CloudHSM Deep-Dive. Dave Walker Specialised Solutions Architect Security/Compliance Amazon Web Services UK Ltd
|
|
- Lenard Austin
- 6 years ago
- Views:
Transcription
1 CloudHSM Deep-Dive Dave Walker Specialised Solutions Architect Security/Compliance Amazon Web Services UK Ltd 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
2 CloudHSM Tamper-Proof and Tamper-Evident Destroys its stored keys if under attack FIPS Level 2 certified Base position is to be a Keystore Can also be used to timestamp documents You can send data for encrypt / decrypt Needs to be backed-up (ideally to HSM on customer premises) Can be (and should) be combined in HA clusters Is NOT a key management system but can work with some third-party ones Communicates via: PKCS#11 JCE Some applications need a plugin Safenet have one for Apache
3 CloudHSM Integration with S3, EBS, EC2 S3 Integration using SafeNet KeySecure on EC2 White paper at EBS and EC2 Use SafeNet KeySecure (6.1.2 or later) on EC2, backed by CloudHSM, for key management Install SafeNet ProtectV Manager on EC2 (c1.medium / m1.medium) Install ProtectV Client on EC2 instances Use ProtectV for EBS volume encryption (ext3, ext4, swap) Supported platforms: RHEL 5.8, 6.2, 6.3 CentOS 6.2 Microsoft Windows 2008, 2012 Encrypt full EBS-backed EC2 instances, including root volumes
4 AWS Databases and CloudHSM Redshift: When using CloudHSM Redshift gets cluster key from HSM Redshift generates a database key and encrypts it with the cluster key from the CloudHSM Redshift encrypts data with the database key Redshift supports re-encryption RDS RDS / Oracle EE can use CloudHSM to store keys as per Oracle Wallet So TDE can be HSM-backed Note that in-memory database contents (once the database has been unlocked) are cleartext RAM encryption is not something AWS has today, but it has been done in other contexts Homomorphic encryption Proof-of-concept with KVM
5 SafeNet Product Support for AWS SafeNet Product AWS Service(s) Supported Notes ProtectV and Virtual KeySecure for AWS EC2 or VPC Instances and EBS Storage GovCloud (Beta) Requires Safenet KeySecure (HW or Virtual) Available in AWS MarketPlace, as well as SafeNet sales channels Virtual KeySecure for AWS CloudHSM Available in AWS Marketplace CloudHSM supports Virtual KeySecure as the hardware root of trust for vks master keys StorageSecure AWS Storage Gateway Safenet KeySecure Hardware (optional) iscsi integration (however StorageSecure also supports CIFS, NFS, FTP, TFTP and HTTP protocols.) Luna SA 7000 HSM CloudHSM RedShift RDS (via 3 rd party vendor) High availability Key synchronization Key Management Luna Backup HSM CloudHSM Key backup ProtectApp S3 and EBS volumes Can be integrated with Amazon S3 Encryption Clients and AWS SDKs (Java and.net) Requires SafeNet KeySecure (HW or virtual) Can be installed on an EC2/VPC instance to protect data stored on EBS volumes. ProtectFile EBS volumes and S3 Requires SafeNet KeySecure (HD or Virtual)
6 Difference between CloudHSM and KMS CloudHSM Single-tenant HSM Customer-managed durability and availability Customer managed root of trust FIPS Validation Broad third-party app support Symmetric and asymmetric ops High fixed price ($16.5k/yr/hsm) KMS Multi-tenant AWS service Highly available and durable key storage and management AWS managed root of trust Extensive auditing Broad support for AWS services Symmetric encryption only Usage-based pricing
7 Why Customers Choose CloudHSM Reasons include: Control Complete control of encryption keys, AWS cannot access key material Fine-grained control of how AWS assets can use your keys Compliance FIPS level 2 or 3 certification Common Criteria EAL4 certification Performance/Availability When required, local CloudHSM much better than on-prem Network transit times Usage patterns
8 Customer Control Over Keys Three reasons for this requirement Regulatory (hard), Policy (soft) and Trust (soft) Soft requirements may be addressed by threat modelling KMS can be simpler and less expensive for customer to use Important to engage customer s governance resources With CloudHSM, customers have absolute control and authority over keys through separation of duties
9 Separation of Duties AWS manages the appliance Customer control keys and crypto operations CloudHSM Separation of duties is enforced by the HSM appliance itself, using RBAC
10 Third-Party Compliance Validation Requirements PCI or other vertical-specific security standard Government workloads (US, Canada, and others) Enterprise policies increasingly require FIPS validation CloudHSM uses SafeNet Luna SA 7000 appliances FIPS Level 2 Validated Common Criteria EAL4 Validated
11 Performance/Availability Advantages Customers may have existing on-prem HSMs Applications that require HSM access could leverage on-prem HSMs over VPN or DX Latency and availability characteristics of VPN or DX make CloudHSM desirable
12 Amazon Really Can t Access Keys AWS has appliance admin to the HSM Luna SA separates appliance admin from security officer Customer initializes HSM themselves via SSH AWS never sees partition credentials Device is automatically wiped if unauthorised access attempted Bottom line you don t have to trust AWS, you are trusting the HSM vendor (SafeNet) and and third party FIPS/CC validations
13 Operations Each HSM is dedicated to one customer No sharing or partitioning of the appliance Customer is responsible for operating the HSMs in HA mode SafeNet Client handles replication to multiple HSMs (up to 16) SafeNet Client load balances across available HSMs Password authentication controls access to the HSM PEDs (Pin Entry Devices) are not currently supported AWS monitors & manages the devices and network infrastructure See FAQ and Technical docs for additional details
14 CloudHSM Public API and SDK Self-service provisioning and management now supported through a public API CreateHSM and DeleteHSM to provision and terminate HSMs ModifyHSM permits changing the network configuration as well as setting up syslog forwarding ListHSMs and DescribeHSM allow discovery and querying of provisioned HSMs ListAvailableZones provides visibility into where CloudHSM capacity is available
15 CloudHSM Command Line Interface (CLI) Tools Provisioning and de-provisioning Easy to provision an HSM, intialise it, clone keys from existing HSMs Easier HSM management Lots of automation in the CLI to reduce management effort Simpler HA configuration Help you build and maintain HSM high availability (HA) configurations From 9 manual steps, interacting with appliance shell directly To 2 simpler steps: create-hapg, add-hsm-to-hapg (for each HSM) Source code available via open source license
16 CloudHSM for RDS Oracle TDE Transparent data encryption support for RDS Oracle databases Store master encryption keys in CloudHSM instances High availability support for two or more HSMs Up to 20 separate databases per HSM
17 Auditing CloudTrail Track resource changes Audit activities for security and compliance purposes Review all CloudHSM API calls Syslog Audit operations on the HSM appliance Send syslog to customer-built and managed collector
18 CloudHSM Use Cases
19 EBS Volume Encryption Customer Applications SafeNet ProtectV Client SafeNet KeySecure Master key stored in CloudHSM SafeNet ProtectV & KeySecure Instances with ProtectV client authenticate to KeySecure ProtectV client encrypts all I/O to EBS volume (AES256) CloudHSM Availability Zone
20 Redshift Encryption Cluster master key in CloudHSM Direct integration no client software required AWS CloudHSM Amazon Redshift Cluster Your encrypted data in Amazon Redshift Your applications in Amazon EC2
21 Database Encryption (non-rds) Customer-managed database in EC2 Oracle 11g & 12c with Transparent Data Encryption (TDE) Microsoft SQL Server 2008 & 2012 with TDE AWS CloudHSM Master key is created in the HSM and never leaves Your database with TDE in Amazon EC2 Your applications in Amazon EC2 Master key in CloudHSM
22 Custom Software Applications Architectural building block to help you secure your applications Use standard libraries, with back-end HSM rather than software-based crypto PKCS#11, JCA/JCE, Microsoft CAPI/CNG/EKM Code examples and details in the CloudHSM User Guide make it easier to get started
23 Other Use Cases Customer use cases continue to emerge: Enterprises using on-prem HSMs and want to move these workloads to the cloud Startups who want to offer high assurance services and achieve compliance Enterprises who are not using HSMs for some of their on-prem apps but who want to use HSMs for these apps in the cloud Examples: Object encryption Digital Rights Management (DRM) Document signing, secure document management & secure document repository Payments, financial applications & transaction processing Privileged account management Certification authority (CA)
24 Using CloudHSM
25 Detailed Examples Building the CloudHSM Environment Configuring High Availability Integrating with RDS
26 Building a CloudHSM Environment Create customer infrastructure using CF template Install the CLI Tools Provision HSMs Initialise HSMs
27 Create Infrastructure with CF
28 Create Infrastructure with CF Lookup your AZ identifiers on the EC2 Dashboard, and use those names
29 Install CLI Tools on Control Instance SSH to control instance deployed by CF Template Download and install the CloudHSM CLI Tools # Install python 2.7 sudo yum install python27 wget sudo python2.7 ez_setup.py # Download and install the CloudHSM CLI Tools wget sudo easy_install-2.7 -s /usr/local/bin CloudHsmCLI-beta.egg cloudhsm version { "Version": <version>" } Assign an IAM role to your instance to permit CloudHSM API access
30 Provision HSMs Create two HSMs (one for each subnet) $ cloudhsm -c cloudhsm.conf create-hsm --ssh-public-key-file cloudhsm_ssh.pub --iam-role-arn arn:aws:iam:: :role/cloudhsm-fra-cloudhsmrole- 1ZEAT0Z2PB8P --subnet-id subnet-d244b0bb { "HsmArn": "arn:aws:cloudhsm:eu-central-1: :hsmf32462d6", } "RequestId": "e55c9da1-7b5b-11e dd57de14ff9c"
31 Provision HSMs Describe status, wait until status changes from PENDING to RUNNING $ cloudhsm -c cloudhsm.conf describe-hsm -H arn:aws:cloudhsm:eu-central-1: :hsmf32462d6 { "EniId": "eni-047fbd6d", "EniIp": " ", "HsmArn": "arn:aws:cloudhsm:eu-central-1: :hsm-f32462d6", "IamRoleArn": "arn:aws:iam:: :role/cloudhsm-fra-cloudhsmrole-1zeat0z2pb8p", "Partitions": [], "RequestId": "2179b6f0-7b5c-11e4-a252-9d68fcf58947", "SerialNumber": "472673", "SoftwareVersion": " ", "SshPublicKey": ", "Status": RUNNING", "SubnetId": "subnet-d244b0bb", "SubscriptionStartDate": " T02:18:56.292Z", "SubscriptionType": "PRODUCTION", "VendorName": "SafeNet Inc." }
32 Provision HSMs Look for ENI CloudHSM Managed Interface, DO NOT DELETE! in the description
33 Provisioning HSMs Change the ENI security group to the one with the description Allows SSH and NTLS from the public subnet
34 Initialize the HSM $cloudhsm -c cloudhsm.conf initialize-hsm -H arn:aws:cloudhsm:eu-central-1: :hsm-f32462d6 - -label hsmlabel --cloning-domain cloningdomain --sopassword sopassword { } "Status": "Initialization of the HSM successful"
35 Configure High Availability Create an HAPG (high availability partition group) $ cloudhsm -c cloudhsm.conf create-hapg --group-label Partition_001 Partition_001 { "HapgArn": "arn:aws:cloudhsm:eu-central-1: :hapg- 8e3be050", } "RequestId": "ce3e1b17-7b64-11e4-a252-9d68fcf58947"
36 Configure High Availability Add the HSMs to the HAPG cloudhsm -c cloudhsm.conf add-hsm-to-hapg -H arn:aws:cloudhsm:eu-central-1: :hsm-f32462d6 -- hapg-arn arn:aws:cloudhsm:eu-central-1: :hapg- 8e3be050 --cloning-domain cloningdomain --partition-password partitionpassword --so-password sopassword { "Status": "Addition of HSM arn:aws:cloudhsm:eu-central- 1: :hsm-f32462d6 to HAPG arn:aws:cloudhsm:eucentral-1: :hapg-8e3be050 successful" } (then do it again for the second HSM)
37 Done! After this, you are ready to set up custom software with SafeNet clients, RDS integration, customer-managed databases, and more. Comprehensive documentation available at
38 CloudHSM Pricing and Trials HSM provisioned in any region has a $5,000 one-time charge, then metered hourly after that There is no stop only terminate We know this is challenging, since re-provisioning will incur another $5,000 upfront charge 30-day trials are available for customers on premium support Access these by opening a case with dev support
39 Conclusion HSMs, for basic key storage and bulk crypto, are available in AWS, if you need them They ll have better performance that on-prem HSMs, owing to co-location CloudHSM (and HSMs in general) aren t for everyone Customers need trained staff, tight operational practice
Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH
Crypto-Options on AWS Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH Amazon.com, Inc. and its affiliates. All rights reserved. Agenda
More informationProtecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Protecting Your Data in AWS 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypting Data in AWS AWS Key Management Service, CloudHSM and other options What to expect from this
More informationWhy AWS CloudHSM Can Revolutionize AWS
Why AWS CloudHSM Can Revolutionize AWS SESSION ID: CSV-R04A Oleg Gryb Security Architect at Intuit @oleggryb Todd Cignetti Sr. Product Manager at AWS Security Subra Kumaraswamy Chief Product Security at
More informationMapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd
Berlin Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd AWS Compliance Display Cabinet Certificates: Programmes:
More informationSimple Security for Startups. Mark Bate, AWS Solutions Architect
BERLIN Simple Security for Startups Mark Bate, AWS Solutions Architect Agenda Our Security Compliance Your Security Account Management (the keys to the kingdom) Service Isolation Visibility and Auditing
More informationThe Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.
The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved. About How Amazon did Amazon Web Services Deep experience in building and operating global web scale systems?
More informationAWS CloudHSM. User Guide
AWS CloudHSM User Guide AWS CloudHSM: User Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with
More informationGetting Started with AWS Security
Getting Started with AWS Security Tomas Clemente Sanchez Senior Consultant Security, Risk and Compliance September 21st 2017 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Move
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationSafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION
SafeNet ProtectApp APPLICATION-LEVEL ENCRYPTION Encrypt application data and keep it secure across its entire lifecycle no matter where it is transferred, backed up, or copied Rich application encryption
More informationAWS CloudHSM. User Guide
AWS CloudHSM User Guide AWS CloudHSM: User Guide Copyright 2018 Amazon Web Services, Inc. and/or its affiliates. All rights reserved. Amazon's trademarks and trade dress may not be used in connection with
More informationSecurity on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Overview AWS Regions Availability Zones Shared Responsibility Security Features Best Practices
More informationAdding value to your MS customers
Securing Microsoft Adding value to your MS customers Authentication - Identity Protection Hardware Security Modules DataSecure - Encryption and Control Disc Encryption Offering the broadest range of authentication,
More informationOracle WebLogic Server 12c on AWS. December 2018
Oracle WebLogic Server 12c on AWS December 2018 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationAWS Security. Stephen E. Schmidt, Directeur de la Sécurité
AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express
More informationManaging and Auditing Organizational Migration to the Cloud TELASA SECURITY
Managing and Auditing Organizational Migration to the Cloud 1 TELASA SECURITY About Me Brian Greidanus bgreidan@telasasecurity.com 18+ years of security and compliance experience delivering consulting
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationSecuring Microservices Containerized Security in AWS
Securing Microservices Containerized Security in AWS Mike Gillespie, Solutions Architect, Amazon Web Services Splitting Monoliths Ten Years Ago Splitting Monoliths Ten Years Ago XML & SOAP Splitting Monoliths
More informationDyadic Enterprise. Unbound Key Control For Azure Marketplace. The Secure-As-Hardware Software With a Mathematical Proof
Dyadic Enterprise Unbound Key Control For Azure Marketplace The Secure-As-Hardware Software With a Mathematical Proof Unbound Key Control (UKC) is the first software-only key management and key protection
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationAWS Administration. Suggested Pre-requisites Basic IT Knowledge
Course Description Amazon Web Services Administration (AWS Administration) course starts your Cloud Journey. If you are planning to learn Cloud Computing and Amazon Web Services in particular, then this
More informationSecurity Architecture Models for the Cloud
White Paper Security Architecture Models for the Cloud Introduction While Hardware Security Module (HSM) customers traditionally have their own infrastructures and data centers and run HSMs on premises,
More informationSafeNet HSM solutions for secure virtual amd physical environments. Marko Bobinac SafeNet PreSales Engineer
SafeNet HSM solutions for secure virtual amd physical environments Marko Bobinac SafeNet PreSales Engineer Root of trust for your physical and virtual environment 2 But HW doesn t work in a Virtual World?
More informationHOW SNOWFLAKE SETS THE STANDARD WHITEPAPER
Cloud Data Warehouse Security HOW SNOWFLAKE SETS THE STANDARD The threat of a data security breach, someone gaining unauthorized access to an organization s data, is what keeps CEOs and CIOs awake at night.
More informationChannel FAQ: Smartcrypt Appliances
Channel FAQ: Smartcrypt Appliances Q: When were Smartcrypt appliances announced? A: announced the release of our Smartcrypt virtual and physical appliances on September 19, 2017. Smartcrypt Enterprise
More informationAccess Governance in a Cloudy Environment. Nabeel Nizar VP Worldwide Solutions
Access Governance in a Cloudy Environment Nabeel Nizar VP Worldwide Solutions Engineering @nabeelnizar Nabeel.Nizar@saviynt.com How do I manage multiple cloud instances from a single place? Is my sensitive
More informationAmazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.
Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect Amazon.com, Inc. and its affiliates. All rights reserved. Learning about Cloud Computing with AWS What is Cloud Computing and
More informationSECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry
SECURITY ON AWS By Max Ellsberry AWS Security Standards The IT infrastructure that AWS provides has been designed and managed in alignment with the best practices and meets a variety of standards. Below
More informationOnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems
OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems April 2017 215-12035_C0 doccomments@netapp.com Table of Contents 3 Contents Before you create ONTAP Cloud systems... 5 Logging in
More information8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop
Bishop Encryption and Decryption centralized Single point of contact First line of defense If working with VPC Creation and management of security groups Provides additional networking and security options
More informationAWS Security Best Practices
AWS Security Best Practices August 2016 We welcome your feedback. Please share your thoughts at this link. 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014
Cloudera s Enterprise Data Hub on the Amazon Web Services Cloud: Quick Start Reference Deployment October 2014 Karthik Krishnan Page 1 of 20 Table of Contents Table of Contents... 2 Abstract... 3 What
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stella Lee Manager, Enterprise Business Development $ 2 0 B + R E V E N U E R U N R A T E (Annualized from Q4 2017) 4 5 % Y / Y G R O W T
More informationTitle: Planning AWS Platform Security Assessment?
Title: Planning AWS Platform Security Assessment? Name: Rajib Das IOU: Cyber Security Practices TCS Emp ID: 231462 Introduction Now-a-days most of the customers are working in AWS platform or planning
More informationSecurity Camp 2016 Cloud Security. August 18, 2016
Security Camp 2016 Cloud Security What I ll be discussing Cloud Security Topics Cloud overview The VPC and structures Cloud Access Methods Who owns your data? Cover your Cloud trail? Protection approaches
More informationSecurity by Design Running Compliant workloads in AWS
Security by Design Running Compliant workloads in 2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent
More informationVirtual KeySecure for AWS
Virtual KeySecure for AWS CUSTOMER RELEASE NOTES Version: 8.2.1 Issue Date: June 5 2015 Document Part Number: 007-013116-001, Rev A Contents Product Description... 2 Key Management... 2 High Performance...
More informationOverview of AWS Security - Database Services
Overview of AWS Security - Database Services June 2016 (Please consult http://aws.amazon.com/security/ for the latest version of this paper) 2016, Amazon Web Services, Inc. or its affiliates. All rights
More informationUnstructured Data. Stored & Archived Data. Customers + Partners
WHERE IS YOUR DATA? WHERE ARE YOUR KEYS? Structured Data Unstructured Data Live Data 1 Databases Data in Motion Virtual Machines Virtualized Data 2 Stored & Archived Data 3 Key Management and Root of Trust
More informationWHITE PAPER Complying with the Payment Card Industry Data Security Standard
WHITE PAPER Complying with the Payment Card Industry Data Security Standard For retailers, financial institutions, payment processors, and a range of other organizations that store or access payment card
More informationVaultive and SafeNet KeySecure KMIP Integration Guide v1.0. September 2016
Vaultive and SafeNet KeySecure KMIP Integration Guide v1.0 September 2016 2016 Vaultive Inc. All rights reserved. Published in the U.S.A. This documentation contains proprietary information belonging to
More informationCompute - 36 PCPUs (72 vcpus) - Intel Xeon E5 2686 v4 (Broadwell) - 512GB RAM - 8 x 2TB NVMe local SSD - Dedicated Host vsphere Features - vsphere HA - vmotion - DRS - Elastic DRS Storage - ESXi boot-from-ebs
More informationOn Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor
On Demand Cryptographic Resources for Your Virtual Data Center and the Cloud: Introducing SafeNet s Crypto Hypervisor Ugo Piazzalunga SafeNet Italy Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com
More information4) An organization needs a data store to handle the following data types and access patterns:
1) A company needs to deploy a data lake solution for their data scientists in which all company data is accessible and stored in a central S3 bucket. The company segregates the data by business unit,
More informationBuilding a Modular and Scalable Virtual Network Architecture with Amazon VPC
Building a Modular and Scalable Virtual Network Architecture with Amazon VPC Quick Start Reference Deployment Santiago Cardenas Solutions Architect, AWS Quick Start Reference Team August 2016 (revisions)
More informationPuppet on the AWS Cloud
Puppet on the AWS Cloud Quick Start Reference Deployment AWS Quick Start Reference Team March 2016 This guide is also available in HTML format at http://docs.aws.amazon.com/quickstart/latest/puppet/. Contents
More informationNetwork Security & Access Control in AWS
Network Security & Access Control in AWS Ian Massingham, Technical Evangelist @IanMmmm 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Account Security Day One Governance Account
More informationArchitecting for Greater Security in AWS
Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All
More informationCogniFit Technical Security Details
Security Details CogniFit Technical Security Details CogniFit 2018 Table of Contents 1. Security 1.1 Servers........................ 3 1.2 Databases............................3 1.3 Network configuration......................
More informationLaunch and Configure SafeNet ProtectV in AWS Marketplace
ProtectV TECHNICAL INSTRUCTIONS Launch and Configure SafeNet ProtectV in AWS Marketplace Contents Overview... 2 Prerequisites... 2 Configure KeySecure... 3 Configure the Firewall (for Linux Clients Only)...
More informationFAST TRACK YOUR AMAZON AWS CLOUD TECHNICAL SKILLS. Enterprise Website Hosting with AWS
FAST TRACK YOUR AMAZON AWS CLOUD TECHNICAL SKILLS Enterprise Website Hosting with AWS 2 Day Course Outline Table of Contents Introduction Course Structure Course Outline Day 1 - Introduction to Cloud Computing,
More informationWhite Paper. Deploying CKMS Within a Business
White Paper Deploying CKMS Within a Business 1 Introduction The Cryptomathic Crypto Key Management System (CKMS) is a market-leading lifecycle key management product that can manage cryptographic keys
More informationAUTOMATING IBM SPECTRUM SCALE CLUSTER BUILDS IN AWS PROOF OF CONCEPT
AUTOMATING IBM SPECTRUM SCALE CLUSTER BUILDS IN AWS PROOF OF CONCEPT By Joshua Kwedar Sr. Systems Engineer By Steve Horan Cloud Architect ATS Innovation Center, Malvern, PA Dates: Oct December 2017 INTRODUCTION
More informationWhy Gemalto with F5. Trust. Every day. Matija Mandarić, Presales Engineer, Veracomp. February 2017
Why Gemalto with F5 Trust. Every day. February 2017 Matija Mandarić, Presales Engineer, Veracomp We are the world leader in digital security +2bn END USERS BENEFIT FROM OUR SOLUTIONS 2.5bn 2014 REVENUE
More informationINTRO TO AWS: SECURITY
INTRO TO AWS: SECURITY Rob Whitmore Solutions Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved Security is the foundation Familiar security model Validated by security experts
More informationDyadic Security Enterprise Key Management
Dyadic Security Enterprise Key Management The Secure-as-Hardware Software with a Mathematical Proof Dyadic Enterprise Key Management (EKM) is the first software-only key management and key protection system
More informationCloudera s Enterprise Data Hub on the AWS Cloud
Cloudera s Enterprise Data Hub on the AWS Cloud Quick Start Reference Deployment Shivansh Singh and Tony Vattathil Amazon Web Services October 2014 Last update: April 2017 (revisions) This guide is also
More informationWhose Cloud Is It Anyway? Exploring Data Security, Ownership and Control
Whose Cloud Is It Anyway? Exploring Data Security, Ownership and Control SESSION ID: CDS-T11 Sheung-Chi NG Senior Security Consulting Manager, APAC SafeNet, Inc. Cloud and Virtualization Are Change the
More informationSecurity: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration
Security: A Driving Force Behind Moving to the Cloud Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration 2017, Amazon Web Services, Inc. or its affiliates.
More informationLook Who s Hiring! AWS Solution Architect AWS Cloud TAM
Look Who s Hiring! AWS Solution Architect https://www.amazon.jobs/en/jobs/362237 AWS Cloud TAM https://www.amazon.jobs/en/jobs/347275 AWS Principal Cloud Architect (Professional Services) http://www.reqcloud.com/jobs/701617/?k=wxb6e7km32j+es2yp0jy3ikrsexr
More informationAt Course Completion Prepares you as per certification requirements for AWS Developer Associate.
[AWS-DAW]: AWS Cloud Developer Associate Workshop Length Delivery Method : 4 days : Instructor-led (Classroom) At Course Completion Prepares you as per certification requirements for AWS Developer Associate.
More informationOracle Database Cloud for Oracle DBAs Ed 3
Oracle University Contact Us: 800-260-690 Oracle Database Cloud for Oracle DBAs Ed 3 Duration: 3 Days What you will learn Note: No hands-on lab environment for the Training On Demand course format This
More informationManaging Your Privileged Identities: The Choke Point of Advanced Attacks
Managing Your Privileged Identities: The Choke Point of Advanced Attacks Shirief Nosseir EMEA Alliances Director Identity & API Management Tuesday, 16 May 2017 Agenda Why Privileged Access Management Why
More informationGetting started with AWS security
Getting started with AWS security Take a prescriptive approach Stephen Quigg Principal Security Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is enterprise
More information25 Best Practice Tips for architecting Amazon VPC
25 Best Practice Tips for architecting Amazon VPC 25 Best Practice Tips for architecting Amazon VPC Amazon VPC is one of the most important feature introduced by AWS. We have been using AWS from 2008 and
More informationAgenda. AWS Database Services Traditional vs AWS Data services model Amazon RDS Redshift DynamoDB ElastiCache
Databases on AWS 2017 Amazon Web Services, Inc. and its affiliates. All rights served. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon Web Services,
More informationAdditional Security Services on AWS
Additional Security Services on AWS Bertram Dorn Specialized Solutions Architect Security / Compliance / DataProtection AWS EMEA The Landscape The Paths Application Data Path Path Cloud Managed by Customer
More informationAWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.
AWS Storage Amazon EFS Amazon EBS Amazon EC2 Instance storage Amazon S3 Amazon Glacier AWS Storage Gateway File Block Object Hybrid integrated storage Amazon S3 Amazon Glacier Amazon EBS Amazon EFS Durable
More informationHARDWARE SECURITY MODULES (HSMs)
HARDWARE SECURITY MODULES (HSMs) Cryptography: The basics Protection of data by using keys based on complex, randomly-generated, unique numbers Data is processed by using standard algorithms (mathematical
More informationSecurity Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance
Security Aspekts on Services for Serverless Architectures Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance Agenda: Security in General Services in Scope Aspects of Services for
More informationVMware, SQL Server and Encrypting Private Data Townsend Security
VMware, SQL Server and Encrypting Private Data Townsend Security 724 Columbia Street NW, Suite 400 Olympia, WA 98501 360.359.4400 Today s Agenda! Compliance, standards, and best practices! Encryption and
More informationCloud security 2.0: Joko nyt pilveen voi luottaa?
Cloud security 2.0: Joko nyt pilveen voi luottaa? www.nordcloud.com 11 04 2017 Helsinki 2 Teemu Lehtonen Senior Cloud architect, Security teemu.lehtonen@nordcloud.com +358 40 6329445 Nordcloud Finland
More informationOptiSol FinTech Platforms
OptiSol FinTech Platforms Payment Solutions Cloud enabled Web & Mobile Platform for Fund Transfer OPTISOL BUSINESS SOLUTIONS PRIVATE LIMITED #87/4, Arcot Road, Vadapalani, Chennai 600026, Tamil Nadu. India
More information6 Vulnerabilities of the Retail Payment Ecosystem
6 Vulnerabilities of the Retail Payment Ecosystem FINANCIAL INSTITUTION PAYMENT GATEWAY DATABASES POINT OF SALE POINT OF INTERACTION SOFTWARE VENDOR Table of Contents 4 7 8 11 12 14 16 18 Intercepting
More informationSIOS DataKeeper Cluster Edition on the AWS Cloud
SIOS DataKeeper Cluster Edition on the AWS Cloud Quick Start Reference Deployment April 2017 Last update: May 2017 (revisions) SIOS Technology Corp. AWS Quick Start Reference Team Contents Overview...
More informationAWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services
AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services What is the GDPR? What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection
More informationVormetric Data Security
Vormetric Data Security Simplifying Data Security for the Enterprise www.vormetric.com Agenda! Introductions! Vormetric Overview! Data Security Architecture Challenges! Product Architecture & Use Cases!
More informationAre You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus
Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus 1 60 Second AWS Security Review 2 AWS Terminology Identity and Access Management (IAM) - AWS Security Service to manage
More informationPrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps
PrepAwayExam http://www.prepawayexam.com/ High-efficient Exam Materials are the best high pass-rate Exam Dumps Exam : SAA-C01 Title : AWS Certified Solutions Architect - Associate (Released February 2018)
More informationAWS Data Security Security Update
AWS Data Security Security Update December 1 st 2015 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Security Agenda 1:00 pm AWS Security Overview + What s New 2:00 pm Network
More informationAWS Well Architected Framework
AWS Well Architected Framework What We Will Cover The Well-Architected Framework Key Best Practices How to Get Started Resources Main Pillars Security Reliability Performance Efficiency Cost Optimization
More informationHigh School Technology Services myhsts.org Certification Courses
AWS Associate certification training Last updated on June 2017 a- AWS Certified Solutions Architect (40 hours) Amazon Web Services (AWS) Certification is fast becoming the must have certificates for any
More informationVenafi Platform. Architecture 1 Architecture Basic. Professional Services Venafi. All Rights Reserved.
Venafi Platform Architecture 1 Architecture Basic Professional Services 2018 Venafi. All Rights Reserved. Goals 1 2 3 4 5 Architecture Basics: An overview of Venafi Platform. Required Infrastructure: Services
More informationBetter, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services
Better, Faster, Stronger web apps with Amazon Web Services Simone Brunozzi ( @simon ) Senior Technology Evangelist, Amazon Web Services (from the previous presentation) Knowledge starts from great questions.
More informationCPM. Quick Start Guide V2.4.0
CPM Quick Start Guide V2.4.0 1 Content 1 Introduction... 3 Launching the instance... 3 CloudFormation... 3 CPM Server Instance Connectivity... 3 2 CPM Server Instance Configuration... 4 CPM Server Configuration...
More informationProtecting Your Cloud
WHITE PAPER Protecting Your Cloud Maximize security in cloud-based solutions EXECUTIVE SUMMARY With new cloud technologies introduced daily, security remains a key focus. Hackers and phishers capable of
More informationAmerican Commercial Lines: Migrating Oracle E-Business Suite to AWS
American Commercial Lines: Migrating Oracle E-Business Suite to AWS Case Study Michael McGrath, VP Information Technology, American Commercial Lines Abdul Sathar Sait, Principal Cloud Solutions Architect,
More informationConfluence Data Center on the AWS Cloud
Confluence Data Center on the AWS Cloud Quick Start Reference Deployment March 2017 Atlassian AWS Quick Start Reference Team Contents Overview... 2 Costs and Licenses... 2 Architecture... 3 Prerequisites...
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationDatabricks Enterprise Security Guide
Databricks Enterprise Security Guide 1 Databricks is committed to building a platform where data scientists, data engineers, and data analysts can trust that their data is secure. Through implementing
More informationStep-by-Step Deployment Guide Part 1
4.2.2. Running an Intelligent Analytical System on AWS Using AWS Services & Solutions in AWS Marketplace Step-by-Step Deployment Guide Part 1 Page 1 of 69 Disclaimer: 1. The AWS Marketplace Fusion Solution
More informationMicrosoft Best Practices on AWS
Microsoft Best Practices on AWS Julien Lépine, Solutions Architect, AWS EMEA September 22 nd, 2016 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why Customers Choose AWS for Windows
More informationLEARN HOW TO SECURE THE BREACH! SECURE THE BREACH: BREACH PREVENTION DOES NOT WORK A THREE-STEP APPROACH TO BOOST DATA PROTECTION
SECURE THE BREACH: A THREE-STEP APPROACH TO BOOST DATA PROTECTION Reality as it was BREACH PREVENTION DOES NOT WORK LEARN HOW TO SECURE THE BREACH! Reality as it is The numbers do not lie whether internal
More information3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS)
3 CERTIFICATION AUTHORITY KEY PROTECTION (HSMS) 3.1 Introduction In any public key infrastructure deployment, the protection of private key material (application keys) associated with the public/private
More informationIBM Tivoli Directory Server
Build a powerful, security-rich data foundation for enterprise identity management IBM Tivoli Directory Server Highlights Support hundreds of millions of entries by leveraging advanced reliability and
More informationAurora, RDS, or On-Prem, Which is right for you
Aurora, RDS, or On-Prem, Which is right for you Kathy Gibbs Database Specialist TAM Katgibbs@amazon.com Santa Clara, California April 23th 25th, 2018 Agenda RDS Aurora EC2 On-Premise Wrap-up/Recommendation
More informationSecurity and Privacy Overview
Security and Privacy Overview Cloud Application Security, Data Security and Privacy, and Password Management 1 Overview Security is a growing concern and should not be taken lightly across an organization.
More informationAmazon AWS-Solution-Architect-Associate Exam
Volume: 858 Questions Question: 1 You are trying to launch an EC2 instance, however the instance seems to go into a terminated status immediately. What would probably not be a reason that this is happening?
More informationAWS Security Overview. Bill Shinn Principal Security Solutions Architect
AWS Security Overview Bill Shinn Principal Security Solutions Architect Accelerating Security with AWS AWS Overview / Risk Management / Compliance Overview Identity / Privilege Isolation Roles for EC2
More informationCreating Trust in a Highly Mobile World
Creating Trust in a Highly Mobile World Technical White Paper Oct, 2014 MobileCrypt with Hardware Strength Security MobileCrypt s solution leverages an Android based mobile application and a Hardware Security
More information