2013 AWS Worldwide Public Sector Summit Washington, D.C.
|
|
- Brianne Lawrence
- 5 years ago
- Views:
Transcription
1 Washington, D.C. Security, Compliance, and Governance on the AWS Cloud CJ Moses GM, Government Cloud Solutions
2 AWS Platform Your Applications Management & Administration Identity & Access AWS IAM Identity Federation Consolidated Billing Application Platform Services Content Delivery Amazon CloudFront Web Interface Management Console Application Svcs Amazon Simple Workflow Service Amazon CloudSearch Amazon SNS, SQS, SES Monitoring Amazon CloudWatch Parallel Processing Elastic MapReduce Deployment & Automation AWS Elastic Beanstalk AWS CloudFormation AWS OpsWorks AWS Cloud HSM Libraries & SDKs Java,.NET, PHP, Python, Ruby, Node.js, Android, ios Foundation Services Compute Amazon EC2 Auto Scaling Storage Amazon S3 Amazon EBS Amazon Storage Gateway Amazon Glacier Database Amazon RDS Amazon ElastiCache Amazon DynamoDB Amazon Reshift Networking Amazon VPC Elastic Load Balancing Amazon Route 53 AWS Direct Connect AWS Global Infrastructure Availability Zones Regions Edge Locations
3 AWS Security and Compliance Center Answers to many security & privacy questions Overview of Security Processes whitepaper Risk and Compliance whitepaper Security bulletins Customer penetration testing Security best practices More information on: AWS Identity & Access Management (AWS IAM) AWS Multi-Factor Authentication (AWS MFA)
4 Security is a Shared Responsibility Customer Facilities Physical security Compute infrastructure Storage infrastructure Network infrastructure Virtualization layer (EC2) Hardened service endpoints Rich IAM capabilities Network configuration Security groups + = OS firewalls Operating systems Applications Proper service configuration Account management Authorization policies Re-focus your security professionals on a subset of the problem Take advantage of high levels of uniformity and automation
5 Amazon Customer Shared responsibility Customer Data Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customers implement their own set of controls Multiple customers with FISMA Low and Moderate ATOs Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations SOC 1/SSAE 16/ISAE 3402 SOC 2 ISO 27001/ 2 Certification Payment Card Industry (PCI) Data Security Standard (DSS) NIST Compliant Controls DoD Compliant Controls FedRAMP HIPAA and ITAR Compliant
6 Global Infrastructure 9 AWS regions 42 AWS edge locations
7 AWS Regions & Availability Zones US REGIONS GLOBAL REGIONS US East (VA) US West (CA) Asia Pacific (Tokyo) Asia Pacific (Singapore) Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone C Availability Zone D Availability Zone C US West (OR) GovCloud (OR) EU (Ireland) South America (Sao Paulo) Asia Pacific (Sydney) Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone A Availability Zone B Availability Zone C Availability Zone C Customer Decides Where Applications and Data Reside Note: Conceptual drawing only. The number of Availability Zones may vary.
8 Global Infrastructure GovCloud (US) 9 AWS regions 42 AWS edge locations
9 AWS GovCloud (US) The AWS GovCloud (US) Region: built for government customers Sensitive / CUI (controlled, unclassified information) workloads ITAR workloads All customers are either government agencies or businesses who serve government Community cloud The same but different Generally the same APIs as AWS commercial clouds, but Amazon Virtual Private Cloud networking only (no EC2 NAT) Distinct console, credentials and AWS IAM (Identity & Access Management) database FIPS certified VPN and API endpoints
10 Credentials AWS Public Account Billing is linked AWS GovCloud (US) Account IAM Group IAM Group IAM User 1 IAM User 2 IAM User 1 IAM User 2 US East (VA) US West (CA) US West (OR) EU (Ireland) GovCloud (US) Asia Pacific (Tokyo) Asia Pacific (Singapore) Asia Pacific (Sydney) South America (Sao Paulo)
11 Physical Security of Data Centers Amazon has been building large-scale data centers for many years Important attributes: Non-descript facilities Robust perimeter controls Strictly controlled physical access 2 or more levels of two-factor authentication Controlled, need-based access All access is logged and reviewed Separation of Duties Employees with physical access don t have logical privileges Maps to an Availability Zone
12 Continuous Availability Model AWS is Built for Continuous Availability Scalable, fault tolerant services All Datacenters (AZs) are always on No Disaster Recovery Datacenter Managed to the same standards Robust Internet connectivity Each AZ has redundant, Tier 1 Service Providers Resilient network infrastructure
13 AWS Configuration Management Most updates are done in such a manner that they will not impact the customer Changes are authorized, logged, tested, approved, and documented AWS will communicate with customers, either via , or through the AWS Service Health Dashboard ( when there is a chance they may be affected
14 Data Backup & Replication AWS favors replication over traditional backup Equivalent to more traditional backup solutions Higher data availability and throughput No tapes with AWS customer data Makes data available in multiple edge locations Amazon CloudFront, Amazon Route 53 Cross Region Amazon EBS snapshot and AMI copy Data replicated to multiple Availability Zones within a single Region Amazon S3, Amazon S3 RRS, Amazon DynamoDB, Amazon SimpleDB, Amazon SQS, Amazon RDS Multi-AZ, Amazon EBS Snapshots, etc Data replicated to multiple physical locations within a single Availability Zone Amazon EBS, Amazon RDS Data NOT automatically replicated Amazon EC2 instance store (a.k.a. ephemeral drives)
15 Storage Device Decommissioning All storage devices go through process Equivalent to more traditional backup solutions Higher data availability and throughput No tapes with AWS customer data Uses techniques from DoD M ( National Industrial Security Program Operating Manual ) NIST ( Guidelines for Media Sanitization ) Ultimately degaussed physically destroyed
16 Amazon S3 Security Access controls at bucket and object level: Read, Write, Full Owner has full control Customer Encryption SSL Supported Server Side Encryption Durability % Availability 99.99% Versioning (MFA Delete) Detailed Access Logging Signed URLs { } "Version": " "Statement": [ { "Sid": "AllowPublicRead", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": "s3:getobject", "Resource": "arn:aws:s3:::tw-cloudfront-source/* } ]
17 Network Security Considerations Distributed Denial of Service (DDoS): Standard mitigation techniques in effect Man in the Middle (MITM): All endpoints protected by SSL Fresh EC2 host keys generated at boot IP Spoofing: Prohibited at host OS level Unauthorized Port Scanning: Violation of AWS TOS Detected, stopped, and blocked Inbound ports blocked by default Packet Sniffing: Promiscuous mode is ineffective Protection at hypervisor level
18 Amazon EC2 Security Host operating system Individual SSH keyed logins via bastion host for AWS admins All accesses logged and audited Guest (a.k.a. Instance) operating system Customer controlled (customer owns root/admin) AWS admins cannot log in Customer-generated keypairs Stateful firewall Mandatory inbound firewall, default deny mode Customer controls configuration via Security Groups Signed API calls Require X.509 certificate or customer s secret AWS key
19 Virtual Memory and Local Disk Proprietary disk management prevents one instance from reading the disk contents of another Disk is wiped upon creation Disks can be encrypted by the customer for added layer of security
20 Amazon EC2 Instance Isolation Customer 1 Customer 2 Customer n Hypervisor Virtual Interfaces Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups Firewall Physical Interfaces
21 Network Traffic Flow Security AWS Security Groups Inbound traffic must be explicitly specified by protocol, port, and security group VPC adds outbound filters Inbound Traffic Amazon VPC also adds Network Access Control Lists (ACLs): Inbound and outbound stateless filters OS Firewall (e.g., iptables) may be implemented Completely user controlled security layer Granular access control of discrete hosts Logging network events Amazon EC2 OS Firewall AWS Security Group
22 Amazon Virtual Private Cloud (VPC) Create a logically isolated environment in Amazon s highly scalable infrastructure Specify your private IP address range into one or more public or private subnets Control inbound and outbound access to and from individual subnets using stateless Network Access Control Lists Protect your Instances with stateful filters for inbound and outbound traffic using Security Groups Attach an Elastic IP address to any instance in your Amazon VPC so it can be reached directly from the Internet Bridge your Amazon VPC and your onsite IT infrastructure with an industry standard encrypted Amazon VPN connection Use a wizard to easily create your Amazon VPC in 4 different topologies
23 Amazon EC2 Classic Internet EC2 Customer 1 EC2 EC2 EC2 EC Customer 2 EC2 Customer 3 EC2 EC AZ A AZ B AWS Region EC2 classic is one big /8 network EC
24 Amazon VPC Internet Internet GW EC2 EC2 EC2 EC ( ) ( ) SN /24 SN /24 VPC /16 AZ A AZ B AWS Region Amazon VPC network isolation
25 Amazon VPC Network Security Controls
26 Amazon VPC - Dedicated Instances Option to ensure physical hosts are not shared with other customers Can identify specific EC2 Instances as dedicated Optionally configure entire Amazon VPC as dedicated
27 AWS CloudHSM Protect and store your cryptographic keys with industry standard, tamper-resistant AWS CloudHSM appliances. No one but you has access to your keys (including Amazon administrators who manage and maintain the appliance). Use your most sensitive and regulated data on Amazon EC2 without giving applications direct access to your data's encryption keys. Store and access data reliably from your applications that demand highly available and durable key storage and cryptographic operations. Use AWS CloudHSM in conjunction with your compatible on-premise HSMs to replicate keys among on-premise HSMs and AWS CloudHSMs. This increases key durability and makes it easy to migrate cryptographic applications from your datacenter to AWS. SafeNet Luna SA HSM
28 AWS CloudHSM
29 AWS Identity and Access Management Users and Groups within Accounts Unique security credentials Access keys Login/Password Enforce password complexity optional MFA device Policies control access to AWS APIs API calls must be signed by a secret key Deep integration into some Services Amazon S3: policies on objects and buckets AWS Management Console supports User log on Not for Operating Systems or Applications use LDAP, Active Directory/ADFS, etc... Groups Account Roles Administrators Developers Applications Jim Brad Reporting Bob Mark Console Susan Tomcat Kevin Multi-factor authentication AWS system entitlements
30 AWS Multi-Factor Authentication Helps prevent access based on unauthorized knowledge of your e- mail address and password Additional protection for account information Works with master account and AWS IAM users Integrated into AWS Management Console Key pages on the AWS Portal Amazon S3 (Secure Delete) Virtual MFA (using OATH standard) Groups Account Roles Administrators Developers Applications Jim Brad Reporting Bob Mark Console Susan Tomcat Kevin Multi-factor authentication AWS system entitlements
31 Identity & Access Management Consolidated Billing Account Management/Isolation Payor Account Linked Account Customer 1 Linked Account Customer 2 Linked Account Customer 3 Linked Account Reseller Internal Use End User 1 End User 1 End User Group Reseller User 1 End User 2 End User 2 End User 1 Reseller User 2 End User 3 End User 3 End User 2 Reseller User 3 End User 4 End User 3 Reseller User 4 End User 5 End User 4
32 The Capability/Transparency Trade-up What You Give Up - Low-level operational details of the infrastructure - Control over low-level capabilities - Ability to physically examine servers What You Get - Flexible, useful environment - High investment and capability in security - Certifications, reports - Reduced compliance ops burden
33 Accreditation & Compliance, Old and New Old world New world Audits done by an in-house team Audits done by third party auditors Regardless of actual security, check the box Superior security drives broad compliance Check once a year Continuous monitoring, checking Workload-specific security Security based on all workload scenarios
34 Expert Audits: the Validation Scalpel SME SME SME SME SME SME=subject matter expert
35 Customers Getting Certified Controls Reports Reliance Practices Customer Verified + Tested Customer Controls Controls
36 Benefits of Scale Apply to Security and Compliance Everyone s Systems and Applications Security Infrastructure Requirements Requirements Requirements Security Infrastructure The entire customer community benefits from the world-class AWS security team, market-leading capabilities, and on-going security improvements
37 FedRAMP Compliance Paths 1. Joint Authorization Board Approval (P-ATO) JAB (members from DHS, GSA, DoD) approves package for hypothetical workloads 2. Agency ATO Agency approves FedRAMP package for actual workloads 3. CSP-supplied documentation, with 3PAO No agency review/approval, but with 3PAO sign off on the audit 4. CSP-supplied documentation, without 3PAO No agency review/approval, and no 3PAO sign off on the audit AWS is focused on paths 2 & 3 in the near term, later 1
38 FedRAMP: Spectrum of Approaches Government COTR We don t care about FedRAMP; we ll issue our own ATO. Agency Security Official Our agency will authorize our new AWS system with a FedRAMP ATO. Government ISSO Our agency won t speak to AWS without a FedRAMP ATO. Progressive Conservative Our agency isn t sure how we are handling FedRAMP; we ll proceed towards our own ATO for now. Government ISSO Our agency requires a FedRAMP JAB P-ATO. We ll start working with AWS but will wait for that. Government PM
39 Governance: Extension and Integration Private Connections Workload Migrations On-Premises Apps Access Control Integration Cloud Apps Work with Existing Management Tools Your Data Centers
40 Many Capabilities to Support Hybrid Architectures IAM Active Directory Users & Access Rules VMware Images VM Import/Export Network Configuration Your Private Network Your Data Our Storage AWS Storage Gateway Your Data Centers Your On-Premises Apps AmazDirect Connect Your Cloud Apps Amazon VPC
41 AWS Ecosystem Includes Existing Management Tools Single Pane of Glass Workload Migration Inventory VMs App 1 Your Data Center App 2 Your Data Center
42 Re-thinking Incident Response in the Cloud Challenge laid down by NASA JPL Office of the Inspector General: how do you isolate and then investigate potentially compromised virtual machines? Easy in the old world unjack the network, haul off to forensics lab What is the cloud equivalent? JPL cloud architects working with AWS came up with a solution that OIG considers better than on-premises solutions
43 Schematic of Solution Change security group to Isolate Attach Elastic Network Interface with security group forensics-target Web server Subnet Completely /24 isolated subnet Virtual /24 router Internet gateway Workstation Attach Elastic Network Interface with security group forensics-source Elastic Network Interface Security group: Forensics-target (forensics target security group) Elastic Network Interface Security group: Forensics-source (forensics source security group)
44 Governance Tool: AWS Trusted Advisor Online service from AWS Premium Support Analyzes account for various kinds of issues and possible concerns Soon available as an API for integration with your tools or 3 rd party solutions Four categories: Cost savings Security Fault tolerance Performance
45 AWS Cloud Governance Service Enablers Governance Area Roles and Responsibilities Configuration Management Financial Controls Monitoring and Reporting AWS Technologies Identity and Access Management: Groups, Policies, Roles Private, hardened AMIs AWS Cloud Formation Templates AWS Elastic Beanstalk AWS OpsWorks Linked Accounts, Consolidated Billing Tagging of resources Amazon CloudWatch Billing Alarms Amazon Cloud Watch Amazon CloudWatch Alarms Amazon Simple Notification Service
46 AWS Cloud Governance Service Enablers (cont.) Governance Area Information Assurance: Processing Information Assurance: Storage Information Assurance Transmission AWS Technologies Corporate Gold master AMIs (operating system images) Amazon VPC network isolation for all workloads Dedicated Amazon EC2 Instances AWS CloudHSM service Amazon S3 AES 256 bit server-side encryption, client-side encryption Amazon EBS Volume Encryption Amazon RDS database encryption features Complete destruction of all storage media on decommissioning SSL termination for all AWS endpoints HW/SW VPN Connections AWS Direct Connect
47 AWS Cloud Governance Service Enablers (cont.) Governance Area Network Security Access Controls Identification and Authentication AWS Technologies Private addressing (Amazon Virtual Private Cloud) Network ACLs Security Groups Virtual Private Gateways Identity and Access Management Policies across all services Amazon S3 Bucket Policies Amazon EC2 Instance Roles Identity and Access Management Federated Identity Management (AWS as relying party) Multi-Factor Authentication Group Policies and Roles Strong password policies
48 AWS Cloud Governance Service Enablers (cont.) Governance Area Disaster Recovery and Continuity of Operations AWS Technologies Data Amazon EBS Snapshots Amazon S3 Near-Line Storage Amazon Glacier Near-Offline Storage AWS Storage Gateway Bulk Data via AWS Import/Export Managed AWS No-SQL/SQL Database Services Extensive 3rd Party Solutions Workload Amazon Elastic Load Balancers, Amazon EC2 Auto Scaling, Amazon CloudWatch Amazon Route 53 Health Checks, Latency Based Routing Amazon CloudFront Content Delivery Network Multi-AZ, Multi-Region Workload Deployment
49 Questions??? Security, Compliance and Governance on the AWS Cloud
50 Security Token Service (STS) Temporary security credentials containing Identity for authentication Access Policy to control permissions Configurable Expiration (1 36 hours) Supports AWS Identities (including IAM Users) Federated Identities (users customers authenticate) Scales to millions of users No need to create an IAM identity for every user Use Cases Identity Federation to AWS APIs Mobile and browser-based applications Consumer applications with unlimited users
51 Identity Syncing with IAM
52 Identity Federation > AWS APIs
53 An you don t want to get
54 Internet server1.aws-wwps.com server2.aws-wwps.com server3.aws-wwps.com Internet Gateway (IGW + EIPs = direct Internet access) ELB VPC DMZ Subnet VPC Subnets VPC Subnets webserver /24 VPC Private Subnet App tier Forensics source Availability Zone 1a webserver /24 VPC Private Subnet App tier Availability Zone 1b webserver /24 VPC Private Subnet App tier Availability Zone 1b VPC Customer VPN Connection Virtual Private Gateway Customer Gateway Customer Data Center
55 Dimensions of Shared Responsibility & Control Operation within the Service: The functions the customer controls and configurations they choose (e.g., in Amazon EC2, Amazon RDS) Security Configurability: The tools AWS gives customers to configure their security stance (e.g., access policies, security groups) vary considerably from service to service Security Features Which Span Services: Some security configuration features are global (e.g., IAM), others service-specific Cross-Layer Security Controls: Means by which customers integrate their existing controls into AWS (e.g., key management, Active Directory, Drupal user management) and vice versa (e.g., IAM Roles for Instances)
56 1. Operation within the Service Customers choose controls they implement, specific configurations/ operations Example: Amazon EC2 instances Manage root/administrative access to guest OS Install software; responsible for patching and maintenance Manage Amazon EC2 key pairs, potentially x509 SSL certs Examples: Amazon Relational Database Service, Amazon Redshift Administration of RDBMS but not underlying OSes Examples: Amazon S3, Amazon DynamoDB Fully managed service, zero operational access Rich authorization capabilities via AWS IAM
57 2. Security Configurability AWS services provide rich security controls tailored to each service customers choose which and how to implement Example: Amazon VPC responsibility and control options Configure security groups Control network ACLs Configure network routing, VPNs, etc. Example: Amazon S3 responsibility and control options Rich support for AWS IAM policies, plus service specific access controls Logging capability records all access (including logging daemon!) Example: Amazon CloudWatch Minimal security configuration available
58 3. Security Features Which Span Services The security impact of some services is more global, others more servicespecific; importance/responsibility thus varies Broader potential impact to other services Example: Identity and Access Management manages access to other services Example: Amazon EC2 runs customer code and can be used to access many services (see Amazon EC2 IAM roles) Narrower potential impact to other services Example: Amazon S3 provides a critical and foundational service for many other AWS services, with rich security features/configurability, but impact of the security configuration is mostly limited to the service itself
59 4. Cross-Layer Security Controls Customers can integrate their existing controls into AWS (typically implemented within Amazon EC2 instances, but not always, e.g., IAM federation) Examples: SSH key management; AWS CloudHSM integration Active Directory or SAML-P within Amazon EC2 Federation from AD or Shibboleth to AWS IAM OS-level firewalls (e.g., RHEL, Windows) and OS-level IDS/IPS systems Encrypted file system on Amazon Elastic Block Storage (EBS) Application level security X.509 certificate management for web servers or ELB Virtual security appliances (e.g., Checkpoint, Sophos, Xceedium, Layer 7)
60 Thank You
SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationSecure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO
Secure Esri Solutions in the AWS Cloud CJ Moses, AWS Deputy CISO Security in the cloud is a shared responsibility between AWS and the customer AWS Facilities Physical Security Physical Infrastructure Network
More informationEnroll Now to Take online Course Contact: Demo video By Chandra sir
Enroll Now to Take online Course www.vlrtraining.in/register-for-aws Contact:9059868766 9985269518 Demo video By Chandra sir www.youtube.com/watch?v=8pu1who2j_k Chandra sir Class 01 https://www.youtube.com/watch?v=fccgwstm-cc
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationCrypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationSecurity on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices
More informationAmazon Web Services (AWS) Solutions Architect Intermediate Level Course Content
Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content Introduction to Cloud Computing A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction
More informationSecurity Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Security in General Services in Scope Aspects of Services for
More informationTraining on Amazon AWS Cloud Computing. Course Content
Training on Amazon AWS Cloud Computing Course Content 15 Amazon Web Services (AWS) Cloud Computing 1) Introduction to cloud computing Introduction to Cloud Computing Why Cloud Computing? Benefits of Cloud
More informationHigh School Technology Services myhsts.org Certification Courses
AWS Associate certification training Last updated on June 2017 a- AWS Certified Solutions Architect (40 hours) Amazon Web Services (AWS) Certification is fast becoming the must have certificates for any
More informationAWS Security. Stephen E. Schmidt, Directeur de la Sécurité
AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express
More informationSecurity: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration
Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.
More informationLINUX, WINDOWS(MCSE),
Virtualization Foundation Evolution of Virtualization Virtualization Basics Virtualization Types (Type1 & Type2) Virtualization Demo (VMware ESXi, Citrix Xenserver, Hyper-V, KVM) Cloud Computing Foundation
More informationHackproof Your Cloud Responding to 2016 Threats
Hackproof Your Cloud Responding to 2016 Threats Aaron Klein, CloudCheckr Tuesday, June 30 th 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Changing Your Perspective Moving
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationAWS Security Overview. Bill Shinn Principal Security Solutions Architect
AWS Security Overview Bill Shinn Principal Security Solutions Architect Accelerating Security with AWS AWS Overview / Risk Management / Compliance Overview Identity / Privilege Isolation Roles for EC2
More informationBetter, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web apps with Amazon Web Services Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services (from the previous presentation) Knowledge starts from great questions.
More informationIntroduction to Cloud Computing
You will learn how to: Build and deploy cloud applications and develop an effective implementation strategy Leverage cloud vendors Amazon EC2 and Amazon S3 Exploit Software as a Service (SaaS) to optimize
More informationProtecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protecting Your Data in AWS 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypting Data in AWS AWS Key Management Service, CloudHSM and other options What to expect from this
More informationAmazon Web Services Training. Training Topics:
Amazon Web Services Training Training Topics: SECTION1: INTRODUCTION TO CLOUD COMPUTING A Short history Client Server Computing Concepts Challenges with Distributed Computing Introduction to Cloud Computing
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stella Lee Manager, Enterprise Business Development $ 2 0 B + R E V E N U E R U N R A T E (Annualized from Q4 2017) 4 5 % Y / Y G R O W T
More information2013 AWS Worldwide Public Sector Summit Washington, D.C.
Washington, D.C. AWS Service Drill Downs Mark Ryland Chief Solutions Architect, Worldwide Public Sector Deployment & Administration Application Services Compute Storage Database Networking AWS Global Infrastructure
More informationAWS Solution Architect Associate
AWS Solution Architect Associate 1. Introduction to Amazon Web Services Overview Introduction to Cloud Computing History of Amazon Web Services Why we should Care about Amazon Web Services Overview of
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationAmazon Web Services: Overview of Security Processes November 2014
Amazon Web Services: Overview of Security Processes November 2014 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) Page 1 of 77 Table of Contents Introduction...5 Shared
More informationAmazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India
(AWS) Overview: AWS is a cloud service from Amazon, which provides services in the form of building blocks, these building blocks can be used to create and deploy various types of application in the cloud.
More informationIntroduction to Amazon Cloud & EC2 Overview
Introduction to Amazon Cloud & EC2 Overview 2015 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationTestkingPass. Reliable test dumps & stable pass king & valid test questions
TestkingPass http://www.testkingpass.com Reliable test dumps & stable pass king & valid test questions Exam : AWS-Solutions-Architect- Associate Title : AWS Certified Solutions Architect - Associate Vendor
More informationAwareness Technologies Systems Security. PHONE: (888)
Awareness Technologies Systems Security Physical Facility Specifications At Awareness Technologies, the security of our customers data is paramount. The following information from our provider Amazon Web
More informationMapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd
Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:
More informationBERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
BERLIN 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Building Multi-Region Applications Jan Metzner, Solutions Architect Brian Wagner, Solutions Architect 2015, Amazon Web Services,
More informationAWS 101. Patrick Pierson, IonChannel
AWS 101 Patrick Pierson, IonChannel What is AWS? Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More information8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop
Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options
More informationAccelerating the HCLS Industry Through Cloud Computing
Accelerating the HCLS Industry Through Cloud Computing Use cloud computing to accelerate life sciences and healthcare specific workloads, and meet the unique computation, storage, security, and compliance
More informationAmazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.
Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect Amazon.com, Inc. and its affiliates. All rights reserved. Learning about Cloud Computing with AWS What is Cloud Computing and
More informationOracle WebLogic Server 12c on AWS. December 2018
Oracle WebLogic Server 12c on AWS December 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationAmazon Web Services (AWS) Training Course Content
Amazon Web Services (AWS) Training Course Content SECTION 1: CLOUD COMPUTING INTRODUCTION History of Cloud Computing Concept of Client Server Computing Distributed Computing and it s Challenges What is
More informationActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD
ActiveNET #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD-500018 9848111288 activesurya@ @gmail.com wwww.activenetinformatics.com y Suryanaray yana By AWS Course Content 1. Introduction to Cloud
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationAWS Solutions Architect Associate (SAA-C01) Sample Exam Questions
1) A company is storing an access key (access key ID and secret access key) in a text file on a custom AMI. The company uses the access key to access DynamoDB tables from instances created from the AMI.
More informationHPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack
Content Pack data sheet HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack HPE Content Pack number Content Pack length Content Pack category Learn more CP017 20 Hours Category
More informationARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS
ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS Dr Adnene Guabtni, Senior Research Scientist, NICTA/Data61, CSIRO Adnene.Guabtni@csiro.au EC2 S3 ELB RDS AMI
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stephen Quigg Principal Security Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is enterprise
More informationAbout Intellipaat. About the Course. Why Take This Course?
About Intellipaat Intellipaat is a fast growing professional training provider that is offering training in over 150 most sought-after tools and technologies. We have a learner base of 600,000 in over
More informationDisclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme
LHC2384BU VMware Cloud on AWS A Technical Deep Dive Ray Budavari @rbudavari Frank Denneman - @frankdenneman #VMworld #LHC2384BU Disclaimer This presentation may contain product features that are currently
More informationIntroduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS September 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCloud security 2.0: Joko nyt pilveen voi luottaa?
Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationDesigning Fault-Tolerant Applications
Designing Fault-Tolerant Applications Miles Ward Enterprise Solutions Architect Building Fault-Tolerant Applications on AWS White paper published last year Sharing best practices We d like to hear your
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationScaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect
Berlin 2015 Scaling on AWS From 1 to 10 Million Users Matthias Jung, Solutions Architect AWS @jungmats How to Scale? lot of results not the right starting point What is the right starting point? First
More informationAWS Solutions Architect Exam Tips
AWS Solutions Architect Exam Tips This is not a brain dump! Questions and Answers are not given here, rather guidelines for further research, reviewing the Architecting on AWS courseware and AWS documentation.
More informationBuilding a Modular and Scalable Virtual Network Architecture with Amazon VPC
Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)
More informationAWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS
AWS: Basic Architecture Session SUNEY SHARMA Solutions Architect: AWS suneys@amazon.com AWS Core Infrastructure and Services Traditional Infrastructure Amazon Web Services Security Security Firewalls ACLs
More informationStandardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security
AWS Enterprise Accelerator Compliance Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security Quick Start Reference Deployment AWS Professional Services
More informationAPPLICATION & INFRASTRUCTURE SECURITY CONTROLS
APPLICATION & INFRASTRUCTURE SECURITY CONTROLS ON THE KINVEY PLATFORM APPLICATION KINVEY PLATFORM SERVICES END-TO-END APPLICATION & INFRASTRUCTURE SERCURITY CONTROLS ENTERPRISE DATA & IDENTITY 2015 Kinvey,
More informationThe Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.
The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved. About How Amazon did Amazon Web Services Deep experience in building and operating global web scale systems?
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationAWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.
AWS Storage Amazon EFS Amazon EBS Amazon EC2 Instance storage Amazon S3 Amazon Glacier AWS Storage Gateway File Block Object Hybrid integrated storage Amazon S3 Amazon Glacier Amazon EBS Amazon EFS Durable
More informationSAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions
SAA-C01 AWS Solutions Architect Associate Exam Summary Syllabus Questions Table of Contents Introduction to SAA-C01 Exam on AWS Solutions Architect Associate... 2 AWS SAA-C01 Certification Details:...
More informationAWS Data Security Security Update
AWS Data Security Security Update December 1 st 2015 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Security Agenda 1:00 pm AWS Security Overview + What s New 2:00 pm Network
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationAmazon AWS-Solution-Architect-Associate Exam
Volume: 858 Questions Question: 1 You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
More informationAWS Course Syllabus. Linux Fundamentals. Installation and Initialization:
AWS Course Syllabus Linux Fundamentals Installation and Initialization: Installation, Package Selection Anatomy of a Kickstart File, Command line Introduction to Bash Shell System Initialization, Starting
More informationCertificate of Registration
Certificate of Registration THIS IS TO CERTIFY THAT 2001 8th Ave, Seattle, WA 98121 USA operates AWS using IaaS model (Amazon CloudFront, Amazon Elastic Block Store (EBS), Amazon Elastic Compute Cloud
More informationLook Who s Hiring! AWS Solution Architect AWS Cloud TAM
Look Who s Hiring! AWS Solution Architect https://www.amazon.jobs/en/jobs/362237 AWS Cloud TAM https://www.amazon.jobs/en/jobs/347275 AWS Principal Cloud Architect (Professional Services) http://www.reqcloud.com/jobs/701617/?k=wxb6e7km32j+es2yp0jy3ikrsexr
More informationHow can you implement this through a script that a scheduling daemon runs daily on the application servers?
You ve been tasked with implementing an automated data backup solution for your application servers that run on Amazon EC2 with Amazon EBS volumes. You want to use a distributed data store for your backups
More informationSecurity Camp 2016 Cloud Security. August 18, 2016
Security Camp 2016 Cloud Security What I ll be discussing Cloud Security Topics Cloud overview The VPC and structures Cloud Access Methods Who owns your data? Cover your Cloud trail? Protection approaches
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More informationTECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA
TECHNICAL WORKBOOK PCI Compliance in the AWS Cloud Report Date: October 17, 2016 Authors: Adam Gaydosh, QSA Jordan Wiseman, QSA A NITIAN COPYRIGHT Copyright 2016 by Anitian Corporation All rights reserved.
More informationCTS performs nightly backups of the Church360 production databases and retains these backups for one month.
Church360 is a cloud-based application software suite from Concordia Technology Solutions (CTS) that is used by churches of all sizes to manage their membership data, website, and financial information.
More informationCloud Computing /AWS Course Content
Cloud Computing /AWS Course Content 1. Amazon VPC What is Amazon VPC? How to Get Started with Amazon VPC Create New VPC Launch an instance (Server) to use this VPC Security in Your VPC Networking in Your
More informationStandardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud
AWS Enterprise Accelerator Compliance Standardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud Quick Start Reference Deployment AWS Professional Services AWS Quick Start Reference
More informationAWS_SOA-C00 Exam. Volume: 758 Questions
Volume: 758 Questions Question: 1 A user has created photo editing software and hosted it on EC2. The software accepts requests from the user about the photo format and resolution and sends a message to
More informationStandardized Architecture for PCI DSS on the AWS Cloud
AWS Enterprise Accelerator Compliance Standardized Architecture for PCI DSS on the AWS Cloud Quick Start Reference Deployment AWS Professional Services AWS Quick Start Reference Team May 2016 (last update:
More informationSecurity and Compliance at Mavenlink
Security and Compliance at Mavenlink Table of Contents Introduction....3 Application Security....4....4....5 Infrastructure Security....8....8....8....9 Data Security.... 10....10....10 Infrastructure
More informationAmazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect
Amazon Web Services Foundational Services for Research Computing Mike Kuentz, WWPS Solutions Architect April 2017 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure
More informationArchitecting for Greater Security in AWS
Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All
More informationAXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure
AXIAD IDS CLOUD SOLUTION Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure Logical Access Use Cases ONE BADGE FOR CONVERGED PHYSICAL AND IT ACCESS Corporate ID badge for physical
More informationThe Nasuni Security Model
White Paper Nasuni enterprise file services ensures unstructured data security and privacy, enabling IT organizations to safely leverage cloud storage while meeting stringent governance and compliance
More informationThe Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter
AWS Solutions Architect (Associate) Exam Course Manual Enter Linux Academy Keller, Texas United States of America March 31, 2017 To All Linux Academy Students: Welcome to Linux Academy's AWS Certified
More informationAWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE
AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE 2018 1 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationCompute - 36 PCPUs (72 vcpus) - Intel Xeon E5 2686 v4 (Broadwell) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vsphere Features - vsphere HA - vmotion - DRS - Elastic DRS Storage - ESXi boot-from-ebs
More information25 Best Practice Tips for architecting Amazon VPC
25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and
More informationAWS Security Best Practices
AWS Security Best Practices August 2016 We welcome your feedback. Please share your thoughts at this link. 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCloud Computing. Amazon Web Services (AWS)
Cloud Computing What is Cloud Computing? Benefit of cloud computing Overview of IAAS, PAAS, SAAS Types Of Cloud private, public & hybrid Amazon Web Services (AWS) Introduction to Cloud Computing. Introduction
More informationPass4test Certification IT garanti, The Easy Way!
Pass4test Certification IT garanti, The Easy Way! http://www.pass4test.fr Service de mise à jour gratuit pendant un an Exam : SOA-C01 Title : AWS Certified SysOps Administrator - Associate Vendor : Amazon
More informationWe are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info
We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info START DATE : TIMINGS : DURATION : TYPE OF BATCH : FEE : FACULTY NAME : LAB TIMINGS : Storage & Database Services : Introduction
More informationHackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm
whitepaper Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm When your company s infrastructure was built on the model of a traditional on-premise data center, security was pretty
More informationCloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014
Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Karthik Krishnan Page 1 of 20 Table of Contents Table of Contents... 2 Abstract... 3 What
More informationNGF0502 AWS Student Slides
NextGen Firewall AWS Use Cases Barracuda NextGen Firewall F Implementation Guide Architectures and Deployments Based on four use cases Edge Firewall Secure Remote Access Office to Cloud / Hybrid Cloud
More informationSafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer
SafeNet HSM solutions for secure virtual amd physical environments Marko Bobinac SafeNet PreSales Engineer Root of trust for your physical and virtual environment 2 But HW doesn t work in a Virtual World?
More informationFilters AWS CLI syntax, 43 Get methods, 43 Where-Object command, 43
Index Symbols AWS Architecture availability zones (AZs), 3 cloud computing, 1 regions amazon global infrastructure, 2 Govcloud, 3 list and locations, 3 services compute, 5 management, 4 monitoring, 6 network,
More informationAWS Certifications. Columbus Amazon Web Services Meetup - February 2018
AWS Certifications Columbus Amazon Web Services Meetup - February 2018 Presenter: Andrew May Senior Solutions Architect & Cloud Solutions Lead @ Leading EDJE Java developer since 2000 2 ½ years AWS experience
More information