More than two years after issuing compliance recommendations from FERPA and Amazon Web Services, Amazon has updated the white paper to delineate the company's "shared responsibility model" and provide specific guidance on 24 different AWS services.
In general, the Education and Family Rights Privacy Act requires schools and organizations to "reasonably protect students' educational records against inappropriate use or disclosure," says the relationship. However, Amazon has claimed that this is a shared responsibility between AWS and the customer. While Amazon is responsible for the security of the "cloud", as noted, the customer is responsible for security "in" the cloud.
In general, Amazon covers the operation, administration and control of the components "from the host operating system and the virtualization layer to the physical security of the facilities in which the service operates". The client, on the other hand, must take responsibility for patching the guest operating system and applications. These tasks vary depending on the AWS cloud services used.
The report reviews each of its many services and includes advice on the protection of personal information. For example, districts that use Amazon's simple storage service must "set up their S3 deposits to get the least privilege and make sure the world does not have access to deposits and objects unless they are designed." . The PII recommendation also suggested that S3 registration and server-side encryption be enabled or that the data be encrypted before it is stored.
The AWS guide linked to FERPA is available on AWS.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.