SlideShare a Scribd company logo

Top Cloud Security Myths Dispelled

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services
1 of 41
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ahmed Gouda Solutions Architect, Amazon Web Services Top Cloud Security Myths – Dispelled! Henry Neira Director Information Services, StarzPlay
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SECURITY IS JOB ZERO
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Three Stages of Cloud Security Curiosity General Cloud Security Specific Service Security Data Security New to Cloud and / or Business Teams Experienced in Cloud and / or Technology Teams Advanced in Cloud and / or Risk Teams
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security Part 1: General Cloud Security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 01: “The public cloud is not as secure as my on-premises infrastructure and not as secure as my private cloud.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 01: AWS Security of the Cloud and in the Cloud Visible AutomatedPhysical AWS’s global infrastructure is built to meet the requirements of the most security-sensitive organisations in the world. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 02: “When I put my data in the cloud I lose ownership of it, and it may move across national borders.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 02: You Control and Own Your Content Access TraceabilityOwnership You retain ownership and control of your content, and you choose in which region that content resides. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 03: “I am a highly regulated business and I cannot use the cloud because of my compliance requirements.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 03: AWS Global Compliance Program Countries Enterprise Agreement Certifications Our security assurance program meets or exceeds industry, country- specific and global security requirements. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 04: “My business requires sensitive personal data, I can not use the cloud.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 04: Using Encryption on AWS AWS KMS High Standards Ubiquitous AWS encryption services are integrated into dozens of our services and meet the strictest industry requirements. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 05: “I have a requirement for security testing, I cannot do that in the cloud.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 05: Security Testing on AWS Seek Approval Or Use Pre-Approved Shared Responsibility AWS permits security testing of your resources in line with our acceptable usage policy, and we provide tools to help you. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security Part 2: Specific Service Security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 06: “All of my operating systems are patched automatically in the cloud.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 06: Patch Management on AWS How We Help Our Responsibility Your Responsibility You are responsible for patching operating systems that you manage. AWS is responsible for patching services that we manage. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 07: “I cannot use the cloud to store sensitive data because everyone will have access to it.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 07: How to Secure Data in Amazon S3 Notify RespondProtect Amazon S3 and our other storage services are secure by default. Customers control who can access their data, and AWS provides multiple tools so you can understand how access is configured. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 08: “I hear about secret keys being stolen, the way you grant access is not secure.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 08: How to Protect AWS Credentials Temporary Access Amazon GuardDuty Multi-Factor Authentication AWS provides a number of tools to protect your identity and access credentials and to help you detect misuse. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 09: “I cannot control the deletion of my data and I cannot verify it has been deleted.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 09: How AWS Manages Data Deletion Physical ValidatedLogical When you delete your data we take multiple steps to wipe it and eventually destroy it. This process is validated by independent third parties. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 10: “Serverless services are not secure because they are shared between customers.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10: How AWS Protects Serverless Services Building Blocks Limited SurfaceIdentity When you use AWS’s serverless services you inherit the multiple layers of strong security controls that are built into our core services. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security Part 3: Data Access Security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 11: “A malicious insider can look at my data via your shared administrative access.” Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11: How AWS Manages Administrative Access Technology Controls Process Controls Automation AWS strictly controls our infrequent administrative access to services. This process has executive oversight within AWS and is validated by independent third parties. Cloud Service Data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Benefits of the AWS Cloud Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SECURITY IS JOB ZERO http://amzn.to/2FZdEgH Find out more information here:
Cloud security at
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. About • Subscription service for video streaming on demand • Available in 20 countries in MENA • Multiple methods of payment (>20) • Custom Apps in multiple devices • Curated content by region • 100% Cloud based architecture • Launched >3 years ago
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Born in the cloud How to launch a new service quickly, without a team in place? • We looked for the best partners in the cloud and provided the functionality we needed • Leveraged the strength of our partners, allowing us to focus on the core of our business • Security is one of the areas in which AWS has been helping us by taking part of the burden
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managing Security • Security is a shared responsibility. As the company stakeholders, we need to define our security rules, policies and procedures. AWS helps us by implementing them easily. • Certifications and compliance: couldn’t have done it on our own • On top of managing data privacy for our customers, we have very high security requirements from our content providers as we have to store and manage sensitive data. A security breach could have a severe impact in the company. Encryption is necessary in multiple touch points of our architecture.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our security approach To handle our security requirements, we have grouped it in 3 layers Layer 1: Infrastructure Layer 2: Integration Data Layer 3: Platform Defense against public exposure Security with trusted Partners Internal security policies
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data in the cloud: Lessons learned • Security has different angles: traffic control, data privacy, compliance, fraud controls among others. AWS is simplifying our job in these and other areas • After your data is safe in the cloud don’t forget about data accessibility • Each cloud provider may have different rules: • For how long do they store the data • Retrieval methods: API, FTP, email csv, web download • Maximum frequency • From all our partners, AWS is the one that gives more accessibility and control over your data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Conclusion • Moving to the cloud is a strategic decision where the security is one of the factors to consider. It is possible to be secure in the cloud, the question is how to achieve it. • If you are planning to move to the cloud define your data needs and plan accordingly. Where do you want to store your data, backup and archiving policies
Q&A
Please complete the session’s survey by scanning the QR Code printed on your badge or through the link below. https://amzn.to/BahrainSessions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!

Recommended

Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
GDPR and Automation Overview
GDPR and Automation OverviewGDPR and Automation Overview
GDPR and Automation OverviewAmazon Web Services
 

Recommended

Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
GDPR and Automation Overview
GDPR and Automation OverviewGDPR and Automation Overview
GDPR and Automation OverviewAmazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
 
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...Amazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAmazon Web Services
 
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Amazon Web Services
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep DiveAmazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
 
Top Security Myths Dispelled
Top Security Myths DispelledTop Security Myths Dispelled
Top Security Myths DispelledAmazon Web Services
 

More Related Content

What's hot

Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...Amazon Web Services
 
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...Amazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAmazon Web Services
 
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Amazon Web Services
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 

What's hot (20)

Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...
 
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPR
 
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
Serverless remediation in Financial Services: A custom tool - SEP311 - AWS re...
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019 Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
Building secure APIs in the cloud - SDD403-R - AWS re:Inforce 2019
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 

Similar to Top Cloud Security Myths Dispelled

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAmazon Web Services
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledAmazon Web Services
 
Initiate Edinburgh 2019 - Top Cloud Security Myths Dispelled
Initiate Edinburgh 2019 - Top Cloud Security Myths DispelledInitiate Edinburgh 2019 - Top Cloud Security Myths Dispelled
Initiate Edinburgh 2019 - Top Cloud Security Myths DispelledAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Sicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWSSicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWSAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 

Similar to Top Cloud Security Myths Dispelled (20)

Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
 
Top Security Myths Dispelled
Top Security Myths DispelledTop Security Myths Dispelled
Top Security Myths Dispelled
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - Dispelled
 
Initiate Edinburgh 2019 - Top Cloud Security Myths Dispelled
Initiate Edinburgh 2019 - Top Cloud Security Myths DispelledInitiate Edinburgh 2019 - Top Cloud Security Myths Dispelled
Initiate Edinburgh 2019 - Top Cloud Security Myths Dispelled
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Sicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWSSicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWS
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Top Cloud Security Myths Dispelled

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ahmed Gouda Solutions Architect, Amazon Web Services Top Cloud Security Myths – Dispelled! Henry Neira Director Information Services, StarzPlay
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SECURITY IS JOB ZERO
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Three Stages of Cloud Security Curiosity General Cloud Security Specific Service Security Data Security New to Cloud and / or Business Teams Experienced in Cloud and / or Technology Teams Advanced in Cloud and / or Risk Teams
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security Part 1: General Cloud Security
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 01: “The public cloud is not as secure as my on-premises infrastructure and not as secure as my private cloud.” Cloud Service Data
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 01: AWS Security of the Cloud and in the Cloud Visible AutomatedPhysical AWS’s global infrastructure is built to meet the requirements of the most security-sensitive organisations in the world. Cloud Service Data
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 02: “When I put my data in the cloud I lose ownership of it, and it may move across national borders.” Cloud Service Data
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 02: You Control and Own Your Content Access TraceabilityOwnership You retain ownership and control of your content, and you choose in which region that content resides. Cloud Service Data
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 03: “I am a highly regulated business and I cannot use the cloud because of my compliance requirements.” Cloud Service Data
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 03: AWS Global Compliance Program Countries Enterprise Agreement Certifications Our security assurance program meets or exceeds industry, country- specific and global security requirements. Cloud Service Data
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 04: “My business requires sensitive personal data, I can not use the cloud.” Cloud Service Data
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 04: Using Encryption on AWS AWS KMS High Standards Ubiquitous AWS encryption services are integrated into dozens of our services and meet the strictest industry requirements. Cloud Service Data
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 05: “I have a requirement for security testing, I cannot do that in the cloud.” Cloud Service Data
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 05: Security Testing on AWS Seek Approval Or Use Pre-Approved Shared Responsibility AWS permits security testing of your resources in line with our acceptable usage policy, and we provide tools to help you. Cloud Service Data
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security Part 2: Specific Service Security
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 06: “All of my operating systems are patched automatically in the cloud.” Cloud Service Data
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 06: Patch Management on AWS How We Help Our Responsibility Your Responsibility You are responsible for patching operating systems that you manage. AWS is responsible for patching services that we manage. Cloud Service Data
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 07: “I cannot use the cloud to store sensitive data because everyone will have access to it.” Cloud Service Data
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 07: How to Secure Data in Amazon S3 Notify RespondProtect Amazon S3 and our other storage services are secure by default. Customers control who can access their data, and AWS provides multiple tools so you can understand how access is configured. Cloud Service Data
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 08: “I hear about secret keys being stolen, the way you grant access is not secure.” Cloud Service Data
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 08: How to Protect AWS Credentials Temporary Access Amazon GuardDuty Multi-Factor Authentication AWS provides a number of tools to protect your identity and access credentials and to help you detect misuse. Cloud Service Data
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 09: “I cannot control the deletion of my data and I cannot verify it has been deleted.” Cloud Service Data
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 09: How AWS Manages Data Deletion Physical ValidatedLogical When you delete your data we take multiple steps to wipe it and eventually destroy it. This process is validated by independent third parties. Cloud Service Data
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 10: “Serverless services are not secure because they are shared between customers.” Cloud Service Data
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10: How AWS Protects Serverless Services Building Blocks Limited SurfaceIdentity When you use AWS’s serverless services you inherit the multiple layers of strong security controls that are built into our core services. Cloud Service Data
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security Part 3: Data Access Security
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Myth 11: “A malicious insider can look at my data via your shared administrative access.” Cloud Service Data
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 11: How AWS Manages Administrative Access Technology Controls Process Controls Automation AWS strictly controls our infrequent administrative access to services. This process has executive oversight within AWS and is validated by independent third parties. Cloud Service Data
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Security Service Security Data Security
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security Benefits of the AWS Cloud Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. SECURITY IS JOB ZERO http://amzn.to/2FZdEgH Find out more information here:
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. About • Subscription service for video streaming on demand • Available in 20 countries in MENA • Multiple methods of payment (>20) • Custom Apps in multiple devices • Curated content by region • 100% Cloud based architecture • Launched >3 years ago
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Born in the cloud How to launch a new service quickly, without a team in place? • We looked for the best partners in the cloud and provided the functionality we needed • Leveraged the strength of our partners, allowing us to focus on the core of our business • Security is one of the areas in which AWS has been helping us by taking part of the burden
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Managing Security • Security is a shared responsibility. As the company stakeholders, we need to define our security rules, policies and procedures. AWS helps us by implementing them easily. • Certifications and compliance: couldn’t have done it on our own • On top of managing data privacy for our customers, we have very high security requirements from our content providers as we have to store and manage sensitive data. A security breach could have a severe impact in the company. Encryption is necessary in multiple touch points of our architecture.
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our security approach To handle our security requirements, we have grouped it in 3 layers Layer 1: Infrastructure Layer 2: Integration Data Layer 3: Platform Defense against public exposure Security with trusted Partners Internal security policies
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data in the cloud: Lessons learned • Security has different angles: traffic control, data privacy, compliance, fraud controls among others. AWS is simplifying our job in these and other areas • After your data is safe in the cloud don’t forget about data accessibility • Each cloud provider may have different rules: • For how long do they store the data • Retrieval methods: API, FTP, email csv, web download • Maximum frequency • From all our partners, AWS is the one that gives more accessibility and control over your data
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Conclusion • Moving to the cloud is a strategic decision where the security is one of the factors to consider. It is possible to be secure in the cloud, the question is how to achieve it. • If you are planning to move to the cloud define your data needs and plan accordingly. Where do you want to store your data, backup and archiving policies
  • 39. Q&A
  • 40. Please complete the session’s survey by scanning the QR Code printed on your badge or through the link below. https://amzn.to/BahrainSessions
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you!