Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
S U M M I T
SYDNEY
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS PROTECTED: Why this
matters for A...
Source: Wikimedia commons
Parliament House, Canberra
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
“Innovation and cloud help form
the b...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Quick acronym glossary
ACSC Australia...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS services assessed at PROTECTED
42...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Why is it important?
• to government
...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Voice of our customers
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Let us do the heavy lifting
acsc.gov....
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Database subnetPrivate subnet
Lambda ...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What about DR?
AWS Region
Availabilit...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED
Why is it all uppercase?
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Classification
www.protectivesecurity...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Markings
Sensitive
information
Securi...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
What’s the difference?
Is there a che...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
PROTECTED Scope
Analytics
Amazon Elas...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
AWS shared responsibility model
Secur...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
ISM and IRAP
Extensive and highly det...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Additional services in reference arch...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
March 2019 ISM
Welcome re-name of Unc...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Additional certification guidance
All...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Accessing AWS compliance reports
http...
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
Further reading…
Take a picture of th...
Thank you!
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Herman Coomans
Próxima SlideShare
Cargando en…5
×

AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney

1.115 visualizaciones

Publicado el

The Australian Cyber Security Centre (ACSC) awarded PROTECTED certification to AWS for 42 cloud services in the AWS Asia-Pacific (Sydney) Region. This is the highest data security certification available in Australia for cloud, and AWS has the most PROTECTED services of any public cloud service provider. This session will cover the services that were certified, a reference architecture that allows you to build applications which handle highly sensitive government data, and the benefits this provides to public sector and commercial organisations in Australia.

  • Sé el primero en comentar

AWS PROTECTED: Why This Matters for Australia - AWS Summit Sydney

  1. 1. S U M M I T SYDNEY
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS PROTECTED: Why this matters for Australia Herman Coomans Senior Manager, Solutions Architecture, Amazon Web Services
  3. 3. Source: Wikimedia commons Parliament House, Canberra
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T “Innovation and cloud help form the basis on which we will make the Australian government more secure. Innovation is good. Cloud is good – because it helps us move off from legacy systems. Our biggest risk is indeed legacy systems.” Voice of our customers
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Quick acronym glossary ACSC Australian Cyber Security Centre https://www.acsc.gov.au/ ASD Australian Signals Directorate https://asd.gov.au/ ISM Australian Government Information Security Manual IRAP Information Security Registered Assessors Program
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS services assessed at PROTECTED 42 services across a broad range of categories Standard services, standard pricing Leverage familiar and established AWS Sydney region Access to 3 availability zones Consumer guide and reference architecture immediately available
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why is it important? • to government • to private enterprise • to developers and partners • to citizens
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Voice of our customers
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Let us do the heavy lifting acsc.gov.au/infosec/ism
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Database subnetPrivate subnet Lambda subnet App subnet Reference Architecture VPC Sydney Region Auto Scaling Users Office Amazon CloudWatch AWS Direct Connect Amazon RDS AWS WAF AWS Lambda (NLB ALB Sync) Security group AWS Lambda (WAF updates) Security group Application Load Balancer Agent MFA token Network Load Balancer Amazon VPC PrivateLink for cross-VPC or cross-agency access VPN Gateway Security group Role Instances
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What about DR? AWS Region Availability Zone Physical Sites Availability Zone Physical Sites Availability Zone Physical Sites ap-southeast-2a ap-southeast-2b ap-southeast-2c Sydney Region ap-southeast-2
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Why is it all uppercase?
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Classification www.protectivesecurity.gov.au Sensitive information Security classified information UNOFFICIAL OFFICIAL OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET Compromise of information confidentiality would be expected to cause → No business impact 1 Low business impact 2 Low to medium business impact 3 High business impact 4 Extreme business impact 5 Catastrophic business impact Not applicable. This information does not form part of official duty. Not applicable. This is the majority of routine information created or processed by the public sector. Limited damage to an individual, organisation or government generally if compromised. Damage to the national interest, organisations or individuals. Serious damage to the national interest, organisations or individuals. Exceptionally grave damage to the national interest, organisations or individuals.
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Markings Sensitive information Security classified information OFFICIAL OFFICIAL: Sensitive PROTECTED SECRET TOP SECRET 1 Low business impact 2 Low to medium business impact 3 High business impact 4 Extreme business impact 5 Catastrophic business impact Identify information with text-based markings used unless impractical for operational reasons Marking not required. Text marking required: OFFICIAL: Sensitive Text marking required: PROTECTED Text marking required: SECRET Text marking required: TOP SECRET If text-based markings cannot be used, use colour-based markings Marking not required. Marking not required. Blue colour marking required (if text marking cannot be used). Salmon (pink) colour marking required (if text marking cannot be used). Red colour marking required (if text marking cannot be used). If text or colour based markings cannot be used, document the entity Marking not required. Marking not required. Marking required. Marking required. Marking required. www.protectivesecurity.gov.au
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s the difference? Is there a checkbox? How do I order PROTECTED services? … there is no difference!
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Compute Amazon EC2 Amazon Elastic Container Service Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Networking & Content Delivery Amazon Virtual Private Cloud (VPC) AWS Direct Connect Amazon CloudFront
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Desktop Amazon WorkSpaces Amazon WorkDocs
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T PROTECTED Scope Analytics Amazon Elastic MapReduce (Amazon EMR) Amazon Kinesis Data Streams Amazon Kinesis Data Firehose Desktop Amazon WorkSpaces Amazon WorkDocs Storage Amazon S3 Amazon S3 Transfer Acceleration Amazon EBS Amazon Glacier Database Amazon DynamoDB Amazon Redshift Amazon RDS • MySQL • PostgreSQL • SQL Server • Oracle • MariaDB • Aurora Amazon ElastiCache Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager Mobile Amazon API Gateway Compute Amazon EC2 Amazon Elastic Container Service (Amazon ECS) Amazon EC2 Auto Scaling Amazon ELB AWS Lambda AWS Lambda@Edge Networking & Content Delivery Amazon Virtual Private Cloud (Amazon VPC) AWS Direct Connect Amazon CloudFront Security, Identity and Compliance Amazon Identity and Access Management (IAM) AWS Directory Services Amazon Cognito Amazon Inspector AWS Key Management Service AWS CloudHSM AWS WAF Amazon GuardDuty Application Integration Amazon Simple Workflow Service AWS Step Functions Amazon Simple Notification Service Amazon Simple Queue Service Management Amazon CloudWatch Amazon CloudWatch Logs AWS CloudFormation AWS CloudTrail AWS Config AWS Systems Manager
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS shared responsibility model Security IN the Cloud Managed by customers Security OF the Cloud Managed by AWS
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T ISM and IRAP Extensive and highly detailed standard for Information Security Rigorous audit standard is part and parcel of ISM For more info see https://acsc.gov.au/infosec/ism
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Additional services in reference architecture Trusted Advisor AWS Organisations AWS Shield
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T March 2019 ISM Welcome re-name of Unclassified DLM (Dissemination Limiting Marker) acsc.gov.au/infosec/ism
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Additional certification guidance All PROTECTED certified services can be used at UNCLASSIFIED DLM UNCLASSIFIED DLM certified services can be leveraged in PROTECTED solutions Specific global UNCLASSIFIED DLM certified services can leverage AWS Regions outside of Australia, subject to ACSC Guidance. (Please refer to the ACSC Certification Report and Consumer Guide for more details.)
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Accessing AWS compliance reports https://aws.amazon.com/compliance/ https://aws.amazon.com/artifact/
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Further reading… Take a picture of this slide, and visit the URLs… https://aws.amazon.com/compliance/ https://aws.amazon.com/security/ https://aws.amazon.com/guardduty/ https://aws.amazon.com/artifact/
  31. 31. Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Herman Coomans

×