© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Mitigating Cyber Risks on AWSBertram Dorn, Specialized Solutions Architect for Security

and Compliance

On demand Pay as you go

Uniform Available

Cloud

Cloud Services

What is AWS?

AWS Global Infrastructure

Application Services

Networking

Deployment & Administration

DatabaseStorageCompute

API

• WebInterface• CLI• SDK• API

Architect

AWS IAM

Resource / ApplicationUser

AmazonS3

AmazonDynamoDB

Amazon API Gateway Amazon

SES

AmazonSQS

Application

API Features• DDoS Protected• MultiAZ• Available• Encryption in

Transport• Authenticated• Logging

Shared Responsibility

Cross-service Controls

Service-specific Controls

Managed by AWS

Managed by Customer

Security of the Cloud

Security in the Cloud

Cloud Service Provider Controls

Optimized Network/OS/App Controls

Request reports at:aws.amazon.com/compliance/#contact

ISO27000

ISO9001

The Paths

CloudData Path Command Path

Application Path

Managed by Customer

Services Command Path

Amazon Macie

Amazon CloudWatch

AWSCloudTrail

AWSConfig

IAMAWSOrganizations

AWS KMS

flow logs

Amazon ESEBSS3SQSWork*SSM

Guard Duty

Services Data Path

AWS Shield

AWS WAF

Elastic Load Balancing*

AWS Direct Connect

Amazon CloudFront

AmazonRoute 53

Amazon Inspector

AWS Certificate Manager

Amazon API Gateway

AWSLambda

virtual private cloud

customer gateway

Internet gateway

VPCpeering

VPN gateway

Amazon EC2 Systems Manager

AWSCloudHSM

Thank you