Presentation is loading. Please wait.

Presentation is loading. Please wait.

AWS Region US-WEST (N. California) EU-WEST (Ireland) EU-Central (Frankfurt) EU-WEST (Ireland) EU-Central (Frankfurt) ASIA PAC (Tokyo) ASIA PAC (Singapore)

Published byGeorgiana Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "AWS Region US-WEST (N. California) EU-WEST (Ireland) EU-Central (Frankfurt) EU-WEST (Ireland) EU-Central (Frankfurt) ASIA PAC (Tokyo) ASIA PAC (Singapore)"— Presentation transcript:

1

2 AWS Region US-WEST (N. California) EU-WEST (Ireland) EU-Central (Frankfurt) EU-WEST (Ireland) EU-Central (Frankfurt) ASIA PAC (Tokyo) ASIA PAC (Singapore) US-WEST (Oregon) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) GOV CLOUD ASIA PAC (Sydney) China (Beijing)

3 Regions: –Dublin (EU-West) – 3 x Availability Zones Launched in 2007 –Frankfurt (EU-Central) – 2 x Availability Zones Edge Locations: –Amsterdam, The Netherlands (2), Dublin, Ireland, Frankfurt, Germany (3), London, England (3), Madrid, Spain, Marseille, France, Milan, Italy, Paris, France (2), Stockholm, Sweden, and Warsaw, Poland Direct Connect POPs: –Dublin, London, Frankfurt

4 AWS Global Infrastructure Your Applications AWS Global Infrastructure Regions Availability Zones Edge Locations Foundation Services Application Services Deployment & Management ComputeStorageNetworkingDatabases Content DeliveryApplications Distributed Computing Libraries & SDK’s EC2 S3EBSGlacier Storage Gateway VPC Direct Connect ELBRoute53RDSElastiCacheDynamoRedShift CloudFrontSESSNSSQS Elastic Transcoder CloudSearchSWFEMR CloudWatch Monitoring BeanStalkOpsWorks Cloud Formation DataPipe Deployment & Automation IAMFederation Identity & Access Management Console Billing Web Interface Human Interaction Mechanical Turk AWS Global Infrastructure Enterprise Applications Workspaces Zocalo Virtual Desktop Document Collaboration

5

6

7

8 Pace of Innovation: Security vs. All

9

10 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud

11 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Platform & Applications Management Customer content Customers Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWS IAM Customer IAM Operating System, Network & Firewall Configuration Server-Side Encryption Fire System and/or Data

12 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Firewall Configuration Platform & Applications Management Operating System, Network Configuration Customer content Customers Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWS IAM Customer IAM

13 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Platform & Applications Management Operating System, Network & Firewall Configuration Customer content Customers Managed by Optional – Opaque Data: 1’s and 0’s (in flight / at rest) Network Traffic Protection by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit Client-Side Data Encryption & Data Integrity Authentication AWS IAM

14

15 Identity Access Management (IAM) With AWS IAM you get to control who can do what in your AWS environment and from where Root in AWS is the same as Root in Windows/Linux Password Policies IAM Credentials Reports Manage Access Keys Fine grained control of users, groups, roles, and permissions to resources Integrate with your existing corporate directory using SAML 2.0 and single sign-on AWS account owner Network management Security management Server management Storage management

16 Fully managed service which provides: An Inventory of your AWS resources Lets you audit the resource configuration history Notifies you of resource configuration changes

17 Security Analysis: Am I safe? Config allows you to continuously monitor and evaluate configuration of workloads Audit Compliance: Where is the evidence? Complete inventory of all resources and their configuration attributes @ any point in time Change Management: What will this change affect? All resource changes (create,update,delete) streamed to SNS Troubleshooting: What has changed? Identify changes in resource to resource relationships

18 You are making API calls... On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL Redshift AWS CloudFormation AWS Elastic Beanstalk

19 AWS CloudTrail

20

21 Whitepaper: https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf

22

23

24

25 Singapore MTCS

26 On AWS Start on base of accredited services Functionally necessary – high watermark of requirements Audits done by third party experts Accountable to everyone Continuous monitoring Compliance approach based on all workload scenarios Security innovation drives broad compliance On-prem Start with bare concrete Functionally optional –(you can build a secure system without it) Audits done by an in-house team Accountable to yourself Typically check once a year Workload-specific compliance checks Must keep pace and invest in security innovation Accreditation & Compliance: on-prem vs on AWS

27

28 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Your own accreditation Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls Customers

29 Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (EC2) Hardened service endpoints Fine-grained IAM capability += AWS partner solutions Your secure AWS solutions These local and global AWS partners provide wide range solutions from intrusion detection, data encryption, user management etc via SaaS and EC2 based Virtual Appliance

30

31 Company: UK-based global communications platform for call centers to capture communications data Challenge: must comply with PCI DSS so their customers can process payment card data on the platform Results: PCI certified on AWS; also SOC 1 Type 2 audited, ISO 27001 certified http://d36cz9buwru1tt.cloudfront.net/Cognia-Case-Study.pdf

32 Company: France-based insurance and healthcare coverage company, responsible for secure use and storage of confidential customer information Challenge: move critical IT to AWS and comply with the Solvency II Directive (EU insurance regulation) Results: Moved to AWS, realized cloud benefits (financial, security, scalability, availability, resiliency) and remain fully compliant with Solvency II and other compliance requirements. They are moving their other environments onto AWS. http://aws.amazon.com/solutions/case-studies/smatis/

33

34

35

Download ppt "AWS Region US-WEST (N. California) EU-WEST (Ireland) EU-Central (Frankfurt) EU-WEST (Ireland) EU-Central (Frankfurt) ASIA PAC (Tokyo) ASIA PAC (Singapore)"

Similar presentations

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.

Creating HIPAA-Compliant Medical Data Applications with Amazon Web Services Presented by, Tulika Srivastava Purdue University.
Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.

Thanks to Microsoft Azure’s Scalability, BA Minds Delivers a Cost-Effective CRM Solution to Small and Medium-Sized Enterprises in Latin America MICROSOFT.
BalaBit Shell Control Box

BalaBit Shell Control Box
B. Ramamurthy 4/17/20151. Overview of EC2 Components (fig. 2.1) 10..* 1 1 1 1 4/17/20152.

B. Ramamurthy 4/17/ Overview of EC2 Components (fig. 2.1) 10..* /17/20152.
Amazon Web Services Security & Compliance Overview

Amazon Web Services Security & Compliance Overview
Www.cleo.com Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.

Steve Jordan Director. Industry Solutions 05/05/14 Managing Chaos: Data Movement in 2014.
Using ArcGIS for Server in the Amazon Cloud

Using ArcGIS for Server in the Amazon Cloud
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
Marihebert Leal. Alteryx is the fastest analytics plataform that is purpose- built to empower data analysts & their productivity. It blend complex data,

Marihebert Leal. Alteryx is the fastest analytics plataform that is purpose- built to empower data analysts & their productivity. It blend complex data,
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
MyCloudIT Removes the Complexity of Moving Cloud Customers’ Entire IT Infrastructures to Microsoft Azure – Including the Desktop MICROSOFT AZURE ISV: MYCLOUDIT.

MyCloudIT Removes the Complexity of Moving Cloud Customers’ Entire IT Infrastructures to Microsoft Azure – Including the Desktop MICROSOFT AZURE ISV: MYCLOUDIT.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.

Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
The Future for BRC Global Standard Food Safety David Brackston Senior Technical Service Manager BRC.

The Future for BRC Global Standard Food Safety David Brackston Senior Technical Service Manager BRC.
Automated Backup, Recovery, Inventory and Management for Security and Networking Devices.

Automated Backup, Recovery, Inventory and Management for Security and Networking Devices.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+

No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Opensource for Cloud Deployments – Risk – Reward – Reality

Opensource for Cloud Deployments – Risk – Reward – Reality
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.

© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.

Cloud Computing Kwangyun Cho v=8AXk25TUSRQ.
1 November 2008 David Hall Sales Manager – New Business Data Centre Hosting for the M-Business.

1 November 2008 David Hall Sales Manager – New Business Data Centre Hosting for the M-Business.
Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.

Adra Match BALANCER: Balance Sheet Reconciliation Software Powered by the Microsoft Azure Cloud MICROSOFT AZURE ISV PROFILE: ADRA MATCH Adra Match develops.

Similar presentations

Ads by Google