Amazon Web Services Using AWS in the Context of Common Privacy and Data
Protection Considerations
5
The AWS ISO 27018 certification demonstrates that AWS has a system of controls in
place that specifically address the privacy protection of customer content. These reports
and certifications are produced by independent third-party auditors, and attest to the
design and operating effectiveness of AWS security controls.
AWS compliance certifications and reports can be requested at AWS Artifact. More
information on AWS compliance certifications, reports, and alignment with best
practices and standards can be found on the AWS Compliance site.
Understanding security IN the cloud
Customers retain ownership and control of their content when using AWS services.
Customers, rather than AWS, determine what content they store or process using AWS
services. Because it is the customer who decides what content to store or process using
AWS services, only the customer can determine what level of security is appropriate for
the content they store and process using AWS. Customers also have complete control
over which services they use, and whom they empower to access their content and
services, including what credentials are required.
Customers control how they configure their environments and secure their content,
including whether they encrypt their content (at rest and in transit), and what other
security features and tools they use and how they use them. AWS does not change
customer configuration settings, as these settings are determined and controlled by the
customer. AWS customers have the complete freedom to design their security
architecture to meet their compliance needs. This is a key difference from traditional
hosting solutions where the provider decides on the architecture.
AWS enables and empowers the customer to decide when and how security measures
are implemented in the cloud, in accordance with each customer's business needs. For
example, if a higher availability architecture is required to protect customer content, the
customer may add redundant systems, backups, locations, network uplinks, and so on
to create a more resilient, high availability architecture. If restricted access to customer
content is required, AWS enables the customer to implement access rights
management controls both on a systems level and through encryption on a data level.
To assist customers in designing, implementing, and operating their own secure AWS
environment, AWS provides a wide selection of security tools and features customers
can use. Customers can also use their own security tools and controls, including a wide
variety of third-party security solutions.