Compliance on Bertram Dorn – Specialized ... - PDFMAZE.COM

US-EAST (Virginia). GOV CLOUD. ASIA PAC. (Sydney) decide where youput your data and applications. China (Beijing). EU-. CENTRAL(Frankfurt). EU-WEST ...
PDF Herunterladen
PNG-Bilder
2MB Größe 0 Downloads 45 Ansichten
Kommentar
Compliance on AWS Bertram Dorn – Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH ©Amazon.com, Inc. and its affiliates. All rights reserved.

Compliance to find the right Security Position

Compliance to find the right Security Position

• A common language • A common framework • A common baseline and point of reference

Compliance to find the right Security Position

Compliance helps to find the right security setting(s) Compliance frameworks tell you what you have to do as a minimum A (e.g. Customer) does want to check on which level B (e.g. AWS) is doing something But: “Security = Compliance, if and only if your only threat actor is your auditor” Get the auditing party involved early)

Layers of security controls in AWS

Optimized Network/OS/App Controls Service-specific Controls Managed by Customer

Security in the Cloud

Cross-service Controls Cloud Service Provider Controls

Security of the Cloud

Managed by AWS Request reports at: aws.amazon.com/compliance/#contact

In Combination

AWS Security Measurements And Certification

Security of the Customer Environment

IT-Grundschutz EU Data Privacy Sarbanes-Oxley (SOX) HIPAA (healthcare) …etc

The main AWS Compliance Frameworks of today Certificates:

Programmes:

Go Global in Minutes and Maintain a Single Security Standard

decide where you put your data and applications AWS Region US-WEST (Oregon) EU-WEST (Dublin)

EUCENTRAL(Frankfurt)

GOV CLOUD

China (Beijing)

ASIA PAC (Tokyo)

US-EAST (Virginia) US-WEST (North California)

ASIA PAC (Singapore)

SOUTH AMERICA (Sao Paulo)

ASIA PAC (Sydney)

On a global footprint Availability Zone

    

5 AZs in Europe Low Latency in Europe Data Resides in Europe Multi Timezone Security Concepts Backup/Restore/DR only in Europe

The main AWS Compliance Frameworks of today Certificates:

Programmes:

When?

Supervisory Duties…

Demo:

Others?

Further Standards in AWS Privacy Protection Who else is looking into this?

Bertram Dorn Amazon Web Services Germany GmbH [email protected] Additional Ressources:

http://aws.amazon.com/documentation http://aws.amazon.com/compliance http://aws.amazon.com/security