SlideShare ist ein Scribd-Unternehmen logo

AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:Inforce 2019

Amazon Web Services
Amazon Web Services

AWS GovCloud (US) is an offering of isolated AWS infrastructure and services that address stringent US regulatory and compliance requirements. Government agencies and private sector enterprises in regulated industries leverage AWS GovCloud to run mission-critical and sensitive workloads on the cloud. This session details AWS GovCloud and the use cases and workloads that are fit for it, including how it can help address ITAR, FedRAMP, DOD SRG, CJIS, DFARS, and other requirements. We cover the Authority to Operate on AWS program and how it helps speed up the time to compliance for workloads in AWS GovCloud. Come learn about AWS GovCloud and the benefits of automating security and compliance.

1 von 42
Downloaden Sie, um offline zu lesen
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US): A path to high compliance in the cloud Keith Brooks Senior Manager – AWS GovCloud (US) AWS G R C 3 4 4 Tim Sandage Senior Partner Security Strategist AWS
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS global infrastructure 21 Regions 66 Availability zones New Region (coming soon) Bahrain Jakarta Milan Cape Town AWS GovCloud (US) Region
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How can public sector and highly-regulated customers move their most sensitive workloads to the AWS Cloud?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US) Isolated AWS infrastructure and services for customers with strict regulatory and compliance requirements and sensitive data August 2011Launch of AWS GovCloud (US-west) region November 2018Launch of AWS GovCloud (US-east) region Addresses the most stringent US Government regulations, policies and security requirements
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US) distinguishing features Unique authentication (unique GovCloud credentials) 2 AWS GovCloud regions Bi-coastal infrastructure and services for regulated workloads Data, network, and machine isolation (separate AZs, endpoints) “Community Cloud” with restricted access Managed by U.S. citizens on U.S. soil Dedicated GovCloud AWS management console
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense Federal Acquisition Regulation Supplement (DFARS) Criminal Justice Information Service Security Policy (CJIS) AWS GovCloud is all about compliance in the Cloud International Traffic and Arms Regulation (ITAR) DOD Cloud Security Req’s Guide (SRG) IL 4 and 5 SP 800-53 (rev 4) SP 800-171 Federal Information Processing Standard Pub (FIPS) 140-2 IRS – 1075 (Section 6103 (p)) FedRAMP High
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Export Administration Regulation (EAR) … to include broader AWS security and compliance Health Insurance Portability & Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI) AICPA Service Organization Control Reports (SOC) Family Educational Rights and Privacy Act (FERPA) International Organization for Standardization (ISO)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fit for all types of controlled unclassified information CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. Agriculture Copyright Critical infrastructure Export control Financial Immigration Intelligence Law enforcement Legal Nuclear Patent Privacy (PII) Proprietary (IP) Statistical (Census) Tax Transportation
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. US Government Federal, state, and local Consulting firms and systems integrators Technology firms and ISVs Education institutions Research organizations Regulated industries (Aerospace, Defense, Energy, Manufacturing, Healthcare, Finance) Nonprofit organizations Managed service providers Various types of organizations use AWS GovCloud (US)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Web applications and websites Backup, recovery and archiving Disaster recovery Development and test Big data High-performance computing Enterprise IT Mobile applications Mission critical applications Data center migration and hybrid … for a variety of sensitive workloads and use cases
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Tools and resources to accelerate time to compliance Mission and business critical workload delivery Isolated, secure, and compliant IaaS and services Built for sensitive and regulated data including Controlled Unclassified Information (CUI) … for high compliance and assurance in the Cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I get started with architecting and migrating sensitiveand regulated workloads in the Cloud?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Understanding the shared responsibility of compliance AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Customer applications & content Customers Customers choose the configurations for their security in the Cloud AWS is responsible for security of the Cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security control inheritance delineates responsibility AWS Foundation Services AWS Global Infrastructure Customers Shared/hybrid and customer implemented security controls Full and partially inherited security controls Media Protection (MP) and partial Maintenance (MA) Physical and Environmental (PE) and partial Contingency Planning (CP) Certification, Accreditation and Security Assessment (CA), Awareness & Training (AT), Planning (PL), Personnel Security (PS), Risk Assessment (RA) and System & Services Acquisition (SA) Access Control (AC), Audit & Accountability (AU), Configuration Management (CM), Maintenance (MA), Contingency Planning (CP), Identity and Authentication (IA), Incident Response (IR), Maintenance (MA), System and Communication Protection (SC), System and Information Integrity (SI)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS gets customers at least 60% along their compliance journey in terms of security controls …
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ITAR: Securing export - controlled data in the Cloud AWS GovCloud enables technical data identified on the US Munitions List to be stored and processed in an isolated environment physically in the US, managed by US citizens Learn the ITAR Boundary (applies to each AWS service) Example: ITAR boundary for Amazon Elastic Block Store (EBS)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ITAR: Securing export-controlled data in the Cloud AWS GovCloud enables technical data identified on the US Munitions List to be stored and processed in an isolated environment physically in the US, managed by US citizens Encryption as standard practice (S3 SSE, AWS CloudHSM, AWS KMS) Architect for visibility (audit-all via Amazon CloudTrail) Access control is cornerstone (AWS IAM, security policies, federation)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ITAR: Securing export-controlled data in the Cloud AWS GovCloud supports storage and processing of technical data identified on the US Munitions List in an isolated environment physically in the U.S., managed by U.S. citizens Understand responsibilities Individuals and entities qualify as U.S. Person Valid directorate of trade controls registration Export privileges under U.S. laws and regulations Maintain an effective compliance program
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. FedRAMP: Meeting FISMA requirementsin the Cloud AWS GovCloud enables cloud workloads to address the highest level of U.S. Government FISMA (High) data security requirements at the infrastructure and cloud services layers 417 Security controls at high baseline (NIST 800-53 is foundation)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. FedRAMP: Meeting FISMA requirementsin the Cloud AWS GovCloud enables cloud workloads to address the highest level of U.S. Government FISMA (High) data security requirements at the infrastructure and cloud services layers Tools no matter starting point (Data/server/app migration, cloud native) Compliant connectivity (AWS VPC/VPN, Amazon Direct Connect) Inheritance from AWS (25+ FedRAMP High services)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. FedRAMP: Meeting FISMA requirementsin the Cloud AWS GovCloud enables cloud workloads to address the highest level of U.S. Government FISMA (High) data security requirements at the infrastructure and cloud services layers AWS user guide documentation Copies of AWS Authority-to-Operate (ATO) memos Copy of AWS FIPS-199 categorization Copy of AWS E-Authentication Copy of AWS Privacy Impact Assessment (PIA) Copy of AWS Control Implementation Summary (CIS) Copy of AWS Customer Responsibility Matrix (CRM) Copy of AWS SSP template AWS FedRAMP Package
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. CJIS: Safeguarding criminal justice data in the Cloud AWS GovCloud is architected to provide infrastructure and services for law enforcement agencies and solutions providers to securely meet CJIS requirements and responsibilities Criminal Justice Agencies (CJA’s) and Non- Criminal Justice Agencies (NCJA’s) in all 50 states can operate CJI workloads on AWS GovCloud (US)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. CJIS: Safeguarding criminal justice data in the Cloud AWS GovCloud is architected to provide infrastructure and services for law enforcement agencies and solutions providers to securely meet CJIS requirements and responsibilities Encrypt at rest and in transit (FIPS 140-2 endpoints, SSE features) Customer key management (AWS KMS, AWS CloudHSM) Technical review audit support (CJA/NCJA CJIS responsibilities remain) AWS CJIS Whitepaper and Security templates available to guide CJIS architectures
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (b) (2) (i) NIST 800-171 Compliance FedRAMP High authorized based on NIST 800-53 rev 4 controls NIST 800-171 has 110 controls, a subset of NIST 800-53 rev 4 AWS NIST Quick Start automates setup of NIST compliant environment
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (b) (2) (ii) (D) FedRAMP Compliance 2 FedRAMP High authorized AWS Regions are available to customers AWS FedRAMP Package documents AWS compliance and controls 25+ FedRAMP High services for customers to leverage for workloads
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (c) Incident Reporting FedRAMP High authorized based on NIST 800-53 rev 4 controls Notification of security incident via email within 24 hours Customer submits cyber incidents of which AWS notifies of via DIBnet AWS Enterprise Support for 24x7 support for mission critical workloads
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (d) MaliciousSoftware Tools to assistance with customer responsibility for malicious detection AWS response and reporting of malicious software via FedRAMP ATO
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (e) Media preservationand protection Instance snapshot, logging and audit capabilities available for customers Ability for customers to preserve evidence to provide to DOD as required
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Tools and resources for compliance in the Cloud Compliance documentation (Packages, whitepapers, control matrix) AWS quick starts (accelerators for compliance) Compliance SMEs (Security specialists, architects)
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Authority to Operate (ATO) on AWS Automating and accelerating security and compliance for workloads on the AWS Cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & compliance acceleration program Helps Customers, Partners, Independent Solution Vendors (ISVs) Outcomes Accelerates security & compliance authorization process Reduces cost & time (Average 18-24 months) - FedRAMP Provides reusable artifacts including guidance, templates, tools, and pre- built templates from Amazon Partner Solutions Builds and optimizes DevOps, SecOps, Continuous Integration/Continuous Delivery (CI/CD), Continuous Risk Treatment (CRT) strategies Develops proven Techniques using AWS Security Automation and Orchestration (SAO) methodology What is ATO on AWS?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon partner driven process Includes: ✓ Training ✓ Tools ✓ Pre-built automated deployment capabilities ✓ Control implementation details ✓ Pre-built artifacts ✓ Direct engagement ✓ Qualified system integrators ✓ Visibility and marketing Breaking it down
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Why ATO on AWS? Security & compliance frameworks: ✓ Average time to FedRAMP ATO: 18 – 24 Months ✓ Average time to a DoD PA ATO (IL4/IL5): 24 – 36 Months ✓ Average time to a IRS-1075 Authorization: 12 – 18 Months ✓ Average time to a PCI-DSS Certifications: 10 – 12 Months ✓ Average time to a CJIS Authorization: 6 – 10 Months ✓ Average time to a HITRUST Certification: 6 – 12 Months
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits Reduce effort to deploy security configurations and collect audit data to meet compliance requirements for solutions on AWS Build an end-to-end automation capability to streamline regulated workload deployments Collaborate in APN Joint Partner Programs supported by AWS to develop and deliver unique capabilities and solutions Works with Qualified System Integrators: ✓ To build and support environments that meet compliance standards and requirements ✓ To minimize and simplify ISV’s area of responsibility by offloadinghosting and compliance management ATO on AWS?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Visibility and marketing for ISVs ISV ATO’s for solutions published and marketed on the ATO on AWS landing page with the option of a written or video case study ATO on AWS APN designations for the solutions that can be used by the ISV in their marketing artifacts and materials ATO on AWS designation ✓ FedRAMP on AWS ✓ DoD SRG on AWS ✓ CJIS on AWS ✓ PCI on AWS ✓ HITRUST on AWS ✓ IRS-1075 on AWS
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Accelerated from no presence in AWS GovCloud (US) to FedRAMP-ready and compliant in less than 90 days.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Built FedRAMP-compliant platform in less than six months, was able to attract a new government customer, and reduced costs.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Deployment of CJIS audit-ready RedFlex solution and environment within 30 days, including documentation.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ATO on AWS Program Automation leverages Infrastructure as Code concepts Certification optimizes security processes Validation enables continual tests and monitoring of security configurations Empowerment emboldens informed decision-making and drives change Guiding Tenets for ATO on AWS
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Goal Verifiable compliance control solution for regulated workloads Outcomes Accelerated path-to-production Improved compliance and security posture Reduction in non-compliant findings and re-work Demonstrable controls to support the assessment process Implement security and compliant architectures
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US) Information Homepage: https://aws.amazon.com/govcloud-us User Guide: docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html Services in Scope: https://aws.amazon.com/compliance/services-in-scope/ ATO on AWS Program Information Partners: https://aws.amazon.com/partners/ato/partners/ Customers: https://aws.amazon.com/partners/ato/ FAQ: https://aws.amazon.com/partners/ato/faqs/
Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Keith Brooks brookskl@amazon.com Tim Sandage sandaget@amazon.com Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Keith Brooks brookskl@amazon.com Tim Sandage sandaget@amazon.com

Empfohlen

An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016
An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016
An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS GovCloud (US)
AWS GovCloud (US)AWS GovCloud (US)
AWS GovCloud (US)Amazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 

Empfohlen

An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016
An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016
An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS GovCloud (US)
AWS GovCloud (US)AWS GovCloud (US)
AWS GovCloud (US)Amazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWSAmazon Web Services
 
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Understand AWS Pricing
Understand AWS PricingUnderstand AWS Pricing
Understand AWS PricingLynn Langit
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the CloudAmazon Web Services
 
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저Amazon Web Services Korea
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Martin Yan
 
Aws VPC
Aws VPCAws VPC
Aws VPCAbhishek Amralkar
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)Julien SIMON
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesGary Silverman
 
Understand AWS Pricing
Understand AWS PricingUnderstand AWS Pricing
Understand AWS PricingLynn Langit
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the CloudAmazon Web Services
 
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저Amazon Web Services Korea
 
Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Martin Yan
 

Was ist angesagt? (20)

AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)AWS Security Best Practices (March 2017)
AWS Security Best Practices (March 2017)
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best Practices
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 
Introduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best PracticesIntroduction to AWS VPC, Guidelines, and Best Practices
Introduction to AWS VPC, Guidelines, and Best Practices
 
Understand AWS Pricing
Understand AWS PricingUnderstand AWS Pricing
Understand AWS Pricing
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the Cloud
 
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
AWS Builders Online Series | AWS와 함께하는 클라우드 컴퓨팅 - 강철, AWS 어카운트 매니저
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 

Ähnlich wie AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:Inforce 2019

Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & LearnAmazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.Amazon Web Services
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAmazon Web Services
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAmazon Web Services
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 

Ähnlich wie AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:Inforce 2019 (20)

Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud Adoption
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet ThreatsAWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
AWS Edge Security - Cloud-Native Defense Against Diverse Internet Threats
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
 
AWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCAS
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:Inforce 2019

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US): A path to high compliance in the cloud Keith Brooks Senior Manager – AWS GovCloud (US) AWS G R C 3 4 4 Tim Sandage Senior Partner Security Strategist AWS
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS global infrastructure 21 Regions 66 Availability zones New Region (coming soon) Bahrain Jakarta Milan Cape Town AWS GovCloud (US) Region
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How can public sector and highly-regulated customers move their most sensitive workloads to the AWS Cloud?
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US) Isolated AWS infrastructure and services for customers with strict regulatory and compliance requirements and sensitive data August 2011Launch of AWS GovCloud (US-west) region November 2018Launch of AWS GovCloud (US-east) region Addresses the most stringent US Government regulations, policies and security requirements
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US) distinguishing features Unique authentication (unique GovCloud credentials) 2 AWS GovCloud regions Bi-coastal infrastructure and services for regulated workloads Data, network, and machine isolation (separate AZs, endpoints) “Community Cloud” with restricted access Managed by U.S. citizens on U.S. soil Dedicated GovCloud AWS management console
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense Federal Acquisition Regulation Supplement (DFARS) Criminal Justice Information Service Security Policy (CJIS) AWS GovCloud is all about compliance in the Cloud International Traffic and Arms Regulation (ITAR) DOD Cloud Security Req’s Guide (SRG) IL 4 and 5 SP 800-53 (rev 4) SP 800-171 Federal Information Processing Standard Pub (FIPS) 140-2 IRS – 1075 (Section 6103 (p)) FedRAMP High
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Export Administration Regulation (EAR) … to include broader AWS security and compliance Health Insurance Portability & Accountability Act (HIPAA) Payment Card Industry Data Security Standard (PCI) AICPA Service Organization Control Reports (SOC) Family Educational Rights and Privacy Act (FERPA) International Organization for Standardization (ISO)
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Fit for all types of controlled unclassified information CUI is information that requires safeguarding or dissemination controls pursuant to and consistent with applicable law, regulations, and government-wide policies but is not classified under Executive Order 13526 or the Atomic Energy Act, as amended. Agriculture Copyright Critical infrastructure Export control Financial Immigration Intelligence Law enforcement Legal Nuclear Patent Privacy (PII) Proprietary (IP) Statistical (Census) Tax Transportation
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. US Government Federal, state, and local Consulting firms and systems integrators Technology firms and ISVs Education institutions Research organizations Regulated industries (Aerospace, Defense, Energy, Manufacturing, Healthcare, Finance) Nonprofit organizations Managed service providers Various types of organizations use AWS GovCloud (US)
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Web applications and websites Backup, recovery and archiving Disaster recovery Development and test Big data High-performance computing Enterprise IT Mobile applications Mission critical applications Data center migration and hybrid … for a variety of sensitive workloads and use cases
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Tools and resources to accelerate time to compliance Mission and business critical workload delivery Isolated, secure, and compliant IaaS and services Built for sensitive and regulated data including Controlled Unclassified Information (CUI) … for high compliance and assurance in the Cloud
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I get started with architecting and migrating sensitiveand regulated workloads in the Cloud?
  • 13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Understanding the shared responsibility of compliance AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Customer applications & content Customers Customers choose the configurations for their security in the Cloud AWS is responsible for security of the Cloud
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security control inheritance delineates responsibility AWS Foundation Services AWS Global Infrastructure Customers Shared/hybrid and customer implemented security controls Full and partially inherited security controls Media Protection (MP) and partial Maintenance (MA) Physical and Environmental (PE) and partial Contingency Planning (CP) Certification, Accreditation and Security Assessment (CA), Awareness & Training (AT), Planning (PL), Personnel Security (PS), Risk Assessment (RA) and System & Services Acquisition (SA) Access Control (AC), Audit & Accountability (AU), Configuration Management (CM), Maintenance (MA), Contingency Planning (CP), Identity and Authentication (IA), Incident Response (IR), Maintenance (MA), System and Communication Protection (SC), System and Information Integrity (SI)
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS gets customers at least 60% along their compliance journey in terms of security controls …
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ITAR: Securing export - controlled data in the Cloud AWS GovCloud enables technical data identified on the US Munitions List to be stored and processed in an isolated environment physically in the US, managed by US citizens Learn the ITAR Boundary (applies to each AWS service) Example: ITAR boundary for Amazon Elastic Block Store (EBS)
  • 17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ITAR: Securing export-controlled data in the Cloud AWS GovCloud enables technical data identified on the US Munitions List to be stored and processed in an isolated environment physically in the US, managed by US citizens Encryption as standard practice (S3 SSE, AWS CloudHSM, AWS KMS) Architect for visibility (audit-all via Amazon CloudTrail) Access control is cornerstone (AWS IAM, security policies, federation)
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ITAR: Securing export-controlled data in the Cloud AWS GovCloud supports storage and processing of technical data identified on the US Munitions List in an isolated environment physically in the U.S., managed by U.S. citizens Understand responsibilities Individuals and entities qualify as U.S. Person Valid directorate of trade controls registration Export privileges under U.S. laws and regulations Maintain an effective compliance program
  • 19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. FedRAMP: Meeting FISMA requirementsin the Cloud AWS GovCloud enables cloud workloads to address the highest level of U.S. Government FISMA (High) data security requirements at the infrastructure and cloud services layers 417 Security controls at high baseline (NIST 800-53 is foundation)
  • 20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. FedRAMP: Meeting FISMA requirementsin the Cloud AWS GovCloud enables cloud workloads to address the highest level of U.S. Government FISMA (High) data security requirements at the infrastructure and cloud services layers Tools no matter starting point (Data/server/app migration, cloud native) Compliant connectivity (AWS VPC/VPN, Amazon Direct Connect) Inheritance from AWS (25+ FedRAMP High services)
  • 21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. FedRAMP: Meeting FISMA requirementsin the Cloud AWS GovCloud enables cloud workloads to address the highest level of U.S. Government FISMA (High) data security requirements at the infrastructure and cloud services layers AWS user guide documentation Copies of AWS Authority-to-Operate (ATO) memos Copy of AWS FIPS-199 categorization Copy of AWS E-Authentication Copy of AWS Privacy Impact Assessment (PIA) Copy of AWS Control Implementation Summary (CIS) Copy of AWS Customer Responsibility Matrix (CRM) Copy of AWS SSP template AWS FedRAMP Package
  • 22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. CJIS: Safeguarding criminal justice data in the Cloud AWS GovCloud is architected to provide infrastructure and services for law enforcement agencies and solutions providers to securely meet CJIS requirements and responsibilities Criminal Justice Agencies (CJA’s) and Non- Criminal Justice Agencies (NCJA’s) in all 50 states can operate CJI workloads on AWS GovCloud (US)
  • 23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. CJIS: Safeguarding criminal justice data in the Cloud AWS GovCloud is architected to provide infrastructure and services for law enforcement agencies and solutions providers to securely meet CJIS requirements and responsibilities Encrypt at rest and in transit (FIPS 140-2 endpoints, SSE features) Customer key management (AWS KMS, AWS CloudHSM) Technical review audit support (CJA/NCJA CJIS responsibilities remain) AWS CJIS Whitepaper and Security templates available to guide CJIS architectures
  • 24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (b) (2) (i) NIST 800-171 Compliance FedRAMP High authorized based on NIST 800-53 rev 4 controls NIST 800-171 has 110 controls, a subset of NIST 800-53 rev 4 AWS NIST Quick Start automates setup of NIST compliant environment
  • 25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (b) (2) (ii) (D) FedRAMP Compliance 2 FedRAMP High authorized AWS Regions are available to customers AWS FedRAMP Package documents AWS compliance and controls 25+ FedRAMP High services for customers to leverage for workloads
  • 26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (c) Incident Reporting FedRAMP High authorized based on NIST 800-53 rev 4 controls Notification of security incident via email within 24 hours Customer submits cyber incidents of which AWS notifies of via DIBnet AWS Enterprise Support for 24x7 support for mission critical workloads
  • 27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (d) MaliciousSoftware Tools to assistance with customer responsibility for malicious detection AWS response and reporting of malicious software via FedRAMP ATO
  • 28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. DFARS: Protectingdefense industry data in the Cloud AWS GovCloud facilitates defense contractor compliance with DFARS 252.204-7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” DFARS 252.204-7012 (e) Media preservationand protection Instance snapshot, logging and audit capabilities available for customers Ability for customers to preserve evidence to provide to DOD as required
  • 29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Tools and resources for compliance in the Cloud Compliance documentation (Packages, whitepapers, control matrix) AWS quick starts (accelerators for compliance) Compliance SMEs (Security specialists, architects)
  • 30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Authority to Operate (ATO) on AWS Automating and accelerating security and compliance for workloads on the AWS Cloud
  • 31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & compliance acceleration program Helps Customers, Partners, Independent Solution Vendors (ISVs) Outcomes Accelerates security & compliance authorization process Reduces cost & time (Average 18-24 months) - FedRAMP Provides reusable artifacts including guidance, templates, tools, and pre- built templates from Amazon Partner Solutions Builds and optimizes DevOps, SecOps, Continuous Integration/Continuous Delivery (CI/CD), Continuous Risk Treatment (CRT) strategies Develops proven Techniques using AWS Security Automation and Orchestration (SAO) methodology What is ATO on AWS?
  • 32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon partner driven process Includes: ✓ Training ✓ Tools ✓ Pre-built automated deployment capabilities ✓ Control implementation details ✓ Pre-built artifacts ✓ Direct engagement ✓ Qualified system integrators ✓ Visibility and marketing Breaking it down
  • 33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Why ATO on AWS? Security & compliance frameworks: ✓ Average time to FedRAMP ATO: 18 – 24 Months ✓ Average time to a DoD PA ATO (IL4/IL5): 24 – 36 Months ✓ Average time to a IRS-1075 Authorization: 12 – 18 Months ✓ Average time to a PCI-DSS Certifications: 10 – 12 Months ✓ Average time to a CJIS Authorization: 6 – 10 Months ✓ Average time to a HITRUST Certification: 6 – 12 Months
  • 34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Benefits Reduce effort to deploy security configurations and collect audit data to meet compliance requirements for solutions on AWS Build an end-to-end automation capability to streamline regulated workload deployments Collaborate in APN Joint Partner Programs supported by AWS to develop and deliver unique capabilities and solutions Works with Qualified System Integrators: ✓ To build and support environments that meet compliance standards and requirements ✓ To minimize and simplify ISV’s area of responsibility by offloadinghosting and compliance management ATO on AWS?
  • 35. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Visibility and marketing for ISVs ISV ATO’s for solutions published and marketed on the ATO on AWS landing page with the option of a written or video case study ATO on AWS APN designations for the solutions that can be used by the ISV in their marketing artifacts and materials ATO on AWS designation ✓ FedRAMP on AWS ✓ DoD SRG on AWS ✓ CJIS on AWS ✓ PCI on AWS ✓ HITRUST on AWS ✓ IRS-1075 on AWS
  • 36. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Accelerated from no presence in AWS GovCloud (US) to FedRAMP-ready and compliant in less than 90 days.
  • 37. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Built FedRAMP-compliant platform in less than six months, was able to attract a new government customer, and reduced costs.
  • 38. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Deployment of CJIS audit-ready RedFlex solution and environment within 30 days, including documentation.
  • 39. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ATO on AWS Program Automation leverages Infrastructure as Code concepts Certification optimizes security processes Validation enables continual tests and monitoring of security configurations Empowerment emboldens informed decision-making and drives change Guiding Tenets for ATO on AWS
  • 40. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Goal Verifiable compliance control solution for regulated workloads Outcomes Accelerated path-to-production Improved compliance and security posture Reduction in non-compliant findings and re-work Demonstrable controls to support the assessment process Implement security and compliant architectures
  • 41. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS GovCloud (US) Information Homepage: https://aws.amazon.com/govcloud-us User Guide: docs.aws.amazon.com/govcloud-us/latest/UserGuide/welcome.html Services in Scope: https://aws.amazon.com/compliance/services-in-scope/ ATO on AWS Program Information Partners: https://aws.amazon.com/partners/ato/partners/ Customers: https://aws.amazon.com/partners/ato/ FAQ: https://aws.amazon.com/partners/ato/faqs/
  • 42. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Keith Brooks brookskl@amazon.com Tim Sandage sandaget@amazon.com Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Keith Brooks brookskl@amazon.com Tim Sandage sandaget@amazon.com