+ All Categories
Home > Technology > AWS Webcast - Understanding the AWS Security Model

AWS Webcast - Understanding the AWS Security Model

Date post: 16-Jul-2015
Category:
Upload: amazon-web-services
View: 1,696 times
Download: 5 times
Share this document with a friend
Popular Tags:
25
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Max Ramsay, Head of Americas Security Solution Architecture, AWS March 19 th , 2015 Understanding the AWS Shared Security Model
Transcript
Page 1: AWS Webcast - Understanding the AWS Security Model

© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Max Ramsay, Head of Americas Security Solution Architecture, AWS

March 19th, 2015

Understanding the AWS

Shared Security Model

Page 2: AWS Webcast - Understanding the AWS Security Model

Security is Job Zero

Familiar Security

ModelValidated and driven by

customers’ security expertsBenefits all customers

PEOPLE & PROCESS

SYSTEM

NETWORK

PHYSICAL

Page 3: AWS Webcast - Understanding the AWS Security Model

Vodafone built a mobile payment app

Amazon Web Services was the

clear choice in terms of security.

Stefano Harak

Online Senior Product Manager

PCI and DSS compliance was essential

Launched in 3 months

Reduced CapEx by 30%

Deployed to 7 channels, including Facebook

Payments

Page 4: AWS Webcast - Understanding the AWS Security Model

Agenda

• AWS Culture

• Shared Security Model

• Compliance

• Tools & Features

• Where to get help

Page 5: AWS Webcast - Understanding the AWS Security Model

Security & compliance requirements from every industry

Page 6: AWS Webcast - Understanding the AWS Security Model

Expert Audits: Transparency & Accuracy

SME

SME

SME

SME

SME

Page 7: AWS Webcast - Understanding the AWS Security Model

Security, compliance, governance, and audit related launches and updates

AWS constantly innovating – driven by your needs

Page 8: AWS Webcast - Understanding the AWS Security Model

Native tools improve compliance efficiency

Discover and provision cloud services

Audit and troubleshoot configuration

changes in the cloud

Get consistent visibility of cloud logs

Page 9: AWS Webcast - Understanding the AWS Security Model

AWS Foundation Services

Compute Storage Database Networking

AWS Global Infrastructure

Regions

Availability Zones

Edge Locations

Identity Data Infrastructure

Customer applications & content

You

AWS and you share responsibility for security

You get to

define your

controls IN the

Cloud

AWS takes care

of the security

OF

the Cloud

Page 10: AWS Webcast - Understanding the AWS Security Model

What this means

• You benefit from an environment built for the most

security sensitive organizations

• AWS manages 1,800+ security controls so you don’t

have to

• You get to define the right security controls for your

workload sensitivity

• You always have full ownership and control of your data

Page 11: AWS Webcast - Understanding the AWS Security Model

Key AWS Certifications and Assurance Programs

Page 12: AWS Webcast - Understanding the AWS Security Model

IT Grundschutz Certification Workbook

• Assessed by TÜV TRUST IT

• AWS controls meet BSI IT Grundschutz requirements

• Customers can integrate AWS infrastructure into their

own ISMS and be compliant

• Report and workbook available at

aws.amazon.com/compliance

Page 13: AWS Webcast - Understanding the AWS Security Model

On AWS

•Start on base of accredited services

•Functionally necessary – high watermark of

requirements

•Audits done by third party experts

•Accountable to everyone

•Continuous monitoring

•Compliance approach based on all

workload scenarios

•Security innovation drives broad

compliance

On-prem

• Start with bare concrete

• Functionally optional (you can build a secure system without it)

• Audits done by an in-house team

• Accountable to yourself

• Typically check once a year

• Workload-specific compliance checks

• Must keep pace and invest in securityinnovation

Accreditation & Compliance: on-prem vs on AWS

Page 14: AWS Webcast - Understanding the AWS Security Model

AWS Security Tools & Features

IdentityDataInfrastructure

Customer applications & content

Oversight & Monitoring

• AWS and its partners offer over 700 security services, tools and

features

• Mirror the familiar controls you deploy within your on-prem

environments

Page 15: AWS Webcast - Understanding the AWS Security Model

Infrastructure: Enforce consistent security on hosts

EC2

AMI catalogue Running instance Your instance

Hardening

Audit and logging

Vulnerability management

Malware and HIPS

Whitelisting and integrity

User administration

Operating system

• You fully control EC2 instances

• Configure and harden to your own specs!

• Use host-based protection software

• Manage administrative users

• Enforce separation of duties & least privilege

• Build out the rest of your standard security environment

• Connect to your existing services, e.g. SIEM, monitoring,

patching

Page 16: AWS Webcast - Understanding the AWS Security Model

Create flexible, resilient, segmented environments

Your organization

Project Teams Marketing

Business Units Reporting

Digital /

Websites

Dev and

Test

Redshift

EMR

Analytics

Internal

Enterprise

Apps

Amazon S3

Amazon Glacier

Storage/

Backup

Page 17: AWS Webcast - Understanding the AWS Security Model

Encrypt your Elastic Block Store volumes any way you like

• AWS native EBS encryption for free with a mouse-click

• Encrypt yourself using free utilities, plus Trend Micro, SafeNet and

other partners for high-assurance key management solutions

Amazon S3 offers either server or client-side encryption

• Manage your own keys or let AWS do it for you

Redshift has one-click disk encryption as standard

• Encrypt your data analytics

• You can supply your own keys

Amazon RDS supports encryption

• Encrypt your MySQL or PostgreSQL databases using keys you manage through AWS Key Management Service (KMS)

• Supports Transparent Data Encryption in SQL Server and Oracle

Data: Encrypt your sensitive information

DBA

Page 18: AWS Webcast - Understanding the AWS Security Model

Identity: Control access and segregate duties

everywhere

You get to control who can do what in your AWS

environment when and from where

Fine-grained control of your AWS cloud with multi-

factor authentication

Integrate with your existing corporate directory using

SAML 2.0 and single sign-on

AWS account owner

Network management

Security management

Server management

Storage management

Page 19: AWS Webcast - Understanding the AWS Security Model

Full visibility of your AWS environment

• CloudTrail will record access to API calls and save logs in your

S3 buckets, no matter how those API calls were made

Who did what and when and from where (IP address)

• Support for many AWS services and growing - includes EC2,

EBS, VPC, RDS, IAM and RedShift

• Easily Aggregate all log information

Out of the box integration with log analysis tools from

AWS partners including Splunk, AlertLogic and

SumoLogic

Monitoring: Get consistent visibility of logs

Page 20: AWS Webcast - Understanding the AWS Security Model

AWS Marketplace: One-stop shop for security tools

Advanced Threat

Analytics

Application Security

Identity and Access Mgmt

Encryption & Key Mgmt

Server & Endpoint

Protection

Network Security

Vulnerability & Pen Testing

Page 21: AWS Webcast - Understanding the AWS Security Model

Getting help – Trusted Advisor

Performs a series of security configuration checks of your AWS environment:

• Open ports

• Unrestricted access

• IAM use

• CloudTrail Logging

• S3 Bucket Permissions

• Multi-factor auth

• Password Policy

• DB Access Risk

• DNS Records

• Load Balancer config

Page 22: AWS Webcast - Understanding the AWS Security Model

Getting Help: Support

Account Team

• Your Account Manager is your advocate

• Solutions Architects have a wealth of expertise

Four tiers of support

• Free – Basic, forum-based & health check support

• Developer – Email support & best practice guidance

• Business – Phone/chat/email support, 1 hour response time

• Enterprise – 15 min response time, dedicated Technical Account Manager

Page 23: AWS Webcast - Understanding the AWS Security Model

Getting Help: Professional Services

AWS Professional Services

• Enterprise Security Architecture

• Policy & Controls Mapping

• SOC Design

AWS Partner Network

• Over 600 certified AWS Consulting Partners worldwide

Page 24: AWS Webcast - Understanding the AWS Security Model

Summary

• Security is job zero for AWS

• AWS takes care of the security OF the Cloud

• You define your controls IN the Cloud

• Compliance is more cost effective in AWS

• You can take advantage of over 700 services, tools and

features from AWS and partners

• AWS and partner resources on hand to help

Page 25: AWS Webcast - Understanding the AWS Security Model

Thank you!


Recommended