Security and Compliance Flashcards
Shared Responsibility of Infrastructure Services
Most consumer responsibility, customers responsible “in cloud” vs “of cloud”
Customer: Data, platform/app/identity management, OS/network/firewall config, client/server encryption, network traffic protection
AWS: Foundation services (storage, compute, network, database), Global Infrastructure
Shared Responsibility of Container Services (RDS, EMR, Beanstalk)
Balanced responsibility
Customer: Customer data encryption/integrity, network traffic protection, firewall config
AWS: Platform/app management, OS/network config, foundation services, global infrastructure
Shared Responsibility of Abstract Services (S3, DynamoDB, Glacier, SQS)
Most AWS responsibility
Customer: customer data, clientside data encryption
AWS: Network traffic protection, serverside encryption, platform/app management, OS/network config, foundation services, global infrastructure
AWS Compliance Program
Helps customers to understand the robust controls in place at AWS to maintain security and compliance of the cloud. By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards
Encryption of Data in Transit
Data actively moving from one location to another such as across the internet or through a private network
Uses Transport Layer Security (TLS) and Certificate Managers
Encryption of Data at Rest
Data that is not actively moving from device to device or network to network such as data stored on a hard drive, laptop, flash drive, or archived/stored in some other way
Uses KMS and Amazon CloudHSM
Federated Access
User who can access secure AWS account resources using an external identity provider, such as Login with Amazon, Facebook, or Google
HIPAA
Standard required for storage of medical records in the US
AWS Abuse Team
Responsible for protecting AWS customers from various types of abuse, including spam, phishing, and other malicious activities
CLI
A command-line interface, a text-based user interface (UI) used to interact with a computer operating system
AWS Risk and Compliance Program
Manages risk in all phases of service design and deployment and continually improve and reassess the organization’s risk-related activities
Components include information security, risk management, and control environment
SDK
A software development kit, a set of software-building tools for a specific platform, including building blocks, debuggers, and sometimes a framework or group of code libraries
API
Application Programming Interface, a software intermediary that enables two or more computer programs to communicate with each other
Which services have built-in DDoS protection/migration?
1) VPCs and Security Groups
2) Route 53
3) CloudFront
4) WAF
5) Elastic Load Balancing