Weitere ähnliche Inhalte Ähnlich wie AWS Cloud Security Fundamentals (20) Mehr von Amazon Web Services (20) AWS Cloud Security Fundamentals1. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Cloud security fundamentals
Protecting financial services in the AWS Cloud
Mario Vlachakis, AWS Senior Solutions Architect
SIBOS 2019
2. © 2019, Amazon Web Services, Inc. or its Affiliates.
Table of Contents
• AWS Cloud Infrastructure
• Today’s Security & Compliance Landscape in Financial Services
• The AWS Shared Responsibility Model
• AWS Security Services
• AWS Compliance Programs and Auditing Tools
• Benefits of AWS Security & Compliance
3. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS provides a consistent global infrastructure
The AWS Cloud spans 69 Availability Zones within 22 geographic Regions around the
world, with announced plans for 9 more Availability Zones and three more Regions in
Cape Town, Jakarta, and Milan.
4. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS provides a consistent global infrastructure
The AWS Cloud spans 69 Availability Zones within 22 geographic Regions around the world,
with announced plans for 9 more Availability Zones and three more Regions in Cape Town,
Jakarta, and Milan.
5. © 2019, Amazon Web Services, Inc. or its Affiliates.
Sample US Region
Zoom In: AWS Region Zoom In: AWS AZ
Datacenter Datacenter
Datacenter
Sample Availability Zone
Availability
Zone B
Availability
Zone A
Availability
Zone C
6. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Region and Availability Zone Summary
Availability
Zone B
Availability
Zone A
Availability
Zone C
Availability
Zone B
Availability
Zone A
Availability
Zone C
Sample Region Sample Region
7. © 2019, Amazon Web Services, Inc. or its Affiliates.
Today’s Security &
Compliance Landscape
8. © 2019, Amazon Web Services, Inc. or its Affiliates.
Today’s Security & Compliance Landscape
ORMove fast Stay secure
Organizations have traditionally had to make this difficult choice:
9. © 2019, Amazon Web Services, Inc. or its Affiliates.
Today’s Security & Compliance Landscape
ANDMove fast Stay secure
With the rise of cloud adoption, organizations no longer have to choose:
10. © 2019, Amazon Web Services, Inc. or its Affiliates.
Today’s Security & Compliance Landscape
In its shift to the cloud, the Financial Services industry is confronting a range of
familiar and emerging issues:
Evolving regulatory
requirements
Meeting regional
requirements
Sophisticated,
targeted attacks
Onerous reporting
requirements
Limited specialist
resources
11. © 2019, Amazon Web Services, Inc. or its Affiliates.
The AWS Shared
Responsibility Model
12. © 2019, Amazon Web Services, Inc. or its Affiliates.
The AWS Shared Responsibility Model
Security & Compliance is a shared responsibility between AWS and the customer.
13. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Security Services
14. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Security Services
Inherit global
controls
Scale with
visibility & control
Highest standards
—privacy & security
Industry-leading
security partners
As a customer, you inherit AWS’ security infrastructure benefits and have access to
our security services and the largest network of cloud security partners.
Automated security
protocols
15. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Security Services
Pace of Innovation
AWS continues to increase service launches, feature additions, and service updates.
This includes 239
security updates.
2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
1800+
1430
1017
722
516
280
159
82614824
16. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Security Services
Identity &
Access
Detective
Controls
Infrastructure
Security
Data
Protection
Incident
Response
AWS Identity & Access
Management (IAM)
AWS Single Sing-On
AWS Directory Service
Amazon Cognito
AWS Organizations
AWS Secrets Manager
AWS Resource Access
Manager
AWS Security Hub
AWS Control Tower
Amazon GuardDuty
AWS Config
AWS CloudTrail
Amazon CloudWatch
VPC Flow Logs
AWS Systems Manager
AWS Shield
AWS WAF (Web
Application Firewall)
AWS Firewall Manager
Amazon Inspector
Amazon Virtual Private
Cloud (VPC)
AWS Key Management
Service (KMS)
AWS CloudHSM
AWS Certificate
Manager
Amazon Macie
Server-side Encryption
AWS Config Rules
AWS Lambda
17. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Compliance
Programs and Auditing
Tools
18. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Compliance Programs and Auditing Tools
Terms &
Conditions Transparency
Compliance,
Security Tools
& Services
Security &
Continuity
Assets
Deep
Industry
Expertise
Regulatory
Engagement
Guidance and programs to help
customers quickly set up robust
compliance programs
Tools and assets to help
customers manage
audit demands
Mechanisms to advocate for
and share best practices with
customers
> >
Tools and guidance to enable compliance:
19. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Compliance Programs and Auditing Tools
Certifications / Attestations Laws / Regulations / Privacy Alignments / Frameworks
ASIP HDS [France]
C5 [Germany]
Cyber Essentials Plus
[UK]
DoD SRG
ENS High [Spain]
FedRAMP
FIPS
IRAP [Australia]
ISO 9001
ISO 27001
ISO 27017
ISO 27018
K-ISMS [Korea]
MTCS [Singapore]
PCI DSS Level 1
SEC Rule 17-a-4(f)
SOC 1
SOC 2
SOC 3
TISAX
Argentina Data
Privacy
CCPA
CISPE
CLOUD Act
FERPA
GDPR
GLBA
HIA [Alberta,
Canada]
HIPAA
HITECH
IRS 1075
ITAR
My Number Act
[Japan]
U.K. DPA - 1988
VPAT / Section 508
Privacy Act [Australia]
Privacy Act [New
Zealand]
PDPA - 2010
[Malaysia]
PDPA - 2012
[Singapore]
PHIPA [Ontario,
Canada]
PIPEDA [Canada]
Spanish DPA
Authorization
CIS
CJIS
CSA
EU-US
Privacy Shield
FFIEC
FISC
FISMA
Uptime Institute
Tiers
UK Cloud Security
Principles
G-Cloud [UK]
GxP (FDA CFR 21 Part
11)
ICREA
IT Grundschutz
[Germany]
MITA 3.0
MPAA
NIST
20. © 2019, Amazon Web Services, Inc. or its Affiliates.
Ongoing engagement with regulators around the world serves two purposes:
To share our approach and tools:1.
Educate regulators to help examiners audit
AWS environments
Help shape the regulatory landscape to
reflect changes in technology
Facilitate dialogue between the industry
and its regulators
To assess and explain policy:2.
Regulatory policy evaluations to assess the
potential impact of regulations
Country-by-country impact assessments to map how
financial institutions need to operate
Region- and country-specific compliance guides to
document key policy changes and responses
The result: The environment and feedback supports our customers’ abilities to
innovate with confidence.
AWS Compliance Programs and Auditing Tools
21. © 2019, Amazon Web Services, Inc. or its Affiliates.
AWS Compliance Programs and Auditing Tools
The AWS Compliance
Center is a central
location to research cloud
regulations in specific
countries and learn about
AWS Compliance
programs.
Visit us at
http://www.atlas.aws/
22. © 2019, Amazon Web Services, Inc. or its Affiliates.
Benefits of AWS Security
& Compliance
23. © 2019, Amazon Web Services, Inc. or its Affiliates.
Benefits of AWS Security & Compliance
Terms & conditions
Transparency
Compliance/security tools
Security & continuity assets
Deep industry expertise
Global regulatory
engagement
AWS provides
Industry-specific contracts
Access to certifications & audit
reports
Ability to perform informed
control assessments
Comprehensive security &
compliance monitoring
Centralized control over services
Why this matters
A clear understanding of
regulatory obligations &
expectations
A greater level of automation in
security & compliance
Audits that are more efficient &
risk-based
Rigorous & sustainable identity
and access management
Benefits
Our approach reduces ambiguity and increases efficiency.
24. © 2019, Amazon Web Services, Inc. or its Affiliates.
Benefits of AWS Security & Compliance
The result: AWS is the first choice for highly regulated organizations.
“
”
We can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of
effort and dollars invested. We determined that security in AWS is superior to our on-premises data center
across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.
– John Brady, CISO,
Over 50 global
compliance
certifications and
accreditations
AWS security
experts; 24/7, 365
days a year
Built to meet
requirements of
military, global
banks, and other
data-sensitive
organizations
Security
enhancements from
1M+ customer
experiences
25. © 2019, Amazon Web Services, Inc. or its Affiliates.
Benefits of AWS Security & Compliance
The result: … as well as systemically important financial market utilities.
“
”
Cloud computing has reached the tipping point as the capabilities,
resiliency and security of services provided by cloud vendors now exceed
those of many on-premises data centers.
– DTCC, Moving Financial Market Infrastructure to the Cloud