how public sector entities are advancing their security and governance capabilities with aws - aws...
DESCRIPTION
The session will cover how the public sector is advancing their security and governance capabilities with AWS.TRANSCRIPT
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
How Public Sector is Advancing Their Security and Governance Capabilities with AWS
Chad WoolfDirector, AWS Risk and
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Better Security in the Cloud
“…We’ll also see organizations adopt cloud services for the improved security protections and compliance controls that they otherwise could not provide as efficiently or effectively themselves.”
- Security’s Cloud Revolution Is Upon Us,
Forrester Research, Inc., August 2, 2013
Better Security in AWS
Cross-service Controls
Service-specific Controls
Managed by AWS
Managed by Customer
Security of the Cloud
Security in the Cloud
Cloud Service Provider Controls
Optimized Network/OS/App Controls
Request reports at:aws.amazon.com/compliance/#contact
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Governance, Security, Compliance Enablers
Governance in AWS
AWS Security Best Practices
AWS Auditing Security Checklist
AWS Risk and Compliance
AWS Trusted Advisor
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
FedRAMP Package
• Standard package: SSP, SAR• Most usable doc: SSP Template
Helps you figure out this ->
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security at Scale: Governance in AWS
1. Financial Control
2. IT Asset Identification
3. Asset Configuration and Management
4. Logical Access Control
5. Physical Access Control
6. Data Encryption
7. Network Configuration and Management
8. Security Logging and Monitoring
9. Security Incident Response
10. Disaster Recovery
Get this whitepaper at:aws.amazon.com/compliance/
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
ExamplesGovernance Domain
On-prem Challenge AWS Enabler Control Provided
8. Security Logging and Monitoring
Centralized logging of user actions taken against a set of IT resources
AWS CloudTrailProvides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.)
Advanced monitoring capabilities of actions taken and changes made
10. Disaster Recovery
Producing point in time, usable incremental backups
EBS Snapshots Point-in-time full volume copies of EBS data into persistent storage of S3
Anytime incremental point-in-time backup of server data
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
ExamplesGovernance Domain
On-prem Challenge AWS Enabler Control Provided
8. Security Logging and Monitoring
Centralized logging of user actions taken against a set of IT resources
AWS CloudTrailProvides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.)
Advanced monitoring capabilities of actions taken and changes made
10. Disaster Recovery
Producing point in time, usable incremental backups
EBS Snapshots Point-in-time full volume copies of EBS data into persistent storage of S3
Anytime incremental point-in-time backup of server data
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security at Scale: Governance in AWS
1. Financial Control
2. IT Asset Identification
3. Asset Configuration and Management
4. Logical Access Control
5. Physical Access Control
6. Data Encryption
7. Network Configuration and Management
8. Security Logging and Monitoring
9. Security Incident Response
10. Disaster Recovery
Get this whitepaper at:aws.amazon.com/compliance/
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Scaling Security
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Innovative Governance Tool: AWS Trusted Advisor
• Online service from AWS Support– Analyzes account for various kinds of
issues and possible concerns– Soon available as an API for integration
with your tools or 3rd party solutions
• Four categories: – Cost savings– Security– Fault tolerance– Performance
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Since 1/1/2013:• 10,000+ customers• 700,000+ recommendations
reviewed• $140M+ in annualized savings
Learn more about Trusted Advisor at:https://aws.amazon.com/premiumsupport/trustedadvisor/
Innovative Governance Tool: AWS Trusted Advisor
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS: centralized security controls - visible, testable,
automated
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Resource LinksAWS Compliance site - provides AWS Compliance Forum links, descriptions of audit reports available, contact links, and relevant whitepapers
http://aws.amazon.com/compliance/
AWS Security Center – provides links to a detailed whitepaper on how we manage security at AWS and provides links to contact AWS Security
http://aws.amazon.com/security/
AWS Security Blog – posts contain security best practices for AWS services, how-to guides, compliance milestones, and customer and partner stories
http://blogs.aws.amazon.com/security/
Trusted Advisor - information on the tool, the nature of the checks, and how to access it
https://aws.amazon.com/premiumsupport/trustedadvisor/
Case studies – features of a wide range of companies doing amazing things on AWS http://aws.amazon.com/solutions/case-studies/all/
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Questions?
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Thank You
Chad [email protected]