Upload
amazon-web-services
View
643
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Services Enterprise IT Success in the Cloud Security must be the number one priority for any cloud provider and that's no different for Amazon Web Services. Dob Todorov will share AWS insights into cloud security and how AWS meets the needs of today's IT security challenges.
Citation preview
Amazon Web Services Security & Compliance Overview
Dob Todorov Principal Security & Compliance Architect EMEA
undifferentiated heavy lifting
utility computing
Hundreds of Thousands of Customers in 190 Countries…
US West (Northern California)
US East (Northern Virginia)
EU (Ireland)
Asia Pacific (Singapore)
Asia Pacific (Tokyo)
AWS Regions
AWS Edge Locations
GovCloud (US ITAR Region)
US West (Oregon)
South America (Sao Paulo)
Asia Pacific (Sydney)
A B
A B
C
A B
C
A B
C A B
A B A B A B
US West (Northern California)
US West (Oregon)
South America (Sao Paolo)
Asia Pacific (Singapore)
EU West (Dublin)
US East (Virginia)
Asia Pacific (Tokyo)
Asia Pacific (Australia)
Personal Data Protection in Europe
• EC Directive 95/46/EC: Personal Data Protection • Use Amazon Web Services Dublin Region
• Safe Harbour EU Compliant
• Safe Harbour Switzerland Compliant
The Shared Responsibility Model in the Cloud
Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Client-side Data Encryption & Data Integrity Authentication
Server-side Encryption (File System and/or Data)
Network Traffic Protection (Encryption/Integrity/Identity)
Optional -- Opaque Data: 0s and 1s (in flight/at rest)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
User Identification, Authentication and Authorisation in the Cloud
Amazon Identity &
Access Management
IAM Users
EC2
DynamoDB
S3
Active Directory/
LDAP
AD/LDAP Users
Enterprise
Applications
Corporate
Systems
User Identification, Authentication and Authorisation in the Cloud
Amazon Identity &
Access Management
Access Token for
Federated
Access
EC2
DynamoDB
S3
Active Directory/
LDAP
AD/LDAP Users
Enterprise
Applications
Corporate
Systems
The Shared Responsibility Model in the Cloud
Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure
Regions
Availability Zones
Edge Locations
Client-side Data Encryption & Data Integrity Authentication
Server-side Encryption (File System and/or Data)
Network Traffic Protection (Encryption/Integrity/Identity)
Optional -- Opaque Data: 0s and 1s (in flight/at rest)
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer Data
Security OF the Cloud
Security IN the Cloud
Customer-managed Controls on Amazon EC2
OS-level Firewalls/IDS/IPS Systems/Deep Security
Data
Security Groups &
Network Access Control Lists
Industry Standard Protocols:
IPSec, SSL, SSH
OS-level: Encrypted File System,
Bitlocker, dm-crypt, Secure Cloud
Security OF the Cloud
Security IN the Cloud
Applications
Platforms
Operating Systems
Network Security
Encryption of Data at Rest
Encryption of data in Flight
Data Protection at Rest and in Flight
OS-level Firewalls/IDS/IPS Systems/Deep Security
Data
Security Groups &
Network Access Control Lists
Industry Standard Protocols:
IPSec, SSL, SSH
OS-level: Encrypted File System,
Bitlocker, dm-crypt, Secure Cloud
Applications
Platforms
Operating Systems
Network Security
Encryption of Data at Rest
Encryption of data in Flight
Application-level
Encryption
Platform-level
Encryption
Volume-level Encryption
Network Traffic
Encryption
AWS Certifications & Accreditations
SOC 1 (SSAE 16 & ISAE 3402) Type II Audit
SOC 2
SOC 3 Audit (new in 2013)
ISO 27001
Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service Provider
Security IN the Cloud
Security OF the Cloud
Q&A