Security by Design Running Compliant workloads in AWS

Similar documents
Introduction to AWS GoldBase

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

AWS Data Security Security Update

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Getting Started with AWS Security

Security & Compliance in the AWS Cloud. Amazon Web Services

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Training on Amazon AWS Cloud Computing. Course Content

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Standardized Architecture for PCI DSS on the AWS Cloud

LINUX, WINDOWS(MCSE),

INTRO TO AWS: SECURITY

Automating Elasticity. March 2018

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Architecting for Greater Security in AWS

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

ASD CERTIFICATION REPORT

Getting started with AWS security

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Telos and Amazon Web Services (AWS): Accelerating Secure and Compliant Cloud Deployments

Standardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

AWS Well Architected Framework

ALIENVAULT USM FOR AWS SOLUTION GUIDE

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

AWS Landing Zone. AWS User Guide. November 2018

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

Compliance with NIST

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security

HIPAA Compliance and Auditing in the Public Cloud

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

CYBER SECURITY WHITEPAPER

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Getting started with AWS security

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Title: Planning AWS Platform Security Assessment?

Sparta Systems TrackWise Solution

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Splunk & Amazon Web Services

Introduction to Cloud Computing

Compliance with CloudCheckr

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Sparta Systems TrackWise Digital Solution

Amazon Web Services Training. Training Topics:

HashiCorp Vault on the AWS Cloud

High School Technology Services myhsts.org Certification Courses

Sparta Systems Stratas Solution

Databricks Enterprise Security Guide

Architecting for HIPAA Security and Compliance on Amazon Web Services

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Mid-Atlantic CIO Forum

OptiSol FinTech Platforms

Network Security & Access Control in AWS

locuz.com SOC Services

NEXT GENERATION CLOUD SECURITY

Security Camp 2016 Cloud Security. August 18, 2016

Amazon Web Services (AWS) Training Course Content

Hackproof Your Cloud Responding to 2016 Threats

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

CyberPosture Intelligence for Your Hybrid Infrastructure

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Top Reasons To Audit An IAM Program. Bryan Cook Focal Point Data Risk

Watson Developer Cloud Security Overview

Cloud Computing. Amazon Web Services (AWS)

Cloud Computing /AWS Course Content

SoftLayer Security and Compliance:

AWS Service Catalog. User Guide

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

AWS 101. Patrick Pierson, IonChannel

Streamlined FISMA Compliance For Hosted Information Systems

Netwrix Auditor for SQL Server

Accelerating the HCLS Industry Through Cloud Computing

Logical Separation. An evaluation of the U.S. Department of Defense Cloud Security Requirements for Sensitive Workloads

CPM. Quick Start Guide V2.4.0

VMware, SQL Server and Encrypting Private Data Townsend Security

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Grischa Baelden AWS Public Sector Account Manager, DACH. Brendan Bouffler. Worldwide Research and Technical Computing Lead

Law Enforcement Solutions

Demystifying Governance, Risk, and Compliance (GRC) with 4 Simple Use Cases. Gen Fields Senior Solution Consultant, Federal Government ServiceNow

Oracle WebLogic Server 12c on AWS. December 2018

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

Overview of AWS Security - Database Services

Virtual Machine Encryption Security & Compliance in the Cloud

Altius IT Policy Collection Compliance and Standards Matrix

CIBERSEGURIDAD & COMPLIANCE

Video on Demand on AWS

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

VMware, SQL Server and Encrypting Private Data Townsend Security

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

SOLUTION BRIEF RSA SECURID SUITE ACCELERATE BUSINESS WHILE MANAGING IDENTITY RISK

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

Transcription:

Security by Design Running Compliant workloads in 2015 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

Evolution of security & compliance at Security by Design tech certifications Customer enabler docs Customer case studies (SbD) IAM CloudHSM KMS CloudTrail Config

Security by Design - SbD IAM KMS Security by Design (SbD) is a modern, security assurance approach that formalizes account design, automates security controls, and streamlines auditing. It is a systematic approach to ensure security; instead of relying on after-the-fact auditing, SbD provides control insights throughout the IT management process. CloudHSM CloudTrail Config

Why - Security by Deign Organizations continue to labor over demonstrating their alignment with security, compliance and audits assertions across regulated environments. Additionally, the majority of technology governance processes relies predominantly on administrative and operational security controls with Limited technology enforcement. Traditional Technology Governance isn t working to reduce data breach's across regulated industries (e.g. Health, Finance and Public Sector)

Impact of Security by Design SbD - Scripting your governance policy Result: Reliable technical implementation of administrative controls

The SbD Approach A Standardized Package Which: Automates implementation of system-specific security controls Deploys an infrastructure which supports multiple security requirements (e.g. FISMA, CJIS, HIPAA, PCI, FFIEC etc.) Provides a quick repeatable process for deploying and documenting baseline architectures for specific use cases Can be used as a organizationally defined standard which meets several security control requirements

SbD Eco-system Security by Design (SbD) Config Rules Amazon Inspector GoldBase

Elements of a secure architecture 1. Create a Golden Environment 2. Enforce Service Catalog 3. Create Permissions to Use Services

GoldBase Netork Architectural Diagrams

Create a Golden Environment 1. Create a Golden Environment Understand the configuration use of services, for example: 2. Enforce Service Catalog 3. Create Permissions to Use Services S3 EBS Redshift Force SSE Turn on logging Specify retention Set Glacier archiving Prevent external access Specify overriding permissions Set event notifications Define Volume type Volume size limits IOPS performance (Input/Output) Data location - regions Snapshot (Backup) ID Encryption requirements Cluster Type (Single or Multi) Encryption (KMS or HSM) VPC location External Access (Yes/No) Security Groups applied Create SNS topic Enforce CloudWatch alarms

Enforce Service Catalog 1. Create a Golden Environment 2. Enforce Service Catalog 3. Create Permissions to Use Services Allows administrators to create and manage approved catalogs of resources (products) that end users can access via a personalized portal A Service Catalog Product is a deployable CloudFormation template Provisioning Team creates and manages Service Catalog Products built from CloudFormation Templates

Create Permissions to Use Least Privilege Access - Gives workload owners permissions to deploy templates, nothing more 1. Create a Golden Environment 2. Enforce Service Catalog 3. Create Permissions to Use Services Service Catalog Constraints specify IAM role used only for template deployment Workload Owner with limited IAM Permissions Main.json CloudFormation Template Additional CloudFormation Templates

Additional Enterprise-wide Benefits Accelerates - The learning process by providing complex example systems that conform to leading practices Decreases - The Level of Effort (LoE) in producing security related documentation through automation of reporting Enhances - Enterprise security through automation and integration with security tools (e.g. Config Rules, Inspector, Evident.io and Splunk) Verifiable Evidence gathering capability is enhanced by using and external partners (e.g. Allgress and Veris Group)

SbD Operating Principles Separation of duties Different personnel across service lines Least privilege

SbD enables secure operational automation Visibility through automation Shrinking the protection boundaries Ubiquitous encryption

SbD - Modernization of Technology Governance Construct, Implement and Run secure workloads through automation in the cloud provides Governance, Risk, and Compliance teams: 1. The right SbD tech - 2. SbD Whitepaper 3. GoldBase 1. Security controls implementation matrix 2. Architecture diagrams 3. CloudFormation templates 1. Industry compliance templates (PCI, NIST 800-53, HIPAA, FFIEC, and CJIS) 4. User Guides and deployment instructions 4. Config Rules auditing 5. Inspector advanced in-host security and audit 6. Training IAM CloudHSM Config KMS CloudTrail

awscompliance@amazon.com aws.amazon.com/compliance

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback