SlideShare une entreprise Scribd logo

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Amazon Web Services
Amazon Web Services

With the rapid increase of complexity in managing security for distributed IT and cloud computing, security, and compliance managers can innovate in how to ensure a high level of security is practiced to manage AWS resources. In this session, Chad Woolf, Director of Compliance for AWS will discuss which AWS service features can be leveraged to achieve a high level of security assurance over AWS resources, giving you more control of the security of your data and preparing you for a wide range of audits. Attendees will also learn first-hand what some AWS customers have accomplished by leveraging AWS features to meet specific industry compliance requirements.

TechnologieBusiness
1  sur  22
Télécharger pour lire hors ligne
Security Assurance and Governance in AWS Chad Woolf, Director, AWS Risk and Compliance November 13, 2013 © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
Better Security in the Cloud “…We’ll also see organizations adopt cloud services for the improved security protections and compliance controls that they otherwise could not provide as efficiently or effectively themselves.” - Security’s Cloud Revolution Is Upon Us, Forrester Research, Inc., August 2, 2013
Better Security in AWS Optimized Network/OS/App Controls Service-specific Controls Managed by Customer Security in the Cloud Cross-service Controls Cloud Service Provider Controls Security of the Cloud Managed by AWS Request reports at: aws.amazon.com/compliance/#contact
Governance, Security, Compliance Enablers Governance in AWS AWS Security Best Practices AWS Auditing Security Checklist AWS Risk and Compliance AWS Compliance Forum AWS Trusted Advisor
Security at Scale: Governance in AWS 1. 2. 3. 4. 5. Financial Control IT Asset Identification Asset Configuration and Management Logical Access Control Physical Access Control Get this whitepaper at: aws.amazon.com/compliance/ 6. 7. Data Encryption Network Configuration and Management 8. Security Logging and Monitoring 9. Security Incident Response 10. Disaster Recovery
Examples Governance Domain On-prem Challenge AWS Enabler Control Provided 8. Security Logging and Monitoring Centralized logging of user actions taken against a set of IT resources AWS CloudTrail Provides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.) Advanced monitoring capabilities of actions taken and changes made 10. Disaster Recovery Producing point in time, usable incremental backups EBS Snapshots Point-in-time full volume copies of Amazon EBS data into persistent storage of Amazon S3 Anytime incremental point-in-time backup of server data
Examples Governance Domain On-prem Challenge AWS Enabler Control Provided 8. Security Logging and Monitoring Centralized logging of user actions taken against a set of IT resources AWS CloudTrail Provides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.) Advanced monitoring capabilities of actions taken and changes made 10. Disaster Recovery Producing point in time, usable incremental backups EBS Snapshots Point-in-time full volume copies of Amazon EBS data into persistent storage of Amazon S3 Anytime incremental point-in-time backup of server data
Security at Scale: Governance in AWS 1. 2. 3. 4. 5. Financial Control IT Asset Identification Asset Configuration and Management Logical Access Control Physical Access Control Get this whitepaper at: aws.amazon.com/compliance/ 6. 7. Data Encryption Network Configuration and Management 8. Security Logging and Monitoring 9. Security Incident Response 10. Disaster Recovery
Scaling Security
AWS Compliance Forum Join the AWS Compliance Forum by emailing us at: awscompliance@amazon.com
Governance Tool: AWS Trusted Advisor • Online service from AWS Support – Analyzes account for various kinds of issues and possible concerns – Soon available as an API for integration with your tools or 3rd party solutions • Four categories: – – – – Cost savings Security Fault tolerance Performance
Innovative Governance Tool: AWS Trusted Advisor Since 1/1/2013: • 10,000 + customers • 700,000 recommendations reviewed • $140M in annualized savings Learn more about Trusted Advisor at: https://aws.amazon.com/premiumsupport/trustedadvisor/
Compliance Case Studies
Case: Pegasystems Company: Provides software for business process management, CRM, and case management Challenge: Pega tech is used cross-functionally across the healthcare industry; all data is considered PHI Results: Pega and their customers are HIPAA compliant on AWS
Case: NASDAQ FinQloud Company: provides products and services to manage the entire life cycle of a trade Challenge: Securely storing and managing vast amounts of data with strict compliance requirements Results: NASDAQ and FinQloud customers meets stringent SEC 17a-4 requirements for financial record retention
Case: Cognia Company: Global communications platform for call centers to capture communications data Challenge: must comply with PCI DSS so their customers can process payment card data on the platform Results: PCI certified on AWS
AWS: centralized security controls - visible, testable, automated
Resource Links AWS Compliance site - provides AWS Compliance Forum links, descriptions of audit reports available, contact links, and relevant whitepapers http://aws.amazon.com/ compliance/ AWS Security Center – provides links to a detailed whitepaper on how we manage security at AWS and provides links to contact AWS Security http://aws.amazon.com/ security/ AWS Security Blog – posts contain security best practices for AWS services, how-to guides, compliance milestones, and customer and partner stories http://blogs.aws.amazon .com/security/ AWS Trusted Advisor - information on the tool, the nature of the checks, and how to access it https://aws.amazon.com /premiumsupport/trusted advisor/ Case studies – features of a wide range of companies doing amazing things on AWS http://aws.amazon.com/ solutions/casestudies/all/
Recommended Sessions • • • • • • • SEC402 - Intrusion Detection in the Cloud SEC204 - Building Secure Applications and Navigating FedRAMP in the AWS GovCloud (US) Region ARC308 - Architecting for End-to-End Security in the Enterprise SEC306 - Implementing Bullet-Proof HIPAA Solutions on AWS SEC206 - Taking the Fear Out of PCI DSS Compliance in the Cloud ENT206 - Using AWS Enterprise Support to the Fullest SEC201 - Overview of AWS Identity and Access Management (IAM) “Come talk security with AWS” Event - between 4 and 6pm on Thursday in Toscana 3605.
Please give us your feedback on this presentation SEC203 As a thank you, we will select prize winners daily for completed surveys!

Recommandé

Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security WorkshopAmazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
 

Recommandé

Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security WorkshopAmazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
 
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito(MBL402) Mobile Identity Management & Data Sync Using Amazon Cognito
(MBL402) Mobile Identity Management & Data Sync Using Amazon CognitoAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAWS June Webinar Series - Deep Dive: Protecting Your Data with AWS Encryption
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The CloudMark Nunnikhoven
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
Securing Your Data in AWS
Securing Your Data in AWSSecuring Your Data in AWS
Securing Your Data in AWSAmazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWSSecure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWSHostedbyConfluent
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTAmazon Web Services
 
Federation
FederationFederation
FederationAmazon Web Services
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Amazon Web Services
 
Aws security Fundamentals
Aws security Fundamentals Aws security Fundamentals
Aws security Fundamentals Christopher Caplan
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 

Contenu connexe

Tendances

Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The CloudMark Nunnikhoven
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep DiveAmazon Web Services
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014Amazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWSSecure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWSHostedbyConfluent
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive Amazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTAmazon Web Services
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Amazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 

Tendances (20)

Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The Cloud
 
(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive(SEC318) AWS CloudTrail Deep Dive
(SEC318) AWS CloudTrail Deep Dive
 
The 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS SecurityThe 2014 AWS Enterprise Summit - Understanding AWS Security
The 2014 AWS Enterprise Summit - Understanding AWS Security
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
(SEC402) Intrusion Detection in the Cloud | AWS re:Invent 2014
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
Securing Your Data in AWS
Securing Your Data in AWSSecuring Your Data in AWS
Securing Your Data in AWS
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
 
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWSSecure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
Secure and Integrated - Using IAM with Amazon MSK | Mitchell Henderson, AWS
 
(SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive (SEC315) AWS Directory Service Deep Dive
(SEC315) AWS Directory Service Deep Dive
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
 
Federation
FederationFederation
Federation
 
Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...Managing your identities in the cloud with AWS and Microsoft Active Directory...
Managing your identities in the cloud with AWS and Microsoft Active Directory...
 
Aws security Fundamentals
Aws security Fundamentals Aws security Fundamentals
Aws security Fundamentals
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
 

Similaire à Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Amazon Web Services
 
Security Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarSecurity Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarAmazon Web Services
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
Aws security-pillar
Aws security-pillarAws security-pillar
Aws security-pillarsaifam
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Amazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklistsaifam
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Similaire à Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013 (20)

Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
Security Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarSecurity Best Practices - Hebrew Webinar
Security Best Practices - Hebrew Webinar
 
Aws security-pillar
Aws security-pillarAws security-pillar
Aws security-pillar
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 
Aws security-pillar
Aws security-pillarAws security-pillar
Aws security-pillar
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Security and compliance
Security and complianceSecurity and compliance
Security and compliance
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Security best practices
Security best practices Security best practices
Security best practices
 
Aws auditing security_checklist
Aws auditing security_checklistAws auditing security_checklist
Aws auditing security_checklist
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Bhuvaneswari Subramani
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdfSandro Moreira
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontologyjohnbeverley2021
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 

Dernier (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

  • 1. Security Assurance and Governance in AWS Chad Woolf, Director, AWS Risk and Compliance November 13, 2013 © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 2. Better Security in the Cloud “…We’ll also see organizations adopt cloud services for the improved security protections and compliance controls that they otherwise could not provide as efficiently or effectively themselves.” - Security’s Cloud Revolution Is Upon Us, Forrester Research, Inc., August 2, 2013
  • 3. Better Security in AWS Optimized Network/OS/App Controls Service-specific Controls Managed by Customer Security in the Cloud Cross-service Controls Cloud Service Provider Controls Security of the Cloud Managed by AWS Request reports at: aws.amazon.com/compliance/#contact
  • 4. Governance, Security, Compliance Enablers Governance in AWS AWS Security Best Practices AWS Auditing Security Checklist AWS Risk and Compliance AWS Compliance Forum AWS Trusted Advisor
  • 5. Security at Scale: Governance in AWS 1. 2. 3. 4. 5. Financial Control IT Asset Identification Asset Configuration and Management Logical Access Control Physical Access Control Get this whitepaper at: aws.amazon.com/compliance/ 6. 7. Data Encryption Network Configuration and Management 8. Security Logging and Monitoring 9. Security Incident Response 10. Disaster Recovery
  • 6. Examples Governance Domain On-prem Challenge AWS Enabler Control Provided 8. Security Logging and Monitoring Centralized logging of user actions taken against a set of IT resources AWS CloudTrail Provides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.) Advanced monitoring capabilities of actions taken and changes made 10. Disaster Recovery Producing point in time, usable incremental backups EBS Snapshots Point-in-time full volume copies of Amazon EBS data into persistent storage of Amazon S3 Anytime incremental point-in-time backup of server data
  • 7.
  • 8. Examples Governance Domain On-prem Challenge AWS Enabler Control Provided 8. Security Logging and Monitoring Centralized logging of user actions taken against a set of IT resources AWS CloudTrail Provides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.) Advanced monitoring capabilities of actions taken and changes made 10. Disaster Recovery Producing point in time, usable incremental backups EBS Snapshots Point-in-time full volume copies of Amazon EBS data into persistent storage of Amazon S3 Anytime incremental point-in-time backup of server data
  • 9.
  • 10. Security at Scale: Governance in AWS 1. 2. 3. 4. 5. Financial Control IT Asset Identification Asset Configuration and Management Logical Access Control Physical Access Control Get this whitepaper at: aws.amazon.com/compliance/ 6. 7. Data Encryption Network Configuration and Management 8. Security Logging and Monitoring 9. Security Incident Response 10. Disaster Recovery
  • 12. AWS Compliance Forum Join the AWS Compliance Forum by emailing us at: awscompliance@amazon.com
  • 13. Governance Tool: AWS Trusted Advisor • Online service from AWS Support – Analyzes account for various kinds of issues and possible concerns – Soon available as an API for integration with your tools or 3rd party solutions • Four categories: – – – – Cost savings Security Fault tolerance Performance
  • 14. Innovative Governance Tool: AWS Trusted Advisor Since 1/1/2013: • 10,000 + customers • 700,000 recommendations reviewed • $140M in annualized savings Learn more about Trusted Advisor at: https://aws.amazon.com/premiumsupport/trustedadvisor/
  • 16. Case: Pegasystems Company: Provides software for business process management, CRM, and case management Challenge: Pega tech is used cross-functionally across the healthcare industry; all data is considered PHI Results: Pega and their customers are HIPAA compliant on AWS
  • 17. Case: NASDAQ FinQloud Company: provides products and services to manage the entire life cycle of a trade Challenge: Securely storing and managing vast amounts of data with strict compliance requirements Results: NASDAQ and FinQloud customers meets stringent SEC 17a-4 requirements for financial record retention
  • 18. Case: Cognia Company: Global communications platform for call centers to capture communications data Challenge: must comply with PCI DSS so their customers can process payment card data on the platform Results: PCI certified on AWS
  • 19. AWS: centralized security controls - visible, testable, automated
  • 20. Resource Links AWS Compliance site - provides AWS Compliance Forum links, descriptions of audit reports available, contact links, and relevant whitepapers http://aws.amazon.com/ compliance/ AWS Security Center – provides links to a detailed whitepaper on how we manage security at AWS and provides links to contact AWS Security http://aws.amazon.com/ security/ AWS Security Blog – posts contain security best practices for AWS services, how-to guides, compliance milestones, and customer and partner stories http://blogs.aws.amazon .com/security/ AWS Trusted Advisor - information on the tool, the nature of the checks, and how to access it https://aws.amazon.com /premiumsupport/trusted advisor/ Case studies – features of a wide range of companies doing amazing things on AWS http://aws.amazon.com/ solutions/casestudies/all/
  • 21. Recommended Sessions • • • • • • • SEC402 - Intrusion Detection in the Cloud SEC204 - Building Secure Applications and Navigating FedRAMP in the AWS GovCloud (US) Region ARC308 - Architecting for End-to-End Security in the Enterprise SEC306 - Implementing Bullet-Proof HIPAA Solutions on AWS SEC206 - Taking the Fear Out of PCI DSS Compliance in the Cloud ENT206 - Using AWS Enterprise Support to the Fullest SEC201 - Overview of AWS Identity and Access Management (IAM) “Come talk security with AWS” Event - between 4 and 6pm on Thursday in Toscana 3605.
  • 22. Please give us your feedback on this presentation SEC203 As a thank you, we will select prize winners daily for completed surveys!