Because of the clear advantages of the cloud, many companies are prepared to deal with the implementation of compliance requirements. Storm Reply supports its customers with the implementation of the best possible security standards under consideration of all compliance requirements.
The expertise offered by Storm Reply in the fields of Identity & Access Management (IAM), hardening of instances, encryption of instances and data (Data in Transit, Data at Rest und Data in Process), Next Generation Firewalls (NGFW) etc. make us a partner of first choice for customers with high data security and data protection requirements.
Security in public cloud computing is characterized by the model of shared responsibility. Here, the public cloud provider is responsible for the security of the infrastructure on which the services are operated. This infrastructure includes the hardware, software, networks and buildings that are used to operate the cloud. The customer, on the other hand, is responsible for the security of the applications operated on the infrastructure; this includes access management, encryption and firewalls.
There is an entire range of possible security measures for the basic AWS Infrastructure Services such as Amazon Elastic Compute Cloud (EC2) and Amazon Simple Storage Service (S3). At EC2 you have complete control of which patches are used and which software runs on the systems. This infrastructure behaves very similarly to classic servers. This makes it possible to ensure the highest degree of security with active security management.
For the more complex AWS Services such as Amazon RDS, Redshift or WorkSpaces, considerably less expense is needed to guarantee the security of the applications. Here, however, the responsibility for security lies entirely with the cloud provider. AWS provides various tools that make it easier for the user to ensure data security.
AWS Identity and Access Management (IAM) enables secure management of access to AWS services and resources for your users. With the help of IAM, you can set up and manage AWS users as well as use access rights to enable or block their access to AWS resources.
AWS IAM enables:
In IAM you can create user accounts, assign them individual logon information (i.e. access key, passwords and multi-factor authentication devices) or request temporary log on information to grant users access to AWS services and resources. You can manage user rights to determine which processes a user may perform.
In IAM, you can create roles and manage access rights to control which processes the entity, the user or the AWS service assigned to the role is allowed to execute. You can also determine to which entity the role can be assigned.
You can activate the federated identity to enable existing identities in your company (such as users, groups and roles) to access the AWS Management Console, to call up AWS-APIs and to access resources without having to create an IAM user for each identity. More information on AWS IAM can be found here.
AWS also offers encryption possibilities for Data at Rest and Data at Transit.
This is a managed service that makes it easier for you to create and monitor the encryption key used for the data encryption and is used to protect the security of your hardware security module (HSM) keys. The AWS Key Management Service is integrated into several other AWS services to support you in protecting your data saved with these services. AWS Key Management Service is also integrated into AWS CloudTrail and provides you with protocols of the entire key usage; this supports you in adhering to your legal and compliance requirements.
In particular, the German data privacy policy regarding personal data is very critical and often limits the efficient use of the cloud. To this end, Storm Reply has created an efficient solution together with their partner eperi eine effiziente Lösung geschaffen: We implement and operate an encryption layer on the basis of the eperi Gateway for Cloud Apps, which is a reverse proxy that encrypts all sensitive data before it can be processed in the cloud. Thus only encrypted and therefore non-critical data are processed in the cloud – sensitive data does not leave the company. This means all of the benefits of cloud computing can be used without limit. The high degree of security offered by the encryption means that personal data and data particularly in need of protection according to the federal data protection act (Bundesdatenschutzgesetz - BDSG) can be converted to non-critical data that ultimately no longer falls under order data processing requirements. An enormous advantage – also for cloud providers. In addition, there is a possibility to have the individual solutions on this basis certified by the federal office for security in information technology (Bundesamt für Sicherheit in der Informationstechnik - BSI). You can find out more about the eperi Gateway for Cloud Apps here.
Furthermore, Storm Reply provides extensive specialist knowledge about data security at the corporate level in all areas thanks to the sister companies Spike Reply and Communication Valley Reply.