Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 27 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 23 AWS Service Integration AWS KMS has integrated with a number of AWS services (over fifty at the time of this writing). These integrations allow you to easily use AWS KMS CMKs to encrypt the data you store with these services. In addition to using a customer managed CMK, a number of the integrated services allow you to use an AWS managed CMK that is created and managed for you automatically, but is only usable within the specific service that created it. Audit Capabilities If AWS CloudTrail is enabled for your AWS account, each use of a key that you store in KMS is recorded in a log file that is delivered to the Amazon S3 bucket that you specified when you enabled AWS CloudTrail. The information recorded includes details of the user, time, date, and the key used. Security AWS KMS is designed to make sure that no one has access to your master keys. The service is built on systems that are designed to protect your master keys with extensive hardening techniques, such as never storing plaintext master keys on disk, not persisting them in memory, and limiting which systems can access hosts that use keys. All access to update software on the service is controlled by a multi-party access control that is audited and reviewed by an independent group within Amazon. For more information about AWS KMS, see the AWS Key Management Service whitepaper. AWS CloudHSM The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances in the AWS Cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by HSM. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for applications and data subject to rigorous contractual or regulatory requirements for managing cryptographic keys, additional protection is sometimes necessary. Previously, the only option to store sensitive data (or the encryption keys protecting the sensitive data) may have been in on-premises datacenters. This might have prevented you from migrating these applications to the cloud or significantly slowed their performance. With AWS CloudHSM, you can protect your encryption keys within HSMs designed and validated to government standards for

Articles in this issue

Links on this page

view archives of Life Sciences - Navigating GDPR Compliance on AWS