Compliance on AWS

Bertram Dorn – Specialized Solutions Architect

Security/Compliance

Network/Databases

Amazon Web Services Germany GmbH

©Amazon.com, Inc. and its affiliates. All rights reserved.

Compliance to find the right Security Position

Compliance to find the right Security Position

• A common language• A common framework• A common baseline and point

of reference

Compliance to find the right Security Position

Compliance helps to find the right security setting(s)Compliance frameworks tell you what you have to do as a minimumA (e.g. Customer) does want to check on which level B (e.g. AWS) is doing somethingBut:

“Security = Compliance, if and only if your only threat actor is your auditor”

Get the auditing party involved early)

Layers of security controls in AWS

Cross-service Controls

Service-specific Controls

Managed by AWS

Managed by Customer

Security of the Cloud

Security in the Cloud

Cloud Service Provider Controls

Optimized Network/OS/App Controls

Request reports at:aws.amazon.com/compliance/#contact

In Combination

AWS Security

Measurements And

Certification

Security of the Customer

Environment

IT-GrundschutzEU Data PrivacySarbanes-Oxley (SOX) HIPAA (healthcare)…etc

The main AWS Compliance Frameworks of today

Certificates: Programmes:

Go Global in Minutes and Maintain a Single Security Standard

AWS Region

US-WEST (Oregon)

ASIA PAC

(Tokyo)

ASIA PAC

(Singapore)

US-WEST (North

California)

SOUTH AMERICA (Sao

Paulo)

US-EAST (Virginia)

GOV CLOUD

ASIA PAC

(Sydney)

decide where you put your data and applications

China (Beijing)

EU-

CENTRAL(Frankfurt)EU-WEST (Dublin)

Availability Zone

On a global footprint 5 AZs in Europe Low Latency in Europe Data Resides in Europe Multi Timezone Security Concepts Backup/Restore/DR only in Europe

The main AWS Compliance Frameworks of today

Certificates: Programmes:

When?

Supervisory Duties…

Demo:

Others?

Further Standards in AWSPrivacy ProtectionWho else is looking into this?

Bertram DornAmazon Web Services Germany GmbHbedorn@amazon.de

Additional Ressources:

http://aws.amazon.com/documentationhttp://aws.amazon.com/compliancehttp://aws.amazon.com/security