Life Sciences

Amazon Web Services Navigating GDPR Compliance on AWS 17 Centralized Security Management Many organizations have challenges related to visibility and centralized management of their environments. As your operational footprint grows, this challenge can be compounded unless you carefully consider your security designs. Lack of knowledge, with decentralized and uneven management of governance and security processes can make your environment vulnerable. AWS provides tools that help you to address some of the most challenging requirements for IT management and governance, and tools for supporting a data protection by design approach. AWS Control Tower provides an easy method to set up and govern a new, secure, multi-account AWS environment. It automates the setup of a landing zone6 which is a multi-account environment that is based on best-practices blueprints, and enables governance using guardrails that you can choose from a pre-packaged list. Guardrails implement governance rules for security, compliance, and operations. AWS Control Tower provides identity management using AWS Single Sign-On (SSO) default directory and enables cross-account audit using AWS SSO and AWS IAM. It also centralizes logs coming from Amazon CloudTrail and AWS Config logs, which are stored in Amazon S3. AWS Security Hub is another service that supports centralization and can improve visibility into an organization. Security Hub centralizes and prioritizes security and compliance findings from across AWS accounts and services, and can be integrated with security software from third-party partners to help you analyze security trends and identify the highest priority security issues. Amazon CloudWatch Events enables you to set up your AWS account to send events to other AWS accounts, or become a receiver for events from other accounts or organizations. This mechanism can be very useful for implementing cross-account incident response scenarios, by taking timely corrective actions (for example, by calling a Lambda function, or running a command on EC2 instance) as necessary any time a security incident event occurs.

• Cover
• Abstract
• General Data Protection Regulation Overview
• Changes the GDPR Introduces to Organizations Operating in the EU
• AWS Preparation for the GDPR
• AWS Data Processing Addendum (DPA)
• The Role of AWS Under the GDPR
• AWS as a Data Processor
• AWS as a Data Controller
• Shared Security Responsibility Model
• Strong Compliance Framework and Security Standards
• AWS Compliance Program
• Cloud Computing Compliance Controls Catalog
• The CISPE Code of Conduct
• Data Access Controls
• AWS Identity and Access Management
• Temporary Access Tokens Through AWS STS
• Multi-Factor-Authentication
• Access to AWS Objects Resources
• Access to Operational & Configuration Data
• Geo-Restrictions
• Control Access to Web Applications and Mobile Apps
• Monitoring and Logging
• Manage and Configure Assets with AWS Config
• Compliance Auditing & Security Analytics with AWS CloudTrail
• Log Formats
• Centralized Security Management
• Protecting your Data on AWS
• Encrypt Data at Rest
• Encrypt Data in Transit
• Encryption Tools
• AWS Key Management Service
• AWS Service Integration
• Audit Capabilities
• Security
• AWS CloudHSM
• Integration with AWS Services and Third-Party Applications
• Audit Activities
• AWS Cryptographic Services and Tools
• Linux DM-Crypt Infrastructure
• Data Protection by Design & by Default
• How AWS Can Help
• Contributors
• Document Revisions