Life Sciences

Amazon Web Services Navigating GDPR Compliance on AWS 23 AWS Service Integration AWS KMS has integrated with a number of AWS services (over fifty at the time of this writing). These integrations allow you to easily use AWS KMS CMKs to encrypt the data you store with these services. In addition to using a customer managed CMK, a number of the integrated services allow you to use an AWS managed CMK that is created and managed for you automatically, but is only usable within the specific service that created it. Audit Capabilities If AWS CloudTrail is enabled for your AWS account, each use of a key that you store in KMS is recorded in a log file that is delivered to the Amazon S3 bucket that you specified when you enabled AWS CloudTrail. The information recorded includes details of the user, time, date, and the key used. Security AWS KMS is designed to make sure that no one has access to your master keys. The service is built on systems that are designed to protect your master keys with extensive hardening techniques, such as never storing plaintext master keys on disk, not persisting them in memory, and limiting which systems can access hosts that use keys. All access to update software on the service is controlled by a multi-party access control that is audited and reviewed by an independent group within Amazon. For more information about AWS KMS, see the AWS Key Management Service whitepaper. AWS CloudHSM The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances in the AWS Cloud. With CloudHSM, you control the encryption keys and cryptographic operations performed by HSM. AWS and AWS Marketplace partners offer a variety of solutions for protecting sensitive data within the AWS platform, but for applications and data subject to rigorous contractual or regulatory requirements for managing cryptographic keys, additional protection is sometimes necessary. Previously, the only option to store sensitive data (or the encryption keys protecting the sensitive data) may have been in on-premises datacenters. This might have prevented you from migrating these applications to the cloud or significantly slowed their performance. With AWS CloudHSM, you can protect your encryption keys within HSMs designed and validated to government standards for

• Cover
• Abstract
• General Data Protection Regulation Overview
• Changes the GDPR Introduces to Organizations Operating in the EU
• AWS Preparation for the GDPR
• AWS Data Processing Addendum (DPA)
• The Role of AWS Under the GDPR
• AWS as a Data Processor
• AWS as a Data Controller
• Shared Security Responsibility Model
• Strong Compliance Framework and Security Standards
• AWS Compliance Program
• Cloud Computing Compliance Controls Catalog
• The CISPE Code of Conduct
• Data Access Controls
• AWS Identity and Access Management
• Temporary Access Tokens Through AWS STS
• Multi-Factor-Authentication
• Access to AWS Objects Resources
• Access to Operational & Configuration Data
• Geo-Restrictions
• Control Access to Web Applications and Mobile Apps
• Monitoring and Logging
• Manage and Configure Assets with AWS Config
• Compliance Auditing & Security Analytics with AWS CloudTrail
• Log Formats
• Centralized Security Management
• Protecting your Data on AWS
• Encrypt Data at Rest
• Encrypt Data in Transit
• Encryption Tools
• AWS Key Management Service
• AWS Service Integration
• Audit Capabilities
• Security
• AWS CloudHSM
• Integration with AWS Services and Third-Party Applications
• Audit Activities
• AWS Cryptographic Services and Tools
• Linux DM-Crypt Infrastructure
• Data Protection by Design & by Default
• How AWS Can Help
• Contributors
• Document Revisions