This session provides real guidance and practical answers to government users’ questions about security and compliance, helping agencies move away from the “worry-based fiction” of the cloud
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Security and Compliance
1. AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
AWS Security & Compliance
Dob Todorov
Regional Head – Public Sector Solutions Architecture
Principal Security & Compliance Solutions Architect
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
EMEA
2. Security Is Our No.1 Priority
Comprehensive Security Capabilities to Support Virtually Any Workload
PEOPLE &
PROCEDURES
NETWORK
SECURITY
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
PHYSICAL
SECURITY
PLATFORM
SECURITY
3. SECURITY IS SHARED
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
4. WHAT NEEDS
TO BE DONE
TO KEEP THE
SYSTEM SAFE
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
5. AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
WHAT
WE DO
FOR YOU
WHAT YOU DO
YOURSELF
6. EVERY CUSTOMER HAS ACCESS
TO THE SAME SECURITY
CAPABILITIES
CHOOSE WHAT’S RIGHT FOR YOUR
ENTERPRISE
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
7. “Based on our experience, I believe that we
can be even more secure in the AWS cloud
than in our own data centers”
Tom Soderstrom – CTO
NASA JPL
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
8. IDC Survey
Attitudes and Perceptions Around Security and Cloud Services
Nearly 60% of organizations agreed that CSPs [Cloud Service Providers]
provide better security than their own IT organization
Source: IDC 2013 U.S. Cloud Security Survey
Doc #242836, September 2013
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
9. AWS SECURITY OFFERS MORE
VISIBILITY
AUDITABILITY
CONTROL
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
10. MORE VISIBILITY
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
11. CAN YOU MAP YOUR NETWORK?
WHAT IS IN YOUR ENVIRONMENT
RIGHT NOW?
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
18. AWS CLOUDTRAIL
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
19. AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
You are making
API calls...
On a growing set of
services around the
world…
CloudTrail is
continuously
recording API
calls…
And delivering
log files to you
20. AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
Security Analysis
Use log files as an input into log management and analysis solutions to perform security
analysis and to detect user behavior patterns.
Track Changes to AWS Resources
Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances,
Amazon VPC security groups and Amazon EBS volumes.
Troubleshoot Operational Issues
Quickly identify the most recent changes made to resources in your environment.
Compliance Aid
Easier to demonstrate compliance with internal policies and regulatory standards.
21. LOGS
OBTAINED, RETAINED,
ANALYZED
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
22. MORE CONTROL
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
23. Defense in Depth
Multi level security
• Physical security of the data centers
• Network security
• System security
• Data security
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
24. AWS Security Delivers More Control & Granularity
Customize the implementation based on your business needs
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
AWS Storage
Gateway
AWS
CloudHSM
Defense in depth
Rapid scale for security
Automated checks with AWS Trusted Advisor
Fine grained access controls
Server side encryption
Multi-factor authentication
Dedicated instances
Direct connection, Storage Gateway
HSM-based key storage
AWS IAM
Amazon VPC
AWS Direct
Connect
25. LEAST PRIVILEGE PRINCIPLE
AT AWS
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
26. LEAST PRIVILEGE PRINCIPLE
CONFINE ROLES ONLY TO THE MATERIAL
REQUIRED TO DO SPECIFIC WORK
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
27. LEAST PRIVILEGE PRINCIPLE
SEPARATE NETWORKS FOR CORPORATE WORK VS.
ACCESSING CUSTOMER DATA
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
28. LEAST PRIVILEGE PRINCIPLE
MUST HAVE A BUSINESS NEED-TO-KNOW ABOUT
SENSITIVE INFORMATION LIKE DATA CENTER
LOCATIONS
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
29. LEAST PRIVILEGE PRINCIPLE
MUST HAVE A BUSINESS NEED-TO-KNOW IN ORDER
TO ACCESS DATA CENTERS
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
30. SIMPLE SECURITY CONTROLS
ARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT,
AND EASIEST TO ENFORCE
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
39. USE MULTIPLE AZs
AMAZON S3
AMAZON DYNAMODB
AMAZON RDS MULTI-AZ
AMAZON EBS SNAPSHOTS
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
40. DATA ENCRYPTION
CHOOSE WHAT’S RIGHT FOR YOU:
Automated – AWS manages encryption
Enabled – user manages encryption using AWS
Client-side – user manages encryption using their own mean
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
41. AWS CloudHSM
Managed and monitored by AWS, but you
control the keys
Increase performance for applications that
use HSMs for key storage or encryption
Comply with stringent regulatory and
contractual requirements for key protection
AWS CloudHSM
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
EC2 Instance
AWS CloudHSM
42. ENCRYPT YOUR DATA
AWS CLOUDHSM
AMAZON S3 SSE
AMAZON GLACIER
AMAZON REDSHIFT
AMAZON RDS
AMAZON EBS
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
43. MORE AUDITABILITY
MORE VISIBILITY
MORE CONTROL
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014
44. AWS Security Whitepapers
AUDITING SECURITY CHECKLIST
SECURITY BEST PRACTICES
SECURITY PROCESSES
RISK & COMPLIANCE
AWS Government, Education, and Nonprofits Symposium
London | 21 Oct 2014