security, risk, compliance & controls

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

bjwagner@amazon.com

June 16, 2016 • Enterprise Summit • Hong Kong

Security, Risk, Compliance & Controls

Brian Wagner, AWS Security Consultant

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Amazon S3 secure, durable, highly-scalable cloud storage

Amazon S3

Access Control Durable Logging

AWS Key Management Service create and control the encryption keys used to encrypt your data

AWS Key Management Service

Built-in Auditing Compliance Access Control

AWS Key Management Service

Your application or AWS service

+ Data key Encrypted data key

Encrypted data

Master keys in customer’s account

KMS

AWS CloudTrail records AWS API calls for your account and delivers log files

AWS CloudTrail

Notifications Integration Integrity

AWS CloudTrail

CloudTrail can help you achieve many tasks   Security analysis   Track changes to AWS resources   Compliance – log and understand AWS API

call history   Prove that you did not:

  Use the wrong region   Use services you don’t want

  Troubleshoot operational issues – quickly identify the most recent changes to your environment

AWS Config records AWS API calls for your account and delivers log files

AWS Config

Governance Dashboard Customizable Continuous

Continuous Change Recording Changing Resources

AWS Config History

Stream

Snapshot (ex. 2014-11-05) AWS Config

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

Data Protection Principle 4

“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”

“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”

Access Control Durability Logging Encryption

IAM S3 CloudTrail KMS

Real-time Compliance

IAM S3 CloudTrail KMS

Config

Brian Wagner, AWS Security Consultant