An examination of how the shared responsibility model for cloud security works in the real world.
Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.
5. SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Config
More info on the model is available at hמּp://aws.amazon.com/security
6. SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Config
Verify
Compliance information available at hמּp://aws.amazon.com/compliance
8. BETTER SERVICE TYPES
From AWS’ Mark Ryland talk at hמּp://4mn.ca/ZZeDbA
Infrastructure
Abstract
Container
9. SERVICE Examples
Fantastic reference by AWS’ Mark Ryland at hמּp://4mn.ca/ZZeDbA
Service Type *aaS
SQS, S3, Route53 Abstract SaaS
RDS, EMR, OpsWorks Container PaaS
EC2, EBS, VPC Infrastructure IaaS
16. ACTIONS TO TAKE
From AWS’ Mark Ryland talk at hמּp://4mn.ca/ZZeDbA
Nothing for cloud-native architectures
Manage availability
For EC2
Nothing for Multi-AZ instances
Standard maintenance window for
single instances
For RDS
19. Aמּack forces an older cipher choice. Details at hמּp://4mn.ca/1EYfBEA
20. ACTIONS TO TAKE
From AWS’ Mark Ryland talk at hמּp://4mn.ca/ZZeDbA
Select a non-affected cipher suite
For ELB
Enable TLS_FALLBACK_SCSV
Disable support for SSL 3.0*
For Web Servers