Mitigating Cyber Risks on AWS

API

Customers interact with AWS via API, even when using AWS CLI.

  1. System Architect --> API via WebUI, CLI, SDK, etc. --> Amazon Services (S3, DynamoDB, etc.)
  2. Application User --> Application

[1] Forms the outer application access ring which is accessed by [2]

Shared Responsibility

Amazon mangages security of the cloud Customer manages security in the cloud

The Paths Amazon audited by Ernest & Young.

Find... continue reading

Data Protection in the AWS Cloud Implementing GDPR and Overview of C5

What is C5?

C5 (Cloud Computing Compliance Controls Catalogue) is designed by the BSI in Feb. 2016.

International standards taken into account for C5:

  • ISO/IEC 27001:2013
  • CSA Cloud Controls Matrix 3.01
  • AICPA Trust Service Principles Criteria 2014
  • ANSSI Referentiel Secure Cloud 2.0
  • and more

C5 makes cloud service providers comparable by a set of features.

Basics on GDPR

GDPR will come into eff... continue reading

Older Posts