Main Nav

We (IT Security) have been asked to work on a project to do a POC setup of an AWS Virtual Private Cloud (VPC) that will in turn be IPsec tunneled back to our infrastructure using a Cisco ISA. We're slowly working our way through that part, but my biggest question is that when I was looking at the AWS management console, I couldn't find any activity logs for who's logged into the management console and what changes have been made. Does anyone know if this is available, or where I can find it if I've overlooked it? Ideally, we would like to see those logs come back to our 'real' network via syslog through the VPN tunnel, or via some kind of secure log streaming from AWS itself.

Related to this - has anyone setup a HIPAA-compliant VPC with AWS or with any other cloud infrastructure vendors?

Thanks for your input,

Karl Bernard
Senior Information Security Analyst
UTHealth, Academic Health Center at Houston

Comments

I received a suggestion to take a look at AWS Identity and Access Management (IAM), and although it looks promising, I looked over IAM and found these unfortunate answers in the FAQ:

Q: Will AWS Identity and Access Management administrative actions be logged to an audit trail?
No. This is planned for a future release.
Q: Will user actions in AWS services be logged to an audit trail?
No. This is planned for a future release

This makes it problematic for us - hopefully someone else has some kind of workaround or well-worded risk acceptance we can look at. Our customers are quietly asking to use cloud services now, but I suspect there will be an all out clamoring before long, so we hope to have some kind of workable answer soon so we can get ahead of things.

Thanks,

Karl

Welcome to the wonders of the Cloud :-) Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Wednesday, February 20, 2013 2:26 PM -0600 Karl Bernard wrote: > I received a suggestion to take a look at AWS Identity and Access > Management (IAM), and although it looks promising, I looked over IAM and > found these unfortunate answers in the FAQ: > > Q: Will AWS Identity and Access Management administrative actions be logged > to an audit trail?No. This is planned for a future release.Q: Will user > actions in AWS services be logged to an audit trail?No. This is planned for > a future release > http://aws.amazon.com/iam/faqs/#Will_Identity_and_Access_Management_admi... > > This makes it problematic for us - hopefully someone else has some kind of > workaround or well-worded risk acceptance we can look at. Our customers are > quietly asking to use cloud services now, but I suspect there will be an > all out clamoring before long, so we hope to have some kind of workable > answer soon so we can get ahead of things. > > Thanks, > > Karl > >
Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.