1-888-317-7920 info@2ndwatch.com

There are four main reasons why companies are moving to the cloud. They include: agility, availability, cost and security. When meeting with the CIO of a prominent movie studio in LA earlier this week he said, “The primary area that we need to understand is security. Our CEO does not want any critical information leaving or being stored offsite.” While the CEO’s concern is valid, cloud providers like Amazon Web Services (AWS) are taking extraordinary measures to ensure both privacy and security on their platform. Below is an overview of the measures taken by AWS.

  • Accreditations and Certifications      – AWS has created a compliance program to help customers understand the      substantial practices in place for both data protection and security to      meet either government or industry requirements. For example, PCI DSS      Level 1, ITAR, etc. for government and HIPAA, MPAA, etc. for industry.
  • Data Protection and Privacy – AWS      adheres to the stric data protection and privacy standards and      regulations, including  FISMA, Sarbanes-Oxley, etc. AWS datacenter      employees are given limited access to the location of customer systems on      an as-needed basis. Discs are also shredded and never re-used by another      customer.
  • Physical Security – Infrastructure      is located in nondescript AWS-controlled datacenters. The location of and      access into each datacenter is limited to employees with legitimate      business reasons (access is revoked when the business reason ends).      Physical access is strictly controlled at both the perimeter and      building ingress points.
  • Secure Services – AWS      infrastructure services are designed and managed in accordance with      security best practices, as well as multiple security compliance      standards. Infrastructure services contain multiple capabilities that      restrict unauthorized access or usage without sacrificing the flexibility      that customers demand.
  • Shared Responsibility – A shared      responsibility exists for compliance and security on the AWS cloud. AWS      owns facilities, infrastructure (compute, network and storage), physical      security and the virtualization layer. The customer owns applications,      firewalls, network configuration, operating system and security groups.

The AWS cloud provides customers with end-to-end privacy and security via its collaboration with validated experts like NASA, industry best practices and its own experience building and managing global datacenters. AWS documents how to leverage these capabilities for customers. To illustrate: I recently met with a VP of Infrastructure for a $1B+ SaaS company in San Francisco. He said, “We are moving more workloads to AWS because it is so secure.” The people, process and technology are in place to achieve the highest level of physical and virtual privacy and security.

-Josh Lowry, General Manager-West