Life Sciences

Amazon Web Services Navigating GDPR Compliance on AWS 12 Geo-Restrictions You can use geo-restrictions—also known as geoblocking—to prevent users in specific geographic locations from accessing content that you're distributing through an Amazon CloudFront web distribution. There are two options for using geo-restrictions: • CloudFront geo-restriction feature – Select this option to restrict access to all of the files that are associated with a CloudFront distribution, and to restrict access at the country level. • Third-party geolocation service – Select this option to restrict access to a subset of the files that are associated with a distribution, or to restrict access at a finer level of granularity than the country level. Beyond these two options, geo-limiting capabilities exist for newly launched Regions. While AWS Regions introduced before March 20, 2019 are enabled by default. Regions introduced after March 20, 2019, such as Asia Pacific (Hong Kong) and Middle East (Bahrain), are disabled by default. You must enable these Regions before you can use them. If an AWS Region is disabled by default, you can use the AWS Management Console to enable and disable the Region. Enabling and disabling AWS Regions allows you to control whether users in your AWS account can access resources in that Region.5 Control Access to Web Applications and Mobile Apps AWS provides service for managing data access control within their applications. If you need to add user login and access control features to your web applications and mobile apps, you can use Amazon Cognito. Amazon Cognito User Pools provide a secure user directory that scales to hundreds of millions of users. To protect the identity of the users, you can add multi-factor authentication (MFA) to your user pools. You can also use adaptive authentication, which uses a risk-based model to predict when you might need another authentication factor. With Amazon Cognito, you can see who accessed your resources and where the access originated (mobile app or web application). You can use this information to create security policies that allow or deny access to a resource based on the type of access origin (mobile app or web application).

• Cover
• Abstract
• General Data Protection Regulation Overview
• Changes the GDPR Introduces to Organizations Operating in the EU
• AWS Preparation for the GDPR
• AWS Data Processing Addendum (DPA)
• The Role of AWS Under the GDPR
• AWS as a Data Processor
• AWS as a Data Controller
• Shared Security Responsibility Model
• Strong Compliance Framework and Security Standards
• AWS Compliance Program
• Cloud Computing Compliance Controls Catalog
• The CISPE Code of Conduct
• Data Access Controls
• AWS Identity and Access Management
• Temporary Access Tokens Through AWS STS
• Multi-Factor-Authentication
• Access to AWS Objects Resources
• Access to Operational & Configuration Data
• Geo-Restrictions
• Control Access to Web Applications and Mobile Apps
• Monitoring and Logging
• Manage and Configure Assets with AWS Config
• Compliance Auditing & Security Analytics with AWS CloudTrail
• Log Formats
• Centralized Security Management
• Protecting your Data on AWS
• Encrypt Data at Rest
• Encrypt Data in Transit
• Encryption Tools
• AWS Key Management Service
• AWS Service Integration
• Audit Capabilities
• Security
• AWS CloudHSM
• Integration with AWS Services and Third-Party Applications
• Audit Activities
• AWS Cryptographic Services and Tools
• Linux DM-Crypt Infrastructure
• Data Protection by Design & by Default
• How AWS Can Help
• Contributors
• Document Revisions