Life Sciences

Amazon Web Services Navigating GDPR Compliance on AWS 21 use the AWS Certificate Manager (ACM) service to generate, manage, and deploy the private and public certificates you use to establish encrypted transport between systems for your workloads. Amazon Elastic Load Balancing is integrated with ACM and is used to support HTTPS protocols. If your content is distributed through Amazon CloudFront, it supports encrypted endpoints. Encryption Tools AWS offers various highly scalable data encryption services, tools, and mechanisms to help protect your data stored and processed on AWS. For information about AWS Service functionality and privacy, see AWS Service Capabilities for Privacy Considerations7. Cryptographic services from AWS use a wide range of encryption and storage technologies that are designed to maintain integrity of your data at rest or in transit. AWS offers four primary tools for cryptographic operations. • AWS Key Management Service (AWS KMS) is an AWS managed service that generates and manages both master keys and data keys. AWS KMS is integrated with many AWS services to provide server-side encryption of data using KMS keys from customer accounts. KMS hardware security modules (HSMs) are FIPS 140-2 Level 2 validated. • AWS CloudHSM provides HSMs that are FIPS 140-2 Level 3 validated. They securely store a variety of your self-managed cryptographic keys, including master keys and data keys. • AWS Cryptographic Services and Tools o AWS Encryption SDK provides a client-side encryption library for implementing encryption and decryption operations on all types of data. o Amazon DynamoDB Encryption Client provides a client-side encryption library for encrypting data tables before sending them to a database service, such as Amazon DynamoDB. AWS Key Management Service AWS Key Management Service (AWS KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS KMS is integrated with several other AWS services to help you protect the data you store with

• Cover
• Abstract
• General Data Protection Regulation Overview
• Changes the GDPR Introduces to Organizations Operating in the EU
• AWS Preparation for the GDPR
• AWS Data Processing Addendum (DPA)
• The Role of AWS Under the GDPR
• AWS as a Data Processor
• AWS as a Data Controller
• Shared Security Responsibility Model
• Strong Compliance Framework and Security Standards
• AWS Compliance Program
• Cloud Computing Compliance Controls Catalog
• The CISPE Code of Conduct
• Data Access Controls
• AWS Identity and Access Management
• Temporary Access Tokens Through AWS STS
• Multi-Factor-Authentication
• Access to AWS Objects Resources
• Access to Operational & Configuration Data
• Geo-Restrictions
• Control Access to Web Applications and Mobile Apps
• Monitoring and Logging
• Manage and Configure Assets with AWS Config
• Compliance Auditing & Security Analytics with AWS CloudTrail
• Log Formats
• Centralized Security Management
• Protecting your Data on AWS
• Encrypt Data at Rest
• Encrypt Data in Transit
• Encryption Tools
• AWS Key Management Service
• AWS Service Integration
• Audit Capabilities
• Security
• AWS CloudHSM
• Integration with AWS Services and Third-Party Applications
• Audit Activities
• AWS Cryptographic Services and Tools
• Linux DM-Crypt Infrastructure
• Data Protection by Design & by Default
• How AWS Can Help
• Contributors
• Document Revisions