Resources for software and technology companies

Understanding the differences between Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS), and Software-as-a-Service (SaaS) can help you decide what set of services is right for your business.

IaaS contains the basic building blocks for cloud IT and typically includes networking features, computers (virtual or on dedicated hardware), and data storage space.

PaaS vendors manage the underlying infrastructure (usually hardware and operating systems) allowing you to focus on deploying and managing your applications.

SaaS applications are run and managed by the vendor. In most cases, people referring to this acronym are referring to third-party end-user applications. 

AWS Cloud computing resources are housed in highly available data center facilities across physical locations, known as Regions and Availability Zones (AZs). 

AZs are distinct locations within AWS Regions, designed to be isolated from failures in other AZs. They provide cost-efficient, low-latency network connectivity for other AZs in the same AWS Region, while enabling customers to operate highly available, fault tolerant and scalable applications and databases.

All traffic between AZs is encrypted, with synchronous replication. AZs also make it easy to partition applications for high availability, which can help isolate and protect companies from unexpected incidents.  

AWS offers over 500 features and services focused on helping you address data protection and security requirements. 

The GDPR-compliant terms of the AWS Data Processing Addendum (DPA) exceed the needs of most other data privacy and protection laws. With it, you can achieve at least an equivalent—if not higher—compliance standard than required by most data protection laws.

The DPA applies automatically whenever you use AWS services to process personal data uploaded to your AWS account.

Resources

AWS Cryptography Basics: A developer guide for creating and controlling encryption keys.

AWS Key Management Service: Create and control keys used to encrypt or digitally sign your data. 

AWS Compliance Quick Starts: Automated reference deployments to the AWS Cloud covering a range of popular technology categories and industries. 

AWS Encryption Updates: The latest insights and guidance on encryption tools and strategies.

Overview of AWS and EU Customer data: AWS commitments for protecting critical and sensitive assets, including services across data controls & residency, data privacy, data sovereignty, and security. 

AWS customers can transfer data from Europe to the United States and other countries, in accordance with EU data protection laws—including the General Data Protection Regulation (GDPR). You can read more about it on this compliance webpage.

The CLOUD Act—which applies to all companies, including foreign companies doing business in the US—does not give US law enforcement unfettered access to data. It only applies to evidence sought in connection with a crime within a US jurisdiction. We also have more information about this act available.

Resources

Data Privacy Center: All AWS data privacy resources.

AWS Compliance Programs: Details of the robust controls in place at AWS to address security and compliance in the cloud. 

AWS Security, Identity and Compliance: An overview of security use cases and the respective AWS services for data protection, identity & access management, and more.

AWS Well-Architected: Helping cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications and workloads.

AWS Artifact: On-demand access to security and compliance reports from AWS, as well as select online agreements. 

AWS and EU data transfers strengthened commitments to protect customer data: Details on challenging law enforcement requests and disclosing the minimum amount necessary. 

Law enforcement info requests report: Bi-annual report of law enforcement requests Amazon processed.

With AWS, you have full control of your data, including who can access it, where and how it's stored and secured, as well as how you meet data sovereignty needs. We will only process your data in accordance with documented instructions.

We are transparent about how our services process data uploaded to your AWS account. Our capabilities can help you encrypt, delete, and monitor the processing of customer data.

This is based on the AWS Shared Responsibility Model and the AWS customer agreement. The privacy features of AWS services provide additional granularity. 

Resources

Data Privacy FAQ: Common questions around data privacy on AWS.

AWS Participation in Gaia-X: An EU initiative helping to define standards for the next generation of data infrastructure.

Data Residency Guardrails in AWS Control Tower: A simplified way to translate data residency requirements into controls for single and multi-account environments.

AWS Customer Agreement: The terms and conditions that govern access to and use of service offerings.

Privacy Features of AWS Services: The key privacy features of AWS services which can be used to perform data transfer assessments in accordance with the Schrems II decision of the Court of Justice of the European Union, and the European Data Protection Board Recommendations on measures that supplement transfer tools.

CISPE Data Protection Code of Conduct: The CISPE Code assures organizations that their cloud infrastructure service provider meets the requirements applicable to a data processor under the GDPR. 

AWS Nitro System: A combination of dedicated hardware and lightweight hypervisors enabling confidential computing, by which operator access is restricted.
 

Once you choose which AWS Region(s) will house your data, you’ll retain complete control over it. This makes it simple to address compliance and data residency requirements. We will not move your data without your consent, except if legally required. 

Resources

AWS Global Infrastructure: The current AWS Regions, Availability Zones, Points of Presence, as well as countries and territories served.

Regions and Availability Zones: View our map.

Data Centers: Extensive information on AWS data center perimeter, infrastructure, and data layers, as well as the environmental layer.

Our compliance with third-party frameworks has been recognized by a number of international certifications and accreditation organizations, including: 

HIPAA, GDPR, Personal Health Data Protection in France (HDS), Cloud Computing Compliance Catalogue (C5), Government Standards in Spain (ENS high), Cyber Threat Protection in the UK (Cyber Essentials Plus), Government Standards in the UK (G-Cloud), and the attestation for Swiss Financial Market Supervisory Authority Circulars.

Resources

Financial Institutions Compliance FAQs: Common questions for German financial institutions using AWS.

Compliance and Security for Financial Services: This overview considers all resources and steps needed for financial institutions to securely navigate the cloud.

Cloud Governance for Financial Services: Helping customers establish processes and select tools for managing and governing their AWS environment.

AWS Artifact: A centralized resource for the compliance-related information that matters to you. It provides on-demand access to security and compliance reports from AWS, as well as select online agreements.

AWS Compliance Programs: Details of the robust controls in place at AWS to address security and compliance in the cloud, including governance-focused, audit-friendly features.