Mitigating Cyber Risks on AWS
Mitigating Cyber Risks on AWS Bertram Dorn Specialized Solutions Architect for Security and Compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cloud Services
API
API Features AWS IAM
• • • •
Amazon SQS
WebInterface CLI SDK API
Amazon S3
Architect
Amazon DynamoDB
Resource / Application User
Amazon API Gateway
Application
Amazon SES
• • • • • •
DDoS Protected MultiAZ Available Encryption in Transport Authenticated Logging
Shared Responsibility Optimized Network/OS/App Controls Service-specific Controls Managed by Customer
Cross-service Controls Cloud Service Provider Controls
Managed by AWS
Security in the Cloud
ISO 27000
ISO 9001
Security of the Cloud Request reports at: aws.amazon.com/compliance/#contact
The Paths
Application Data Path Path
Managed by Customer
Cloud
Command Path
Services Command Path
AWS KMS
EBS S3 SQS Work* SSM
Amazon ES
AWS CloudTrail
Amazon Macie
AWS Config
AWS Organizations
IAM Amazon CloudWatch flow logs
Services Data Path virtual private cloud
AWS WAF AWS Certificate Manager Internet gateway
AWS CloudHSM
VPN gateway
Amazon CloudFront
AWS Shield
Amazon API Gateway
AWS Lambda
Amazon EC2 Systems Manager customer gateway
AWS Direct Connect
Amazon Route 53
Amazon Inspector Elastic Load Balancing*
VPC peering
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Cloud Services
API
API Features AWS IAM
• • • •
Amazon SQS
WebInterface CLI SDK API
Amazon S3
Architect
Amazon DynamoDB
Resource / Application User
Amazon API Gateway
Application
Amazon SES
• • • • • •
DDoS Protected MultiAZ Available Encryption in Transport Authenticated Logging
Shared Responsibility Optimized Network/OS/App Controls Service-specific Controls Managed by Customer
Cross-service Controls Cloud Service Provider Controls
Managed by AWS
Security in the Cloud
ISO 27000
ISO 9001
Security of the Cloud Request reports at: aws.amazon.com/compliance/#contact
The Paths
Application Data Path Path
Managed by Customer
Cloud
Command Path
Services Command Path
AWS KMS
EBS S3 SQS Work* SSM
Amazon ES
AWS CloudTrail
Amazon Macie
AWS Config
AWS Organizations
IAM Amazon CloudWatch flow logs
Services Data Path virtual private cloud
AWS WAF AWS Certificate Manager Internet gateway
AWS CloudHSM
VPN gateway
Amazon CloudFront
AWS Shield
Amazon API Gateway
AWS Lambda
Amazon EC2 Systems Manager customer gateway
AWS Direct Connect
Amazon Route 53
Amazon Inspector Elastic Load Balancing*
VPC peering
