SlideShare uma empresa Scribd logo

SID303 Navigating GDPR Compliance on AWS

Amazon Web Services
Amazon Web Services

The General Data Protection Regulation (GDPR) takes effect May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. In this session we explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles are matched to tooling, so knowledge of both is helpful in understanding the material.

1 de 50
Baixar para ler offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Henrik Johansson Principal – Office of the CISO, AWS Security SID303 Navigating GDPR Compliance on AWS
What is the GDPR? What is the GDPR?
• The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection Regulation • Introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance across the EU • The GDPR is enforceable May 25, 2018 and it replaces the EU Data Protection Directive (Directive 95/46/EC) • In scope: Organizations established in the EU and Organizations without an EU presence who target or monitor EU individuals What is the GDPR?
Content vs. Personal Data Content = anything that a customer (or any user) stores, or processes using AWS services, including: Software ǀ Data ǀ Text ǀ Audio ǀ Video Personal Data = information from which a living individual may be identified or identifiable (under EU data protection law) • Customer’s “content” might include “personal data”
Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilitates reuse. What Else Comes with GDPR?
This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. What Else Comes with GDPR?
This helps to facilitate the inclusion of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data. What Else Comes with GDPR?
Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects. What Else Comes with GDPR?
How AWS can help customers achieve GDPR compliance
Data Protection – A Shared Responsibility
Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Data Protection – A Shared Responsibility
Data Subjects Customer as Processor AWS as Processor Controllers and Processors have obligations under GDPR Customer’s customer as Controller Data Protection – A Shared Responsibility
Legal Compliance (Both controllers and processors) System Security and Data Protection by Design (Both controllers and processors; AWS has tooling to help) Records of Processing Activities (Both controllers and processors; AWS has tooling to help) Encryption (Both controllers and processors; AWS has tooling to help) Security of Personal Data (Controller responsibility) Managing Data Subject Consent (Controller responsibility) Managing Personal Data Deletion (Both controllers and processors; AWS has tooling to help) Managing Personal Data Portability (Controller responsibility) GDPR is Also a Shared Responsibility
Under GDPR, Controllers and Processors are required to implement appropriate Technical and Organization Measures (“TOMs”) … (1) Pseudonymization and encryption of personal data (2) Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services (3) Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident (4) Process for regularly testing, assessing, and evaluating the effectiveness of TOMs GDPR in Practice: Implementing TOMs
AWS Services Already Comply with the GDPR AWS completed the entirety of our GDPR service readiness audit on March 26, 2018—validating that all generally available services and features adhere to the high privacy bar and data protection standards required of data processors by the GDPR. What does this mean to you? Customers can deploy AWS services as a key part of their GDPR compliance plans.
Tools and services Compliance framework Partner network §§ Data protection terms§§ Implementing TOMs – What AWS Provides to You
Implementing TOMs with AWS Services “Security of processing”“Data protection by design and default” “Records of processing activities” AWS Storage Gateway Amazon Virtual Private Cloud (VPC) Amazon API Gateway AWS KMS AWS CloudHSM Amazon S3 Server-Side Encryption AWS Identity and Access Management AWS CloudFormation AWS WAF Amazon CloudWatch AWS CloudTrail AWS Config
The controller “shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data that are necessary for each specific purpose of the processing are processed.” AWS Identity & Access Management API-Request Authentication Temporary Access Tokens Implementing TOMs with AWS Services - Examples
Implementing TOMs with AWS Services Data Access Control
Implementing TOMs with AWS Services Data Access Control
GDPR Compliance Tools “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under their responsibility.” AWS CloudTrail Amazon Inspector Amazon Macie AWS Config Implementing TOMs with AWS Services – Examples
Implementing TOMs with AWS Services Monitoring of access activities – AWS CloudTrail AWS CloudTrail
Implementing TOMs with AWS Services Monitoring of access activities – Amazon GuardDuty Amazon GuardDuty
Implementing TOMs with AWS Services Detects items such as: - Unusual API calls - Potentially unauthorized deployments that indicate a possible account compromise - Potentially compromised instances or reconnaissance by attackers
Implementing TOMs with AWS Services Integrate with Amazon CloudWatch Events for: - Alerting - Remediation
Implementing TOMs with AWS Services Security service that uses machine learning to continuously and automatically discover, classify, and protect sensitive data in AWS
Implementing TOMs with AWS Services Recognizes and classify sensitive data such as: - Personally identifiable information (PII) - Intellectual property - Sensitive AWS account information
Implementing TOMs with AWS Services Powerful research functionality - Find individual record types - Where do I have IPv4 addresses? - Tie research to alerting - Tell me when you find source code - Tell me when you find open S3 bucket
Implementing TOMs with AWS Services Automation - Tie research -> Alerting -> Automation - If AWSCred: Disable keys
Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.” Encryption of data at rest (Amazon EBS, Amazon S3, Amazon Glacier, Amazon RDS, etc.) Centralized Regional Key Management with AWS KMS IPsec VPN to your AWS environment with Virtual Private Gateway Dedicated HSM in the cloud with AWS CloudHSM Implementing TOMs with AWS Services – Examples
Implementing TOMs with AWS Services Data encryption at rest
Implementing TOMs with AWS Services Data Encryption – Key management of server-side encryption
Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 NIST FIPS 140-2 Common Cloud Computing Controls Catalog (C5) Implementing TOMs with AWS Services – Examples
AWS Foundation Services AWS Global Infrastructure Your own accreditation Meet Your Own Security Objectives Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls GDPR Code of Conduct
GDPR – Code of Conduct CISPE Code (Cloud Infrastructure Service Providers in Europe) The CISPE Code of Conduct : • An effective, easily accessed framework for complying with the EU’s GDPR • Excludes the reuse of customer data • Enables data storage and processing exclusively within the EU • Identifies cloud infrastructure services suitable for different types of data processing • Helps citizens retain control of their personal and sensitive data • AWS CISPE certified • CISPE Code of Conduct in evaluation by Article 29 WP
Amazon Trusted Advisor Helps you reduce cost, increase performance, and improve security by providing real-time guidance to help you provision your resources following AWS best practices Continuous Validation
Comes with baked-in controls for: - Unrestricted security groups - MFA not on root accounts - Publically exposed AWS credentials Continuous Validation
Continuous Validation Integrated with CloudWatch Events Build automation for things like: - Exposed keys - Auto disable? - Security groups - Alert?
Continuous Validation Amazon and OSS Example: CIS AWS benchmarks Purpose: Enables you to continuously or spot evaluate the configuration of resources and account settings of an AWS account against the CIS AWS Foundation Benchmark
Continuous Validation Provides: Assess against 48 control statements, including: - No multi-factor authentication (MFA) usage on the root account - Overly open IAM policies - Lack of enabled logging on the account
Continuous Validation Example: CIS AWS benchmark assessment Provides: Single report with assessment result
Continuous Validation Example: CIS AWS benchmark assessment Provides: Ability to integrate with other tools using standard JSON output
AWS Marketplace: Your One Stop Shop for Familiar Tools
AWS Partner Network (APN) & GDPR Consulting Partners APN Consulting Partners can help your customers get ready for GDPR / Technology Partners APN Technology Partners offer security & identity solutions to help with GDPR
AWS GDPR Center
Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Recap: Data Protection – Shared Responsibility
Tools and services Compliance framework Partner network §§ Data protection terms§§ AWS Provides Assistance for Your GDPR Journey
Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
Submit Session Feedback 1. Tap the Schedule icon. 2. Select the session you attended. 3. Tap Session Evaluation to submit your feedback.

Recomendados

SRV206 Edge Computing with AWS Greengrass
SRV206 Edge Computing with AWS Greengrass SRV206 Edge Computing with AWS Greengrass
SRV206 Edge Computing with AWS GreengrassAmazon Web Services
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
Enabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSEnabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSAmazon Web Services
 
Managed Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDSManaged Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDSAmazon Web Services
 
DEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceDEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSAmazon Web Services
 
Amazon Container Services
Amazon Container ServicesAmazon Container Services
Amazon Container ServicesAmazon Web Services
 

Recomendados

SRV206 Edge Computing with AWS Greengrass
SRV206 Edge Computing with AWS Greengrass SRV206 Edge Computing with AWS Greengrass
SRV206 Edge Computing with AWS GreengrassAmazon Web Services
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Amazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
Enabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSEnabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSAmazon Web Services
 
Managed Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDSManaged Relational Databases - Amazon RDS
Managed Relational Databases - Amazon RDSAmazon Web Services
 
DEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceDEM04 Fearless: From Monolith to Serverless with Dynatrace
DEM04 Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Migrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSMigrate & Modernize your legacy Microsoft applications with AWS
Migrate & Modernize your legacy Microsoft applications with AWSAmazon Web Services
 
Amazon Container Services
Amazon Container ServicesAmazon Container Services
Amazon Container ServicesAmazon Web Services
 
SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and MitigationAmazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
AWS-Vizalytics-March-2018 2.pdf
AWS-Vizalytics-March-2018 2.pdfAWS-Vizalytics-March-2018 2.pdf
AWS-Vizalytics-March-2018 2.pdfAmazon Web Services
 
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre... ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...Amazon Web Services
 
GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)Amazon Web Services
 
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud Amazon Web Services
 
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud Amazon Web Services
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersAmazon Web Services
 
DEM06 How Demandbase Cut Its Container Costs by 79%
DEM06 How Demandbase Cut Its Container Costs by 79%DEM06 How Demandbase Cut Its Container Costs by 79%
DEM06 How Demandbase Cut Its Container Costs by 79%Amazon Web Services
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessAmazon Web Services
 
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case StudyAmazon Web Services
 
ENT206 Product Development in the Cloud
ENT206 Product Development in the CloudENT206 Product Development in the Cloud
ENT206 Product Development in the CloudAmazon Web Services
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon Web Services
 
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDutyAmazon Web Services
 
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Amazon Web Services
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Riyadh User Group
 
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceDEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and MitigationAmazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Amazon Web Services
 
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre... ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...Amazon Web Services
 
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud Amazon Web Services
 
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud Amazon Web Services
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersAmazon Web Services
 
DEM06 How Demandbase Cut Its Container Costs by 79%
DEM06 How Demandbase Cut Its Container Costs by 79%DEM06 How Demandbase Cut Its Container Costs by 79%
DEM06 How Demandbase Cut Its Container Costs by 79%Amazon Web Services
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessAmazon Web Services
 
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case StudyAmazon Web Services
 
ENT206 Product Development in the Cloud
ENT206 Product Development in the CloudENT206 Product Development in the Cloud
ENT206 Product Development in the CloudAmazon Web Services
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon Web Services
 
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDutyAmazon Web Services
 
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Amazon Web Services
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Amazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Riyadh User Group
 
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceDEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 

Mais procurados (20)

SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation SID301 Threat Detection and Mitigation
SID301 Threat Detection and Mitigation
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
 
AWS-Vizalytics-March-2018 2.pdf
AWS-Vizalytics-March-2018 2.pdfAWS-Vizalytics-March-2018 2.pdf
AWS-Vizalytics-March-2018 2.pdf
 
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre... ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
 
GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)
 
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
IoT Building Blocks_ From Edge Devices to Analytics in the Cloud
 
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
SRV304 IoT Building Blocks From Edge Devices to Analytics in the Cloud
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
 
DEM06 How Demandbase Cut Its Container Costs by 79%
DEM06 How Demandbase Cut Its Container Costs by 79%DEM06 How Demandbase Cut Its Container Costs by 79%
DEM06 How Demandbase Cut Its Container Costs by 79%
 
Building Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with ServerlessBuilding Highly Scalable Retail Order Management Systems with Serverless
Building Highly Scalable Retail Order Management Systems with Serverless
 
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
SRV316 Serverless Data Processing at Scale: An Amazon.com Case Study
 
ENT206 Product Development in the Cloud
ENT206 Product Development in the CloudENT206 Product Development in the Cloud
ENT206 Product Development in the Cloud
 
Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams Amazon CI-CD Practices for Software Development Teams
Amazon CI-CD Practices for Software Development Teams
 
SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty SID304 Threat Detection and Remediation with Amazon GuardDuty
SID304 Threat Detection and Remediation with Amazon GuardDuty
 
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
SRV201 Push Intelligence to the Edge Machine Learning on AWS Greengrass Devices
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
Leadership Session: AWS IoT (IOT218-L) - AWS re:Invent 2018
 
Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS Threat Detection and Mitigation at Scale on AWS
Threat Detection and Mitigation at Scale on AWS
 
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on awsAWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
AWS Technical Day Riyadh Nov 2019 - The art of mastering data protection on aws
 
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceDEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
 

Semelhante a SID303 Navigating GDPR Compliance on AWS

Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSNavigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSAmazon Web Services
 
GDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EUGDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EUAmazon Web Services
 
Enabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWSEnabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWSAmazon Web Services
 
Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Net4All
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology GovernanceAlert Logic
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23Rolf Koski
 
Navigating GDPR Compliance on AWS & Data Regulations in China
Navigating GDPR Compliance on AWS & Data Regulations in ChinaNavigating GDPR Compliance on AWS & Data Regulations in China
Navigating GDPR Compliance on AWS & Data Regulations in ChinaAmazon Web Services
 
Gdpr compliance on_aws
Gdpr compliance on_awsGdpr compliance on_aws
Gdpr compliance on_awssaifam
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAmazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 

Semelhante a SID303 Navigating GDPR Compliance on AWS (20)

Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSNavigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
GDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EUGDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EU
 
Enabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWSEnabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWS
 
GDPR and Automation Overview
GDPR and Automation OverviewGDPR and Automation Overview
GDPR and Automation Overview
 
Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology Governance
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 
Navigating GDPR Compliance on AWS & Data Regulations in China
Navigating GDPR Compliance on AWS & Data Regulations in ChinaNavigating GDPR Compliance on AWS & Data Regulations in China
Navigating GDPR Compliance on AWS & Data Regulations in China
 
Gdpr compliance on_aws
Gdpr compliance on_awsGdpr compliance on_aws
Gdpr compliance on_aws
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPR
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

SID303 Navigating GDPR Compliance on AWS

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Henrik Johansson Principal – Office of the CISO, AWS Security SID303 Navigating GDPR Compliance on AWS
  • 2. What is the GDPR? What is the GDPR?
  • 3. • The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection Regulation • Introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance across the EU • The GDPR is enforceable May 25, 2018 and it replaces the EU Data Protection Directive (Directive 95/46/EC) • In scope: Organizations established in the EU and Organizations without an EU presence who target or monitor EU individuals What is the GDPR?
  • 4. Content vs. Personal Data Content = anything that a customer (or any user) stores, or processes using AWS services, including: Software ǀ Data ǀ Text ǀ Audio ǀ Video Personal Data = information from which a living individual may be identified or identifiable (under EU data protection law) • Customer’s “content” might include “personal data”
  • 5. Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilitates reuse. What Else Comes with GDPR?
  • 6. This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. What Else Comes with GDPR?
  • 7. This helps to facilitate the inclusion of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data. What Else Comes with GDPR?
  • 8. Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects. What Else Comes with GDPR?
  • 9. How AWS can help customers achieve GDPR compliance
  • 10. Data Protection – A Shared Responsibility
  • 11. Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Data Protection – A Shared Responsibility
  • 12. Data Subjects Customer as Processor AWS as Processor Controllers and Processors have obligations under GDPR Customer’s customer as Controller Data Protection – A Shared Responsibility
  • 13. Legal Compliance (Both controllers and processors) System Security and Data Protection by Design (Both controllers and processors; AWS has tooling to help) Records of Processing Activities (Both controllers and processors; AWS has tooling to help) Encryption (Both controllers and processors; AWS has tooling to help) Security of Personal Data (Controller responsibility) Managing Data Subject Consent (Controller responsibility) Managing Personal Data Deletion (Both controllers and processors; AWS has tooling to help) Managing Personal Data Portability (Controller responsibility) GDPR is Also a Shared Responsibility
  • 14. Under GDPR, Controllers and Processors are required to implement appropriate Technical and Organization Measures (“TOMs”) … (1) Pseudonymization and encryption of personal data (2) Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services (3) Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident (4) Process for regularly testing, assessing, and evaluating the effectiveness of TOMs GDPR in Practice: Implementing TOMs
  • 15. AWS Services Already Comply with the GDPR AWS completed the entirety of our GDPR service readiness audit on March 26, 2018—validating that all generally available services and features adhere to the high privacy bar and data protection standards required of data processors by the GDPR. What does this mean to you? Customers can deploy AWS services as a key part of their GDPR compliance plans.
  • 16. Tools and services Compliance framework Partner network §§ Data protection terms§§ Implementing TOMs – What AWS Provides to You
  • 17. Implementing TOMs with AWS Services “Security of processing”“Data protection by design and default” “Records of processing activities” AWS Storage Gateway Amazon Virtual Private Cloud (VPC) Amazon API Gateway AWS KMS AWS CloudHSM Amazon S3 Server-Side Encryption AWS Identity and Access Management AWS CloudFormation AWS WAF Amazon CloudWatch AWS CloudTrail AWS Config
  • 18. The controller “shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data that are necessary for each specific purpose of the processing are processed.” AWS Identity & Access Management API-Request Authentication Temporary Access Tokens Implementing TOMs with AWS Services - Examples
  • 19. Implementing TOMs with AWS Services Data Access Control
  • 20. Implementing TOMs with AWS Services Data Access Control
  • 21. GDPR Compliance Tools “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under their responsibility.” AWS CloudTrail Amazon Inspector Amazon Macie AWS Config Implementing TOMs with AWS Services – Examples
  • 22. Implementing TOMs with AWS Services Monitoring of access activities – AWS CloudTrail AWS CloudTrail
  • 23. Implementing TOMs with AWS Services Monitoring of access activities – Amazon GuardDuty Amazon GuardDuty
  • 24. Implementing TOMs with AWS Services Detects items such as: - Unusual API calls - Potentially unauthorized deployments that indicate a possible account compromise - Potentially compromised instances or reconnaissance by attackers
  • 25. Implementing TOMs with AWS Services Integrate with Amazon CloudWatch Events for: - Alerting - Remediation
  • 26. Implementing TOMs with AWS Services Security service that uses machine learning to continuously and automatically discover, classify, and protect sensitive data in AWS
  • 27. Implementing TOMs with AWS Services Recognizes and classify sensitive data such as: - Personally identifiable information (PII) - Intellectual property - Sensitive AWS account information
  • 28. Implementing TOMs with AWS Services Powerful research functionality - Find individual record types - Where do I have IPv4 addresses? - Tie research to alerting - Tell me when you find source code - Tell me when you find open S3 bucket
  • 29. Implementing TOMs with AWS Services Automation - Tie research -> Alerting -> Automation - If AWSCred: Disable keys
  • 30. Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.” Encryption of data at rest (Amazon EBS, Amazon S3, Amazon Glacier, Amazon RDS, etc.) Centralized Regional Key Management with AWS KMS IPsec VPN to your AWS environment with Virtual Private Gateway Dedicated HSM in the cloud with AWS CloudHSM Implementing TOMs with AWS Services – Examples
  • 31. Implementing TOMs with AWS Services Data encryption at rest
  • 32. Implementing TOMs with AWS Services Data Encryption – Key management of server-side encryption
  • 33. Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 NIST FIPS 140-2 Common Cloud Computing Controls Catalog (C5) Implementing TOMs with AWS Services – Examples
  • 34. AWS Foundation Services AWS Global Infrastructure Your own accreditation Meet Your Own Security Objectives Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls GDPR Code of Conduct
  • 35. GDPR – Code of Conduct CISPE Code (Cloud Infrastructure Service Providers in Europe) The CISPE Code of Conduct : • An effective, easily accessed framework for complying with the EU’s GDPR • Excludes the reuse of customer data • Enables data storage and processing exclusively within the EU • Identifies cloud infrastructure services suitable for different types of data processing • Helps citizens retain control of their personal and sensitive data • AWS CISPE certified • CISPE Code of Conduct in evaluation by Article 29 WP
  • 36. Amazon Trusted Advisor Helps you reduce cost, increase performance, and improve security by providing real-time guidance to help you provision your resources following AWS best practices Continuous Validation
  • 37. Comes with baked-in controls for: - Unrestricted security groups - MFA not on root accounts - Publically exposed AWS credentials Continuous Validation
  • 38. Continuous Validation Integrated with CloudWatch Events Build automation for things like: - Exposed keys - Auto disable? - Security groups - Alert?
  • 39. Continuous Validation Amazon and OSS Example: CIS AWS benchmarks Purpose: Enables you to continuously or spot evaluate the configuration of resources and account settings of an AWS account against the CIS AWS Foundation Benchmark
  • 40. Continuous Validation Provides: Assess against 48 control statements, including: - No multi-factor authentication (MFA) usage on the root account - Overly open IAM policies - Lack of enabled logging on the account
  • 41. Continuous Validation Example: CIS AWS benchmark assessment Provides: Single report with assessment result
  • 42. Continuous Validation Example: CIS AWS benchmark assessment Provides: Ability to integrate with other tools using standard JSON output
  • 43. AWS Marketplace: Your One Stop Shop for Familiar Tools
  • 44. AWS Partner Network (APN) & GDPR Consulting Partners APN Consulting Partners can help your customers get ready for GDPR / Technology Partners APN Technology Partners offer security & identity solutions to help with GDPR
  • 46. Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Recap: Data Protection – Shared Responsibility
  • 47. Tools and services Compliance framework Partner network §§ Data protection terms§§ AWS Provides Assistance for Your GDPR Journey
  • 49. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
  • 50. Submit Session Feedback 1. Tap the Schedule icon. 2. Select the session you attended. 3. Tap Session Evaluation to submit your feedback.