Edge
Locations
Availability
Zones
Regions
AWS Global
Infrastructure
Foundation
Services
AWS Shared Security Responsibility
Infrastructure
Services
Platform
Services
Abstracted
Services
Security is Shared and Classified by Ownership
AWS Shared Responsibility:
for Infrastructure Services
Customer Data
Platform & Application Management
Operating system, network, and firewall configuration
Data Confidentiality
Encryption at-rest /
in-transit, authentication
Data Availability
HA, DR/BC, Resource
Scaling
Data Integrity
Access control, Version
control, Backups
CustomerIAMAWSIAM
Managed by
AWS
Managed by
customersAWS
Endpoints
NetworkingDatabasesStorageCompute
Edge
Locations
Availability
Zones
Regions
AWS Global
Infrastructure
Foundation
Services
AWS
• Foundation Services
(Network, Compute, Storage)
• AWS Global Infrastructure
• AWS Endpoints
Infrastructure Services – Example Amazon EC2
Customer
• Customer Data
• Customer Application
• Operating System
• Network & Firewall (VPC)
• Customer IAM
• AWS IAM
(Users, Groups, Roles, Policies)
• High-Availability / Scaling
• Instance Management
• Data Protection
(In-transit, At-rest, Backup)
AWS Shared Responsibility:
for Platform Services
Customer Data
Client-side data encryption & data
integrity authentication
Network traffic protection
encryption / integrity / identity
Customer
IAM
AWSIAM
Managed by
customers
Managed by
AWS
Platform & Application Management
Firewall
Configuration
Operating system & Network Configuration
AWS
Endpoints
NetworkingDatabasesStorageCompute
Edge
Locations
Availability
Zones
Regions
AWS Global
Infrastructure
Foundation
Services
AWS
• Foundation Services
(Network, Compute, Storage)
• AWS Global Infrastructure
• AWS Endpoints
• Operating System
• Instance Management
• Platform / Application
(Aurora, MS SQL, Oracle, MySQL, PostgreSQL)
Platform Services – Example RDS
Customer
• Customer Data
• Firewall (VPC)
• Customer IAM
(DB Users, Table Permissions)
• AWS IAM
(Users, Groups, Roles, Policies)
• High-Availability / Scaling
• Data Protection
(In-transit, At-rest, Backup)
AWS Shared Responsibility:
for Abstracted Services
Customer Data
Client-side data encryption, data integrity and authentication
AWSIAM
Managed by
customers
Client-side data encryption provided by platform (protection of data at-rest)
Network traffic encryption provided by platform (protection of data in-transit)
Platform & Application Management
Operating system, network, and firewall configuration
Managed by
AWS
AWS
Endpoints
NetworkingDatabasesStorageCompute
Edge
Locations
Availability
Zones
Regions
AWS Global
Infrastructure
Foundation
Services
AWS
• Foundation Services
• (Network, Compute, Storage)
• AWS Global Infrastructure
• AWS Endpoints
• Platform / Application
• Data Protection (In-transit, At-rest)
• High-Availability / Scaling
Platform Services – Example S3
Customer
• Customer Data
• Data Protection
(In-transit, At-rest)
• AWS IAM
(Users, Groups, Roles, Policies)
Approaches to Auditing
 AWS services are regularly assessed against industry
standards and requirements.
 Policy or procedure controls are the responsibility of the
customer.
 Manage AWS services similar to traditional infrastructure
services.
 Access to AWS services should be treated like other
privileged administrator access.
Part of Your Compliance Work is Done
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
Network configuration
Security groups
OS firewalls
Operating systems
Application security
Service configuration
Account management
Authorization policies
+ =
Customer
Customers get to choose the right level of security for their business.
As an AWS customer you can focus on your business and not be distracted by the muck.
Secure, compliant
workloads
What Does This Mean For You?
 You benefit from an environment built for the most
security sensitive organizations
 AWS manages and validates testing against more than
3000 security controls so you don’t have to
 You can define the right security controls for your
workload sensitivity
 You always have full ownership and control of your
data
Familiar Security
Model
Validated and driven by
customers’ security experts
Benefits all customers
PEOPLE & PROCESS
SYSTEM
NETWORK
PHYSICAL
Closing the Loop – AWS Shared Responsibility
Our pace of innovation, comprehensive security and
compliance features allows you to measurably improve your
security program.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Security by Design
What is Security?
Practice of protecting your intellectual property from
unauthorized access, use, or modification.
What are the key things that come to your mind when
talking about Security?
• Visibility
• Auditability
• Controllability
• Agility
• Automation
Cloud goes beyond the traditional
elements of security and adds…
What is Security by Design (SbD)?
 Modern, systematic security assurance approach
 Formalizes AWS account design, automates security
controls and streamlines auditing
 Provides security control built in throughout the AWS
IT management process
Effective Security is ubiquitous and automatic…
Why is this important?
Modern day IT environments present challenges to managing security and meeting
compliance requirements due to the volume of information that needs to be safeguarded
and the dynamic connectivity of data, applications, and users. A reliable security approach
is needed to ensure data is safeguarded and available to authorized users and systems.
Confidentiality Integrity Availability
Why - Modernize Technology Governance
The majority of technology governance relies predominantly
on administrative and operational security controls with
LIMITED technology enforcement.
Assets
ThreatVulnerability
RiskAutomation is needed to dominate
governance through technology
enablement.
Approaching Security by Design
Understand your
requirements
Build a “secure
environment” that fits
your requirements
1
Enforce the use of
the templates
Perform validation
activities
2 3 4
Impact of Security by Design
 Creates a forcing function that cannot be overridden by users
 Establishes reliable operation of controls
 Enables continuous and real-time auditing
 Represents the technical scripting of your governance policy
Result
Automated environment enabling enforcement of security and
compliance polices and a functionally reliable governance model.
AWS Security & Compliance Resources
 AWS Risk & Compliance
 Introduction to AWS Security
 AWS Security Overview
 AWS Security Best Practices
 Security at Scale Whitepapers
 Customer penetration testing requests
 Security Partner Solutions
 Request more information by contacting us
aws.amazon.com/security
aws.amazon.com/compliance
Thank you!

More Related Content

What's hot

Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
Amazon Web Services
 
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
Amazon Web Services
 
Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT
 Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT
Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT
Amazon Web Services
 
Check Point Software Technologies: Secure Your AWS Workloads
 Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
Amazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
Amazon Web Services
 
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
 How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
Amazon Web Services
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
Amazon Web Services
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
ijceronline
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Edureka!
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
Amazon Web Services
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the Cloud
Armor
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
AWS User Group Bengaluru
 
Financial Services in the Cloud
Financial Services in the CloudFinancial Services in the Cloud
Financial Services in the Cloud
Amazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
Amazon Web Services
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Amazon Web Services
 
Automating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdf
Automating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdfAutomating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdf
Automating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdf
Amazon Web Services
 
Protected Workloads Security Shakedown
Protected Workloads Security ShakedownProtected Workloads Security Shakedown
Protected Workloads Security Shakedown
Amazon Web Services
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWS
Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
AWS Webcast - AWS Compliance Forum Introduction Oct 2013
AWS Webcast - AWS Compliance Forum Introduction Oct 2013AWS Webcast - AWS Compliance Forum Introduction Oct 2013
AWS Webcast - AWS Compliance Forum Introduction Oct 2013
Amazon Web Services
 

What's hot (20)

Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
CRITICAL CHANGES TO SECURITY FOR CLOUD ENVIRONMENTS - Toronto FSI Symposium -...
 
Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT
 Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT
Transform Your Risk Systems for Greater Agility with Accenture & AWS PPT
 
Check Point Software Technologies: Secure Your AWS Workloads
 Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
 How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
How Symantec Cloud Workload Protection Secures LifeLock on AWS PPT
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
Security Operations in the Cloud
Security Operations in the CloudSecurity Operations in the Cloud
Security Operations in the Cloud
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
Financial Services in the Cloud
Financial Services in the CloudFinancial Services in the Cloud
Financial Services in the Cloud
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
 
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017
 
Automating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdf
Automating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdfAutomating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdf
Automating Event Driven Security in the AWS Cloud - AWS Summit SG 2017pdf
 
Protected Workloads Security Shakedown
Protected Workloads Security ShakedownProtected Workloads Security Shakedown
Protected Workloads Security Shakedown
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWS
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
AWS Webcast - AWS Compliance Forum Introduction Oct 2013
AWS Webcast - AWS Compliance Forum Introduction Oct 2013AWS Webcast - AWS Compliance Forum Introduction Oct 2013
AWS Webcast - AWS Compliance Forum Introduction Oct 2013
 

Similar to Modernizing Technology Governance

AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
Rolf Koski
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
Amazon Web Services
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
AWS in FSI 2019
AWS in FSI 2019AWS in FSI 2019
AWS in FSI 2019
Amazon Web Services
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
Amazon Web Services
 
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
Amazon Web Services Korea
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
Amazon Web Services
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
Amazon Web Services
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdf
Amazon Web Services
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics Webinar
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance   wwps pre-day sao paolo - markry1. aws security and compliance   wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdf
Amazon Web Services
 

Similar to Modernizing Technology Governance (20)

AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS in FSI 2019
AWS in FSI 2019AWS in FSI 2019
AWS in FSI 2019
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdf
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics Webinar
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance   wwps pre-day sao paolo - markry1. aws security and compliance   wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Strengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdfStrengthen Your Organizations Security and Privacy.pdf
Strengthen Your Organizations Security and Privacy.pdf
 

More from Alert Logic

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
Alert Logic
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
Alert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
Alert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
Alert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
Alert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
Alert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
 

More from Alert Logic (20)

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 

Recently uploaded

みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
tolgahangng
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
SitimaJohn
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 

Recently uploaded (20)

みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
Serial Arm Control in Real Time Presentation
Serial Arm Control in Real Time PresentationSerial Arm Control in Real Time Presentation
Serial Arm Control in Real Time Presentation
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptxOcean lotus Threat actors project by John Sitima 2024 (1).pptx
Ocean lotus Threat actors project by John Sitima 2024 (1).pptx
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 

Modernizing Technology Governance

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Todd Gleason, Executive Cloud Strategist, AWS October, 25 2016 Modernizing Technology Governance Reducing Security Surface Area Through AWS Shared Responsibility and Applying Security-by-Design
  • 2. Over A Million Active Customers and Every Imaginable Use Case 1500+ Government Agencies 3600+ Education Institutions 190 Countries 11,200+ Nonprofits Security is Job Zero
  • 3. Customer - Financial Services "The financial services industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers." CIO Capital One
  • 4. Customer - PCI-DSS Using AWS, Vodafone created TopUp, a secure, PCI- compliant solution that makes it easy for its customers to buy credit for mobile phone SIM cards.
  • 5. Customer - Healthcare Oscar Insurance built a technology and data-driven health insurance company from the ground up in just three months on AWS while meeting HIPAA compliance requirements.
  • 6. The Forrester Wave™: Public Cloud Platform Service Providers' Security, Q4 2014 The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc. The Forrester Wave™ is a graphical representation of Forrester's call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgment at the time and are subject to change.
  • 7. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Assurance Programs
  • 8. Certifications / Attestations Laws / Regulations / Privacy Alignments / Frameworks DoD SRG DNB [Netherlands] CIS FedRAMP EAR CLIA FIPS EU Model Clauses CJIS IRAP EU Data Protection Directive CMS EDGE ISO 9001 FERPA CMSR ISO 27001 GLBA CSA ISO 27017 HIPAA FDA ISO 27018 HITECH FedRAMP TIC MLPS Level 3 IRS 1075 FISC MTCS ITAR FISMA PCI DSS Level 1 My Number Act [Japan] G-Cloud SEC Rule 17-a-4(f) Privacy Act [Australia] GxP (FDA CFR 21 Part 11) SOC 1 Privacy Act [New Zealand] IT Grundschutz SOC 2 PDPA - 2010 [Malaysia] MITA 3.0 SOC 3 PDPA - 2012 [Singapore] MPAA UK Cyber Essentials U.K. DPA - 1988 NERC VPAT / Section 508 NIST EU-US Privacy Shield PHR Spanish DPA Authorization UK Cloud Security Principles Comprehensive Security and Compliance
  • 9. Foundational Certifications ISO 9001 Global Quality Standard ISO 27001 Security Management Standard ISO 27017 Cloud Specific Controls ISO 27018 PII Specific Controls SOC 1 Audit Controls Report SOC 2 Compliance Controls Report SOC 3 General Controls Report PCI DSS Level 1 Payment Card Standards NIST 800-53 Risk Management Framework
  • 10. Financial Services Compliance Enablers Federal Financial Institutions Examination Council (FFIEC) published a guide for financial services institutions, examiners, and advisors on the use and security architecture of AWS. U.S. Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) published an overview of the OCIE Cybersecurity Initiative on cybersecurity preparedness in the securities industry. Outlines customer compliance responsibilities in relation to AWS. U.S. Securities and Exchange Commission's (SEC) 17a- 4(f) & CFTC 1.31(b)-(c) Compliance Assessment Report for Amazon Glacier with Vault Lock
  • 11. AWS Privacy and Data Security Now that the Safe Harbor compliance scheme has been ruled invalid, can customers still use AWS and comply with EU law? Yes – the EU data protection authorities’ approval of the AWS Data Protection Agreement and Model Clauses enable transfer of data outside Europe – including to the US
  • 12. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure
  • 13. AWS Global Infrastructure 14 Regions 38 Availability Zones 63 Edge Locations You decide where you want to put content and controls
  • 14. Requirements From Every Industry Nothing better for the entire community than a tough set of customers… Everyone’s Systems and Applications Financial Health Care Government Global Infrastructure Requirements Requirements Requirements
  • 15. AWS Foundational Security Applies to Every Customer AWS maintains a formal control environment • SOC 1 (SSAE 16 & ISAE 3402) Type II (was SAS70) • SOC 2 Type II and SOC 3 report • ISO Certification (27001, 270017, 270018) • Certified PCI DSS Level 1 Service Provider • FedRAMP Authorization • HIPAA and MPAA capable Accredited experts audit and validate the AWS cloud AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations AWS is responsible for the security OF the Cloud Auditor
  • 16. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shared Responsibility
  • 17. Security is a Shared Responsibility Customer Applications & Content Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud NetworkingDatabasesStorageCompute Edge Locations Availability Zones Regions AWS Global Infrastructure Foundation Services
  • 18. AWS Shared Security Responsibility Infrastructure Services Platform Services Abstracted Services Security is Shared and Classified by Ownership
  • 19. AWS Shared Responsibility: for Infrastructure Services Customer Data Platform & Application Management Operating system, network, and firewall configuration Data Confidentiality Encryption at-rest / in-transit, authentication Data Availability HA, DR/BC, Resource Scaling Data Integrity Access control, Version control, Backups CustomerIAMAWSIAM Managed by AWS Managed by customersAWS Endpoints NetworkingDatabasesStorageCompute Edge Locations Availability Zones Regions AWS Global Infrastructure Foundation Services
  • 20. AWS • Foundation Services (Network, Compute, Storage) • AWS Global Infrastructure • AWS Endpoints Infrastructure Services – Example Amazon EC2 Customer • Customer Data • Customer Application • Operating System • Network & Firewall (VPC) • Customer IAM • AWS IAM (Users, Groups, Roles, Policies) • High-Availability / Scaling • Instance Management • Data Protection (In-transit, At-rest, Backup)
  • 21. AWS Shared Responsibility: for Platform Services Customer Data Client-side data encryption & data integrity authentication Network traffic protection encryption / integrity / identity Customer IAM AWSIAM Managed by customers Managed by AWS Platform & Application Management Firewall Configuration Operating system & Network Configuration AWS Endpoints NetworkingDatabasesStorageCompute Edge Locations Availability Zones Regions AWS Global Infrastructure Foundation Services
  • 22. AWS • Foundation Services (Network, Compute, Storage) • AWS Global Infrastructure • AWS Endpoints • Operating System • Instance Management • Platform / Application (Aurora, MS SQL, Oracle, MySQL, PostgreSQL) Platform Services – Example RDS Customer • Customer Data • Firewall (VPC) • Customer IAM (DB Users, Table Permissions) • AWS IAM (Users, Groups, Roles, Policies) • High-Availability / Scaling • Data Protection (In-transit, At-rest, Backup)
  • 23. AWS Shared Responsibility: for Abstracted Services Customer Data Client-side data encryption, data integrity and authentication AWSIAM Managed by customers Client-side data encryption provided by platform (protection of data at-rest) Network traffic encryption provided by platform (protection of data in-transit) Platform & Application Management Operating system, network, and firewall configuration Managed by AWS AWS Endpoints NetworkingDatabasesStorageCompute Edge Locations Availability Zones Regions AWS Global Infrastructure Foundation Services
  • 24. AWS • Foundation Services • (Network, Compute, Storage) • AWS Global Infrastructure • AWS Endpoints • Platform / Application • Data Protection (In-transit, At-rest) • High-Availability / Scaling Platform Services – Example S3 Customer • Customer Data • Data Protection (In-transit, At-rest) • AWS IAM (Users, Groups, Roles, Policies)
  • 25. Approaches to Auditing  AWS services are regularly assessed against industry standards and requirements.  Policy or procedure controls are the responsibility of the customer.  Manage AWS services similar to traditional infrastructure services.  Access to AWS services should be treated like other privileged administrator access.
  • 26. Part of Your Compliance Work is Done Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (EC2) Hardened service endpoints Rich IAM capabilities Network configuration Security groups OS firewalls Operating systems Application security Service configuration Account management Authorization policies + = Customer Customers get to choose the right level of security for their business. As an AWS customer you can focus on your business and not be distracted by the muck. Secure, compliant workloads
  • 27. What Does This Mean For You?  You benefit from an environment built for the most security sensitive organizations  AWS manages and validates testing against more than 3000 security controls so you don’t have to  You can define the right security controls for your workload sensitivity  You always have full ownership and control of your data
  • 28. Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL Closing the Loop – AWS Shared Responsibility Our pace of innovation, comprehensive security and compliance features allows you to measurably improve your security program.
  • 29. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security by Design
  • 30. What is Security? Practice of protecting your intellectual property from unauthorized access, use, or modification. What are the key things that come to your mind when talking about Security? • Visibility • Auditability • Controllability • Agility • Automation Cloud goes beyond the traditional elements of security and adds…
  • 31. What is Security by Design (SbD)?  Modern, systematic security assurance approach  Formalizes AWS account design, automates security controls and streamlines auditing  Provides security control built in throughout the AWS IT management process Effective Security is ubiquitous and automatic…
  • 32. Why is this important? Modern day IT environments present challenges to managing security and meeting compliance requirements due to the volume of information that needs to be safeguarded and the dynamic connectivity of data, applications, and users. A reliable security approach is needed to ensure data is safeguarded and available to authorized users and systems. Confidentiality Integrity Availability
  • 33. Why - Modernize Technology Governance The majority of technology governance relies predominantly on administrative and operational security controls with LIMITED technology enforcement. Assets ThreatVulnerability RiskAutomation is needed to dominate governance through technology enablement.
  • 34. Approaching Security by Design Understand your requirements Build a “secure environment” that fits your requirements 1 Enforce the use of the templates Perform validation activities 2 3 4
  • 35. Impact of Security by Design  Creates a forcing function that cannot be overridden by users  Establishes reliable operation of controls  Enables continuous and real-time auditing  Represents the technical scripting of your governance policy Result Automated environment enabling enforcement of security and compliance polices and a functionally reliable governance model.
  • 36. AWS Security & Compliance Resources  AWS Risk & Compliance  Introduction to AWS Security  AWS Security Overview  AWS Security Best Practices  Security at Scale Whitepapers  Customer penetration testing requests  Security Partner Solutions  Request more information by contacting us aws.amazon.com/security aws.amazon.com/compliance

Editor's Notes

  1. Security is a Path and not a Destiny. We understand that Security and governance are often the top issues identified when we talk to our customers. Based on our experience of working with millions of customers running every imaginable use case, that includes requirements for stringent Security and Compliance controls, we really advise and highly recommend our customers to invest in security review early in the process. Get your security folks talk to our security folks and understand security and compliance. Security is really not on or off. It’s a spectrum of options that you can choose from that is right for your application.
  2. Capital One is using AWS to reduce its data centers from eight to three by 2018. Capital One is one of the nation’s largest banks and offers credit cards, checking and savings accounts, auto loans, rewards, and online banking services for consumers and businesses. The bank is using or experimenting with nearly every AWS service to develop, test, build, and run its most critical workloads, including its new flagship mobile-banking application. Rob Alexander, Capital One's chief information officer, says, "The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers." Capital One selected AWS for its security model and for the ability to provision infrastructure on the fly, the elasticity to handle purchasing demands at peak times, its high availability, and its pace of innovation.
  3. …Vodafone created a compliant, secure solution on AWS that can scale to handle thousands of daily transactions while reducing capital expenditures by 30 percent. Vodafone Italy is a leading mobile communications company. Using AWS, Vodafone created TopUp, a secure, PCI-compliant solution that makes it easy for its customers to buy credit for mobile phone SIM cards.
  4. Oscar Insurance built a technology and data-driven health insurance company from the ground up in just three months on AWS while meeting HIPAA compliance requirements. The company uses AWS to run its insurance platform, customer databases, and analytics solution. Using AWS, Oscar Insurance processed more than 25 million historical insurance claims in hours and launched its platform on time for open enrollment.
  5. The strength of security has been validated in the industry and by our customers. Forrester contacted 13 cloud providers, but only 4 agreed to participate. AWS participated because of its confidence in its security controls, and its belief that transparency in security is in the best interest of its customers. AWS demonstrated a broad set of security capabilities in data center security, certifications, and network security AWS excelled in customer satisfaction, security services partnerships, and a large install base AWS led in the size of its development and technical support staff
  6. Cloud Service Provider or the user?
  7. AWS has the longest-standing, most comprehensive compliance profile in the market We innovate broadly and deeply in control features to help our customers’ meet compliance needs Our security features make moving to the AWS cloud a compelling control option in managing compliance Certifications / Attestations: Certifications and Attestations are performed by a third-party independent auditor and results in a certification, audit report, or attestation of compliance. Please select a region and then select an assurance program. In addition, the flexibility and control that the AWS platform provides allows customers to deploy solutions that meet several industry-specific standards. These include, but are not limited, to those listed in column two and three of this table. Laws, Regulations, and Privacy: Customers maintain compliance with applicable Laws and Regulations, AWS Customers organizations can / must self-certify or create a contract (e.g. HIPAA BAA). No formal certification is available to (or distributable by) a cloud service provider within these law and regulatory domains. Alignments / Frameworks: These are published security or compliance requirements specific to the customer’s industry or function. AWS supports customers seeking alignment by providing functionality (such as security features) and enablers (including compliance playbooks, mapping documents, and whitepapers). Formal “direct” certification of these programs is either 1) not available to cloud providers or 2) represents a smaller subset of requirements already demonstrable by our current formal certification/attestation programs.
  8. The underlying physical infrastructure and the AWS Management Environment for all US Regions and GovCloud has been audited and received compliance certifications for SOC, ISO, PCI-DSS, FedRAMP (NIST 800-53 Rev. 4 – Moderate Impact Level) and DoD SRG (Security Requirements Guide) US East/West holds a DoD Level 2 Provisional Authorization and covers: EC2, EBS, S3, VPC, IAM, and Redshift. AWS GovCloud (US) holds DoD PAs at Level 2 and 4. These PAs cover: EC2, EBS, S3, VPC, and IAM, and Redshift (at L2 only). SOC 1 (Type 2) A description of the AWS control environment and external audit of AWS defined controls and objectives SOC 2 (Type 2) External audit of AWS controls that meet the AICPA Trust Services Security Principle and Criteria ISO/IEC 27001:2013 Global security standard for Information Security Management System (ISMS) ISO/IEC 27017:2015 Security control best practices, based on ISO/IEC 27002, designed specifically for cloud services ISO/IEC 27018:2014 Security control best practices to protect personally identifiable information (PII) in public clouds acting as PII processors PCI Data Security Standard (PCI DSS) 3.1 Level 1 Information security standard required for organizations that process credit card payments NIST 800-53, Rev. 4 Security Control Baseline for Moderate Impact Levels Security and Privacy Controls for Federal Information Systems and Organizations controls and more services
  9. The Federal Financial Institutions Examination Council (FFIEC) published a guide for financial services institutions, examiners, and advisors on the use and security architecture of AWS. Learn about their recommended use and guidance in relation to client data. The U.S. Securities and Exchange Commission's (SEC) Office of Compliance Inspections and Examinations (OCIE) published an overview of the OCIE Cybersecurity Initiative on cybersecurity preparedness in the securities industry. It outlines customer compliance responsibilities in relation to AWS.
  10. AWS customers retain ownership and control of their content. They choose which location to store their data and it doesn’t move unless the customer decides to move it. Regardless of where a request for customer content comes, we are vigilant about our customers’ privacy and have implemented sophisticated technical and physical measures to prevent unauthorized access. We have a world-class team of security experts monitoring our systems 24/7 to protect customer content. We will not disclose customer content in response to requests unless required to do so to comply with a legally valid and binding order, such as a subpoena or a court order. Additionally, we would notify the customer before disclosing their content so they could seek protection from disclosure, unless prohibited by law.
  11. Cloud Service Provider or the user?
  12. List talking points from global infrastructure security slides Highly secure facilities and infrastructure Independent regions for data privacy compliance Build on constantly improving security baseline Build on compliant infrastructure Extensive network and security monitoring Foundational security applies to every customer AWS makes no secondary use of customer content. Manage your privacy objectives any way that you want. Customer chooses where to place data AWS regions are geographically isolated by design Data is not replicated to other AWS regions and doesn’t move unless you choose to move it.
  13. When big institutions submit stringent security requirements to us, and review the audit findings of our compliance auditors, we frequently build their requirements and incorporate their feedback into the platform. EVERYBODY benefits from them. We don’t build “one off” solutions for anyone, so everybody benefits from the improvements made for any customer. In many cases, this results in a better security profile than what each individual firm could accomplish on their own. In the past year we have released more than 165 security-related features or service enhancements (nearly 40% of overall feature releases) .
  14. Because AWS and its customers share control over the IT environment, both parties have responsibility for managing the IT environment. The responsibility of AWS includes providing its services on a highly secure and controlled platform and providing a wide array of security features customers can use. The customer’s responsibility includes configuring their IT environments in a secure and controlled manner for their purposes. While customers don’t communicate about their use and configurations to AWS, AWS does communicate about its security and control environment relevant to customers. AWS communicates by: Obtaining industry certifications and independent third-party attestations. Publishing information about AWS security and control practices in whitepapers and website content. Providing certificates, reports, and other documentation directly to AWS customers under NDA (as required). Additional details about the AWS Compliance assurance programs at www.aws.amazon.com/compliance. We also recommend you review the AWS Security Whitepaper, located at www.aws.amazon.com/security. Expert Auditors The best solution for validating content security policy (CSP) security is to get accredited experts to do it for you. This is using a very sharp tool for a very specific job. Auditors are constantly moving through the AWS environment. There is seldom a day when professional third-party auditors are not engaging deeply with AWS physical and logical security controls: testing, validating, finding ways to improve security, documenting all of this, and generating the rich body of evidence that backs up the auditing result. CSP auditors understand the cloud in general, they understand where AWS fits in the cloud landscape, they understand the risks, and they understand the relevant customer use cases in depth. They interpret the traditional standards for you, applying them to AWS in a way that makes sense. They can do a much better job than most audit functions at companies with limited experience in doing this specifically. Multiple certifications and reports offered by AWS provide you with the ability to triangulate on risk and controls if there isn't a report that meets your exact needs. With one report or certification, it's a great set of data, but with many (overlapping but subtly different controls, different audit types and periods, different points in time), you can get the visibility you need.
  15. Cloud Service Provider or the user?
  16. There are never enough great security professional in your organization, but the cloud can help. The Shared Responsibility model hugely reduces the total “security surface area” that customer security experts need to take care of for themselves. They rely on us for all the low level infrastructure security. With that narrower focus, customer security teams have a “reduced security surface area,” and can devote more of their attention to OS and application level security. Their experts can focus and achieve better results in the areas that are more closely related to the differentiated value for their business or mission, as opposed to the generic “undifferentiated heavy lifting” that applies to low-level security and compliance work as well as infrastructure management itself. Talking points AWS is relentless in ensuring that security is a top priority and works hard to ensure that it is providing a secure environment for our customers to operate in. At the same time there is a level of security that the customer must take responsibility for when operating in a cloud environment. This leads to the shared responsibility model for security. AWS looks after the security OF the cloud, and you look after your security IN the cloud. Talking points AWS side of the responsibility Leverage our culture of having a secure environment and constant improvement Perform regular audits Ensure that access and end points are protected Leverage security recommendations from customers and make them available to all customers. Customers Use AWS resources to configure security Customers have the ability to implement their own controls Leverage our partner network to find security solutions that meet their operating needs
  17. From a shared security responsibility perspective, AWS services can be classified into three categories: Infrastructure, Container, and Abstracted services. Each category comes with a slightly different security ownership model based on how you interact and access the functionality.
  18. With these services, you can architect and build a cloud infrastructure using technologies similar to and largely compatible with on-premises solutions. You control the operating system, and you configure and operate any identity management system that provides access to the user layer of the virtualization stack. For certain compliance requirements, you might require an additional layer of protection between the services from AWS and your operating systems and platforms, where your applications and data reside. You can impose additional controls, such as protection of data at rest, and protection of data in transit, or introduce a layer of opacity between services from AWS and your platform. The opacity layer can include data encryption, data integrity authentication, software- and data-signing, secure time-stamping, and more.
  19. For AWS container services, AWS manages the underlying infrastructure and foundation services, the operating system and the application platform. For example, Amazon RDS for Oracle is a managed database service in which AWS manages all the layers of the container, up to and including the Oracle database platform. For services such as Amazon RDS, the AWS platform provides data backup and recovery tools; but it is your responsibility to configure and use tools in relation to your business continuity and disaster recovery (BC/DR) policy.
  20. You are responsible for managing your data (including classifying your assets), and for using IAM tools to apply ACL-type permissions to individual resources at the platform level, or permissions based on user identity or user responsibility at the IAM user/group level. For some services, such as Amazon S3, you can also use platform-provided encryption of data at rest, or platform-provided HTTPS encapsulation for your payloads for protecting your data in transit to and from the service.
  21. When you take the security piece that Amazon owns and offers to every customer, and add it to the security that customers can implement you get a complete and compliant solution that meets the needs of the customers. This approach allows customers to focus on the level of security that is appropriate for their business. It also allows customers to focus more on how their applications function, how they are secured, and continuing to extend the areas that differentiate them as a business because they are relieved of a significant part of the overall security process.
  22. First of all, no matter who you are, you get to benefit from all the controls that AWS has put in place for the largest, most security sensitive organizations in the world. You get this at no extra cost, you don’t have to do anything to get this – it’s just all part of the service. Also, performing audits is a time consuming and expensive affair. We validate our environment against over 2400+ security controls – we also get audited by third parties. If you like to see the controls and how we are managing against them, you can request a copy of our SOC 2 report available to you under NDA. SOC 2 is a widely recognized reporting standard established by the American Institute of Certified Public Accountants. You have the flexibility to define what are the right set of security controls for your workload. More sensitive workloads will demand more stringent controls, less sensitive workloads will demand less. At the same time you remain in full control and have full ownership of your data. You decide where it goes, where it is stored, where it gets processed and how it gets transmitted.
  23. At AWS security is a top priority. We build our security program on many of the same tenets as you do. Our data centers are designed with the highest physical security requirements in mind, and access to those data centers is restricted to a very small number of individuals. In the same way you do, we lock down our network and systems, and have well defined processes and people controls to make sure our data centers operate in an efficient and secure manner. Our security measures have been driven by security experts from across our largest, most advanced customers, including Shell, NASDAQ, and GE, and have been validated by a wide range of security experts and accreditation bodies. These organizations with very high security standards set the bar for AWS security, but the great thing about security in AWS is that everyone gets to benefit from the security controls that we have put in place. Whether you are a small startup, a mid sized enterprise, or the largest company you get to take advantage of the security controls that we have put in place to satisfy Our pace of innovation, comprehensive security and compliance features, and the agility customers gain from our platform allows you to measurably improve your security program as you migrate from traditional IT delivery models.
  24. Cloud Service Provider or the user?
  25. At AWS, we strive to make security as familiar as what you are doing today. AWS offers tools for keeping track of and monitoring your AWS cloud resources, so you have instant visibility into your inventory as well as your user and application activity. We will discuss AWS CloudTrail in later module. With AWS Config service, you can easily discover all of your AWS resources and view the configuration of each. You can receive notifications each time a configuration changes as well as dig into the configuration history to perform incident analysis. We will discuss AWS Config in later module. AWS provides various options for encrypting data at rest and in transit. We will discuss in more detail about these options and services like AWS Key Management Service (KMS) and AWS CloudHSM in later modules.
  26. Rather than attempting to bolt-on security retroactively, SbD automates and enforces security best-practices throughout the AWS lifecycle. By completely automating all aspects of AWS deployment by leveraging services like CloudFormation, CodeCommit and CodeDeploy, security and compliance in the cloud can be made more efficient and ubiquitous.
  27. AWS provides a comprehensive set of tools and services to enable organizations to operate securely in the cloud, but making effective use of these technologies requires a calculated and formalized approach to incorporate secure design practices within every component in your AWS environment and the AWS environment itself.
  28. Instructor Notes: Intro and Overview Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. These workshop are designed to innovate and advance Technology Governance by providing a mechanism to effectively dominate governance through technology enablement. AWS customers will be empowered to drive security, compliance and audit assertions across their executives; board of directors and regulators through AWS technology innovations and partner ecosystem by ensuing Governance Automation in the cloud. Assimilate and leverage Shared Responsibly Model Understand and manage AWS Security Services Implement and design using AWS services through Security by Design strategies Manage, secure and audit the use of AWS services using real-time risk management processes Leverage the shared compliance across multiple security frameworks (e.g. PCI, HIPPA, NIST, ISO, SOC, etc.) Identify AWS services and tools to help automate, monitor, and manage security operations on AWS
  29. Phase 1 – Understand your requirements. Outline your policies, and then document the controls you inherit from AWS, document the controls you own and operate in your AWS environment, and decide on what security rules you want to enforce in your AWS IT environment. Phase 2 – Build a “secure environment” that fits your requirements and implementation. Define the configuration you require in the form of AWS configuration values, such as encryption requirements (forcing server side encryption for S3 objects), permissions to resources (which roles apply to certain environments), which compute images are authorized (based on hardened images of servers you have authorized), and what kind of logging needs to be enabled (such as enforcing the use of CloudTrail on all resources for which it is available). Since AWS provides a mature set of configuration options (with new services being regularly released), we provide some templates for you to leverage for your own environment. These security templates (in the form of AWS CloudFormation Templates) provide a more comprehensive rule set that can be systematically enforced. We have developed templates that provide security rules that conform to multiple security frameworks and leading practices. These pre-packaged industry template solutions are provided to customers as a suite of templates or as stand alone templates based on specific security domains (e.g. access control, security services, network security, etc.) Phase 3 – Enforce the use of the templates. Enable Service Catalog, and enforce the use of your template in the catalog. This is the step, which enforces the use of your “secure environment” in new environments that are being created, and prevents anyone from creating an environment that doesn’t adhere to your “secure environment” standard rules or constraints. This effectively operationalizes the remaining customer account security configurations of controls in preparation for audit readiness. Phase 4 – Perform validation activities. Deploying AWS through Service Catalog and the “secure environment” templates creates an audit- ready environment. The rules you defined in your template can be used as an audit guide. AWS Config allows you to capture the current state of any environment, which can then be compared with your “secure environment” standard rules. This provides audit evidence gathering capabilities through secure “read access” permissions, along with unique scripts, which enable audit automation for evidence collection. Customers will be able to convert traditional manual administrative controls to technically enforced controls with the assurance that, if designed and scoped properly, the controls are operating 100% at any point in time - versus traditional audit sampling methods or point-in-time reviews.
  30. Answers to many security and compliance questions can be found in the listed
  31. The standard business model is changing rapidly Companies used to be built for the long haul But now, success is powered by rapid-paced innovation and the ability to get disruptive products to market first You’re used to balancing resources between keeping things running and the development of new initiatives. But merely keeping the lights on doesn't differentiate you from your competitors. Meanwhile, you’re faced with a massive increase in cyber threats, globalization demands introducing new scale and complexity pressures a failure to engage IT in key technology investments Sources: Here's what your tech budget is being spent on, ZDNet, 11 November 2014 Where Do Firms Go When They Die?, The Atlantic, 12 April 2015 3. Gartner
  32. However, there is an opportunity to break free of your existing constraints. What if you could focus your attention and resources on differentiating your company in the marketplace? What if you could innovate at startup-like speed? And finally, what if you could dramatically reduce the risks inherent in your present infrastructure? If this is the working definition of success, let’s talk about how we’re going to achieve it.