Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 24 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 20 size. Encrypting File System, for example, is a Microsoft extension to the Windows NT operating system's New Technology File System (NTFS) that provides disk encryption. The second method is file-system-level encryption. With this method, files and directories are encrypted, but not the entire disk or partition. File-system-level encryption operates on top of the file system and is portable across operating systems. For non-volatile memory express (NVMe) SSD instance store volumes, encryption is the default option. Data in an NVMe instance storage is encrypted using an XTS-AES-256 block cipher implemented in a hardware module on the instance. The encryption keys are generated using the hardware module and are unique to each NVMe instance storage device. All encryption keys are destroyed when the instance is stopped or terminated and cannot be recovered. You cannot use your own encryption keys. Encrypt Data in Transit AWS strongly recommends encrypting data in transit from one system to another, including resources within and outside of AWS. When you create an AWS account, a logically isolated section of the AWS Cloud is provisioned to it, the Amazon Virtual Private Cloud (Amazon VPC). There you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including selecting your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can also create a hardware Virtual Private Network (VPN) connection between your corporate datacenter and your Amazon VPC, so you can use the AWS Cloud as an extension of your corporate datacenter. For protecting communication between your Amazon VPC and your corporate datacenter, you can select from several VPN connectivity options, and choose one that best matches your needs. You can use the AWS Client VPN to enable secure access to your AWS resources using client-based VPN services. You can also use a third-party software VPN appliance, which you can install on an Amazon EC2 instance in your Amazon VPC. Or, you can create an IPsec VPN connection to protect the communication between your VPC and your remote network. To create a dedicated private connection from a remote network to your Amazon VPC, you can use AWS Direct Connect. You can combine this connection with an AWS Site-to-Site VPN to create an IPsec-encrypted connection. AWS provides HTTPS endpoints using the TLS (Transport Layer Security) protocol for communication, which provides encryption in transit when you use AWS APIs. You can

Articles in this issue

Links on this page

view archives of Life Sciences - Navigating GDPR Compliance on AWS