eMOBUS and Amazon Web Services best practices and certifications ensures that client information is safe and protected

eMOBUS is built on a layered defense architecture that helps protect client information from unauthorized access by other company employees, other eMOBUS customers, and non-customers. eMOBUS leverages high-granularity access control, audit logs, security scanning and continuous monitoring, all backed by Amazon’s best-in-class security architecture.

Overview

Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and dependability, and the flexibility to enable customers to build a wide range of applications. In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features. In addition, AWS customers must use those features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.

At a high level, Amazon has taken the following approach to secure the AWS infrastructure:

• Certifications and Accreditations. AWS has successfully completed a SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the security of Amazon's infrastructure and services.
• Physical Security. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. AWS infrastructure is housed in Amazon-controlled data centers throughout the world. Only those within Amazon who have a legitimate business need to have such information know the actual location of these data centers, and the data centers themselves are secured with a variety of physical barriers to prevent unauthorized access.
• Secure Services. Each of the services within the AWS cloud is architected to be secure and contains a number of capabilities that restrict unauthorized access or usage without sacrificing the flexibility that customers demand. For more information about the security capabilities of each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper.
• Data Privacy. AWS enables users to encrypt their personal or business data within the AWS cloud and publishes backup and redundancy procedures for services so that customers can gain greater understanding of how their data flows throughout AWS. For more information on the data privacy and backup procedures for each service in the AWS cloud, consult the Amazon Web Services: Overview of Security Processes whitepaper.

The AWS Security Center provides links to technical information, tools, and prescriptive guidance designed to help build and manage secure applications in the AWS cloud. Amazon's goal is to use this forum to proactively notify developers about security bulletins. Such transparency is the backbone of trust between AWS and Amazon's customers.

Certifications and Accreditations

Amazon Web Services has successfully completed a Statement on Auditing Standards No. 70 (SAS70) Type II Audit, and has obtained a favorable unbiased opinion from its independent auditors. SAS70 certifies that a service organization has had an in-depth audit of its controls (including control objectives and control activities), which in the case of AWS relates to operational performance and security to safeguard customer data. AWS will continue efforts to obtain the strictest of industry certifications in order to verify its commitment to provide a secure, world-class cloud computing environment.

In addition, the flexibility and customer control that the AWS platform provides permits the deployment of solutions that meet industry-specific certification requirements. For instance, customers have built HIPAA-compliant healthcare applications on AWS.

Background Information

Delivering a secure cloud computing platform involves implementing numerous best practices for on-premise infrastructure as well as a host of additional considerations unique to a hosted infrastructure environment. The Amazon Web Services: Overview of Security Processes whitepaper will provide background information and an overview of the AWS philosophy in offering a secure cloud computing platform.

Amazon Web Services Overview of Security Processes whitepaper (pdf)

Security Best Practices (pdf)

Security Credentials

AWS provides a number of ways for you to identify and securely access AWS accounts. You can find the complete list of credentials that we support on the Security Credentials page under Your Account. Amazon also provides two additional security options that enable to further protect accounts and control access: Multi-Factor Authentication and Key Rotation.

AWS Multi-Factor Authentication (AWS MFA)

AWS Multi-Factor Authentication (AWS MFA) is an additional layer of security that offers enhanced control over AWS account settings. When you enable this opt-in account feature, you’ll need to provide a six-digit single-use code in addition to your standard AWS account credentials before access is granted to your AWS account settings. You get this single use code from an authentication device that you keep in your physical possession. This is called Multi-Factor Authentication because two factors are checked before access is granted to your account: you need to provide both your Amazon email-id and password (the first “factor”: something you know) AND the precise code from your authentication device (the second “factor”: something you have).

It is easy to obtain an authentication device from a participating third party provider and to set it up for use via the AWS website. More information about multi-factor authentication is available here.

Key Rotation

For the same reasons as it is important to change your password frequently, AWS recommends rotating access keys and certificates on a regular basis. To let you do this without potential impact to your applications’ availability, AWS supports multiple concurrent access keys and certificates. With this feature, you can rotate keys and certificates into and out of operation on a regular basis without any downtime to your application. This can help to mitigate risk from lost or compromised access keys or certificates.

To learn more about this feature, click here.