security in the cloud - aws symposium 2014 - washington d.c
DESCRIPTION
Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.TRANSCRIPT
![Page 1: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/1.jpg)
Security in the Cloud
Stephen E. Schmidt,
Vice President, Security Engineering &
Chief Information Security Officer
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 2: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/2.jpg)
8th BirthdayLaunched on March 14th, 2006
![Page 3: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/3.jpg)
Startups on AWS
![Page 4: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/4.jpg)
Enterprises on AWS
![Page 5: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/5.jpg)
Public Sector on AWS
![Page 6: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/6.jpg)
System Integrators on AWS
![Page 7: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/7.jpg)
ISVs on AWS
![Page 8: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/8.jpg)
Why are enterprises & government adopting cloud computing and AWS so quickly?
![Page 9: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/9.jpg)
The primary reason enterprises &
governments are moving so quickly to
AWS and the cloud
#1: Agility
![Page 10: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/10.jpg)
Why does agility matter?
![Page 11: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/11.jpg)
Old World: Infrastructure in weeks
Enterprises & Government Can’t Afford to Be Slow
![Page 12: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/12.jpg)
A Culture of Innovation: Experiment Often & Fail Without Risk
![Page 13: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/13.jpg)
Regions Availability Zones Content Delivery POPs
#2: Platform Breadth and Depth
![Page 14: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/14.jpg)
10 regions26 availability zones51 edge locations
It’s Not Just Having Services in a Couple of Regions…
![Page 15: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/15.jpg)
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 16: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/16.jpg)
Direct ConnectRoute 53
VPCNetworking
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 17: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/17.jpg)
Direct ConnectRoute 53
VPCNetworking
Analytics
Data Pipeline
Redshift
EMRKinesis
SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 18: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/18.jpg)
Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct ConnectRoute 53
VPCNetworking
Analytics
Data Pipeline
Redshift
EMRKinesis
SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 19: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/19.jpg)
Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net
OpsWorks CloudFormationContainers & Deployment (PaaS)
Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct ConnectRoute 53
VPC
Networking
Analytics
Data Pipeline
Redshift
EMRKinesis
SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 20: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/20.jpg)
Technology Partners Consulting Partners AWS MarketplaceEcosystemElastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net
OpsWorks CloudFormationContainers & Deployment (PaaS)
Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct ConnectRoute 53
VPCNetworking
Analytics
Data Pipeline
Redshift
EMRKinesis
SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 21: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/21.jpg)
Support CertificationTrainingProfessional Services
Technology Partners Consulting Partners AWS MarketplaceEcosystemElastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net
OpsWorks CloudFormationContainers & Deployment (PaaS)
Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface
Direct ConnectRoute 53
VPCNetworking
Analytics
Data Pipeline
Redshift
EMRKinesis
SWFSNS SQS CloudSearchSES AppStreamCloudFront
Application Services
WorkSpaces
Regions Availability Zones Content Delivery POPs
Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache
StorageCompute Databases
RDS
MySQL, PostgreSQL
Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling
#2: Platform Breadth and Depth
![Page 22: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/22.jpg)
Security is Our No.1 PriorityComprehensive Security Capabilities to Support Virtually Any Workload
PEOPLE & PROCEDURES
NETWORK SECURITY
PHYSICAL SECURITY
PLATFORM SECURITY
![Page 23: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/23.jpg)
“[Enterprise customers are] skipping the years of early getting-their-feet-wet, and immediately jumping in with more significant projects, with more ambitious goals…”
![Page 24: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/24.jpg)
“Increasingly, organizations are asking what can’t go to the cloud, rather than what can…”
![Page 25: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/25.jpg)
“As 2014 dawns, we’re moving into an era of truly mainstream adoption of cloud…”
![Page 26: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/26.jpg)
• SECURITY IS SHARED
![Page 27: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/27.jpg)
WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
![Page 28: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/28.jpg)
WHAT WE DO
FOR YOU
WHAT YOU DO YOURSELF
![Page 29: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/29.jpg)
• EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES
• CHOOSE WHAT’S RIGHT FOR YOUR WORKLOAD
![Page 30: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/30.jpg)
• CLOUD SECURITY OFFERS MORE
• VISIBILITY• AUDITABILITY• CONTROL
![Page 31: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/31.jpg)
• MORE VISIBILITY
![Page 32: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/32.jpg)
• CAN YOU MAP YOUR NETWORK?
• WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?
![Page 33: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/33.jpg)
![Page 34: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/34.jpg)
![Page 35: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/35.jpg)
• MORE AUDITABILITY
![Page 36: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/36.jpg)
![Page 37: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/37.jpg)
• SECURITY CONTROL OBJECTIVES
• 1. SECURITY ORGANIZATION• 2. AMAZON USER ACCESS• 3. LOGICAL SECURITY• 4. SECURE DATA HANDLING• 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS• 6. CHANGE MANAGEMENT• 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY• 8. INCIDENT HANDLING
![Page 38: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/38.jpg)
![Page 39: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/39.jpg)
• MORE CONTROL
![Page 40: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/40.jpg)
Defense in DepthMulti level security
• Physical security of the data centers• Network security• System security• Data security
DATA
![Page 41: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/41.jpg)
• LEAST PRIVILEGE PRINCIPLE
• AT AWS
![Page 42: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/42.jpg)
• LEAST PRIVILEGE PRINCIPLECONFINE ROLES ONLY TO THE MATERIALREQUIRED TO DO SPECIFIC WORK
![Page 43: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/43.jpg)
• LEAST PRIVILEGE PRINCIPLESEPARATE NETWORKS FOR CORPORATE WORK VS. ACCESSING CUSTOMER DATA
![Page 44: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/44.jpg)
• LEAST PRIVILEGE PRINCIPLEMUST HAVE A BUSINESS NEED-TO-KNOW ABOUT SENSITIVE INFORMATION LIKE DATACENTER LOCATIONS
![Page 45: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/45.jpg)
• LEAST PRIVILEGE PRINCIPLEMUST HAVE A BUSINESS NEED-TO-KNOW IN ORDER TO ACCESS DATACENTERS
![Page 46: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/46.jpg)
• SIMPLE SECURITY CONTROLSARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT, AND EASIEST TO ENFORCE
![Page 47: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/47.jpg)
![Page 48: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/48.jpg)
• IDC Survey
• Attitudes and Perceptions Around Security and Cloud Services• Nearly 60% of organizations agreed that CSPs [Cloud Service
Providers] provide better security than their own IT organization
• Source: IDC 2013 U.S. Cloud Security Survey• Doc #242836, September 2013
![Page 49: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/49.jpg)
• “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers”
Tom Soderstrom – CTO – NASA JPL
![Page 50: Security in the Cloud - AWS Symposium 2014 - Washington D.C](https://reader035.vdocument.in/reader035/viewer/2022062511/54b6cf1c4a7959b5318b463f/html5/thumbnails/50.jpg)
AWS Security
Stephen E. Schmidt, Chief Information Security Officer
Thank You!