AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Similar documents
Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Amazon Web Services. Block 402, 4 th Floor, Saptagiri Towers, Above Pantaloons, Begumpet Main Road, Hyderabad Telangana India

AWS Well Architected Framework

AWS Solution Architect Associate

Training on Amazon AWS Cloud Computing. Course Content

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Getting Started with AWS Security

Security & Compliance in the AWS Cloud. Amazon Web Services

High School Technology Services myhsts.org Certification Courses

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Security by Design Running Compliant workloads in AWS

Amazon Web Services Training. Training Topics:

Cloud security 2.0: Joko nyt pilveen voi luottaa?

INTRO TO AWS: SECURITY

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Amazon Web Services (AWS) Training Course Content

Cloud Computing /AWS Course Content

Certificate of Registration

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Architecting for Greater Security in AWS

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

AWS Course Syllabus. Linux Fundamentals. Installation and Initialization:

8/3/17. Encryption and Decryption centralized Single point of contact First line of defense. Bishop

Introduction to Cloud Computing

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

LINUX, WINDOWS(MCSE),

Security Camp 2016 Cloud Security. August 18, 2016

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

AWS 101. Patrick Pierson, IonChannel

At Course Completion Prepares you as per certification requirements for AWS Developer Associate.

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Werden Sie ein Teil von Internet der Dinge auf AWS. AWS Enterprise Summit 2015 Dr. Markus Schmidberger -

Amazon Linux: Operating System of the Cloud

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

AWS Data Security Security Update

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Title: Planning AWS Platform Security Assessment?

Hackproof Your Cloud Responding to 2016 Threats

Network Security & Access Control in AWS

Layer Security White Paper

AWS Solutions Architect Exam Tips

ARCHITECTING WEB APPLICATIONS FOR THE CLOUD: DESIGN PRINCIPLES AND PRACTICAL GUIDANCE FOR AWS

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Twilio cloud communications SECURITY

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

CogniFit Technical Security Details

ActiveNET. #202, Manjeera Plaza, Opp: Aditya Park Inn, Ameerpetet HYD

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

About Intellipaat. About the Course. Why Take This Course?

CYBER SECURITY WHITEPAPER

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Databricks Enterprise Security Guide

Understanding Perimeter Security

Introduction: Is Amazon Web Service (AWS) cloud supports best cost effective & high performance modern disaster recovery.

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

AWS Administration. Suggested Pre-requisites Basic IT Knowledge

AWS Networking Fundamentals

Cloud Security Strategy - Adapt to Changes with Security Automation -

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

SAA-C01. AWS Solutions Architect Associate. Exam Summary Syllabus Questions

Introduction to AWS GoldBase

Cloud Computing. Amazon Web Services (AWS)

Amazon AWS-Solution-Architect-Associate Exam

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

ASD CERTIFICATION REPORT

Microservices on AWS. Matthias Jung, Solutions Architect AWS

TECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA

Building a Self-Defending Border. Shane Baldacchino, Solutions Architect, AWS Marcus Santos, Solutions Architect, AWS

Standardized Architecture for PCI DSS on the AWS Cloud

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Overview of AWS Security - Database Services

Pass4test Certification IT garanti, The Easy Way!

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Deliver High- quality Streaming Media Globally with AWS and Wowza

CLOUD AND AWS TECHNICAL ESSENTIALS PLUS

2013 AWS Worldwide Public Sector Summit Washington, D.C.

Confluence Data Center on the AWS Cloud

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

AWS Security Best Practices

Better, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services

ALIENVAULT USM FOR AWS SOLUTION GUIDE

Cloud Computing: Is it safe for you and your customers? Alex Hernandez DefenseStorm

The Orion Papers. AWS Solutions Architect (Associate) Exam Course Manual. Enter

NGF0502 AWS Student Slides

AWS_SOA-C00 Exam. Volume: 758 Questions

Oracle WebLogic Server 12c on AWS. December 2018

OptiSol FinTech Platforms

IAM Recommended Practices

Getting started with AWS security

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

AWS Storage Gateway. Amazon S3. Amazon EFS. Amazon Glacier. Amazon EBS. Amazon EC2 Instance. storage. File Block Object. Hybrid integrated.

25 Best Practice Tips for architecting Amazon VPC

Building a More Secure Cloud Architecture

SIEMLESS THREAT DETECTION FOR AWS

Transcription:

AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

Different customer viewpoints on security CEO protect shareholder value CI{S}O preserve the confidentiality, integrity and availability of data PR exec keep out of the news

Security is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload PHYSICAL SECURITY NETWORK SECURITY PLATFORM SECURITY PEOPLE & PROCEDURES

SECURITY IS SHARED

WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE

WHAT WE DO WHAT YOU HAVE TO DO

SOC CONTROL OBJECTIVES 1. SECURITY ORGANIZATION 2. AMAZON USER ACCESS 3. LOGICAL SECURITY 4. SECURE DATA HANDLING 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS 6. CHANGE MANAGEMENT 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY 8. INCIDENT HANDLING

YOUR DATA IS YOUR MOST IMPORTANT ASSET IF YOUR DATA IS NOT SECURE, YOU RE NOT SECURE

CHANGES IN PRODUCTION HAVE TO BE AUTHORIZED

DEPLOYMENT PROCESS HAS TO BE CONSTRAINED

NETWORK SECURITY

GAME DAYS INSERT ARTIFICIAL SECURITY INCIDENTS. MEASURE SPEED OF DETECTION AND EXECUTION.

EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES CHOOSE WHAT S RIGHT FOR YOUR BUSINESS

Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers Tom Soderstrom CTO NASA JPL

AWS SECURITY OFFERS MORE VISIBILITY AUDITABILITY CONTROL

MORE VISIBILITY

CAN YOU MAP YOUR NETWORK? WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?

TRUSTED ADVISOR

MORE AUDITABILITY

INTRODUCING AWS CLOUDTRAIL

You are making API calls... On a growing set of services around the world CloudTrail is continuously recording API calls And delivering log files to you

Security Analysis Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns. Track Changes to AWS Resources Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot Operational Issues Quickly identify the most recent changes made to resources in your environment. Compliance Aid Easier to demonstrate compliance with internal policies and regulatory standards.

CloudTrail records API calls and delivers a log file to your S3 bucket. Typically, delivers an event within 15 minutes of the API call. Log files are delivered approximately every 5 minutes. Multiple partners offer integrated solutions to analyze log files.

LOGS OBTAINED, RETAINED, ANALYZED

PROTECT YOUR LOGS WITH IAM ARCHIVE YOUR LOGS

VULNERABILITY & PENETRATION TESTING

VULNERABILITY & PENETRATION TESTING

MORE CONTROL

Defense in Depth Multi level security Physical security of the data centers Network security System security Data security

AWS Security Delivers More Control & Granularity Customize the implementation based on your business needs AWS IAM Amazon VPC AWS Storage Gateway AWS Direct Connect AWS CloudHSM Defense in depth Rapid scale for security Automated checks with AWS Trusted Advisor Fine grained access controls Server side encryption Multi-factor authentication Dedicated instances Direct connection, Storage Gateway HSM-based key storage

AWS STAFF ACCESS Staff vetting Staff has no logical access to customer instances Staff control-plane access limited & monitored Bastion hosts, Least privileged model, Zoned data center access Business needs Separate PAMS

MORE CONTROL ON IDENTITY & ACCESS

LEAST PRIVILEGE PRINCIPLE CONFINE ROLES ONLY TO THE MATERIAL REQUIRED TO DO A SPECIFIC WORK

USE AWS IAM IDENTITY & ACCESS MANAGEMENT

CONTROL WHO CAN DO WHAT IN YOUR AWS ACCOUNT

AWS IAM: Recent Innovations Securely control access to AWS services and resources Delegation Roles for Amazon EC2 Cross-account access Powerful integrated permissions Resource level permissions: Amazon EC2, Amazon RDS, Amazon DynamoDB, AWS CloudFormation Access control policy variables Policy Simulator Enhanced IAM support: Amazon SWF, Amazon EMR, AWS Storage Gateway, AWS CloudFormation, Amazon Redshift, Elastic Beanstalk Federation Web Identity Federation AD and Shibboleth examples Partner integrations Case study: Expedia Strong authentication MFA-protected API access Password policies Enhanced documentation and videos

ACCESS TO SERVICE APIs

Amazon DynamoDB Fine Grained Access Control Directly and securely access application data in Amazon DynamoDB Specify access permissions at table, item and attribute levels With Web Identity Federation, completely remove the need for proxy servers to perform authorization

MORE CONTROL ON YOUR DATA

MFA DELETE PROTECTION

YOUR DATA STAYS WHERE YOU PUT IT

REDUNDANCY & INTEGRITY CHECKS

USE MULTIPLE AZs AMAZON S3 AMAZON DYNAMODB AMAZON RDS MULTI-AZ AMAZON EBS SNAPSHOTS

DATA ENCRYPTION CHOOSE WHAT S RIGHT FOR YOU: Automated AWS manages encryption Enabled user manages encryption using AWS Client-side user manages encryption using their own mean

AWS CloudHSM Managed and monitored by AWS, but you control the keys AWS CloudHSM Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection AWS CloudHSM EC2 Instance

ENCRYPT YOUR DATA AWS CLOUDHSM AMAZON S3 SSE AMAZON GLACIER AMAZON REDSHIFT AMAZON RDS

Axway, Cloud and Security David FIGINI, VP Cloud Managed Services EMEA 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

Governing the flow of data 11,000 customers 100 countries 332,5M revenue in 2013 1,700+ employees HQ in Phoenix, AZ USA Offices in 19 countries DATA FLOW GOVERNANCE

Axway Cloud and AWS Start Quickly Everywhere No initial cost Pay per use Scale up and down No commitment Repeatable Reliable Secure VPC (Virtual Private Cloud) Privatization for Cloud components. Data centers (zones) - Tier IV and compliant with all major third-party certifications. Storage 99.999999999 durability Database Multizone configuration Elastic Load Balancers Zone independence VPN AWS Direct Connect provides dedicated private networking for increased bandwidth and reliability. EC2 Instances Elastic computing Cloud Formation Reliable delivery from Web Services Applications Designed for no single points of failure and nonrepudiation. All services are monitored through a centralized location utilizing, SES, SNS, Cloud Watch, Nagios, etc.

Axway Cloud threat mitigation Architecture and Datacenter Vulnerabilities Service Platform Availability Information Confidentiality and Integrity Loss Decrease in Functional Performance Human Activities Very High Availability OS Patch management Data loss and confidentiality Human activity Multi AZ Auto-Scaling groups Solution deployed by Axway Data encryption at rest and for communications Backup policy based on snapshots Access to environments is centralized and all activity is tracked Real time monitoring Security and monitoring tools (Ossec, syslog, Nagios, CloudWatch, ) Splunk to receive, process and present security events

Axway Cloud security architecture Solution Management VPC peering AZ #1 Access Control Acc ess AZ #2 Elastic Load Balancing Auto Scaling group Axway workforce Axway data center VPN Supervision Monitoring & Security tools Monitoring & Security data Solution Amazon Route 53 VPC peering AZ #1 Elastic Load Balancing AZ #2 CloudWatch CloudTrail Amazon SES Auto Scaling group SOC1 Type 2 certification achieved in March ISO27001 Beginning of 2015

Takeaways from Axway Axway governs the flow of data in the Cloud Axway Cloud is based on a strong AWS partnership Security = AWS + Axway + Processes+ People

Merci! Axway, Cloud and Security David FIGINI, VP Cloud Managed Services EMEA 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

MORE AUDITABILITY MORE VISIBILITY MORE CONTROL

Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers Tom Soderstrom CTO NASA JPL

AWS.AMAZON.COM / SECURITY

AWS SECURITY WHITEPAPERS AUDITING SECURITY CHECKLIST SECURITY BEST PRACTICES SECURITY PROCESSES RISK & COMPLIANCE

AWS MARKETPLACE SECURITY SOLUTIONS

Merci! AWS Security Stephen E. Schmidt, Directeur de la Sécurité 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback