Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 28 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 24 secure key management. You can securely generate, store, and manage the cryptographic keys used for data encryption to make sure that only you can get access to them. AWS CloudHSM helps you comply with strict key management requirements without sacrificing application performance. The AWS CloudHSM service works with Amazon Virtual Private Cloud (Amazon VPC). CloudHSM instances are provisioned inside your Amazon VPC with an IP address that you specify, which provides simple and private network connectivity to your Amazon Elastic Compute Cloud (Amazon EC2) instances. When you locate your CloudHSM instances near your Amazon EC2 instances, you decrease network latency, which can improve application performance. AWS provides dedicated and exclusive (single tenant) access to CloudHSM instances, which are isolated from other AWS customers. Available in multiple Regions and Availability Zones, CloudHSM enables you to add secure and durable key storage to your applications. Integration with AWS Services and Third-Party Applications You can use CloudHSM with Amazon Redshift, Amazon Relational Database Service (Amazon RDS) for Oracle, or third-party applications (such as SafeNet Virtual KeySecure) as your Root of Trust, Apache (SSL termination), or Microsoft SQL Server (transparent data encryption). You can also use CloudHSM when you write your own applications and continue to use the standard cryptographic libraries you're familiar with, including PKCS#11, Java JCA/JCE, and Microsoft CAPI and CNG. Audit Activities If you need to track resource changes, or audit activities for security and compliance purposes, you can review all of the CloudHSM API calls made from your account through AWS CloudTrail. Additionally, you can audit operations on the HSM appliance using syslog or send syslog log messages to your own log collector. AWS Cryptographic Services and Tools AWS offers mechanisms that comply with a wide range of cryptographic security standards that you can use to implement best-practice encryption. The AWS Encryption SDK8 is a client-side encryption library, available in Java, Python, C, JavaScript, and a command line interface that supports Linux, macOS, and Windows. The AWS Encryption SDK offers advanced data protection features including secure, authenticated, symmetric key algorithm suites, such as 256-bit AES-GCM with key derivation and signing. Because it was specifically designed for applications that use Amazon DynamoDB, the DynamoDB Encryption Client9 enables users to protect their

Articles in this issue

Links on this page

view archives of Life Sciences - Navigating GDPR Compliance on AWS