The document outlines the AWS Shared Responsibility Model, emphasizing that security is a top priority for AWS, which manages the security of the cloud while customers control their own security elements. It highlights various AWS security services and recommendations for customers to enhance their security posture. The document also provides resources for further information on AWS security best practices and compliance.

1. Thank you.The AWS Shared Responsibility
Model in Practice
Jeff Levine – Enterprise Solutions Architect, AWS

2. Agenda
• Introduction to AWS Security
• Overview of the Shared Security Model
• AWS Security Services and Features
• Recommendations
• Additional Resources

3. Introduction to AWS Security

4. Introduction to AWS Security
Cloud security at AWS is the highest priority. It is Job Zero.
As an AWS customer, you will benefit from a data center
and network architecture built to meet the requirements of
the most security-sensitive organizations.

5. • You benefit from an environment built for the most security
sensitive organizations
• AWS manages 1800+ security controls so you don’t have to
• You get to define the right security controls for your workload
sensitivity
• You always have full ownership and control of your data
What this means to you:

6. Broad Accreditations & Certifications
https://aws.amazon.com/compliance/dod/

7. From AWS customers:
“We can operate more securely on AWS than we can in our own data centers.”
Rob Alexander, CIO, Capital One
AWS re:Invent Conference 2015
“The fact that we can rely on the AWS security posture to boost our own security
is really important for our business. AWS does a much better job at security than
we could ever do running a cage in a data center.”
Richard Crowley
Director of Operations, Slack

8. The AWS
Shared Security Model

9. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure
Regions
Availability Zones
Edge
Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers
Security is a shared responsibility
Customers are
responsible for
their security IN
the Cloud
AWS is
responsible for
the security OF
the Cloud

10. The AWS Shared Responsibility Model
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer (EC2)
Hardened service endpoints
Rich IAM capabilities
Network configuration
Security groups
OS firewalls
Operating systems
Applications
Proper service configuration
AuthN & acct management
Authorization policies
+ =
Customer
Controls
More secure and
compliant systems than
any one entity could
achieve on its own at
scale

11. The Scope of Responsibility can Vary
.
• The scope of responsibility depends on the type of
service offered by AWS: Infrastructure, Container,
Abstracted Services.
• Understanding who is responsible for what is critical to
ensuring your AWS data and systems are secure!

12. Infrastructure Services
Examples: Amazon EC2, EBS, VPC

13. Container Services
Examples: Amazon RDS, EMR

14. Abstracted Services
Examples: S3, Dynamo DB

15. AWS Services & Features

16. AWS Security Tools & Features
Customer applications & content
Oversight & Monitoring
AWS and its partners including AlertLogic offer over 700 security services, tools and features.
Many mirror the familiar controls you deploy within your on-prem environments.
AlertLogic can interface with many of these AWS services directly.
Network
Security
Identity &
Access
Control
Inventory &
Config
Data
Encryption

17. AWS Security Tools & Features
Network
Security
Identity &
Access
Control
Inventory &
Config
Amazon VPC
Security Groups
AWS IAM
AWS Organizations
AWS Config
Amazon Systems Mgr
Data
Encryption
s2n – AWS TLS
AWS KMS
AWS CloudHSM
Oversight &
Monitoring
Amazon CloudWatch
AWS CloudTrail
Amazon GuardDuty, Macie

18. Recommendations

19. 1
Understand & know the
AWS Shared Security Model.

20. 2
Understand the AWS secure,
global, infrastructure.
e.g. regions, availability zones,
endpoints

21. 3
Identify your control objectives
and consider the AWS services
and partner services that can
help you address them.

22. 4
Identify and categorize your
information assets that you need
to protect.

23. 5
Design your infrastructure with
the services you need to protect
the assets you have identified.

24. 6
Implement identity management
controls.

25. 7
Secure your infrastructure.
e.g. EC2, RDS, O/S, Network

26. 8
Secure your data using
encryption at rest and in transit.

27. 9
Monitor, alert, and audit.

28. 10
Stay current with your AWS
knowledge through blogs, email,
training, and events.

29. Additional Resources

30. For more information
AWS Security Best Practices Whitepaper
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
AWS Risk and Compliance Whitepaper
https://d1.awsstatic.com/whitepapers/Security/AWS_Security_Best_Practices.pdf
AWS Security Home Page
https://aws.amazon.com/security/
AWS Compliance Home Page
https://aws.amazon.com/compliance/
AWS Security Blog
https://aws.amazon.com/blogs/security/

31. Summary
• Security is job zero for AWS.
• AWS takes care of the security OF the Cloud.
• You define your controls IN the Cloud.
• Compliance is more cost effective in AWS.
• AlertLogic and AWS offer a variety of services to help you
meet your security objectives in the cloud.

32. Thank you!
linkedin.com/jeffscottlevine
@jeffscottlevine
www.jeffscottlevine.com