Usman Shahil,Principal Solutions Architect at Amazon WebServices (AWS), talked about "Securing Media Content and Applications in the Cloud." "There is a shared responsibility," said Shahil. "Amazon takes responsibility for the security of the physical infrastructure starting from the facilities all the way up to the virtualization infrastructure. That leaves you with the application. You are responsible for the network configuration, account management, operating system, security groups, and OS firewalls." The way AWS does this is to work with individual bodies and audit our facilities on an on-going basis, providing industry-aligned certifications, including MPAA best practices alignment. "From an AWS perspective, it's one unified platform that provides security control," he said. "Some of these requirements could be much more stringent than others working in another industry vertical. But we work with our customers to create more feature sets that our customers ask for. We create an environment that is comprehensive from a security-controls perspective that can work for a large or small customer, in any vertical."
AWS services stack in a media workflow, from ingest/create to store, process and delivery. AMS security controls available to SMPTE attendees offers biding blocks available via the APIs, said Shahil. "From the access points, we provide SSL access, VPN access and we have redundant connection to more than one communication service at each Internet-facing edge, for a solution that's highly scalable," he said.
One of the key services is AWS Identity and Access Management. "The idea is that we're providing you similar controls you have today, to create access identities and groups and provide them permissions to do various things," he said. Amazon also offers EC2 Security Controls. You generate the key pairs needed to control those virtual instances," he said. "Very similar to running it in an on-premise environment. You control the mandatory inbound firewall; default is deny all."
The Amazon Virtual Private Cloud is a capability provided to customers to build completely isolated environments inside the public cloud. "You can define your own address ranges," he said. "You define your own routing rules." Amazon S3 Security Controls provides bucket- and object-level permissions that are owner-only access by default. "We just launched a feature where you can provide your own keys to encrypt your content," he said. On CloudFront Security there are numerous features including a private content feature and HTTPS only requests/delivery. The client also decides the region where the content lives and it stays there. Also newly launched is AWS CloudTrail which logs all your AWS API calls. "This allows you to get access logs," he said. "You can use this log data to build an application that, in real-time, can look at, process it and provide notifications for real-time actions." For more information, go to www.aws.amazon.com/security
Staff
Officers and Board of Governors
Directors
Society Governance
Fellows
Section Officers and Managers
Overview
Benefits of Corporate Membership
Project Page 
SKN
Github
Patent Statements
Advisory Notes
Appeals
Virtual Courses
Webcasts
Wallcharts
Board of Editors
Editorial Calendar
Guidelines for Submitting
Subscribe
Motion Imaging Journal
Contact Us
Newsletter
Media Kit
Get Alerts!
