NEXT GENERATION CLOUD SECURITY

Similar documents
Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

CYBER SECURITY WHITEPAPER

Agenda. AWS Database Services Traditional vs AWS Data services model Amazon RDS Redshift DynamoDB ElastiCache

Cloud Computing, SaaS and Outsourcing

Twilio cloud communications SECURITY

Security & Compliance in the AWS Cloud. Amazon Web Services

WEBSCALE CONVERGED APPLICATION DELIVERY PLATFORM

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

Architecting for Greater Security in AWS

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

Aspirin as a Service: Using the Cloud to Cure Security Headaches

IBM Bluemix platform as a service (PaaS)

Getting Started with AWS Security

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Title: Planning AWS Platform Security Assessment?

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Auditing the Cloud. Paul Engle CISA, CIA

Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm

Cloud Computing. Amazon Web Services (AWS)

DevOps Agility in the Evolving Cloud Services Landscape

GDPR Update and ENISA guidelines

In this unit we are going to look at cloud computing. Cloud computing, also known as 'on-demand computing', is a kind of Internet-based computing,

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

AWS Reference Design Document

DevOps Tooling from AWS

PROTECT YOUR DATA FROM MALWARE AND ENSURE BUSINESS CONTINUITY ON THE CLOUD WITH NAVLINK MANAGED AMAZON WEB SERVICES MANAGED AWS

AWS Data Security Security Update

Getting started with AWS security

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

CLOUD SECURITY CRASH COURSE

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Data Protection Modernization: Meeting the Challenges of a Changing IT Landscape

Automating Security Practices for the DevOps Revolution

DURATION : 03 DAYS. same along with BI tools.

Qualys Cloud Platform

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Cloud Security Strategy - Adapt to Changes with Security Automation -

CPM. Quick Start Guide V2.4.0

How Managed Service Providers Can Meet Market Growth with Maximum Uptime

AWS Well Architected Framework

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Automate the Lifecycle of IT

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Migrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson

CLOUD COMPUTING PRIMER FOR EXECUTIVES

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

OptiSol FinTech Platforms

IBM Cloud Security for the Cloud. Amr Ismail Security Solutions Sales Leader Middle East & Pakistan

Benefits of Extending your Datacenters with Amazon Web Services

Secure & Unified Identity

HCX SERVER PRODUCT BRIEF & TECHNICAL FEATURES SUMMARY

Why the cloud matters?

Exam C Foundations of IBM Cloud Reference Architecture V5

Cyber Security Technologies

Microservices on AWS. Matthias Jung, Solutions Architect AWS

LBI Public Information. Please consider the impact to the environment before printing this.

Introduction to Database Services

Privacy Data Sheet. This Privacy Data Sheet describes the processing of personal data (or personal identifiable information) by Cisco Threat Grid.

Riverbed Xirrus Cloud Processes and Data Privacy June 19, 2018

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Understanding As-a-service: Teradata IntelliCloud

Embracing a Secure Cloud. Cloud & Network Virtualisation India 2017

Deploying High Availability and Business Resilient R12 Applications over the Cloud

Qualys Cloud Platform

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Modernize Your Backup and DR Using Actifio in AWS

Orchestrating the Continuous Delivery Process

Minfy-Magnaquest Migration Use Case

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

5 Things to Consider when Moving to the Cloud. Dr Chris Folkerd

Ansible for Incident Response

Azure DevOps. Randy Pagels Intelligent Cloud Technical Specialist Great Lakes Region

Aurora, RDS, or On-Prem, Which is right for you

DISTRIBUTED SYSTEMS [COMP9243] Lecture 8a: Cloud Computing WHAT IS CLOUD COMPUTING? 2. Slide 3. Slide 1. Why is it called Cloud?

Dimension Data IaaS Services. Gary Ramsay

OPENSTACK BEIJING CONFERENCE. by: Steven Hallett Head of Cloud Infrastructure Engineering and Operations

Episerver Digital Experience Cloud Norge Thechforum 2017

Disaster Recovery and Mitigation: Is your business prepared when disaster hits?

INTRO TO AWS: SECURITY

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Cloud & AWS Essentials Agenda. Introduction What is the cloud? DevOps approach Basic AWS overview. VPC EC2 and EBS S3 RDS.

Security by Design Running Compliant workloads in AWS

AWS Storage Gateway. Not your father s hybrid storage. University of Arizona IT Summit October 23, Jay Vagalatos, AWS Solutions Architect

ERP Solution to the Cloud

Security as Code: The Time is Now. Dave Shackleford Founder, Voodoo Security Sr. Instructor, SANS

Accelerating the HCLS Industry Through Cloud Computing

Logging, Monitoring, and Alerting

CTS performs nightly backups of the Church360 production databases and retains these backups for one month.

Best Practices in Securing a Multicloud World

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Training on Amazon AWS Cloud Computing. Course Content

Introduction to Cloud Computing

DEVOPSIFYING NETWORK SECURITY. An AlgoSec Technical Whitepaper

NS2 Cloud Overview The Cloud Built for Federal Security and Export Controlled Environments. Hunter Downey, Cloud Solution Director

AWS Solution Architect Associate

Cloud Customer Architecture for Securing Workloads on Cloud Services

Introduction to AWS GoldBase

Transcription:

SESSION ID: CMI-F02 NEXT GENERATION CLOUD SECURITY Myles Hosford Head of FSI Security & Compliance Asia Amazon Web Services

Agenda Introduction to Cloud Security Benefits of Cloud Security Cloud APIs & Automation for Security 4 Next Generation Security Patterns Conclusion 2

Shared Responsibility Model First, we need to understand the shared responsibility model: 3

On-Premise Model App optimization Scaling High availability Database backups DB s/w patches you DB s/w installs OS patches OS installation Server maintenance Rack & stack Power, HVAC, net 4

IaaS Model you App optimization Scaling High availability Database backups DB s/w patches DB s/w installs OS installation Server maintenance Rack & stack OS patches 5 Power, HVAC, net

PaaS or SaaS Model Scaling High availability Database backups DB s/w patches you DB s/w installs OS patches OS installation Server maintenance Rack & stack App optimization 6 Power, HVAC, net

Cloud Provider Compliance 7

Benefits of Cloud Security Inherit Global Compliance Unprecedented Visibility Data Protection Global Resiliency 8

Inherit Global Compliance As a customer of a cloud provider, you might want to obtain certification like PCI-DSS, ISO27001, SOC2 etc. Leverage the shared responsibility model for efficiency and cost savings. 9

Unprecedented Visibility Console API SDK SIEM / SOC Example: Developer changes firewall rule, opens FTP to Internet Change detected in near-real time 10 APIs respond in real-time to revert change and notify cyber security team

Data Protection and at rest Restricted access Encrypted in transit S3 EBS Fully managed keys in KMS RDS Amazon Redshift Fully auditable Amazon Glacier 11 Your KMI

Global Resiliency Disaster Recovery & DDoS Mitigation 12

APIs & Automation

Next Generation Security Patterns 1. Everything as Code Enforce Security by Consistency 2. Immutable Infrastructure - Keep Humans Away from Data 3. Ephemeral Servers - Defeat Malware / APT 4. Automate Compliance & Audit Keep Regulators Happy! 14

SECURITY PATTERN 1: EVERYTHING AS CODE Everything as code (EaC) is the process of managing and provisioning systems, networks, data, configuration and security settings through machine-readable definition files

Everything as Code Current state: Gather Requirements Design Architecture Build and Deploy 16

Everything as Code Cyber Security IT Audit Application Operations 17

Everything as Code Cyber Security IT Audit Application Operations 18

Everything as Code Gather Requirements Design Architecture Represent as Code 19

Everything as Code Environment 1 Environment 2 Environment N 20

Everything as Code 21

Everything as Code Any IP on the Internet Telnet, insecure, clear-text protocol Mis-configuration prevented & detected BEFORE the environment is even built! 22

SECURITY PATTERN 2: IMMUTABLE INFRASTRUCTURE Immutable infrastructure is an approach to managing services and software deployments on IT resources wherein components are replaced rather than changed.

Keep Humans Away From Data 24

CI/CD Pipeline to Keep Humans Away CONTINUOUS INTEGRATION CONTINUOUS DELIVERY SOURCE CONTROL BUILD TESTING & STAGING PRODUCTION MAINTAIN COMMIT CHANGES BUILD ARTIFACTS DEPLOY TO TEST ENVIRONMENT RUN INTEGRATION, SECURITY, LOAD AND OTHER TESTS DEPLOY TO PRODUCTION ENVIRONMENT MANAGE RUNTIME

SECURITY PATTERN 3: EPHEMERAL SERVERS Do not treat servers like pets. The longer they live, the greater the chance of compromise & APT maintaining access.

Ephemeral Servers Use APIs to determine how long servers have been living, automatically replace servers >= 30 days (or 7 days, or 1 day ) aws ec2 describe-instances (returns LaunchTime attribute) UPTIME=`uptime awk {print $3}` if [ $UPTIME -gt 30 ] then # Make an API call to queue the server termination after launching replacement fi 28

SECURITY PATTERN 4: AUTOMATING COMPLIANCE Using APIs to describe your entire environment in near-real time, calculate your compliance position and mitigate risk accordingly.

Automating Compliance MAS TRM MAS Outsourcing ABS Key Controls 30

Automating Compliance 31

Automating Compliance Combine API driven services with automation: 32

Automating Response Automatically respond to non-compliance: Automated response to perform encryption User launches a new server without encryption AWS Config reviews change against controls you define in near real-time Automated response to terminate server 33

Apply Next Generation Cloud Security Next week you should: Hire a developer for your security organization, you need them. In the first three months following this presentation you should: Identify areas of operational risk that can be lowered by leveraging the cloud shared responsibility model. Within six months you should: Automate processes to keep humans away from the data. Set big goals (80% reduction)! 34

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback