Contenu connexe Similaire à AWS Webcast - AWS Compliance Forum Introduction Oct 2013 (20) Plus de Amazon Web Services (20) AWS Webcast - AWS Compliance Forum Introduction Oct 20132. Session Agenda
(Very) brief overview: Compliance of AWS
AWS Compliance Forum detail: Compliance in AWS
– Who, What, When, Where, Why, and How
What’s Next for your AWS Compliance Forum
Additional Q&A
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
3. Compliance of AWS
Start with our AWS Compliance whitepapers
AWS Compliance Programs
Want to learn more about AWS compliance?
– AWS Compliance Website: Programs and
Whitepapers: https://aws.amazon.com/compliance
– Ask a question and/or request a certification or report
by reaching out to awscompliance@amazon.com
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
4. Now for the main event
AWS COMPLIANCE FORUM
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
5. Want to connect with other AWS customers?
100%
90%
80%
70%
60%
AWS Compliance Forum
THE WHO
50%
98% Yes!
40%
30%
20%
10%
0%
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
2% No thanks
6. Customers like you
Customers in roles like yours
Chief Operations Officer
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
7. Customers like you
Customers in roles like yours
Customers in industries like yours
Aerospace & Defense
Insurance
Agriculture and Mining
Manufacturing
Banking
Media and Publishing
Consumer Goods
Non-Profits
Education
Pharmaceuticals & Biotech
Energy & Utilities
Retail
Finance
Technology
Government
Telecommunications
Healthcare & Medical
Transportation and Logistics
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
8. Customers like you
Customers in roles like yours
Customers in industries like yours
Customers adhering to standards/regulations like yours
Internal policies and security standards
PCI DSS v2.0
ISO 27001:2005
HIPAA
SOX; Requires a SOC report
International privacy or breach disclosure laws
FISMA
State privacy or breach disclosure laws
FedRAMP
Other
ISO 9001:2008
ITAR
GLBA
DIACAP
ISO 14001:2004
CJIS Security Policy
FERPA
NERC-CIP
56%
51%
42%
42%
34%
33%
32%
31%
29%
17%
15%
14%
11%
11%
6%
6%
5%
3%
0%
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
20%
40%
60%
9. POLLING QUESTION #1 PLACEHOLDER
I am most interested in connecting with customers who are:
• In roles like mine
• In my industry
• Adhere to similar standards/regulations
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
10. Want to connect with AWS specialists?
100%
90%
80%
70%
60%
AWS Compliance Forum
THE WHO
(PART 2)
50%
97% Yes!
40%
30%
20%
10%
0%
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
3% No thanks
11. AWS resources
AWS Architecture Center
AWS Documentation
That’s nice, but how about some two-way interaction…
– AWS Compliance Architects
– AWS Security Solutions Architects
– AWS Professionals Services
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
12. POLLING QUESTION #2 PLACEHOLDER
Which AWS specialists is most useful to you right now?
• AWS Compliance Architects
• AWS Security Solutions Architects
• AWS Professional Services Consultants
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
13. AWS Specialists wanting to help you
Chris Whalley
AWS Compliance Architect
Max Ramsay
AWS Principal Security Solutions Architect
Chris Gile
AWS Compliance Architect
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Tom Sheehan
AWS Senior Consultant
14. Questions about customers or AWS
specialists in the AWS Compliance Forum?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
15. Do you want support in interpreting and
implementing control requirements in the cloud?
99%
Yes!
AWS Compliance Forum
THE WHAT…
AND THE WHY…
AND THE HOW
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
1%
No thanks
16. AWS Compliance Forum mission
To enable you to easily and effectively interpret and implement control
requirements in the cloud by connecting you with fellow AWS
customers, AWS compliance specialists, and specialized content
Are you comfortable interpreting and implementing
control requirements in the cloud?
100%
100%
90%
80%
23%
No…Help!
90%
80%
70%
70%
60%
60%
50%
40%
66%
Not really
100%
Yes!!
50%
40%
30%
30%
20%
20%
10%
0%
11%
yes, but…
Current State
10%
0%
Future State
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
17. Getting to ‘future state’: Your content
Industry- and regulation-specific workbooks
– FFIEC, HIPAA, PCI, etc.
Changes to standards (and interpretation guidance)
– PCI DSS v3.0, ISO 27001:2013, etc.
Compliance whitepapers
– Governance features, logging features, etc.
Compliance case studies
– Customers sharing their experiences, lessons learned
and reference architectures (HIPAA, PCI, etc.)
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
18. Customized depth of content
Summary-level
An overview of security and compliance
considerations for your industry
‘Anonymized’ stories about others’
successes and challenges with compliance
A mapping to your existing compliance
programs and associated controls
A discussion around how to architect to
adhere to standards or regulations
A discussion around your control
implementation concerns
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Detailed-level
19. POLLING QUESTION #3 PLACEHOLDER
Think of the standard/policy for which compliance is top-ofmind to you right now. What would be most helpful to you?
• An overview of security & compliance considerations
• ‘Anonymized’ stories about others’ successes/challenges
• A mapping to your existing compliance programs/controls
• A discussion around how to architect to adhere
• A discussion around your implementation concerns
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
20. Your content medium
Compliance whitepapers and case studies
Webinars
Industry-focused discussion groups
Standard-focused discussion groups (i.e. PCI DSS)
Live presentations with AWS Compliance
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
21. POLLING QUESTION #4 PLACEHOLDER
Which of the following are you most interested in?
• Compliance whitepapers and case studies
•
Webinars
•
Industry-focused discussion groups
•
Standard-focused discussion groups (i.e. PCI DSS)
•
Live presentations with AWS Compliance
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
22. Questions on ‘the what, why and how’?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
24. Planned cadence
Monthly: Industry- or standard-specific discussion group
Quarterly: General-interest webinar
Semi-annually: AWS Compliance Forum newsletter
Annually: AWS Compliance Forum meet n’ greet
Ad-hoc: Public appearances, case-study publication, etc.
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
25. Questions on ‘the where and when’?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
27. What about between now and then?
Socialize this webinar with key people in your org
Check out the AWS Security blog
– Tags by: Compliance, Best practices, etc.
Attend re:Invent sessions focused on compliance
(or watch the recordings on YouTube in late Nov)
– SEC101: AWS Security – Keynote Address
– SEC203: Security Assurance and Governance in AWS
– SEC204: Building Secure Applications and Navigating FedRAMP
in the AWS GovCloud (US) Region
– SEC206: Taking the Fear Out of PCI Compliance in the Cloud
– SEC306: Implementing Bullet-Proof HIPAA Solutions on AWS
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
29. Copyright © 2013 Amazon Web Services, Inc.
and its affiliates. All rights reserved.
This work may not be reproduced or redistributed, in whole or in part,
without prior written permission from Amazon Web Services, Inc.
Commercial copying, lending, or selling is prohibited.
Questions? Email us at awscompliance@amazon.com.
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.