Upload
amazon-web-services
View
342
Download
0
Tags:
Embed Size (px)
Citation preview
“… We’ll also see organizations adopt cloud services for the improved security protections and compliance controls that they otherwise could not provide as efficiently or effectively
themselves.”
Security’s Cloud Revolution is Upon Us Forrester Research, Inc., August 2, 2013
AWS IAMIdentity & Access Management.
Control who does what in your AWS account with fine-grained policies.
CHOOSE THE RIGHT MODEL FOR YOUR NEEDSAutomated – AWS manages encryption
Enabled – user manages encryption using AWSClient-side – user manages encryption using their own mean
AWS Private Key Management Capabilities
AWS CloudHSMDedicated HSM appliances
Managed and monitored by AWS, but you control the keys
Increase performance for applications that use HSMs for
key storage or encryption
Comply with stringent regulatory and contractual
requirements for key protectionEC2 InstanceAWS CloudHSM
MAKE SECURITY ACTIONABLEAutomate log reviews with AWS Lambda.
Automatically shutdown non-compliant instances.Validate changes.
Rollback unapproved changes.
CONTINUOUS DEPLOYMENT FOR SECURITY
Automated deployments are more secure.Enables “SSH-less” production environments.
Rapid deployment of security fixes.Use AWS CodeDeploy.
You are making API calls...
On a growing set of services around the
world…
CloudTrail is continuously recording API
calls…
And delivering log files to you
AWS CloudTrail
Continuous ChangeRecordingChanging Resources
AWS ConfigHistory
Stream
Snapshot (ex. 2014-11-05)AWS Config
AWS Data Processing Agreement contains Model Clauses
The Article 29 Working Party has approved the AWS Data Processing Agreement which includes the Model Clauses.
For more details: bit.ly/aws-dpa
92% of private clouds are still falling short of the core requirements: self-service, full automation, tracking and monitoring.
AWS Private Storage Capabilities
Encrypted object storage
Private encryption key management
Single-tenant block storage
Amazon S3 Amazon EBS Amazon CloudHSM
Encrypted block storage
EC2AWS
DirectConnect
Choose the right level of storage isolation for every workload
AWS Private Compute CapabilitiesChoose the right level of compute isolation for every workload
EC2 in a VPC Dedicated instances
Single tenant infrastructure
Software-defined network isolation
Physical isolation
Fine grained access roles and groups
Identity & Access Management
AWS Private Network Capabilities
Software-defined private network
AWS Virtual Private Cloud (VPC)
Dedicated private network connection to AWS
AWS Direct Connect
All services
AWS Private Key Management Capabilities
AWS CloudHSMDedicated HSM appliances
Managed and monitored by AWS, but you control the keys
Increase performance for applications that use HSMs for
key storage or encryption
Comply with stringent regulatory and contractual
requirements for key protectionEC2 InstanceAWS CloudHSM
AWS Governance
Geographic data locality
Fine-grained access control over data and resources
Control over regional replication
Policies, resource level permissions,
temporary credentials
Fine-grainedaccess control
In-depth audits
AWS CloudTrail
INTEGRATION WITHON-PREMISES RESOURCES
Integrated networking
Integrated access control
Integrated cloud backups
Single pane of glass
# 192.168.1.10
# 192.168.1.11
Microsoft Active Directory
Custom LDAP
App 1AWS Storage Gateway
“Based on our experience,I believe that we can be even more secure in the AWS cloud than in our own data centers”
Tom Soderstrom – CTO – NASA JPL