Security & Compliance in the AWS Cloud · Amazon Web Services Security & Compliance in the AWS ......
Transcript of Security & Compliance in the AWS Cloud · Amazon Web Services Security & Compliance in the AWS ......
2009
48
280
722
82
2011 2013 2015
AWS has been continually expanding its’ services to support virtually any
cloud workload and now has more than 70 services that range from compute,
storage, networking, database, analytics, application services, deployment,
management and mobile
AWS Pace of Innovation
ENTERPRISE
APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data
Warehousing
Hadoop/
Spark
Streaming Data
Collection
Machine
Learning
Elastic
Search
Virtual
Desktops
Sharing &
Collaboration
Corporate
Backup
Queuing &
Notifications
Workflow
Search
Transcoding
One-click App
Deployment
Identity
Sync
Single Integrated
Console
Push
Notifications
DevOps Resource
Management
Application Lifecycle
Management
Containers
Triggers
Resource
Templates
TECHNICAL &
BUSINESS
SUPPORT
Account
Management
Support
Professional
Services
Training &
Certification
Security
& Pricing
Reports
Partner
Ecosystem
Solutions
Architects
MARKETPLACE
Business
Apps
Business
IntelligenceDatabases
DevOps
ToolsNetworkingSecurity Storage
RegionsAvailability
Zones
Points of
Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling,
& Load Balancing
StorageObject, Blocks,
Archival, Import/Export
DatabasesRelational, NoSQL,
Caching, Migration
NetworkingVPC, DX, DNS
CDN
Access
Control
Identity
Management
Key
Management
& Storage
Monitoring
& Logs
Assessment
and reporting
Resource &
Usage Auditing
SECURITY & COMPLIANCE
Configuration
Compliance
Web application
firewall
HYBRID
ARCHITECTURE
Data
Backups
Integrated
App
Deployments
Direct
Connect
Identity
Federation
Integrated
Resource
Management
Integrated
Networking
API
Gateway
IoT
Rules
Engine
Device
Shadows
Device
SDKs
Registry
Device
Gateway
Streaming Data
Analysis
Business
Intelligence
Mobile
Analytics
exactly
GxP
ISO 13485
AS9100
ISO/TS 16949
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability
Zones Edge
Locations
AWS is
responsible for
the security OF
the Cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global
InfrastructureRegions
Availability ZonesEdge
Locations
Client-side Data
Encryption
Server-side Data
EncryptionNetwork Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network, & Firewall Configuration
Customer applications & contentC
usto
mers
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for the
security OF
the Cloud
decide how to implement
You are making
API calls...On a growing set of
services around the
world…
AWS CloudTrail
is continuously
recording API
calls…
And delivering
log files to you
AWS CLOUDTRAIL
RedshiftAWS CloudFormation
AWS Elastic Beanstalk
Continuous ChangeRecordingChanging
ResourcesHistory
Stream
Snapshot (ex. 2014-11-05)
AWS Config
AWS Config
Control access and segregate duties everywhere
With AWS Identity Access Management you get to control who can do what in your AWS environment and from where
Fine-grained control of your AWS cloud with two-factor authentication
Integrate with your existing corporate directory using SAML 2.0 and single sign-on
AWS account owner
Network management
Security management
Server management
Storage management
US-WEST (Oregon)
EU-WEST (Ireland)
ASIA PAC (Tokyo)
US-WEST (N. California)
SOUTH
AMERICA (Sao
Paulo)
US-EAST (Virginia)
AWS GovCloud (US)
ASIA PAC
(Sydney)
ASIA PAC
(Singapore)
CHINA (Beijing)
EU-CENTRAL (Frankfurt)
you put itASIA PAC (Korea)
13 Regions
35 Availability Zones
59 Edge Locations
ASIA PAC
(Mumbai)
Create your own private, isolated section of the AWS cloudA
va
ila
bil
ity Z
on
e A
Ava
ila
bil
ity Z
on
e B
AWS Virtual Private Cloud
Provision a logically
isolated section of the
AWS cloud
You choose a private IP
range for your VPC
Segment this into subnets
to deploy your compute
instances
AWS network security
AWS network will prevent
spoofing and other
common layer 2 attacks
You cannot sniff anything
but your own EC2 host
network interface
Control all external routing
and connectivity
connect resiliently and in private
YOUR AWS ENVIRONMENT
AWS
Direct
ConnectYOUR
PREMISES
Digital
Websites
Big Data
Analytics
Dev and
Test
Enterprise
Apps
Internet
VPN
AWS Key Management Service
PCI DSS SP L1 Compliant
Under-going FIPS140-2
Encryption key management and compliance made easy
Integrated with AWS Services
(e.g. S3, EBS, RDS, Redshift,
CloudTrail, EMR)
Highly Available and durable
Geographic
data locality
Control over regional
replication
Policies, resource
level permissions,
temporary credentials
Fine-grained
access control In-depth
logging
AWS
CloudTrail
and Config
Fine-grained visibility and control for accounts, resources, data
Visibility into
resources and
usage
Service
Describe*
APIs and
AWS
CloudWatch
Control over
deployment
AWS
CloudFormation
Governance
ISO 9001
SOC 3
SOC 2
ISO 27001
ISO 27017
PCI DSS Level 1ISO 27018
SOC 1 / ISAE 3402
GxPHIPAA
ITAR
FERPA
FISMA, RMF, and DIACAP
FedRAMP
Section 508 / VPAT
DoD SRG Levels 2 & 4
FIPS 140-2
CJIS
Cloud Security Alliance
MPAA
NIST
MLPS Level 3
G-Cloud
IT-Grundschutz
MTCS Tier 3
IRAP Cyber Essentials Plus
More accreditations & certifications than anyone
You retain control and ownership of your content
Choose your AWS region and adhere to data sovereignty laws
Compliant with ISO 27001, ISO 27017, ISO 27018
Encrypt your data using AWS Services or using your own
Data Sovereignty & Privacy
Vibrant Partner EcosystemInfrastructure
Security
Logging and
Monitoring
Identity and
Access Control
Configuration and
Vulnerability
Analysis
Data
Protection
SaaS
SaaS
SaaS
Event @ AWS Booth
설문 조사 이벤트
• 설문조사를 작성하시는분들에게, AWS 티셔츠를드립니다!
CLOUDSEC PoC 신청 이벤트
• PoC를 신청하시는 분들에게,무료 컨설팅과 보조 배터리를드립니다!
AWS CLOUD SECURITY PARTNER
In order to secure your valuable data, MEGAZONE is
working together with its No.1 PARTNERS, AWS and
TrendMicro, in providing diverse services.
No 1.
PREMIER PARTNER
No 1.
SECURITY PARTNER
No1. Biz PARTNER