aws webcast - aws compliance forum introduction oct 2013
DESCRIPTION
Amazon Web Services (AWS) has developed a customer compliance forum to facilitate in-depth compliance discussions between you and with AWS Compliance. The webinar focuses on the AWS shared responsibility security model and how your organization can achieve security and compliance within your use of AWS services. This initial AWS Compliance Forum webinar will provide an overview of AWS compliance programs, use cases, and the various compliance verticals AWS can support both through current certification and attestations (i.e., PCI, SOC, FedRAMP, and ISO) as well as areas AWS can illustrate use cases for workloads related to Life Sciences, Financial Services, and state/federal government compliance requirements. From there we will discuss the goals of the AWS Compliance Forum and plans for future webinars and small-group compliance discussions.TRANSCRIPT
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved. © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Compliance Forum
Introduction
October 31, 2013
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Session Agenda
(Very) brief overview: Compliance of AWS
AWS Compliance Forum detail: Compliance in AWS
– Who, What, When, Where, Why, and How
What’s Next for your AWS Compliance Forum
Additional Q&A
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Compliance of AWS
Start with our AWS Compliance whitepapers
AWS Compliance Programs
Want to learn more about AWS compliance?
– AWS Compliance Website: Programs and Whitepapers: https://aws.amazon.com/compliance
– Ask a question and/or request a certification or report by reaching out to [email protected]
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS COMPLIANCE FORUM
Now for the main event
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
THE WHO
AWS Compliance Forum
2% No thanks
98% Yes!
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Want to connect with other AWS customers?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Customers like you
Customers in roles like yours
Chief Operations Officer
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Customers like you
Customers in roles like yours
Customers in industries like yours
Aerospace & Defense Insurance
Agriculture and Mining Manufacturing
Banking Media and Publishing
Consumer Goods Non-Profits
Education Pharmaceuticals & Biotech
Energy & Utilities Retail
Finance Technology
Government Telecommunications
Healthcare & Medical Transportation and Logistics
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Customers like you
Customers in roles like yours
Customers in industries like yours
Customers adhering to standards/regulations like yours
3% 5% 6% 6%
11% 11%
14% 15%
17% 29%
31% 32% 33% 34%
42% 42%
51% 56%
NERC-CIP
FERPA
CJIS Security Policy
ISO 14001:2004
DIACAP
GLBA
ITAR
ISO 9001:2008
Other
FedRAMP
State privacy or breach disclosure laws
FISMA
International privacy or breach disclosure laws
SOX; Requires a SOC report
HIPAA
ISO 27001:2005
PCI DSS v2.0
Internal policies and security standards
0% 20% 40% 60%
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
POLLING QUESTION #1 PLACEHOLDER
I am most interested in connecting with customers who are:
• In roles like mine
• In my industry
• Adhere to similar standards/regulations
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
THE WHO
(PART 2)
AWS Compliance Forum
3% No thanks
97% Yes!
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Want to connect with AWS specialists?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS resources
AWS Architecture Center
AWS Documentation
That’s nice, but how about some two-way interaction…
– AWS Compliance Architects
– AWS Security Solutions Architects
– AWS Professionals Services
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
POLLING QUESTION #2 PLACEHOLDER
Which AWS specialists is most useful to you right now?
• AWS Compliance Architects
• AWS Security Solutions Architects
• AWS Professional Services Consultants
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Specialists wanting to help you
Chris Whalley AWS Compliance Architect
Chris Gile AWS Compliance Architect
Max Ramsay AWS Principal Security Solutions Architect
Tom Sheehan AWS Senior Consultant
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Questions about customers or AWS
specialists in the AWS Compliance Forum?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
THE WHAT…
AND THE WHY…
AND THE HOW
AWS Compliance Forum
1% No thanks
99% Yes!
Do you want support in interpreting and implementing control requirements in the cloud?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
AWS Compliance Forum mission
To enable you to easily and effectively interpret and implement control
requirements in the cloud by connecting you with fellow AWS
customers, AWS compliance specialists, and specialized content
11% yes, but…
66% Not really
23% No…Help!
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Are you comfortable interpreting and implementing control requirements in the cloud?
Current State Future State
100% Yes!!
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Getting to ‘future state’: Your content
Industry- and regulation-specific workbooks
– FFIEC, HIPAA, PCI, etc.
Changes to standards (and interpretation guidance)
– PCI DSS v3.0, ISO 27001:2013, etc.
Compliance whitepapers
– Governance features, logging features, etc.
Compliance case studies
– Customers sharing their experiences, lessons learned
and reference architectures (HIPAA, PCI, etc.)
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Customized depth of content
An overview of security and compliance considerations for your industry
‘Anonymized’ stories about others’ successes and challenges with compliance
A mapping to your existing compliance programs and associated controls
A discussion around how to architect to adhere to standards or regulations
A discussion around your control implementation concerns
Summary-level
Detailed-level
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
POLLING QUESTION #3 PLACEHOLDER
Think of the standard/policy for which compliance is top-of-
mind to you right now. What would be most helpful to you?
• An overview of security & compliance considerations
• ‘Anonymized’ stories about others’ successes/challenges
• A mapping to your existing compliance programs/controls
• A discussion around how to architect to adhere
• A discussion around your implementation concerns
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Your content medium
Compliance whitepapers and case studies
Webinars
Industry-focused discussion groups
Standard-focused discussion groups (i.e. PCI DSS)
Live presentations with AWS Compliance
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
POLLING QUESTION #4 PLACEHOLDER
Which of the following are you most interested in?
• Compliance whitepapers and case studies
• Webinars
• Industry-focused discussion groups
• Standard-focused discussion groups (i.e. PCI DSS)
• Live presentations with AWS Compliance
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Questions on ‘the what, why and how’?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
THE WHEN AND WHERE
AWS Compliance Forum
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Planned cadence
Monthly: Industry- or standard-specific discussion group
Quarterly: General-interest webinar
Semi-annually: AWS Compliance Forum newsletter
Annually: AWS Compliance Forum meet n’ greet
Ad-hoc: Public appearances, case-study publication, etc.
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Questions on ‘the where and when’?
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
WHAT’S NEXT?
AWS Compliance Forum
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
What about between now and then?
Socialize this webinar with key people in your org
Check out the AWS Security blog
– Tags by: Compliance, Best practices, etc.
Attend re:Invent sessions focused on compliance
(or watch the recordings on YouTube in late Nov)
– SEC101: AWS Security – Keynote Address
– SEC203: Security Assurance and Governance in AWS
– SEC204: Building Secure Applications and Navigating FedRAMP
in the AWS GovCloud (US) Region
– SEC206: Taking the Fear Out of PCI Compliance in the Cloud
– SEC306: Implementing Bullet-Proof HIPAA Solutions on AWS
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
ADDITIONAL QUESTIONS?
AWS Compliance Forum
© 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
Copyright © 2013 Amazon Web Services, Inc. and its affiliates. All rights reserved.
This work may not be reproduced or redistributed, in whole or in part,
without prior written permission from Amazon Web Services, Inc.
Commercial copying, lending, or selling is prohibited.
Questions? Email us at [email protected].