![]() This approach enhances security and allows AWS to update systems in the background, fix system bugs, monitor performance, and even perform upgrades without impacting customer operations or customer data. This means that customers and operators cannot interact with the system in unapproved ways and there is no equivalent of a “root” user. Typical commercial hypervisors provide administrators with full access to the system, but with the Nitro System, the only interface operators can use is a restricted API. The Nitro System also protects customers from AWS system software through the innovative design of our lightweight Nitro Hypervisor, which manages memory and CPU allocation. These restrictions are built into the Nitro System itself, and no AWS operator can circumvent these controls and protections. Critically, none of these APIs have the ability to access customer data on the EC2 server. If any AWS operator, including those with the highest privileges, needs to perform maintenance work on the EC2 server, they can do so only by using a strictly limited set of authenticated, authorized, and audited administrative APIs. There is no mechanism for any system or person to log in to Amazon EC2 servers, read the memory of EC2 instances, or access any data on encrypted Amazon Elastic Block Store (EBS) volumes. That’s why we’ve architected the Nitro System to ensure that your confidential information is as secure as possible. How Nitro System protects customer dataĪt AWS, we know that our customers, especially those who have sensitive or confidential data, may have worries about putting that data in the cloud. You can also find additional details about the scope, methodology, and steps that NCC used to evaluate the claims. The report details NCC’s analysis for each of these claims. ![]() No cloud service provider employee can deploy code directly onto hosts.
0 Comments
Leave a Reply. |