Steve Riley, Sr. Technical Program Manager at Amazon Web Services, led this session at the RightScale User Conference 2010 in Santa Clara.
Session Abstract: Moving to the cloud raises lots of questions, mostly about security. Amazon Web Services has built an infrastructure and established processes to mitigate common vulnerabilities and offer a safe compute and storage environment. In this session, we'll discuss common cloud security concerns, show how AWS protects its infrastructure from internal and external attack, and explain how you can take advantage of the security features of AWS in your own applications as you extend your enterprise into the cloud.
16. … Customer 1 Customer 2 Customern Customer only SSH, ID/pw, X.509 Root/admin control You … Customer 1virtual interfaces Customer 2virtual interfaces Customernvirtual interfaces Customer only Inbound flows Default deny Hypervisor layer … Customer 1securitygroups Customer 2securitygroups Customernsecurity groups AWS firewall AWS AWS admins only SSH via bastions Audits reviewed Physical interfaces
17. Web tier Application tier Database tier HTTP/HTTPS from Internet SSH/RDP management from corpnet SSH/RDP management from corpnet, vendor SSH/RDP management from corpnet
49. IAM details Preview beta includes: Amazon EC2, S3, VPC, SQS, SNS, RDS, SimpleDB, Auto Scaling, ELB Configured via API calls Add users, define groups and hierarchies, set permissions, enable API calls, assign MFAs Future: User login to console, user management console No additional charge
53. Compliance HIPAA Current customer deployments Whitepaper describes the specifics SAS 70 type II Multiple audits Simplified process to get your copy FISMA moderate Authority to Operate ISO 27001/27002