All posts by Min Hyun

Updated whitepaper now available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud

Post Syndicated from Min Hyun original https://aws.amazon.com/blogs/security/updated-whitepaper-now-available-aligning-to-the-nist-cybersecurity-framework-in-the-aws-cloud/

I’m proud to announce an updated resource that is designed to provide guidance to help your organization align to the National Institute of Standards and Technology (NIST) Cybersecurity Framework Version 1.1, which was released in 2018. The updated guide, NIST Cybersecurity Framework (CSF): Aligning to the NIST CSF in the AWS Cloud, is designed to help commercial and public sector entities of any size and in any part of the world align with the CSF by leveraging AWS services and resources.

In addition to mapping CSF updates to the latest AWS services and resources, we’ve also renewed our independent third-party assessor’s validation that the AWS services that have undergone FedRAMP Moderate and ISO 9001/27001/27017/27018 accreditations align with the CSF.

If you’re new to the NIST CSF, it’s a voluntary, risk-based, outcome-focused framework. It helps you establish a foundational set of security activities organized around five functions—Identify, Protect, Detect, Respond, Recover—to help you improve the security, risk management, and resilience of your organization. The CSF was originally intended for the critical infrastructure sector, but they’ve been endorsed by governments and industries worldwide as a recommended baseline for organizations of all types and sizes. Sectors as diverse as health care, financial services, and manufacturing are using the NIST CSF, and the list of early global adopters includes Japan, Israel, the UK, and Uruguay, among others.

In short, the NIST CSF is broadly applicable. In fact, in February 2018, the International Standards Organization released “ISO/IEC 27103:2018 — Information technology — Security techniques,” a standard that provides guidance for implementing a cybersecurity framework leveraging existing standards. ISO 27103 promotes the same concepts and best practices reflected in the NIST CSF; specifically, it encourages a framework focused on security outcomes organized around five functions (Identify, Protect, Detect, Respond, Recover) and foundational activities that map to existing standards, accreditations and frameworks. Adopting a versatile framework like the NIST CSF can help your organization achieve security outcomes while benefiting from the efficiencies of reusing instead of redoing.

You can use our updated whitepaper and workbook to learn how AWS services and resources can help enable your organization’s alignment to the CSF. If you’d like support in how to implement the CSF in your organization using AWS services and resources, contact an AWS Solutions Architect.

Want more AWS Security news? Follow us on Twitter.

Author

Min Hyun

Min is the Global Lead for Growth Strategies at AWS. Her team’s mission is to set the industry bar in thought leadership for security and data privacy assurance in emerging technology, trends and strategy to advance customers’ journeys to AWS. View her other Security Blog publications here.

How AWS Meets a Physical Separation Requirement with a Logical Separation Approach

Post Syndicated from Min Hyun original https://aws.amazon.com/blogs/security/how-aws-meets-a-physical-separation-requirement-with-a-logical-separation-approach/

We have a new resource available to help you meet a requirement for physically-separated infrastructure using logical separation in the AWS cloud. Our latest guide, Logical Separation: An Evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads outlines how AWS meets the U.S. Department of Defense’s (DoD) stringent physical separation requirement by pioneering a three-pronged logical separation approach that leverages virtualization, encryption, and deploying compute to dedicated hardware.

This guide will help you understand logical separation in the cloud and demonstrates its advantages over a traditional physical separation model. Embracing this approach can help organizations confidently meet or exceed security requirements found in traditional on-premises environments, while also providing increased security control and flexibility.

Logical Separation is the second guide in the AWS Government Handbook Series, which examines cybersecurity policy initiatives and identifies best practices.

If you have questions or want to learn more, contact your account executive or AWS Support.

Addressing Data Residency with AWS

Post Syndicated from Min Hyun original https://aws.amazon.com/blogs/security/addressing-data-residency-with-aws/

Whitepaper image

AWS has released a new whitepaper that has been requested by many AWS customers: AWS Policy Perspectives: Data Residency. Data residency is the requirement that all customer content processed and stored in an IT system must remain within a specific country’s borders, and it is one of the foremost concerns of governments that want to use commercial cloud services. General cybersecurity concerns and concerns about government requests for data have contributed to a continued focus on keeping data within countries’ borders. In fact, some governments have determined that mandating data residency provides an extra layer of security.

This approach, however, is counterproductive to the data protection objectives and the IT modernization and global economic growth goals that many governments have set as milestones. This new whitepaper addresses the real and perceived security risks expressed by governments when they demand in-country data residency by identifying the most likely and prevalent IT vulnerabilities and security risks, explaining the native security embedded in cloud services, and highlighting the roles and responsibilities of cloud service providers (CSPs), governments, and customers in protecting data.

Large-scale, multinational CSPs, often called hyperscale CSPs, represent a transformational disruption in technology because of how they support their customers with high degrees of efficiency, agility, and innovation as part of world-class security offerings. The whitepaper explains how hyperscale CSPs, such as AWS, that might be located out of country provide their customers the ability to achieve high levels of data protection through safeguards on their own platform and with turnkey tooling for their customers. They do this while at the same time preserving nation-state regulatory sovereignty.

The whitepaper also considers the commercial, public-sector, and economic effects of data residency policies and offers considerations for governments to evaluate before enforcing requirements that can unintentionally limit public-sector digital transformation goals, in turn possibly leading to increased cybersecurity risk.

AWS continues to engage with governments around the world to hear and address their top-of-mind security concerns. We take seriously our commitment to advocate for our customers’ interests and enforce security from “ground zero.” This means that when customers use AWS, they can have the confidence that their data is protected with a level of assurance that meets, if not exceeds, their needs, regardless of where the data resides.

– Min Hyun, Cloud Security Policy Strategist