Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, vice president and chief information officer for AWS, shares his insights into cloud security and how AWS meets our customers' demanding security and compliance requirements, and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
5. constantly improving
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
AWS is
responsible for
the security OF
the Cloud
GxP
ISO 13485
AS9100
ISO/TS 16949
6. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network, & Firewall Configuration
Customer applications & contentCustomers
shared responsibility
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for
the security OF
the Cloud
14. You are making
API calls...
On a growing set of
services around the
world…
AWS CloudTrail
is continuously
recording API
calls…
And delivering
log files to you
AWS CLOUDTRAIL
Redshift
AWS CloudFormation
AWS Elastic Beanstalk
27. First class security and compliance
starts (but doesn’t end!) with encryption
Automatic encryption with managed keys
Bring your own keys
Dedicated hardware security modules
28. Encryption & Best Practices with AWS
Managed key encryption
Key storage with AWS CloudHSM
Customer-supplied key encryption
DIY on Amazon EC2
Create, store, & retrieve keys securely
Rotate keys regularly
Securely audit access to keys
Partner enablement of crypto
29.
30.
31.
32.
33.
34. Nasdaq is a great example of security excellence in the cloud
35. Nasdaq Use Case Requirement
Replace on-premises data warehouse while keeping
equivalent schemas and data
Only one year of capacity remaining
4-8 billion rows of new information stored daily stock trading
Must cost less than existing system
Must satisfy multiple security and regulatory audits
Must perform similarly to legacy warehouse under
concurrent query load
AWS’s ability to satisfy multiple security and regulatory audits was critical to
Nasdaq’s migrating its data warehouse to AWS
36. Nasdaq Data Warehouse Implementation
Pull data from numerous sources, validate data, and securely load into Redshift
37. AWS CloudTrail to monitor and audit environment
Network isolation with Amazon VPC and AWS
Direct Connect
Encryption in flight using TLS and Amazon
Redshift JDBC connections
Encryption at rest with Amazon S3 (client-side,
AES-256) with Amazon Redshift cluster
encryption enabled and AWS CloudHSM
Nasdaq Security Best Practices
AWS CloudHSM integration was critical to Nasdaq adoption of AWS
50. Our Culture:
Proactive monitoring rules the day
• What’s “normal” in your environment?
• Depending on signatures == waiting to
find out WHEN you’ve been had