Amazon Cloud tech answers these three key questions about security compliance

2022-05-14 0 By

Is it safe to go to the cloud?Is Amazon Cloud technology itself security-compliant?How does Amazon Cloud technology help users achieve security compliance on the cloud?Gu Fan, general manager of Strategic business development for Amazon Cloud Technology greater China, told reporters that these are the three questions he is often asked by customers concerned about security compliance.Nowadays, more and more enterprises are facing security compliance issues.As the global security compliance environment becomes increasingly complex, 132 countries and regions have enacted laws and regulations related to data protection and privacy. The types and amounts of data that enterprises put on the cloud are increasing, and business changes are also bringing new challenges to security compliance.In amazon cloud technology recently held a media communication meeting, Gu Fan on these questions were detailed answers.Is it safe to go to the cloud?In fact, migrating to the cloud from self-built data centers can improve the security experience of enterprises, Gu pointed out.Enterprises also need to consider security when building their own data centers. However, they need to build their own data centers to consider security equipment, management, and cost.However, after migrating applications to the cloud, enterprises do not need to care about trivial underlying infrastructure security, and security governance in the cloud has the opportunity to step up, which is reflected in the following aspects: First, better visibility.With better data integration, there is an opportunity for a centralized platform for secure visual management in the cloud.The second is a higher degree of automation.It can make full use of the ultra-high integration between cloud security services to better achieve security automation.In the local environment, with products from different vendors, secure data integration can be complex, whereas in the cloud, deep integration between services makes data integration easier.Third, more flexible cost control.Cloud security has no upfront cost and is pay-per-use.Fourth, more efficient compliance.Self-built data center to do compliance from scratch.If the cloud vendor is selected, the customer can inherit the cloud vendor’s compliance.Gu said that because of this, millions of users around the world have chosen Amazon Cloud technology. These users cover almost all industries, including finance, telecommunications and many other highly regulated industries. For example, nasdaq, the world’s largest stock exchange, will move all its business to Amazon Cloud technology in stages.NTT Docomo, Japan’s biggest telecoms operator, will move its petabytes of data warehouses to the cloud.Is Amazon Cloud technology itself security-compliant?There is a “Job Zero security culture” at Amazon Cloud.”Security is our Job Zero,” Amazon President and CEO Andy Jassy has said. “It’s more important than any number one priority.”Today, there is a “Job Zero safety culture” throughout Amazon’s cloud technology: every employee is responsible for safety.The CEO has weekly safety meetings;Employees at each level have safety objectives and regularly conduct safety compliance training and examinations;Every service should be designed with security in mind;Amazon cloud technology also attaches great importance to security automation, through automation to achieve security standardization and consistency;In terms of safe operations, a tier 1 response team and a tier 2 response team are formed to provide round-the-clock response capabilities.In addition, Amazon Cloud Technology also pioneered the security responsibility sharing model to promote security and compliance construction.Amazon Cloud Technology is responsible for the security of the underlying cloud infrastructure and provided cloud services, while customers are responsible for their own cloud business security.The line of responsibility sharing shifts depending on the IaaS, PaaS, and SaaS services that customers use.It takes a good blacksmith to make steel.According to Gu, Amazon Cloud technology has adopted four major measures to ensure its own security compliance.First, cloud security starts with infrastructure.The data center and network architecture of Amazon Cloud Technology is built to the highest security standards. All data centers or services around the world use the same construction standards and control measures. All customers can use these high-security infrastructure, no matter the size.Second, security is more than security services.Amazon Cloud technology attaches great importance to the security of every service. The security team is deeply involved in the development of new services and features from the very beginning. If there are any known security issues, new services will not be launched.Amazon Cloud technology will also automate security through deeply integrated services to reduce manual configuration errors and reduce risk.Third, adhere to the concept of customer ownership and control of data.Amazon Cloud technology does not touch customer data, customers always own their data and can encrypt their data in any way they choose.All data flows are automatically encrypted at the physical layer before leaving the secure facilities of Amazon Cloud Technology.Fourth, Amazon Cloud technology has obtained numerous security standards and compliance certifications, meeting almost all regulatory authorities’ compliance certifications around the world.These safety standards and compliance certification can be inherited by users.Amazon Cloud also regularly performs third-party verification of thousands of global compliance requirements.How does Amazon Cloud technology help users achieve security compliance on the cloud?It is understood that in terms of cloud service security, Amazon Cloud technology has been adhering to three concepts: Concept #1: use the event-driven architecture on the cloud to build automated barriers, rather than set up checkpoints.Based on event-driven architecture, it establishes a set of automation protection from threat detection to incident response, cause analysis and recovery, allowing enterprise development teams to spend more time on business innovation.Concept #2: Security in the cloud is designed proactively, not just passively.Safety compliance should be fully integrated with enterprise business as the primary condition for business development.Security construction should be prepared for a rainy day, according to the business situation and system characteristics, take the initiative from the technical and management level to implement.Idea #3: Security in the cloud must be an onion-shaped layer of progressive, unfolding protection, not an egg-shaped layer of protection.According to Gu, the onion-shaped protection system consists of five layers: the first layer is threat detection and incident response.Threat detection, like a “professional weather forecaster”, requires precise positioning, rapid response, constant monitoring of security threats, and the ability to analyze causes.Amazon GuardDuty can provide customers with economical and efficient intelligent options to continuously detect threats in Amazon cloud technology with rich intelligence sources.Amazon GuardDuty integrates machine learning capabilities to accurately locate threats and reduce alarm volume by 50%.The Amazon Security Hub unified Security event management platform enables customers to monitor threat detection 24/7, respond in a timely manner, and automatically perform compliance checks.Gu stressed that although security automation requires a lot of investment, it will be worth it in the long run because people will make mistakes.Layer 2: identity authentication and access control.Authenticate and access like the gates of a fortified castle.Not having a good authentication access strategy is like building a strong castle and leaving the door open to unknown visitors.Amazon Cloud offers two lessons and three technical tips on identity authentication.One of the lessons learned is to maintain the principle of minimal delegation and verify that each delegation is necessary and relevant to the business/responsibility.The second rule of thumb is to audit the minimum authorization principle on a regular basis, not on a permanent basis, and all mandates must be time-limited.One of the technical recommendations is to refine the granularity of access as much as possible. Access conditions can be set according to time, place and service.Second, the combination of multi-factor authentication (MFA) technology to strengthen identity authentication;Third, reduce the use of long-term vouchers.Amazon Identity and Access Management (IAM) is the core service of Identity authentication and Access control, which can provide fine Access control covering all services and resources of Amazon Cloud Technology.Amazon Organizations is an efficient authentication and access control service that enables centralized management and governance of multiple accounts in an organization, establishing privilege protection mechanisms and data boundaries.Layer 3: Network and infrastructure security.Defense against DDoS is the focus of this layer of defense.DDoS defenses should be year-round and not like an emergency room.If you wait to process DDoS attacks, the stability and continuity of services will be affected.Amazon ShieldAdvanced provides protection all day long.Network access rules are the basis of all defense. The Web application firewall service Amazon WAF provides a rich rule library, including fully managed rules developed by Amazon security team and customized rules by customers.Layer 4: Data protection and privacy.Amazon cloud technology provides encryption services for the whole life cycle of data, and the protection of data covers the storage, transmission and use of data.Amazon KMS key management service can realize encryption in stored process. It is integrated with 140 services of Amazon Cloud Technology to encrypt data stored in these services. High integration reduces manual operation and reduces the probability of error.Amazon CloudHSM offers secure and simple on-cloud encryption machines for customers with higher data privacy requirements.Amazon Nitro Enclaves offers a cloud-based confidential computing environment that allows customers to create an isolated environment to work with sensitive data without providing access to their own system administrators, developers, and applications, reducing the attack surface during sensitive data processing.Layer 5: Risk control and compliance.Amazon Cloud technology can help users with compliance from three aspects: first, to ensure the compliance of Amazon cloud technology service itself;Second, the implementation of compliance programs;Third, automated audit.Amazon Cloud technology’s compliance certification is not only in the infrastructure area, but also extends to every cloud service, where customers deploy Amazon Cloud services and their compliance can be recognized by certification bodies.Through Amazon Audit Manager, Audit management and compliance assessment can be simplified. Audit Manager can automatically scan and collect evidence, and various templates for compliance certification can be provided to simplify the evidence collection of compliance Audit.Amazon Cloud Technology also provides online tools such as Amazon Trusted Advisor custom cloud computing expert, Amazon Security Bulletins Security bulletin, Amazon Security Documentation cloud service configuration advice, and more.All safety and compliance experience will be taught to the customer.Gu Fan told reporters that Now Amazon Cloud technology is accelerating the implementation of security compliance services and functions in China.By 2021, Amazon Cloud Technology has launched more than 50 security compliance services and functions in China (Beijing and Ningxia) through cooperation with Halo And NWCD.In addition, Amazon’s Cloud Technology APN partner network offers hundreds of industry-leading security solutions.Recently, Amazon Cloud Technology further upgraded its cooperation with Deloitte China and launched the security Operation Center service, which will provide customers with end-to-end cloud security monitoring and response services on Amazon Cloud technology to improve enterprise cloud security.Gu Fan amazon’s cloud are summarized five advantages of science and technology on the cloud security compliance, are excellent visibility and control, deep integration of automation, with the highest security and privacy protection standards to construct, the customer can inherit the amazon cloud technology comprehensive security and compliance control, has the rich can cooperate partners.In the end, Gu said, “Security compliance is the foundation of all of Amazon Cloud’s business.We will continue to strive to better meet our customers’ needs in terms of safety compliance.”