security, risk, compliance & controls
TRANSCRIPT
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
June 16, 2016 • Enterprise Summit • Hong Kong
Security, Risk, Compliance & Controls
Brian Wagner, AWS Security Consultant
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Amazon S3 secure, durable, highly-scalable cloud storage
Amazon S3
Access Control Durable Logging
AWS Key Management Service create and control the encryption keys used to encrypt your data
AWS Key Management Service
Built-in Auditing Compliance Access Control
AWS Key Management Service
Your application or AWS service
+ Data key Encrypted data key
Encrypted data
Master keys in customer’s account
KMS
AWS CloudTrail records AWS API calls for your account and delivers log files
AWS CloudTrail
Notifications Integration Integrity
AWS CloudTrail
CloudTrail can help you achieve many tasks Security analysis Track changes to AWS resources Compliance – log and understand AWS API
call history Prove that you did not:
Use the wrong region Use services you don’t want
Troubleshoot operational issues – quickly identify the most recent changes to your environment
AWS Config records AWS API calls for your account and delivers log files
AWS Config
Governance Dashboard Customizable Continuous
Continuous Change Recording Changing Resources
AWS Config History
Stream
Snapshot (ex. 2014-11-05) AWS Config
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
Data Protection Principle 4
“All practicable steps shall be taken to ensure that personal data held by a data user are protected against unauthorized or accidental access, processing, erasure, loss or use”
“All practical and reasonable protection measures to be taken, given circumstances (kind of data, physical location, transmission of data)”
Access Control Durability Logging Encryption
IAM S3 CloudTrail KMS
Real-time Compliance
IAM S3 CloudTrail KMS
Config
Brian Wagner, AWS Security Consultant