Explore how AWS helps with compliance and where the lines of responsibility are drawn.
- [Instructor] Depending on your particular industry, you may be obligated to demonstrate compliance with any number of regulations regarding data movement and storage. A few examples include PCIDSS for the handling of financial information, HIPAA and HITECH for health information, and FERPA for the handling of educational records. Some IT professionals and even CIOs may fear that moving data to the cloud may put their ability to comply with regulations at risk. If that sounds familiar, fear not. AWS goes to great lengths to make sure that whatever your legal requirements, you can work with AWS to ensure compliance and take advantage of all the cloud has to offer.
AWS provides detailed guidance regarding many different regulatory frameworks. If we go to aws.amazon.com/compliance, we can drill down into any number of regulations and find out more. For instance, if you scroll down and choose HIPAA, you will find a landing page dedicated to keeping HIPAA compliance in AWS. Pay particular attention to the white papers, which AWS keeps continually updated. Within this document, you'll find details on which AWS services are suitable for keeping HIPAA.
It will even tell you which features within individual services you should avoid or specifically configure to stay within the law. In fact, AWS devotes an entire section of its web console to keeping you aware of compliance matters and security of the cloud. It's called AWS Artifact. You access AWS Artifact the same way you'd access any AWS service, such as EC2 or RDS. It's an entry in the main menu. We can go there by simply typing Artifact and choosing the first response. Inside is a list of documentation that AWS makes available related to its own compliance status.
You'll find ISO reports, PCIDS, SOC and more. When you choose to download one, you'll be asked to sign a nondisclosure agreement. Let's say I wanted to download the FedRAMP Partner Package. I would click Get This Artifact, and then I'm prompted to sign a nondisclosure agreement. I need to scroll all the way down, check the box, and download the file. Not only am I asked to sign a nondisclosure agreement, my copy will be specially watermarked with a code identifying me as the original requester.
So don't share your copy. Because of this, I won't actually demonstrate opening the documents, but I will give you one word of advice. Use Acrobat Reader to open it. There are instructions to this effect when you open the document the first time. These docs come in a format where the main document is the NDA you sign, and the actual content is attached to that. The text within provides some instructions on how to access the content with Adobe Acrobat Reader, but if you're using something like Preview on the Mac or your browser's built-in PDF reader, it won't be clear how to reach the content.
Of course, some regulatory frameworks are stricter than others. If you're a government or higher ed institution subject to ITAR, FedRAMP or SRG, you're going to want to look at GovCloud. Let's go to aws.amazon.com/govcloud-us. GovCloud is an entirely distinct region of AWS that is in most ways identical to the other regions, like Virginia's US-East-1, except that GovCloud is 100% housed within the the US and accessible only by US citizens. GovCloud has a provisional ATO, or authority to operate, under the FedRAMP high baseline.
These are crucial features for organizations subject to ITAR, or US International Traffic and Arms Regulations. Customers must create and maintain a fully separate account for GovCloud, distinct from any other AWS accounts they might operate, and they must sign a GovCloud-specific contract. They must be, quoting AWS docs now, US persons not subject to export restrictions and who comply with US export control laws and regulations. Organizations must apply for GovCloud from an existing account or through an AWS business representative.
If your organization is subject to regulatory compliance, chances are you already know a lot about the requirements of your particular responsibilities. Using AWS doesn't change any of that. It just means that there are now layers in the stack that are managed by AWS. It might sound concerning to give control of any part of your critical compliance responsibilities to AWS, but if you take advantage of Amazon's clear documentation, and understand your part in the shared responsibility model, you should feel quite at ease.
Join AWS architect Brandon Rich and learn how to configure object storage solutions and lifecycle management in Simple Storage Service (S3), a web service offered by AWS, and migrate, back up, and replicate relational data in RDS. Find out how to leverage flexible network storage with Elastic File System (EFS), and use the new AWS Glue service to move and transform data. Plus, learn how Snowball can help you transfer truckloads of data in and out of the cloud.
- What is data management?
- AWS S3 basics
- S3 bucket creation
- S3 upload and logging
- S3 event notifications
- S3 data lifecycle configuration
- Working with Amazon Elastic Block Store volumes
- Creating and mounting an EFS
- Creating an AWS RDS instance
- RDS backup and recovery
- Moving data with AWS Database Migration Service
- Moving data with Data Pipeline and Glue