Getting started with AWS security

Similar documents
Getting started with AWS security

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security & Compliance in the AWS Cloud. Amazon Web Services

Getting Started with AWS Security

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Expected Learning Outcomes Introduction To AWS

Title: Planning AWS Platform Security Assessment?

Additional Security Services on AWS

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

AWS Well Architected Framework

AWS Data Security Security Update

Network Security & Access Control in AWS

Architecting for Greater Security in AWS

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cloud Transformation and Significance of Security

Amazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Securing Microservices Containerized Security in AWS

Better, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security

DocAve Online 3. Release Notes

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Cloud and Storage. Transforming IT with AWS and Zadara. Doug Cliche, Storage Solutions Architect June 5, 2018

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Security by Design Running Compliant workloads in AWS

Standardized Architecture for PCI DSS on the AWS Cloud

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Amazon Web Services and Feb 28 outage. Overview presented by Divya

Training on Amazon AWS Cloud Computing. Course Content

Hackproof Your Cloud Responding to 2016 Threats

Netflix OSS Spinnaker on the AWS Cloud

Enhanced Threat Detection, Investigation, and Response

AWS 101. Patrick Pierson, IonChannel

Joakim Stolpe AWS Nordics

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Mid-Atlantic CIO Forum

AWS Reference Design Document

Certificate of Registration

Advanced Techniques for DDoS Mitigation and Web Application Defense

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect

Deep Freeze Cloud. Architecture and Security Overview

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

MarkLogic Cloud Service Pricing & Billing Effective: October 1, 2018

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

Introduction to Cloud Computing

Introduction to Amazon Cloud & EC2 Overview

CogniFit Technical Security Details

LINUX, WINDOWS(MCSE),

DevOps Tooling from AWS

Cloud Security Strategy - Adapt to Changes with Security Automation -

Amazon Web Services Training. Training Topics:

TECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Security, compliance and GDPR and Google Cloud

NEXT GENERATION CLOUD SECURITY

INTRO TO AWS: SECURITY

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

VMware Cloud on AWS Adoption in the Enterprise

Srinath Vaddepally.

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

CYBER SECURITY WHITEPAPER

Azure Everywhere. Brandon Murray, Cami Williams, David Haver, Kevin Carter, Russ Henderson

CLOUD WORKLOAD SECURITY

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

AWS Integration Guide

OptiSol FinTech Platforms

Splunk & AWS. Gain real-time insights from your data at scale. Ray Zhu Product Manager, AWS Elias Haddad Product Manager, Splunk

About Intellipaat. About the Course. Why Take This Course?

Security Camp 2016 Cloud Security. August 18, 2016

2013 AWS Worldwide Public Sector Summit Washington, D.C.

AWS Direct Connect Deep Dive

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

Simple Security for Startups. Mark Bate, AWS Solutions Architect

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Information Security Policy

Microservices on AWS. Matthias Jung, Solutions Architect AWS

Standardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud

Securing Your Amazon Web Services Virtual Networks

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Vom Server bis zum WorkSpace: Windows Anwendungen auf AWS

AWS Security Hub. User Guide

Analytics"in"the"Cloud"from"AWS

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Transcription:

Getting started with AWS security Take a prescriptive approach Stella Lee Manager, Enterprise Business Development

$ 2 0 B + R E V E N U E R U N R A T E (Annualized from Q4 2017) 4 5 % Y / Y G R O W T H (Q4 2017 vs Q4 2016)

M I L L I O N S O F A C T I V E C U S T O M E R S 2008 2009 2010 2011 2012 2013 2014 2015 2016 TODAY

G A R T N E R M A G I C Q U A D R A N T F O R C L O U D I N F R A S T R U C T U R E A S A S E R V I C E, W O R L D W I D E

S TAT E O F T H E C L O U D 3.0 % 0. 9 % 2. 3 % 1.0% 44.1% 7.7% 0. 7 % 1. 4 % 2.2 % 0. 5 %

Amazon Innovation Amazon Kindle Reader Revolutionizing the reading experience Amazon Fresh Grocery Delivery Amazon Go Advanced Shopping Amazon Studios Revolutionizing Music and Film

Why is enterprise security traditionally hard? Lack of visibility Low degree of automation

Move Fast AND Stay Secure

Making life easier Choosing security does not mean giving up on convenience or introducing complexity

Take a prescriptive approach to security Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions

Understand how AWS practices security

SECURITY IS JOB ZERO

Security ownership is part of Amazon s DNA Distributed Embedded Promotes culture of everyone is an owner for security Makes security a stakeholder in business success Enables easier and smoother communication Automate functions to reduce human access to near-zero

Moving to AWS can strengthen your security posture Over 30 global compliance certifications and accreditations Security infrastructure built to satisfy global banks and other high-sensitivity organizations Get native security functionality and tools Benefit from AWS industry leading security teams 24/7 Leverage security enhancements gleaned from 1M+ customer experiences

Build On Strong Compliance Foundations

Get independent assurance from different sources GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

Customers Customers control their own security policy Customer applications & content Platform, Applications, Identity & Access Management EC2 Operating System, Network, & Firewall Configuration Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Customers have their choice of security configurations IN the Cloud AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

Integrate Identity and Access Management

Control access with AWS Identity and Access Management IAM Users IAM Groups IAM Roles IAM Policies Granular access control for least privileges Manage hierarchies of AWS Accounts with AWS Organizations Federate with your existing directory services Role-based access and segregation of duties Achieve just-in-time access using automation Create rich mobile applications without giving end-users long-term access keys

Enable Detective Controls

AWS CloudTrail informs you of activity and Amazon CloudWatch alerts you when alarms go off AWS CloudTrail Amazon CloudWatch Enable Globally for All AWS Regions Encryption and Integrity Validation of Log Files Archive and Forward Read by every industry-standard logging and SIEM platform Amazon CloudWatch Logs Metrics and Filters Alarms and Notifications Trigger automated actions Integrate with your existing ticketing systems

Establish Data Locality and Network Security

AWS Global Infrastructure 18 Regions 54 Availability Zones 113 Edge Locations Region & Number of Availability Zones AWS GovCloud (3) EU Ireland (3) US West Frankfurt (2) Oregon (3) London (2) Northern California (3) Paris (3) Each region has at least two Availability Zones Availability Zone A Availability Zone C Availability Zone B US East Asia Pacific N. Virginia (6), Ohio (3) Singapore (2) Sydney (3) Canada Tokyo (4), Osaka (1)* Central (2) Seoul (2) Mumbai (2) South America São Paulo (3) China, Announced Regions Beijing (2) Ningxia(2) Stockholm, HK, Bahrain, GovCloud(US-East)

You are in full control of privacy Customers retain full ownership and control of their content Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content, it s lifecycle and disposal We publish GDPR resources on our website to help you meet your own compliance

Build your own isolated infrastructure with Amazon VPC Amazon Virtual Private Cloud comes with granular security controls Customer Premises 10.10.1.0/24 10.20.1.0/24 VPC fully supports IPv6 10.20.30.0/24 10.20.0.0/16

0.0.0.0/0 Internet access is always optional Everything not destined for my VPC goes to the Internet via the NAT Gateway 0.0.0.0/0 Public IP: 54.2.0.12 Destination Target Status 10.10.1.0/24 10.10.2.0/24 NAT Gateway 10.10.0.0/16 local Active 0.0.0.0/0 NAT-Gateway ID012471 Active

VPC Flow Logs give you network insight Agentless From full VPC logging to a single NIC Logged to Amazon CloudWatch Logs so you can create alarms when metrics are breached Create your own network dashboards Interface Source IP Source port Protocol Packets AWS account Accept or reject Destination IP Destination port Bytes Start/end time

Block layer 7 attacks with AWS WAF Now includes REGEX filtering! Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning

Block DDoS attacks with AWS Shield Advanced mitigation techniques Deterministic filtering Traffic prioritization based on scoring Advanced routing policies

Implement Data Protection

AWS helps you encrypt everything, everywhere AWS KMS Deep integration with AWS Services to make encryption simple Undergoing FIPS 140-2 validation Log and audit access with CloudTrail AWS SDK for easy integration Import your own encryption keys Amazon CloudHSM Cloud-based Hardware Security Modules (HSMs) FIPS 140-2 Level 3 validated Integrate with on-premises HSMs Industry standard cryptographic APIs

Make every website HTTPS with Amazon Certificate Manager Everyone is moving to HTTPs so make it easy for yourself and remove the manual process Easily provision, manage and deploy TLS/SSL certificates to AWS Supports API Gateway, Cloudfront CDN and Elastic Load Balancer AWS Certificate Manager handles certificate renewals for you Provisioned certificates are free

Amazon Macie will classify and track your data MACHINE LEARNING SERVICE TO HELP CUSTOMERS PREVENT DATA LOSS IN AWS

When access to data changes, Macie will tell you PII and PHI Static website content Source code SSL certificates, private keys ios and Android app signing keys Database backups OAuth and Cloud SAAS API Keys

Optimize Change Management

AWS Config tracks changes to your resources and Config Rules assesses them against security policy AWS Config Config Rules Record configuration changes continuously Time-series view of resource changes Archive and compare Assess changes against your security policy Enforce best practices Automatically roll back unwanted changes Trigger additional workflow

Automate Security Functions

Trusted Advisor automates governance Remember when reports were done manually? AWS Trusted Advisor

AWS CloudFormation automates infrastructure as code AWS CloudFormation Template Stack Orchestrate changes across AWS Services Use as foundation to Service Catalog products Use with source code repositories to manage infrastructure changes JSON-based text file describing infrastructure Resources created from a template can be updated Updates can be restricted

You can evolve the practice of security architecture Security architecture should not be a separate function! Current Security Architecture Practice Static position papers, architecture diagrams, and documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes

Your architecture defines your operations Security becomes a core part of the maker team Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Jenkins

A prescriptive approach to cloud security get started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions

Thank You!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback