Wer seine IT-Projekte in die Cloud bringen möchte, muss auf ein paar Fallstricke achten. Herausforderungen finden Sie vor allem im Bereich der Sicherheit. Ihre Daten müssen vor dem Zugriff Unberechtigter absolut sicher sein. Trotzdem muss das Zugriffsmanagement für Ihre Mitarbeiter gut funktionieren. Zu diesen technischen Aufgaben kommen handfeste Vorgaben aus Ihren betrieblichen Richtlinien sowie wichtige gesetzliche Auflagen hinzu. Diese Compliance-Fragen sollten Sie unbedingt kennen und zuverlässig erfüllen. Denn nur, wenn Sie alle Compliance-Vorgaben korrekt einhalten, kann Ihr Cloud-Projekt ein voller Erfolg werden.
2. Healthcare and Life Sciences customers are rapidly adopting AWS
Initial usage concentrated in Research, Digital Marketing and core IT
GxP solutions are now incredibly important to our customers
Development and Manufacturing are beginning the adoption curve
AWS’s GxP approach comes directly from our customers and partners
We want to educate, engage and deliver further value to our
customers
Business Context of AWS and GxP
3. The Benefits to Using the AWS Cloud
?Move from operational to
variable cost
Lower variable cost than most companies
can achieve
No need to guess
capacity
Agility, speed &
innovation
Remove undifferentiated
heavy lifting
Go global
in minutes
4. AWS Service Build
Tennant Isolation
Deep Network Security
Scaling Crypto Services
Detailed Monitoring
Access Control
Mandatory
Fine Grade
MFA Possible
AWS Global Infrastructure
Application Services
Networking
Deployment & Administration
DatabaseStorageCompute
I
n
h
e
r
i
t
C
o
n
t
r
o
l
Identity
Management
Key
Management &
Storage
Monitoring
& Logs
Assessment and
reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
Access Control
5. 12 Regions
33 Availability Zones
54 Edge Locations
Coming Soon:
5 Regions
11 Availability Zones
AWS Operates Globally, as do our Customers
6. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security &
Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling, &
Load Balancing
Storage
Object, Blocks, Archival,
Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access Control
Identity
Management
Key
Management &
Storage
Monitoring
& Logs
Assessment and
reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
7. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security &
Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling, &
Load Balancing
Storage
Object, Blocks, Archival,
Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Access Control
Identity
Management
Key
Management &
Storage
Monitoring
& Logs
Assessment and
reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
8. ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Email
Backup
Queuing &
Notifications
Workflow
Search
Email
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security &
Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
Intelligence
Databases
DevOps
Tools
NetworkingSecurity Storage
Regions
Availability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
Compute
VMs, Auto-scaling, &
Load Balancing
Storage
Object, Blocks, Archival,
Import/Export
Databases
Relational, NoSQL,
Caching, Migration
Networking
VPC, DX, DNS
CDN
Identity
Management
Key
Management &
Storage
Monitoring
& Logs
Assessment and
reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
Access Control
9. The main AWS Compliance Frameworks of today
Certificates: Programmes:
ISO
27000
ISO
9001
12. AWS Shared Responsibility Model in GxP
Human
Interface Support
Equipment
Interface Support
Instrument
Interface Support
Application
Data
Software-defined Infrastructure
AWS Account
Amazon IAM Amazon VPC Amazon EC2 Amazon S3 Amazon RDS Other AWS Products
Manual I/O Automated I/O
Step 1 Step 2 Step 3
Customer
AWS
Automated I/O
GxP Process
Validation
GxP Software
Validation
GxP Infrastructure
Qualification
Commercial IT
Standards
G o o d L a b o r a t o r y , C l i n i c a l , M a n u f a c t u r i n g P r o c e s s
On-Premises
Infrastructure
Products
13. AWS’s New GxP Compliance Resources
GxP Cloud on AWS FAQ
Considerations for Using AWS
Products in GxP Systems
AWS Quality Management
System Overview
(available to NDA-holders)
Technical Product
Documentation
Introduction to
Auditing the Use
of AWS
Security by Design
Program
14. Cloud Technology
Software-defined infrastructure?
Cloud users replace physical IT infrastructure with
virtual IT infrastructure
SDI can be managed like any other software code
Users control their virtual infrastructure and data via
web service API, CLI, GUI
Users integrate applications with virtual infrastructure
through SDKs and APIs
Users and applications interact with SDI
programmatically with .json scripts instead of manually
with .doc files
{API}
15. AWS Cloud Advantages
IT Benefits
Trade capital expense for
variable expense
Benefit from massive
economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money on data
centers
Go global in minutes
Compliance Benefits
Designed for Security & Quality
Constantly Monitored
Highly Automated
Highly Available
Highly Accredited
ISO 9001:2008, ISO 27001:2013
ISO 27017:2015, ISO 27018:2014
16. Cybersecurity of AWS Products
Security Features Built-in
Security Bulletins
Security Guidance
AWS Trusted Advisor
Penetration Testing/Scanning
Vulnerability Reporting
AWS Professional Services
AWS Partner Network
"The financial service industry attracts some of the
worst cyber criminals. We work closely with AWS to
develop a security model, which we believe enables
us to operate more securely in the public cloud than
we can in our own data centers."
-Rob Alexander, CIO, Capital One
17. Data Integrity with AWS Products
API
service
web
API
Request
API Response
includes a Message
Digest, a unique
fingerprint for each
API request
AWS Product Features for Data Integrity
End-to-end authenticated encryption, API message digests, file object hashing, file object integrity monitoring,
log file integrity validation, account configuration rules and alarms, fine-grained access controls, VPC flow logs,
application deployment and testing tools to enforce application input validations, multi-region redundancy and
backup capability, multiple methods of bulk data transfer to and from the AWS cloud…
18. Supplier Assessments of AWS
Customers with GxP systems have
completed their supplier assessments of
AWS based on our performance history,
compliance reports, and extensive
documentation of our products.
Product Documentation
Product Training Materials
Customer Support
Service Health Dashboard
Security & Compliance Whitepapers
Quality Management System Overview
Supplier Questionnaires & RFIs
ISO Certification
SOC Auditor Reports
FedRAMP Compliant Status
Public Company Reporting (AMZN)
19. Agreements with AWS
Customer Agreement
Service Terms
Acceptable Use Policy
Customer Support Agreement
Product SLAs
Addendums:
oSecurity
oData Processing
oBusiness Associate
Change notification
Security notification
Your data
Data privacy
Support case SLA
No minimum spend or term
Customer responsibilities
20. Cloud Solution Validation (CSV)
Hardware Era Cloud EraVirtualization Era
Protocol-driven
manual activities
Procedure-driven
manual activities
Code-driven
automated activities
Application Validation
Software Defined
Infrastructure
Qualification
Web Service API
Qualification
AWS qualifies our products to commercial IT standards like ISO, SOC and NIST,
Customers qualify their use of AWS Products to industry-specific standards like GxP, QSR and Part 11.
21. Operations of GxP Systems
Reduce human access to
your production IT
environment through
deployment automation
Track and monitor 100%
of your assets, changes,
and configurations
Software-defined
infrastructure makes
synchronizing
environments easy
Feed end user requests
back into the
development process.
GxP end usersGxP engineers
production
22. Auditing GxP Systems
An IAM user, Alice,
employed the
CreateUser action to
create a new user
account for Bob.
AWS CloudTrail