1. 程式人生 > >The AWS Shared Responsibility Model and GDPR

The AWS Shared Responsibility Model and GDPR

The EU’s General Data Protection Regulation (GDPR) describes data processor and data controller roles, and some customers and AWS Partner Network (APN) partners are asking how this affects the long-established AWS Shared Responsibility Model. I wanted to take some time to help folks understand shared responsibilities for us and for our customers in context of the GDPR.

How does the AWS Shared Responsibility Model change under GDPR? The short answer – it doesn’t. AWS is responsible for securing the underlying infrastructure that supports the cloud and the services provided; while customers and APN partners, acting either as data controllers or data processors, are responsible for any personal data they put in the cloud. The

shared responsibility model illustrates the various responsibilities of AWS and our customers and APN partners, and the same separation of responsibility applies under the GDPR.

AWS responsibilities as a data processor

The GDPR does introduce specific regulation and responsibilities regarding data controllers and processors. When any AWS customer uses our services to process personal data, the controller is usually the AWS customer (and sometimes it is the AWS customer’s customer). However, in all of these cases, AWS is always the data processor in relation to this activity. This is because the customer is directing the processing of data through its interaction with the AWS service controls, and AWS is only executing customer directions. As a data processor, AWS is responsible for protecting the global infrastructure that runs all of our services. Controllers using AWS maintain control over data hosted on this infrastructure, including the security configuration controls for handling end-user content and personal data. Protecting this infrastructure, is our number one priority, and we invest heavily in third-party auditors to test our security controls and make any issues they find available to our customer base through AWS Artifact. Our

ISO 27018 report is a good example, as it tests security controls that focus on protection of personal data in particular.

AWS has an increased responsibility for our managed services. Examples of managed services include Amazon DynamoDB, Amazon RDS, Amazon Redshift, Amazon Elastic MapReduce, and Amazon WorkSpaces. These services provide the scalability and flexibility of cloud-based resources with less operational overhead because we handle basic security tasks like guest operating system (OS) and database patching, firewall configuration, and disaster recovery. For most managed services, you only configure logical access controls and protect account credentials, while maintaining control and responsibility of any personal data.

Customer and APN partner responsibilities as data controllers — and how AWS Services can help

Our customers can act as data controllers or data processors within their AWS environment. As a data controller, the services you use may determine how you configure those services to help meet your GDPR compliance needs. For example, AWS Services that are classified as Infrastructure as a Service (IaaS), such as Amazon EC2, Amazon VPC, and Amazon S3, are under your control and require you to perform all routine security configuration and management that would be necessary no matter where the servers were located. With Amazon EC2 instances, you are responsible for managing: guest OS (including updates and security patches), application software or utilities installed on the instances, and the configuration of the AWS-provided firewall (called a security group).

To help you realize data protection by design principles under the GDPR when using our infrastructure, we recommend you protect AWS account credentials and set up individual user accounts with Amazon Identity and Access Management (IAM) so that each user is only given the permissions necessary to fulfill their job duties. We also recommend using multi-factor authentication (MFA) with each account, requiring the use of SSL/TLS to communicate with AWS resources, setting up API/user activity logging with AWS CloudTrail, and using AWS encryption solutions, along with all default security controls within AWS Services. You can also use advanced managed security services, such as Amazon Macie, which assists in discovering and securing personal data stored in Amazon S3.

For more information, you can download the AWS Security Best Practices whitepaper or visit the AWS Security Resources or GDPR Center webpages. In addition to our solutions and services, AWS APN partners can provide hundreds of tools and features to help you meet your security objectives, ranging from network security and configuration management to access control and data encryption.

相關推薦

The AWS Shared Responsibility Model and GDPR

The EU’s General Data Protection Regulation (GDPR) describes data processor and data controller roles, and some customers and AWS Partner Network

Shared Responsibility Model

This customer/AWS shared responsibility model also extends to IT controls. Just as the responsibility to operate the IT environment is shared betw

Use the AWS CLI to Call and Store SAML Credentials

{ "SubjectType": "persistent", "AssumedRoleUser": { "AssumedRoleId": "ROLE_ID_NUMBER:[email protected]",

Understanding the AWS IoT Security Model

According to Gartner, the Internet of Things (IoT) has enormous potential for data generation across the roughly 21 billion endpoints expected to

Quo Vadis, Action Recognition? A New Model and the Kinetics Dataset

本文是deepmind出品,目的,就一個,放出個關於視訊方面的訓練集kinetics,一個四百個類,每個類有至少四百個clips,每個clips十秒鐘,屬於從youtube上剪下的視訊,然後對比了幾種現在存在的用於行為識別的幾種框架,具體如下圖: 其中,a,b

Ansible and the AWS CLI: No module, no problem

Ansible and the AWS CLI: No module, no problemTips on integrating the AWS CLI when Ansible modules are letting you downIf you have picked up Ansible as a t

PyTorch 1.0 preview now available in Amazon SageMaker and the AWS Deep Learning AMIs

Amazon SageMaker and the AWS Deep Learning AMIs (DLAMI) now provide an easy way to evaluate the PyTorch 1.0 preview release. PyTorch 1.0 adds seam

The cart before the horse: A new model of cause and effect

But in many cases, this one-way relationship between cause and effect fails to accurately describe reality. In a recent paper in Nature Communications, sc

software development activities、waterfall model and the agile model of software development

1、This question is about software development activities. Please name the four major activities in software development? requirement analysis soft

【論文閱讀】Quo Vadis, Action Recognition? A New Model and the Kinetics Dataset

【論文閱讀】Quo Vadis, Action Recognition? A New Model and the Kinetics Dataset 這是一篇2017CVPR的論文,我感覺這篇論文最大的貢獻就是提出了kinetics資料集,這個資料集與之前的行為識別資料集相比有質的飛躍。同

I3D論文解讀(Quo Vadis, Action Recognition? A New Model and the Kinetics Dataset)

論文:Quo Vadis, Action Recognition? A New Model and the Kinetics Dataset 期刊:CVPR2017 papar:https://arxiv.org/pdf/1705.07750v1.pdf 相關工作: 相關工作就是

Announcing AWS Amplify and the AWS Mobile CLI

The JavaScript ecosystem is thriving. Every day there are new use cases and functionality across web and mobile ecosystems. Developers are buildin

AWS Identity and Access Management (IAM) Pricing in the AWS GovCloud (US) Region

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

【論文:麥克風陣列增強】Speech Enhancement Based on the General Transfer Function GSC and Postfiltering

res transient ice ges nal gen image 增強 reg 作者:桂。 時間:2017-06-06 16:10:47 鏈接:http://www.cnblogs.com/xingshansi/p/6951494.html 原文鏈接:http

Failed to load the JNI shared library "XXXXXXX"

http library bsp red -1 技術分享 log fail 查看 今天啟動Eclipse的時候出現了這個問題,經過查找, 一般來說這種問題都是因為eclipse 和Java 的兼容性不一致所導致的。 1) 查看Eclipse 和Java 版本 那麽我們需要分

About the diffrence of wait timed_wait and block in java

@override stack util except str void rgs dex interrupt import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.Reentra

CF676E:The Last Fight Between Human and AI

tdi sca color 每次 %d out 。。 mat scanf 人類和電腦在一個多項式上進行博弈,多項式的最高次項已知,一開始系數都不確定。電腦先開始操作,每次操作可以確定某次項的系數,這個系數可以是任意實數。給出一個博弈中間狀態,最後如果這個多項式被x-K整除就

Geometric regularity criterion for NSE: the cross product of velocity and vorticity 1: $v imes om$

math blog lar suitable don table pro 證明 uitable 在 [Chae, Dongho. On the regularity conditions of suitable weak solutions of the 3D Navier

關於eclipse出現The selection cannot be launched,and there are no recent launches

語法 選擇 wid 沒有 讀者 AR java語法 not lec 當出現這個問題的時候,應分為兩種情況,第一種為當你要運行的文件無main函數時,第二種為你要運行的類有main函數時 兩種問題總的解決方法就是先配置運行。也可能是程序主函數的問題。 對第一種情況:你找到

圖神經網絡 The Graph neural network model

結果 最新 mode 相關 論文 總結 關註 del 展開 1 圖神經網絡(原始版本) 圖神經網絡現在的威力和用途也再慢慢加強 我從我看過的最原始和現在慢慢最新的論文不斷寫上我的看法和見解 本人出身數學 所以更喜歡數學推導 第一篇就介紹圖神經網絡想法的開端 之後的圖神經