There are four main reasons why companies are moving to the cloud. They include: agility, availability, cost and security. When meeting with the CIO of a prominent movie studio in LA earlier this week he said, “The primary area that we need to understand is security. Our CEO does not want any critical information leaving or being stored offsite.” While the CEO’s concern is valid, cloud providers like Amazon Web Services (AWS) are taking extraordinary measures to ensure both privacy and security on their platform. Below is an overview of the measures taken by AWS.
- Accreditations and Certifications – AWS has created a compliance program to help customers understand the substantial practices in place for both data protection and security to meet either government or industry requirements. For example, PCI DSS Level 1, ITAR, etc. for government and HIPAA, MPAA, etc. for industry.
- Data Protection and Privacy – AWS adheres to the stric data protection and privacy standards and regulations, including FISMA, Sarbanes-Oxley, etc. AWS datacenter employees are given limited access to the location of customer systems on an as-needed basis. Discs are also shredded and never re-used by another customer.
- Physical Security – Infrastructure is located in nondescript AWS-controlled datacenters. The location of and access into each datacenter is limited to employees with legitimate business reasons (access is revoked when the business reason ends). Physical access is strictly controlled at both the perimeter and building ingress points.
- Secure Services – AWS infrastructure services are designed and managed in accordance with security best practices, as well as multiple security compliance standards. Infrastructure services contain multiple capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand.
- Shared Responsibility – A shared responsibility exists for compliance and security on the AWS cloud. AWS owns facilities, infrastructure (compute, network and storage), physical security and the virtualization layer. The customer owns applications, firewalls, network configuration, operating system and security groups.
The AWS cloud provides customers with end-to-end privacy and security via its collaboration with validated experts like NASA, industry best practices and its own experience building and managing global datacenters. AWS documents how to leverage these capabilities for customers. To illustrate: I recently met with a VP of Infrastructure for a $1B+ SaaS company in San Francisco. He said, “We are moving more workloads to AWS because it is so secure.” The people, process and technology are in place to achieve the highest level of physical and virtual privacy and security.
-Josh Lowry, General Manager-West