Amazon Web ServicesShared Responsibility Model

PPT by www.EndPointVault.com

Security &

Compliance

1

2

3

4

Amazon AWS

Amazon offers scalable cloud computing platform to build, deploy and run wide range of application using their servers that are spread across the globe.

AWS Shared Security Model

Amazon AWSFacilitiesPhysical SecurityPhysical InfrastructureNetwork InfrastructureVirtualization Security

Amazon ClientOSApplicationSecurity GroupsOS FirewallNetwork ConfigurationAccount Management

Physical Security - AWS

AWS Facilities state of the art electronic surveillance system.

Authentication and Authorization is done using multi factor access control System.

Data centre is guarded by professionals in security domain.

Hardware are fully guarded and are destroyed before it leave the premise or data center.

Virtualization Security - AWS Security for instances or virtual server is provided on

multiple level to the user:

Host OS (Amazon) Guest OS (User Virtual Instance) Firewall Signed API calls

Each of these security measures are interdependent to provide the overall security and to prevent any unauthorized access to the database.

Host OS Security - AWS• Authorized administrator who needs to access the

management plane are required to pass through the multi-factor authentication before gaining access to the administration host.

• All such cases are logged and audited.

• Privileges are immediately revoked as soon as the work gets completed.

Guest OS Security - AWS

Though virtual instances are totally controlled by the user nevertheless Amazon still provides considerable amount of security to it.

https/SSL enabled login and Guest OS management.

Support for SSH (Secure Shell) network protocol for secure logging in Unix/Linux Instances.

Provides regular updates and patches for the Guest OS (Windows or Linux).

Further security can be easily enhanced by the instance

administrator by using services available in Amazon Marketplace.

Firewall Solution - AWS

• Amazon has created a robust firewall security mechanism where by default all the ports are in deny mode and the user explicitly open the ports to allow the inbound traffic.

• Firewall is guest OS independent and does not reply on the administrator instead, requires the users X.509 certificate and relevant key to authorize changes thus creating an extra layer of security.

Amazon Client Security Responsibility

• Create and manage groups and set security policy to insure data security and safety of your instance.

• Use of Virtual Private Network to ensure network safety and creating Access list to manage the inbound – outbound traffic from your instances.

• Setup VPN tunnel to your end for direct access of your instances.

Identity and Access Management• You can deny access to resources and services (EC2,

S3, Direct Connect, etc.) to those with minimum privileges.

• Use of multi-factor authentication for authorized access.

• API through Access ID/ Secret Key

Amazon Webinars:Security https://www.youtube.com/watch?v=IedaYaKsb-4Amazon AWS Foundationhttps://www.youtube.com/watch?v=Nf-m-dKJYMQ

De-Duplication Processhttp://www.endpointvault.com/de-dupe.html

Resources and further study

Use the Power of Cloud to Secure Your Datavisit http://www.endpointvault.com/