AWS Webcast - Understanding the AWS Security Model
•
8 likes•8,593 views
This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need. Learning Objectives: • Understand the security measures AWS puts in place to secure the environment where your data lives • Understand the tools AWS offers to help you create a resilient environment with the security you need • Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud Who Should Attend: - Prospects and customers with a security background - Who are interested in using AWS to manage security-sensitive workloads
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to AWS Webcast - Understanding the AWS Security Model
Similar to AWS Webcast - Understanding the AWS Security Model (20)
More from Amazon Web Services
More from Amazon Web Services (20)
Recently uploaded
Recently uploaded (20)
AWS Webcast - Understanding the AWS Security Model
- 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Max Ramsay, Head of Americas Security Solution Architecture, AWS March 19th, 2015 Understanding the AWS Shared Security Model
- 2. Security is Job Zero Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL
- 3. Vodafone built a mobile payment app Amazon Web Services was the clear choice in terms of security. Stefano Harak Online Senior Product Manager PCI and DSS compliance was essential Launched in 3 months Reduced CapEx by 30% Deployed to 7 channels, including Facebook Payments
- 4. Agenda • AWS Culture • Shared Security Model • Compliance • Tools & Features • Where to get help
- 5. Security & compliance requirements from every industry
- 6. Expert Audits: Transparency & Accuracy SME SME SME SME SME
- 7. Security, compliance, governance, and audit related launches and updates AWS constantly innovating – driven by your needs
- 8. Native tools improve compliance efficiency Discover and provision cloud services Audit and troubleshoot configuration changes in the cloud Get consistent visibility of cloud logs
- 9. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity Data Infrastructure Customer applications & content YouAWS and you share responsibility for security You get to define your controls IN the Cloud AWS takes care of the security OF the Cloud
- 10. What this means • You benefit from an environment built for the most security sensitive organizations • AWS manages 1,800+ security controls so you don’t have to • You get to define the right security controls for your workload sensitivity • You always have full ownership and control of your data
- 11. Key AWS Certifications and Assurance Programs
- 12. IT Grundschutz Certification Workbook • Assessed by TÜV TRUST IT • AWS controls meet BSI IT Grundschutz requirements • Customers can integrate AWS infrastructure into their own ISMS and be compliant • Report and workbook available at aws.amazon.com/compliance
- 13. On AWS •Start on base of accredited services •Functionally necessary – high watermark of requirements •Audits done by third party experts •Accountable to everyone •Continuous monitoring •Compliance approach based on all workload scenarios •Security innovation drives broad compliance On-prem • Start with bare concrete • Functionally optional (you can build a secure system without it) • Audits done by an in-house team • Accountable to yourself • Typically check once a year • Workload-specific compliance checks • Must keep pace and invest in security innovation Accreditation & Compliance: on-prem vs on AWS
- 14. AWS Security Tools & Features IdentityDataInfrastructure Customer applications & content Oversight & Monitoring • AWS and its partners offer over 700 security services, tools and features • Mirror the familiar controls you deploy within your on-prem environments
- 15. Infrastructure: Enforce consistent security on hosts EC2 AMI catalogue Running instance Your instance Hardening Audit and logging Vulnerability management Malware and HIPS Whitelisting and integrity User administration Operating system • You fully control EC2 instances • Configure and harden to your own specs! • Use host-based protection software • Manage administrative users • Enforce separation of duties & least privilege • Build out the rest of your standard security environment • Connect to your existing services, e.g. SIEM, monitoring, patching
- 16. Create flexible, resilient, segmented environments Your organization Project Teams Marketing Business Units Reporting Digital / Websites Dev and Test Redshift EMR Analytics Internal Enterprise Apps Amazon S3 Amazon Glacier Storage/ Backup
- 17. Encrypt your Elastic Block Store volumes any way you like • AWS native EBS encryption for free with a mouse-click • Encrypt yourself using free utilities, plus Trend Micro, SafeNet and other partners for high-assurance key management solutions Amazon S3 offers either server or client-side encryption • Manage your own keys or let AWS do it for you Redshift has one-click disk encryption as standard • Encrypt your data analytics • You can supply your own keys Amazon RDS supports encryption • Encrypt your MySQL or PostgreSQL databases using keys you manage through AWS Key Management Service (KMS) • Supports Transparent Data Encryption in SQL Server and Oracle Data: Encrypt your sensitive information DBA
- 18. Identity: Control access and segregate duties everywhere You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi- factor authentication Integrate with your existing corporate directory using SAML 2.0 and single sign-on AWS account owner Network management Security management Server management Storage management
- 19. Full visibility of your AWS environment • CloudTrail will record access to API calls and save logs in your S3 buckets, no matter how those API calls were made Who did what and when and from where (IP address) • Support for many AWS services and growing - includes EC2, EBS, VPC, RDS, IAM and RedShift • Easily Aggregate all log information Out of the box integration with log analysis tools from AWS partners including Splunk, AlertLogic and SumoLogic Monitoring: Get consistent visibility of logs
- 20. AWS Marketplace: One-stop shop for security tools Advanced Threat Analytics Application Security Identity and Access Mgmt Encryption & Key Mgmt Server & Endpoint Protection Network Security Vulnerability & Pen Testing
- 21. Getting help – Trusted Advisor Performs a series of security configuration checks of your AWS environment: • Open ports • Unrestricted access • IAM use • CloudTrail Logging • S3 Bucket Permissions • Multi-factor auth • Password Policy • DB Access Risk • DNS Records • Load Balancer config
- 22. Getting Help: Support Account Team • Your Account Manager is your advocate • Solutions Architects have a wealth of expertise Four tiers of support • Free – Basic, forum-based & health check support • Developer – Email support & best practice guidance • Business – Phone/chat/email support, 1 hour response time • Enterprise – 15 min response time, dedicated Technical Account Manager
- 23. Getting Help: Professional Services AWS Professional Services • Enterprise Security Architecture • Policy & Controls Mapping • SOC Design AWS Partner Network • Over 600 certified AWS Consulting Partners worldwide
- 24. Summary • Security is job zero for AWS • AWS takes care of the security OF the Cloud • You define your controls IN the Cloud • Compliance is more cost effective in AWS • You can take advantage of over 700 services, tools and features from AWS and partners • AWS and partner resources on hand to help
- 25. Thank you!