AWS Webcast - AWS Compliance Forum Introduction Oct 2013

© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved. © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.

AWS Compliance Forum

Introduction

October 31, 2013

© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.

Session Agenda

(Very) brief overview: Compliance of AWS

AWS Compliance Forum detail: Compliance in AWS

– Who, What, When, Where, Why, and How

What’s Next for your AWS Compliance Forum

Additional Q&A


Compliance of AWS

Start with our AWS Compliance whitepapers

AWS Compliance Programs

Want to learn more about AWS compliance?

– AWS Compliance Website: Programs and Whitepapers: https://aws.amazon.com/compliance

– Ask a question and/or request a certification or report by reaching out to [email protected]


AWS COMPLIANCE FORUM

Now for the main event


THE WHO


2% No thanks

98% Yes!

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Want to connect with other AWS customers?


Customers like you

Customers in roles like yours

Chief Operations Officer


Customers like you


Customers in industries like yours

Aerospace & Defense Insurance

Agriculture and Mining Manufacturing

Banking Media and Publishing

Consumer Goods Non-Profits

Education Pharmaceuticals & Biotech

Energy & Utilities Retail

Finance Technology

Government Telecommunications

Healthcare & Medical Transportation and Logistics


Customers like you


Customers in industries like yours

Customers adhering to standards/regulations like yours

3% 5% 6% 6%

11% 11%

14% 15%

17% 29%

31% 32% 33% 34%

42% 42%

51% 56%

NERC-CIP

FERPA

CJIS Security Policy

ISO 14001:2004

DIACAP

GLBA

ITAR

ISO 9001:2008

Other

FedRAMP

State privacy or breach disclosure laws

FISMA

International privacy or breach disclosure laws

SOX; Requires a SOC report

HIPAA

ISO 27001:2005

PCI DSS v2.0

Internal policies and security standards

0% 20% 40% 60%


POLLING QUESTION #1 PLACEHOLDER

I am most interested in connecting with customers who are:

• In roles like mine

• In my industry

• Adhere to similar standards/regulations


THE WHO

(PART 2)


3% No thanks

97% Yes!

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Want to connect with AWS specialists?


AWS resources

AWS Architecture Center

AWS Documentation

That’s nice, but how about some two-way interaction…

– AWS Compliance Architects

– AWS Security Solutions Architects

– AWS Professionals Services



Which AWS specialists is most useful to you right now?

• AWS Compliance Architects

• AWS Security Solutions Architects

• AWS Professional Services Consultants


AWS Specialists wanting to help you

Chris Whalley AWS Compliance Architect

Chris Gile AWS Compliance Architect

Max Ramsay AWS Principal Security Solutions Architect

Tom Sheehan AWS Senior Consultant


Questions about customers or AWS

specialists in the AWS Compliance Forum?


THE WHAT…

AND THE WHY…

AND THE HOW


1% No thanks

99% Yes!

Do you want support in interpreting and implementing control requirements in the cloud?


AWS Compliance Forum mission

To enable you to easily and effectively interpret and implement control

requirements in the cloud by connecting you with fellow AWS

customers, AWS compliance specialists, and specialized content

11% yes, but…

66% Not really

23% No…Help!

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Are you comfortable interpreting and implementing control requirements in the cloud?

Current State Future State

100% Yes!!

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%


Getting to ‘future state’: Your content

Industry- and regulation-specific workbooks

– FFIEC, HIPAA, PCI, etc.

Changes to standards (and interpretation guidance)

– PCI DSS v3.0, ISO 27001:2013, etc.

Compliance whitepapers

– Governance features, logging features, etc.

Compliance case studies

– Customers sharing their experiences, lessons learned

and reference architectures (HIPAA, PCI, etc.)


Customized depth of content

An overview of security and compliance considerations for your industry

‘Anonymized’ stories about others’ successes and challenges with compliance

A mapping to your existing compliance programs and associated controls

A discussion around how to architect to adhere to standards or regulations

A discussion around your control implementation concerns

Summary-level

Detailed-level



Think of the standard/policy for which compliance is top-of-

mind to you right now. What would be most helpful to you?

• An overview of security & compliance considerations

• ‘Anonymized’ stories about others’ successes/challenges

• A mapping to your existing compliance programs/controls

• A discussion around how to architect to adhere

• A discussion around your implementation concerns


Your content medium

Compliance whitepapers and case studies

Webinars

Industry-focused discussion groups

Standard-focused discussion groups (i.e. PCI DSS)

Live presentations with AWS Compliance



Which of the following are you most interested in?

• Compliance whitepapers and case studies

• Webinars

• Industry-focused discussion groups

• Standard-focused discussion groups (i.e. PCI DSS)

• Live presentations with AWS Compliance


Questions on ‘the what, why and how’?


THE WHEN AND WHERE



Planned cadence

Monthly: Industry- or standard-specific discussion group

Quarterly: General-interest webinar

Semi-annually: AWS Compliance Forum newsletter

Annually: AWS Compliance Forum meet n’ greet

Ad-hoc: Public appearances, case-study publication, etc.

http://www.google.com/url?sa=i&rct=j&q=&esrc=s&frm=1&source=images&cd=&cad=rja&docid=fzaeUp-fYC4f1M&tbnid=16wGVvVbpQaApM:&ved=0CAUQjRw&url=http://corrupteddevelopment.com/blank-calendar-icon-template-psd/&ei=KjRwUv7NFYqiigKP8IDYBw&psig=AFQjCNFIVmwlzefd630ZZHTm3O9t5rkCIA&ust=1383171487248822


Questions on ‘the where and when’?


WHAT’S NEXT?



What about between now and then?

Socialize this webinar with key people in your org

Check out the AWS Security blog

– Tags by: Compliance, Best practices, etc.

Attend re:Invent sessions focused on compliance

(or watch the recordings on YouTube in late Nov)

– SEC101: AWS Security – Keynote Address

– SEC203: Security Assurance and Governance in AWS

– SEC204: Building Secure Applications and Navigating FedRAMP

in the AWS GovCloud (US) Region

– SEC206: Taking the Fear Out of PCI Compliance in the Cloud

– SEC306: Implementing Bullet-Proof HIPAA Solutions on AWS


ADDITIONAL QUESTIONS?



Copyright © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.

This work may not be reproduced or redistributed, in whole or in part,

without prior written permission from Amazon Web Services, Inc.

Commercial copying, lending, or selling is prohibited.

Questions? Email us at [email protected].

Date post:	13-Jan-2015
Category:	Technology
Upload:	amazon-web-services
View:	4,319 times
Download:	1 times