How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS...
-
Upload
amazon-web-services -
Category
Technology
-
view
472 -
download
3
description
Transcript of How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS...
![Page 1: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/1.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
How Public Sector is Advancing Their Security and Governance Capabilities with AWS
Chad WoolfDirector, AWS Risk and
![Page 2: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/2.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Better Security in the Cloud
“…We’ll also see organizations adopt cloud services for the improved security protections and compliance controls that they otherwise could not provide as efficiently or effectively themselves.”
- Security’s Cloud Revolution Is Upon Us,
Forrester Research, Inc., August 2, 2013
![Page 3: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/3.jpg)
Better Security in AWS
Cross-service Controls
Service-specific Controls
Managed by AWS
Managed by Customer
Security of the Cloud
Security in the Cloud
Cloud Service Provider Controls
Optimized Network/OS/App Controls
Request reports at:aws.amazon.com/compliance/#contact
![Page 4: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/4.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Governance, Security, Compliance Enablers
Governance in AWS
AWS Security Best Practices
AWS Auditing Security Checklist
AWS Risk and Compliance
AWS Trusted Advisor
![Page 5: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/5.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
FedRAMP Package
• Standard package: SSP, SAR• Most usable doc: SSP Template
Helps you figure out this ->
![Page 6: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/6.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security at Scale: Governance in AWS
1. Financial Control
2. IT Asset Identification
3. Asset Configuration and Management
4. Logical Access Control
5. Physical Access Control
6. Data Encryption
7. Network Configuration and Management
8. Security Logging and Monitoring
9. Security Incident Response
10. Disaster Recovery
Get this whitepaper at:aws.amazon.com/compliance/
![Page 7: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/7.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
ExamplesGovernance Domain
On-prem Challenge AWS Enabler Control Provided
8. Security Logging and Monitoring
Centralized logging of user actions taken against a set of IT resources
AWS CloudTrailProvides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.)
Advanced monitoring capabilities of actions taken and changes made
10. Disaster Recovery
Producing point in time, usable incremental backups
EBS Snapshots Point-in-time full volume copies of EBS data into persistent storage of S3
Anytime incremental point-in-time backup of server data
![Page 8: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/8.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 9: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/9.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
ExamplesGovernance Domain
On-prem Challenge AWS Enabler Control Provided
8. Security Logging and Monitoring
Centralized logging of user actions taken against a set of IT resources
AWS CloudTrailProvides logging of API or console actions (e.g., logs when someone changes a bucket policy, stops and instance, etc.)
Advanced monitoring capabilities of actions taken and changes made
10. Disaster Recovery
Producing point in time, usable incremental backups
EBS Snapshots Point-in-time full volume copies of EBS data into persistent storage of S3
Anytime incremental point-in-time backup of server data
![Page 10: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/10.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
![Page 11: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/11.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Security at Scale: Governance in AWS
1. Financial Control
2. IT Asset Identification
3. Asset Configuration and Management
4. Logical Access Control
5. Physical Access Control
6. Data Encryption
7. Network Configuration and Management
8. Security Logging and Monitoring
9. Security Incident Response
10. Disaster Recovery
Get this whitepaper at:aws.amazon.com/compliance/
![Page 12: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/12.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Scaling Security
![Page 13: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/13.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Innovative Governance Tool: AWS Trusted Advisor
• Online service from AWS Support– Analyzes account for various kinds of
issues and possible concerns– Soon available as an API for integration
with your tools or 3rd party solutions
• Four categories: – Cost savings– Security– Fault tolerance– Performance
![Page 14: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/14.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Since 1/1/2013:• 10,000+ customers• 700,000+ recommendations
reviewed• $140M+ in annualized savings
Learn more about Trusted Advisor at:https://aws.amazon.com/premiumsupport/trustedadvisor/
Innovative Governance Tool: AWS Trusted Advisor
![Page 15: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/15.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS: centralized security controls - visible, testable,
automated
![Page 16: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/16.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Resource LinksAWS Compliance site - provides AWS Compliance Forum links, descriptions of audit reports available, contact links, and relevant whitepapers
http://aws.amazon.com/compliance/
AWS Security Center – provides links to a detailed whitepaper on how we manage security at AWS and provides links to contact AWS Security
http://aws.amazon.com/security/
AWS Security Blog – posts contain security best practices for AWS services, how-to guides, compliance milestones, and customer and partner stories
http://blogs.aws.amazon.com/security/
Trusted Advisor - information on the tool, the nature of the checks, and how to access it
https://aws.amazon.com/premiumsupport/trustedadvisor/
Case studies – features of a wide range of companies doing amazing things on AWS http://aws.amazon.com/solutions/case-studies/all/
![Page 17: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/17.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Questions?
![Page 18: How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014](https://reader036.fdocuments.us/reader036/viewer/2022062511/54b6d2984a7959753e8b4571/html5/thumbnails/18.jpg)
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
Thank You
Chad [email protected]