With the rapid increase of complexity in managing security for distributed IT and cloud computing, security, and compliance managers can innovate in how to ensure a high level of security is practiced to manage AWS resources. In this session, Chad Woolf, Director of Compliance for AWS will discuss which AWS service features can be leveraged to achieve a high level of security assurance over AWS resources, giving you more control of the security of your data and preparing you for a wide range of audits. Attendees will also learn first-hand what some AWS customers have accomplished by leveraging AWS features to meet specific industry compliance requirements.

1. Security Assurance and Governance in AWS
Chad Woolf, Director, AWS Risk and Compliance
November 13, 2013
© 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

2. Better Security in the Cloud
“…We’ll also see organizations adopt cloud services
for the improved security protections and
compliance controls that they otherwise could not
provide as efficiently or effectively themselves.”
-
Security’s Cloud Revolution Is Upon Us,
Forrester Research, Inc., August 2, 2013

3. Better Security in AWS
Optimized
Network/OS/App Controls
Service-specific Controls
Managed by
Customer
Security in the Cloud
Cross-service Controls
Cloud Service Provider
Controls
Security of the Cloud
Managed by
AWS
Request reports at:
aws.amazon.com/compliance/#contact

4. Governance, Security, Compliance
Enablers
Governance in AWS
AWS Security Best
Practices
AWS Auditing Security
Checklist
AWS Risk and Compliance
AWS
Compliance
Forum
AWS Trusted
Advisor

5. Security at Scale: Governance in AWS
1.
2.
3.
4.
5.
Financial Control
IT Asset Identification
Asset Configuration and
Management
Logical Access Control
Physical Access Control
Get this whitepaper at:
aws.amazon.com/compliance/
6.
7.
Data Encryption
Network Configuration and
Management
8. Security Logging and
Monitoring
9. Security Incident Response
10. Disaster Recovery

6. Examples
Governance
Domain
On-prem
Challenge
AWS Enabler
Control Provided
8. Security
Logging and
Monitoring
Centralized
logging of user
actions taken
against a set of IT
resources
AWS CloudTrail
Provides logging of API or
console actions (e.g., logs when
someone changes a bucket
policy, stops and instance, etc.)
Advanced monitoring
capabilities of actions
taken and changes
made
10. Disaster
Recovery
Producing point in
time, usable
incremental
backups
EBS Snapshots
Point-in-time full volume copies of
Amazon EBS data into persistent
storage of Amazon S3
Anytime incremental
point-in-time backup of
server data

8. Examples
Governance
Domain
On-prem
Challenge
AWS Enabler
Control Provided
8. Security
Logging and
Monitoring
Centralized
logging of user
actions taken
against a set of IT
resources
AWS CloudTrail
Provides logging of API or
console actions (e.g., logs when
someone changes a bucket
policy, stops and instance, etc.)
Advanced monitoring
capabilities of actions
taken and changes
made
10. Disaster
Recovery
Producing point in
time, usable
incremental
backups
EBS Snapshots
Point-in-time full volume copies of
Amazon EBS data into persistent
storage of Amazon S3
Anytime incremental
point-in-time backup of
server data

10. Security at Scale: Governance in AWS
1.
2.
3.
4.
5.
Financial Control
IT Asset Identification
Asset Configuration and
Management
Logical Access Control
Physical Access Control
Get this whitepaper at:
aws.amazon.com/compliance/
6.
7.
Data Encryption
Network Configuration and
Management
8. Security Logging and
Monitoring
9. Security Incident Response
10. Disaster Recovery

11. Scaling Security

12. AWS Compliance Forum
Join the AWS Compliance Forum by emailing
us at: awscompliance@amazon.com

13. Governance Tool: AWS Trusted Advisor
• Online service from AWS Support
– Analyzes account for various kinds of
issues and possible concerns
– Soon available as an API for integration
with your tools or 3rd party solutions
• Four categories:
–
–
–
–
Cost savings
Security
Fault tolerance
Performance

14. Innovative Governance Tool: AWS
Trusted Advisor
Since 1/1/2013:
• 10,000 + customers
• 700,000 recommendations reviewed
• $140M in annualized savings
Learn more about Trusted Advisor at:
https://aws.amazon.com/premiumsupport/trustedadvisor/

15. Compliance Case Studies

16. Case: Pegasystems
Company: Provides software for business process management,
CRM, and case management
Challenge: Pega tech is used cross-functionally across the
healthcare industry; all data is considered PHI
Results: Pega and their customers are HIPAA compliant on AWS

17. Case: NASDAQ FinQloud
Company: provides products and services to manage the entire life
cycle of a trade
Challenge: Securely storing and managing vast amounts of data with
strict compliance requirements
Results: NASDAQ and FinQloud customers meets stringent SEC
17a-4 requirements for financial record retention

18. Case: Cognia
Company: Global communications platform for call centers to capture
communications data
Challenge: must comply with PCI DSS so their customers can
process payment card data on the platform
Results: PCI certified on AWS

19. AWS: centralized security
controls - visible, testable,
automated

20. Resource Links
AWS Compliance site - provides AWS Compliance Forum links, descriptions of
audit reports available, contact links, and relevant whitepapers
http://aws.amazon.com/
compliance/
AWS Security Center – provides links to a detailed whitepaper on how we
manage security at AWS and provides links to contact AWS Security
http://aws.amazon.com/
security/
AWS Security Blog – posts contain security best practices for AWS services,
how-to guides, compliance milestones, and customer and partner stories
http://blogs.aws.amazon
.com/security/
AWS Trusted Advisor - information on the tool, the nature of the checks, and
how to access it
https://aws.amazon.com
/premiumsupport/trusted
advisor/
Case studies – features of a wide range of companies doing amazing things on
AWS
http://aws.amazon.com/
solutions/casestudies/all/

21. Recommended Sessions
•
•
•
•
•
•
•
SEC402 - Intrusion Detection in the Cloud
SEC204 - Building Secure Applications and Navigating FedRAMP in the
AWS GovCloud (US) Region
ARC308 - Architecting for End-to-End Security in the Enterprise
SEC306 - Implementing Bullet-Proof HIPAA Solutions on AWS
SEC206 - Taking the Fear Out of PCI DSS Compliance in the Cloud
ENT206 - Using AWS Enterprise Support to the Fullest
SEC201 - Overview of AWS Identity and Access Management (IAM)
“Come talk security with AWS” Event - between 4 and 6pm on Thursday in Toscana 3605.

22. Please give us your feedback on this
presentation
SEC203
As a thank you, we will select prize
winners daily for completed surveys!