The Doppler Quarterly Fall 2017 - Page 13

The Reality All of the major cloud vendors, and AWS specifically, secure their own environ- ments, follow strict processes for handling data and systems, and provide you with a number of features to ensure your highly valued applications are safe and sound when they move out of your datacenter and into a new home. Most of us are not bound by the CIA-level requirements, and public cloud capa- bilities c an address most of the security requirements enterprises have. In order to ensure that your operations, applications, and data are secure, AWS advocates a Shared Responsibility model. That means the following: • AWS secures the cloud • YOU secure what’s in the cloud Customer Data Platform, Applications, Identity & Access Management Responsibile for Security "in" the Cloud Operating System, Network & Firewall Configuration Client-side Data Encryption & Data Integrity Authentication Responsibile for Security "of" the Cloud Compute AWS Global Infrastructure Server-Side Encryption (File System and/or Data) Storage Database Regions Availability Zones Network Traffic Protection (Encryption/Integrity/ Identity) Networking Edge Locations Figure 1: AWS’ Shared Responsibility Model What does that mean in practice? Well, at the most basic level, that means that AWS takes care of all of the data center security (physical, environmental, per- sonnel) so you don’t have to. They also take care of security of their service offerings since everything in AWS can be invoked via API. Last but not least, they get audited by independent third parties and can provide a number of attestations and reports that can help you address your regulatory needs, be they HIPAA, SOX, FedRAMP, etc. This last one is particularly important because it demonstrates that AWS, as the service provider, follows a documented, repeatable, and independently verified approach. Based on best practices, this approach ensures that their employees and systems protect the integrity and confidentiality and ensure availability and security of your resources in AWS. FALL 2017 | THE DOPPLER | 11