More Related Content
Similar to Top Cloud Security Myths Dispelled
Similar to Top Cloud Security Myths Dispelled (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Top Cloud Security Myths Dispelled
- 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Ahmed Gouda
Solutions Architect, Amazon Web Services
Top Cloud Security Myths –
Dispelled!
Henry Neira
Director Information Services, StarzPlay
- 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SECURITY IS
JOB ZERO
- 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The Three Stages of Cloud Security Curiosity
General Cloud
Security
Specific Service
Security
Data
Security
New to Cloud
and / or
Business Teams
Experienced in Cloud
and / or
Technology Teams
Advanced in Cloud
and / or
Risk Teams
- 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Security
Service Security
Data
Security
Part 1: General Cloud Security
- 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 01:
“The public cloud is not as secure as
my on-premises infrastructure and not
as secure as my private cloud.”
Cloud
Service
Data
- 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
01: AWS Security of the Cloud and in the Cloud
Visible AutomatedPhysical
AWS’s global infrastructure is built to meet the requirements of the
most security-sensitive organisations in the world.
Cloud
Service
Data
- 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 02:
“When I put my data in the cloud I lose
ownership of it, and it may move across
national borders.”
Cloud
Service
Data
- 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
02: You Control and Own Your Content
Access TraceabilityOwnership
You retain ownership and control of your content, and you choose in
which region that content resides.
Cloud
Service
Data
- 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 03:
“I am a highly regulated business and I
cannot use the cloud because of my
compliance requirements.”
Cloud
Service
Data
- 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
03: AWS Global Compliance Program
Countries Enterprise
Agreement
Certifications
Our security assurance program meets or exceeds industry, country-
specific and global security requirements.
Cloud
Service
Data
- 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 04:
“My business requires sensitive
personal data, I can not use the cloud.”
Cloud
Service
Data
- 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
04: Using Encryption on AWS
AWS KMS High
Standards
Ubiquitous
AWS encryption services are integrated into dozens of our services
and meet the strictest industry requirements.
Cloud
Service
Data
- 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 05:
“I have a requirement for security
testing, I cannot do that in the cloud.”
Cloud
Service
Data
- 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
05: Security Testing on AWS
Seek
Approval
Or Use
Pre-Approved
Shared
Responsibility
AWS permits security testing of your resources in line with our
acceptable usage policy, and we provide tools to help you.
Cloud
Service
Data
- 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Security
Service Security
Data
Security
Part 2: Specific Service Security
- 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 06:
“All of my operating systems are
patched automatically in the cloud.”
Cloud
Service
Data
- 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
06: Patch Management on AWS
How We Help Our
Responsibility
Your
Responsibility
You are responsible for patching operating systems that you manage.
AWS is responsible for patching services that we manage.
Cloud
Service
Data
- 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 07:
“I cannot use the cloud to store
sensitive data because everyone will
have access to it.”
Cloud
Service
Data
- 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
07: How to Secure Data in Amazon S3
Notify RespondProtect
Amazon S3 and our other storage services are secure by default.
Customers control who can access their data, and AWS provides multiple
tools so you can understand how access is configured.
Cloud
Service
Data
- 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 08:
“I hear about secret keys being stolen,
the way you grant access is not
secure.”
Cloud
Service
Data
- 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
08: How to Protect AWS Credentials
Temporary
Access
Amazon
GuardDuty
Multi-Factor
Authentication
AWS provides a number of tools to protect your identity and access
credentials and to help you detect misuse.
Cloud
Service
Data
- 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 09:
“I cannot control the deletion of my data
and I cannot verify it has been deleted.”
Cloud
Service
Data
- 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
09: How AWS Manages Data Deletion
Physical ValidatedLogical
When you delete your data we take multiple steps to wipe it and
eventually destroy it. This process is validated by independent
third parties.
Cloud
Service
Data
- 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 10:
“Serverless services are not secure
because they are shared between
customers.”
Cloud
Service
Data
- 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
10: How AWS Protects Serverless Services
Building Blocks Limited SurfaceIdentity
When you use AWS’s serverless services you inherit the multiple layers
of strong security controls that are built into our core services.
Cloud
Service
Data
- 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Security
Service Security
Data
Security
Part 3: Data Access Security
- 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Myth 11:
“A malicious insider can look at my data
via your shared administrative access.”
Cloud
Service
Data
- 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
11: How AWS Manages Administrative Access
Technology
Controls
Process
Controls
Automation
AWS strictly controls our infrequent administrative access to services.
This process has executive oversight within AWS and is validated by
independent third parties.
Cloud
Service
Data
- 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Cloud Security
Service Security
Data
Security
- 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security Benefits of the AWS Cloud
Automate
with deeply
integrated
security
services
Inherit
global
security and
compliance
controls
Highest
standards
for privacy
and data
security
Largest
network
of security
partners and
solutions
Scale with
superior
visibility and
control
- 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
SECURITY IS
JOB ZERO
http://amzn.to/2FZdEgH
Find out more information here:
- 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
About
• Subscription service for video streaming on demand
• Available in 20 countries in MENA
• Multiple methods of payment (>20)
• Custom Apps in multiple devices
• Curated content by region
• 100% Cloud based architecture
• Launched >3 years ago
- 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Born in the cloud
How to launch a new service quickly, without a team in place?
• We looked for the best partners in the cloud and provided
the functionality we needed
• Leveraged the strength of our partners, allowing us to focus
on the core of our business
• Security is one of the areas in which AWS has been helping
us by taking part of the burden
- 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Managing Security
• Security is a shared responsibility. As the company stakeholders, we
need to define our security rules, policies and procedures. AWS helps us
by implementing them easily.
• Certifications and compliance: couldn’t have done it on our own
• On top of managing data privacy for our customers, we have very high
security requirements from our content providers as we have to store
and manage sensitive data. A security breach could have a severe
impact in the company. Encryption is necessary in multiple touch points
of our architecture.
- 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Our security approach
To handle our security requirements, we have grouped it in 3 layers
Layer 1: Infrastructure
Layer 2: Integration
Data
Layer 3: Platform
Defense against public exposure
Security with trusted Partners
Internal security policies
- 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Data in the cloud: Lessons learned
• Security has different angles: traffic control, data privacy, compliance,
fraud controls among others. AWS is simplifying our job in these and other
areas
• After your data is safe in the cloud don’t forget about data accessibility
• Each cloud provider may have different rules:
• For how long do they store the data
• Retrieval methods: API, FTP, email csv, web download
• Maximum frequency
• From all our partners, AWS is the one that gives more accessibility and
control over your data
- 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Conclusion
• Moving to the cloud is a strategic decision where the
security is one of the factors to consider. It is possible to be
secure in the cloud, the question is how to achieve it.
• If you are planning to move to the cloud define your data
needs and plan accordingly. Where do you want to store
your data, backup and archiving policies
- 40. Please complete the session’s survey by
scanning the QR Code printed on your badge or
through the link below.
https://amzn.to/BahrainSessions
- 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank you!