Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Shared Responsibility Deep Dive

3,142 views

Published on

AWS Pop-up Loft London Series

Published in: Technology
  • Login to see the comments

Shared Responsibility Deep Dive

  1. 1. Shared Responsibility Deep Dive Gavin Fitzpatrick Security Assurance Technical Architect- EMEA 22/10/2015
  2. 2. Intro to AWS Everyday, AWS adds enough new server capacity to support Amazon.com when it was a $7 billion global enterprise.
  3. 3. where to place data isolated by design • Data is not replicated to other AWS regions
  4. 4. manages
  5. 5. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud
  6. 6. Infrastructure Services Container Services Abstract Services
  7. 7. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Platform & Applications Management Customer content Customers Managed by Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWSIAMCustomerIAM Operating System, Network & Firewall Configuration Server-Side Encryption Fire System and/or Data
  8. 8. • AWS Responsibility: • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS IAM • AWS API Endpoints
  9. 9. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Firewall Configuration Platform & Applications Management Operating System, Network Configuration Customer content Customers Managed by Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWSIAMCustomerIAM
  10. 10. • AWS Responsibility: • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS IAM • AWS API Endpoints • Operating System • Platform / Application • High Availability
  11. 11. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Platform & Applications Management Operating System, Network & Firewall Configuration Customer content Customers Managed by Managed by Optional – Opaque Data: 1’s and 0’s (in flight / at rest) Data Protection by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit Client-Side Data Encryption & Data Integrity Authentication AWSIAM
  12. 12. • AWS Responsibility: • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS IAM • AWS API Endpoints • Operating System • Platform / Application • Data Protection (Rest - SSE, Transit) • High Availability / Scaling
  13. 13. Infrastructure Services Applications Operating System Container Services Abstract Services Networking/Firewall Data Customer IAM AWS IAM Firewall Data AWS IAM Data Customer IAM AWS IAM
  14. 14. OF
  15. 15. AWS Foundation Services Hypervisor Compute Storage Network AWS Global Infrastructure Regions AWS is responsible for the security OF the cloud AWS Availability Zones Edge Locations
  16. 16. on AWS •Start on base of accredited services •Functionally necessary – high watermark of requirements •Audits done by third party experts •Accountable to everyone •Continuous monitoring •Compliance approach based on all workload scenarios •Security innovation drives broad compliance on-Prem • Start with bare concrete • Functionally optional – (you can build a secure system without it) • Audits done by an in-house team • Accountable to yourself • Typically check once a year • Workload-specific compliance checks • Must keep pace and invest in security innovation Auditing - Comparison on-Prem vs onAWS
  17. 17. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Your own accreditation Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls Customers
  18. 18. accreditation certification possible
  19. 19. •Security Control Responsibility Matrix (CRM)
  20. 20. •AWS CloudFormation templates
  21. 21. •User Guides and Scripts to assist with deployment
  22. 22. Helpful Resources https://aws.amazon.com/compliance/compliance-enablers/ https://aws.amazon.com/whitepapers/overview-of-risk-and-compliance/ https://aws.amazon.com/compliance https://aws.amazon.com/security https://blogs.aws.amazon.com/security/ awsaudittraining@amazon.com
  23. 23. awscompliance

×