Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
The Cloud Changes Nothing
… and Everything!
©Amazon.com, Inc. and its affiliates. All rights reserved.
Deep experience in building
and operating global web
scale systems
About Amazon Web
Services
?
…get into cloud computing?
How did Amazon…
Consumer Business
Tens of millions of active customer
accounts
Eight countries: US, UK, Germany,
Japan, France, Canada, China, Italy
Seller Business
Sell on Amazon websites
Use Amazon technology for your own retail website
Leverage Amazon’s massive fulfillment
center network
IT Infrastructure Business
Cloud computing infrastructure for hosting web-scale
solutions
Hundreds of thousands of
registered customers in over 190 countries
AWS Mission
Enable businesses and developers to use web services* to build scalable,
sophisticated applications.
*What people now call “the cloud”
Not excess capacity!
Each day AWS adds the equivalent server
capacity to power Amazon when it was a
global, $5B enterprise
$5.2B retail business
7,800 employees
A whole lot of servers
2003
Migrate existing apps &
data to the cloud
Build new apps, sites,
services & lines of
businesses
Augment On-Premises
resources with cloud
capacity
How Enterprises Use AWS
What is AWS?
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
Database Storage Compute
AWS Global Infrastructure
9 Regions
25 Availability Zones
Continuous Expansion
Powering the Most Popular Internet Businesses
Trusted by Enterprises
What are Customers Using the AWS Cloud For?
Shell uses AWS to Develop Software Faster and Cheaper
Remote Team
Core Development Team
Extra Development Resources
Contractor Team
Lamborghini uses AWS for Dynamic Webapps
Reduced
infrastructure
costs by 50%
Reduced time to
market to near
Zero
Shaw Media uses AWS for Disaster Recovery
Saved $1.8
Million in
second site
costs
Snapshots for
granular
rollbacks
Primary site
Before
After
Primary site
Disaster Recovery Site
Bankinter uses HPC on AWS for Monte Carlo Simulation
Javier Roldán Director of Technical Innovation
“Bankinter uses AWS as an integral part of our credit-risk simulation application; We need to perform at least 5,000,000 simulations to get realistic results”
Credit Data
Average simulation
time went from 23
hours to 20
minutes
Lionsgate uses AWS To host SharePoint & SAP
Amazon VPC
Avoided data
center build
out
Saved $1M
over
3 years
50% lower
cost than
hosting options
Nasdaq used AWS to Build a New Line of Business
Web Application (PCI-DSS)
Security is Our #1 Priority
Architected for Enterprise Security Requirements
“The Amazon Virtual Private Cloud
[Amazon VPC] was a unique option that
offered an additional level of security and
an ability to integrate with other aspects of
our infrastructure.”
Dr. Michael Miller, Head of HPC for R&D
Shared Responsibility for Security & Compliance
Facilities
Physical Security
Compute Infrastructure
Storage Infrastructure
Network Infrastructure
Virtualization Layer
Operating System
Applications
Security Groups
Firewalls
Network Configuration
Account Management
+ =
Customer
The Whole Customer Community Benefits from Security Improvements
Everyone’s Applications
Security Infrastructure
Security Infrastructure
Requirements Requirements Requirements
AWS CloudHSM
HSM – Hardware Security Module
• A hardware device that performs cryptographic operations and key storage
• Used for strong protection of private keys
• Tamper resistant – keys are protected physically and logically
- If a tampering attempt is detected, the appliance destroys the keys
• Device administration and security administration are logically separate
- Physical control of the appliance does not grant access to the keys
• Certified by 3rd parties to comply with government standards of physical and logical security
- FIPS 140-2
- Common Criteria EAL4+
• Historically located in on-permises datacenters
HSM
SafeNet – AWS Advanced Technology Partner
AWS currently provides Luna SA HSM appliances from SafeNet
What is AWS CloudHSM?
Dedicated access to HSM appliances managed & monitored by AWS, but you control the keys Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection
EC2 Instance
AWS CloudHSM
AWS CloudHSM
AWS CloudHSM Service Highlights
• Secure Key Storage – customers retain control of their own keys and
cryptographic operations on the HSM
• Contractual and Regulatory Compliance – helps customers comply with the
most stringent regulatory and contractual requirements for key protection
• Reliable and Durable Key Storage – AWS CloudHSMs are located in
multiple Availability Zones and Regions to help customers build highly available
applications that require secure key storage
• Simple and Secure Connectivity – AWS CloudHSMs are in the customer’s
VPC
• Better Application Performance – reduce network latency and increase the
performance of AWS applications that use HSMs
How Customers Use AWS CloudHSM
Customers use AWS CloudHSM as an architectural building block in securing
applications
– Object encryption
– Digital Rights Management (DRM)
– Document signing
– Secure document repository
– Database encryption
– Transaction processing
AWS Security Resources
• http://aws.amazon.com/security/
• Answers to many security & privacy questions:
– Security Whitepaper
– Risk and Compliance Whitepaper
• Regularly Updated
• Feedback is welcome
Thanks
©Amazon.com, Inc. and its affiliates. All rights reserved.