Architecting for Greater Security in AWS

Similar documents
Getting Started with AWS Security

AWS Well Architected Framework

AWS Solution Architect Associate

Security & Compliance in the AWS Cloud. Amazon Web Services

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Amazon Web Services (AWS) Training Course Content

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

Amazon Web Services Training. Training Topics:

Mid-Atlantic CIO Forum

About Intellipaat. About the Course. Why Take This Course?

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Cloud Computing /AWS Course Content

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Getting started with AWS security

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Securing Microservices Containerized Security in AWS

Certificate of Registration

Training on Amazon AWS Cloud Computing. Course Content

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

Microservices on AWS. Matthias Jung, Solutions Architect AWS

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

AWS 101. Patrick Pierson, IonChannel

LINUX, WINDOWS(MCSE),

Amazon Linux: Operating System of the Cloud

Network Security & Access Control in AWS

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

Introduction to Cloud Computing

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Security Camp 2016 Cloud Security. August 18, 2016

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Getting started with AWS security

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Cloud Computing. Amazon Web Services (AWS)

Hackproof Your Cloud Responding to 2016 Threats

AWS Data Security Security Update

Standardized Architecture for PCI DSS on the AWS Cloud

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Get the Most Out of GoAnywhere: Achieving Cloud File Transfers and Integrations

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

AWS Integration Guide

Introduction to AWS GoldBase

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Architecting Microsoft Azure Solutions (proposed exam 535)

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

NGF0502 AWS Student Slides

ALIENVAULT USM FOR AWS SOLUTION GUIDE

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

CPM. Quick Start Guide V2.4.0

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

Deep Dive on AWS CodeStar

Security by Design Running Compliant workloads in AWS

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Pass4test Certification IT garanti, The Easy Way!

NEXT GENERATION CLOUD SECURITY

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Cloud Security Strategy - Adapt to Changes with Security Automation -

Benefits of Extending your Datacenters with Amazon Web Services

AWS Solutions Architect Exam Tips

Microservices Architekturen aufbauen, aber wie?

CogniFit Technical Security Details

Developing Microsoft Azure Solutions (70-532) Syllabus

CyberPosture Intelligence for Your Hybrid Infrastructure

Oracle WebLogic Server 12c on AWS. December 2018

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

High School Technology Services myhsts.org Certification Courses

CASE STUDY Application Migration and optimization on AWS

25 Best Practice Tips for architecting Amazon VPC

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security

Expected Learning Outcomes Introduction To AWS

Launching a Highly-regulated Startup in the Cloud

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

Securely Access Services Over AWS PrivateLink. January 2019

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

Overview of AWS Security - Database Services

Using SQL Server on Amazon Web Services

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Automating Elasticity. March 2018

AWS Landing Zone. AWS User Guide. November 2018

Standardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud

Vom Server bis zum WorkSpace: Windows Anwendungen auf AWS

SPANNING BACKUP for Salesforce. Customer Managed Encryption Keys

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

SIEMLESS THREAT DETECTION FOR AWS

AWS Certified Solutions Architect - Associate 2018 (SAA-001)

Deep Dive on Amazon Relational Database Service

HashiCorp Vault on the AWS Cloud

Amazon Web Services Course Outline

Title: Planning AWS Platform Security Assessment?

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Transcription:

Architecting for Greater Security in AWS Jonathan Desrocher Security Solutions Architect, Amazon Web Services. Guy Tzur Director of Ops, Totango. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

1) Why does security come first in cloud adoption? AWS Job Zero New Territory IT Security is Traditionally Hard

2) Why is security traditionally so hard? So much planning Slows down feature flow

3) Why so much planning which takes so long? So many processes So many hand-offs Built-in pauses

4) Why so many processes? Processes detect unwanted change Visibility, control and quality are essential Reduce impact of failure

5) Why are change detection and low-risk changes so difficult? Lack of visibility No stimulus+response Low degree of automation

So where does AWS come in? AWS makes security faster Lets you move fast but stay safe

1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)

1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)

1) Secure, Sensible Defaults - Network Virtual Private Cloud DirectConnect & Virtual Private Gateway Routing control private and public subnets IAM policies limit who can launch instances by trust zone Security Groups

2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

Totango And Dome9 Success Story Guy Tzur Director of OPS @ Totango 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

About Totango A Customer Success platform What is Customer Success? A SaaS solution thatprovides analytics for Saas companies About 150 Customers

Totango s Architecture In the Past Firewall totango.js Online Account Index Historical Account Index Online User Index Integration Hub SalesForce Connector Data Gateway Realtime Processor Batch Processor Application DB Batch Orchestrator API Gateway

Then Came The Microservices Firewall User Authentication Account Updater Campaigns Task Manager Mailer totango.js Integration Hub SalesForce Connector Data Gateway Configuration management Service discovery Demo Manager Totango Watchdog Online Account Index Realtime Processor Batch Processor Historical Account Index Application DB Online User Index Batch Orchestrator API Gateway Digest

The Problem P: Service creation/removal becomes a daily proces s heavy load on OPS team S: OPS team enables automated service creation (p owered by AWS CLI, Fabric and Chef) That leads to a bigger problem

The Problem!!! Configuration mistakes can lead to severe sec urity risks. What happens if a service created is unsecured to the internet?

What is Dome9 Security Visualization, Monitoring and Management for AWS Agentless;; SaaS;; Security focused UI;; Made in Israel

The solution by Dome9 Simplified Security State Visualization Unified Security UI for multiple AWS accounts Developer logins for self-service dynamic access Continues Alerting and Monitoring Alert when Instance tagged PROD has RDP/SSH open to new external IPs Alert and Revert network changes, that are NOT done through Dome9 UI Alert and Revert changes to non-active AWS regions

Summery

3) Inherit compliance and controls Map AWS certifications into your enterprise GRC Recognized industry audit standards Jurisdiction Regulatory and contractual options (FedRAMP, HIPAA Business Associate Addendum, EU DPD Data Protection Addendum, PCI Attestation of Compliance)

4) Ride the pace of innovation Find projects in your 3-year strategy where we are innovating and let us do it Most companies do not encrypt content internally Encryption is built into EBS, S3, RDS, Redshift, Glacier, Elastic MapReduce, and more Key Management Service give you more control and visibility at cloud scale We launched ~190 security-related features last year

5) Much Smaller Batch, Faster Changes CloudFormation Infrastructure as code, checked into source code control Route53 or ELB cutover in deployments Elastic Beanstalk application versions Integrate teams across functions - less hand-offs between teams, but far greater awareness and control of lower-risk changes

JSON Template Stack Stack Stack

Version Control Replicate Dev Regions Test Standardization Demos Staging Service Catalog Prod

6) Reduce the impact of failure Multi-Availability Zone deployments Use multiple regions Replicate data S3, EBS, RDS Lifecycle policies Auto-scaling Auto-recovery

7) Further improve automation Access and deployments are no longer performed by people EC2 Instance Profiles and service roles (Security Token Service) AWS CodeDeploy Amazon EC2 Container Service Continuous Integration & Deployment Extends to on-premises workloads

CodeDeploy package specification Amazon EC2 Container Service Task Definition

Automate security operations - Secret and configuration management. - Test backup and restore - Perform intrusion detection on launch/retire - Validate running deployments against expectations and human approvals On success: retire instance. On failure: call a human.

8) Make security actionable Review what matters - Internet Gateway - Identity and Access Management - VPC Subnet and NACL changes - Security Groups Shut things down automatically Assess what changes Roll-back automatically Use Lambda for event-driven security

Benefits of IT Security on AWS Higher degree of visibility, transparency and accountability (secure and can prove it) Higher degree of trust and autonomy Significant reductions in long-term, privileged access Focus a greater portion of limited security resources toward application security Have a much higher rate of successful change and changes are delivered more quickly

Thank you!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback