End-user security is a constant challenge for IT leaders who must balance the business needs of BYOD, distributed workforce, and ready access to business resources, against protecting those same resources from hackers and malware. Amazon WorkSpaces provides a more secure environment over conventional desktop infrastructure because data and applications reside in the cloud, is encrypted during I/O, at rest, and in snapshots, and is not located on end-user devices. In this tech talk we will discuss how you can better secure your IT infrastructure, intellectual property, and sensitive information, and provide recommendations for best practices to help you protect your desktop computing devices using a managed Desktop-as-a-Service (DaaS) solution.
Securing Your Desktops with Amazon WorkSpaces - AWS Online Tech Talks
1. Nathan Thomas, GM Amazon WorkSpaces
Securing Desktops in the Cloud
|Webinars
2. A cost-effective, fully-managed secure cloud desktop
Highly secure
Pay-as-you-go
Simple management
Highly secure cloud desktops
protecting your corporate data
Scale consistently
3. What Customers Are Telling Us
What’s not working?
Personal Computers
Secure endpoints
BYOD is complicated
Data must be backed up
Expensive to scale
On-Premises VDI
Upfront investment
Weeks to deploy
Requires management
Servers must be secured
Expensive to scale
Embrace
personal
devices
Support
contract
workers
Access for
mobile
workers
Data
Security
Agility
5. Physical Access
43% of US
employees
worked remotely
in 2016
Diversity of
Devices
As of June 2017, non-
Windows OS share
was close to 52% in
both US and the UK
Data and Apps Reside on Client Devices
Data Breach
In 2016, the average data
breach cost $3.62M1
WannaCry ransomware
attack estimated to have
cost $4.0B worldwide
Client end-points
security out of
corporate networks
BlueBorne vulnerabilities
impact over 5 billion
Bluetooth-enabled devices,
and not all devices will
receive patches.
6. DaaS Improves Security
WorkSpaces enables customers to have tighter security policies and a stronger security
posture, without compromising end-user access to needed resources.
No sensitive
data on end
users’ devices
WorkSpace data
encrypted at rest
Desktop stream
encrypted in transit
8. Secure Desktops In the Cloud
Your data stored at rest, disk I/O to the volume, and snapshots created from encrypted
volumes are encrypted and never reside on the local client.
Storage volume
encryption
Enterprise
cyber security
solutions
Patch
management
1. Enterprise Strategy Group: TechTruths: BYOD and Productivity, 2015
Image updates
No data on local
client
10. Client Endpoints Security
No user credentials are transmitted in clear text at any time.
Multifactor
authentication
Proxy access
Narrow access
with certificate-
based client
authentication
1. Enterprise Strategy Group: TechTruths: BYOD and Productivity, 2015
TLS encrypted
logins
11. Works with Your Existing Security Infrastructure
Microsoft
Active
Directory
Multifactor
authentication
(RADIUS)
Intranet
Amazon WorkSpaces integrates easily with your on-premises security tools and solutions
Certificate
Authority
service
Anti-virus
solutions
12. Amazon WorkSpaces Compliance
Certification – SOC 1, SOC 2, ISO 9001
and ISO 27001
HIPAA-eligible with Business Associate
Agreement (BAA)
PCI DSS Level 1 compliant
EU General Data Protection Regulation
(GDPR) ready
May 2018
14. Strengthen Your Security Posture
Leverage client OS-
level access
controls
Implement an anti-
virus/cyber security
solution
Apply security
group rules to
WorkSpaces
Encrypt both
WorkSpaces
volumes
Enable MFA Manage client access
with certificate-based
client authentication
Schedule Windows
updates for
WorkSpaces
Enforce strong
password policies
via Active Directory
15. • DaaS improves enterprise security by keeping data within corporate digital
boundaries
• Amazon WorkSpaces works with your existing security infrastructure
• Amazon WorkSpaces allows you to deploy cloud desktops, adhere to your existing
security procedures, and meet regulatory compliance requirements
In Summary