Amazon Web Services

Security & Compliance in the AWS Cloud

Our Culture

Simple Security Controls

Job Zero

2009

48

280

722

82

2011 2013 2015

AWS has been continually expanding its’ services to support virtually any

cloud workload and now has more than 70 services that range from compute,

storage, networking, database, analytics, application services, deployment,

management and mobile

AWS Pace of Innovation

ENTERPRISE

APPS

DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS

Data

Warehousing

Hadoop/

Spark

Streaming Data

Collection

Machine

Learning

Elastic

Search

Virtual

Desktops

Sharing &

Collaboration

Corporate

Email

Backup

Queuing &

Notifications

Workflow

Search

Email

Transcoding

One-click App

Deployment

Identity

Sync

Single Integrated

Console

Push

Notifications

DevOps Resource

Management

Application Lifecycle

Management

Containers

Triggers

Resource

Templates

TECHNICAL &

BUSINESS

SUPPORT

Account

Management

Support

Professional

Services

Training &

Certification

Security

& Pricing

Reports

Partner

Ecosystem

Solutions

Architects

MARKETPLACE

Business

Apps

Business

IntelligenceDatabases

DevOps

ToolsNetworkingSecurity Storage

RegionsAvailability

Zones

Points of

Presence

INFRASTRUCTURE

CORE SERVICES

ComputeVMs, Auto-scaling,

& Load Balancing

StorageObject, Blocks,

Archival, Import/Export

DatabasesRelational, NoSQL,

Caching, Migration

NetworkingVPC, DX, DNS

CDN

Access

Control

Identity

Management

Key

Management

& Storage

Monitoring

& Logs

Assessment

and reporting

Resource &

Usage Auditing

SECURITY & COMPLIANCE

Configuration

Compliance

Web application

firewall

HYBRID

ARCHITECTURE

Data

Backups

Integrated

App

Deployments

Direct

Connect

Identity

Federation

Integrated

Resource

Management

Integrated

Networking

API

Gateway

IoT

Rules

Engine

Device

Shadows

Device

SDKs

Registry

Device

Gateway

Streaming Data

Analysis

Business

Intelligence

Mobile

Analytics

SHARED

exactly

GxP

ISO 13485

AS9100

ISO/TS 16949

AWS Foundation Services

Compute Storage Database Networking

AWS Global

Infrastructure Regions

Availability

Zones Edge

Locations

AWS is

responsible for

the security OF

the Cloud

AWS Foundation Services

Compute Storage Database Networking

AWS Global

InfrastructureRegions

Availability ZonesEdge

Locations

Client-side Data

Encryption

Server-side Data

EncryptionNetwork Traffic

Protection

Platform, Applications, Identity & Access Management

Operating System, Network, & Firewall Configuration

Customer applications & contentC

usto

mers

Customers have

their choice of

security

configurations IN

the Cloud

AWS is

responsible for the

security OF

the Cloud

decide how to implement

SECURITY IS VISIBILITY

AND AUDITABILITY

How often do you map your

network?

RIGHT NOW?

You are making

API calls...On a growing set of

services around the

world…

AWS CloudTrail

is continuously

recording API

calls…

And delivering

log files to you

AWS CLOUDTRAIL

RedshiftAWS CloudFormation

AWS Elastic Beanstalk

Continuous ChangeRecordingChanging

ResourcesHistory

Stream

Snapshot (ex. 2014-11-05)

AWS Config

AWS Config

SECURITY IS CONTROL

(USERS, RESOURCES,CONTENT)

Control access and segregate duties everywhere

With AWS Identity Access Management you get to control who can do what in your AWS environment and from where

Fine-grained control of your AWS cloud with two-factor authentication

Integrate with your existing corporate directory using SAML 2.0 and single sign-on

AWS account owner

Network management

Security management

Server management

Storage management

US-WEST (Oregon)

EU-WEST (Ireland)

ASIA PAC (Tokyo)

US-WEST (N. California)

SOUTH

AMERICA (Sao

Paulo)

US-EAST (Virginia)

AWS GovCloud (US)

ASIA PAC

(Sydney)

ASIA PAC

(Singapore)

CHINA (Beijing)

EU-CENTRAL (Frankfurt)

you put itASIA PAC (Korea)

13 Regions

35 Availability Zones

59 Edge Locations

ASIA PAC

(Mumbai)

Create your own private, isolated section of the AWS cloudA

va

ila

bil

ity Z

on

e A

Ava

ila

bil

ity Z

on

e B

AWS Virtual Private Cloud

Provision a logically

isolated section of the

AWS cloud

You choose a private IP

range for your VPC

Segment this into subnets

to deploy your compute

instances

AWS network security

AWS network will prevent

spoofing and other

common layer 2 attacks

You cannot sniff anything

but your own EC2 host

network interface

Control all external routing

and connectivity

connect resiliently and in private

YOUR AWS ENVIRONMENT

AWS

Direct

ConnectYOUR

PREMISES

Digital

Websites

Big Data

Analytics

Dev and

Test

Enterprise

Apps

Internet

VPN

AWS Key Management Service

PCI DSS SP L1 Compliant

Under-going FIPS140-2

Encryption key management and compliance made easy

Integrated with AWS Services

(e.g. S3, EBS, RDS, Redshift,

CloudTrail, EMR)

Highly Available and durable

AUDIT EVERYTHING

Auditors

Geographic

data locality

Control over regional

replication

Policies, resource

level permissions,

temporary credentials

Fine-grained

access control In-depth

logging

AWS

CloudTrail

and Config

Fine-grained visibility and control for accounts, resources, data

Visibility into

resources and

usage

Service

Describe*

APIs and

AWS

CloudWatch

Control over

deployment

AWS

CloudFormation

Governance

COMPLIANCE

ISO 9001

SOC 3

SOC 2

ISO 27001

ISO 27017

PCI DSS Level 1ISO 27018

SOC 1 / ISAE 3402

GxPHIPAA

ITAR

FERPA

FISMA, RMF, and DIACAP

FedRAMP

Section 508 / VPAT

DoD SRG Levels 2 & 4

FIPS 140-2

CJIS

Cloud Security Alliance

MPAA

NIST

MLPS Level 3

G-Cloud

IT-Grundschutz

MTCS Tier 3

IRAP Cyber Essentials Plus

More accreditations & certifications than anyone

evidence

You retain control and ownership of your content

Choose your AWS region and adhere to data sovereignty laws

Compliant with ISO 27001, ISO 27017, ISO 27018

Encrypt your data using AWS Services or using your own

Data Sovereignty & Privacy

Vibrant Partner EcosystemInfrastructure

Security

Logging and

Monitoring

Identity and

Access Control

Configuration and

Vulnerability

Analysis

Data

Protection

SaaS

SaaS

SaaS

Job Zero

BETTER IN AWS

Event @ AWS Booth

설문 조사 이벤트

• 설문조사를 작성하시는분들에게, AWS 티셔츠를드립니다!

CLOUDSEC PoC 신청 이벤트

• PoC를 신청하시는 분들에게,무료 컨설팅과 보조 배터리를드립니다!

AWS CLOUD SECURITY PARTNER

In order to secure your valuable data, MEGAZONE is

working together with its No.1 PARTNERS, AWS and

TrendMicro, in providing diverse services.

No 1.

PREMIER PARTNER

No 1.

SECURITY PARTNER

No1. Biz PARTNER