INTRO TO AWS: SECURITY

Similar documents
Getting Started with AWS Security

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

AWS Data Security Security Update

Security & Compliance in the AWS Cloud. Amazon Web Services

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Security by Design Running Compliant workloads in AWS

Hackproof Your Cloud: Preventing 2017 Threats for a New Security Paradigm

Hackproof Your Cloud Responding to 2016 Threats

Network Security & Access Control in AWS

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Understanding Perimeter Security

Getting started with AWS security

CYBER SECURITY WHITEPAPER

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

AWS Agility + Splunk Visibility = Cloud Success. Splunk App for AWS Demo. Laura Ripans, AWS Alliance Manager

Getting started with AWS security

Adopting Modern Practices for Improved Cloud Security. Cox Automotive - Enterprise Risk & Security

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

DevOps Anti-Patterns. Have the Ops team deal with it. Time to fire the Ops team! Let s hire a DevOps unit! COPYRIGHT 2019 MANICODE SECURITY

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

SIEMLESS THREAT DETECTION FOR AWS

Mid-Atlantic CIO Forum

Architecting for Greater Security in AWS

Cloud Security Strategy - Adapt to Changes with Security Automation -

Title: Planning AWS Platform Security Assessment?

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Security. Made Smarter.

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Best Practices in Securing a Multicloud World

Securing Microservices Containerized Security in AWS

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

ASMC National Capital Region Professional Development Institute

Additional Security Services on AWS

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

NEXT GENERATION CLOUD SECURITY

Cloud security 2.0: Joko nyt pilveen voi luottaa?

WORKSHARE SECURITY OVERVIEW

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

Enhanced Threat Detection, Investigation, and Response

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Hardening the Cloud: Assuring Agile Security in High-Growth Environments (Moving from span ports to virtual appliances)

SYMANTEC DATA CENTER SECURITY

SECURITY AND DATA REDUNDANCY. A White Paper

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

Monitoring Serverless Architectures in AWS

Splunk & Amazon Web Services

Operational Logging & Compliance in AWS

AWS Well Architected Framework

AlgoSec. Managing Security at the Speed of Business. AlgoSec.com

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

The Convergence of Security and Compliance. How Next Generation Endpoint Security Manages 5 Core Compliance Controls

The Convergence of Security and Compliance

A company built on security

Microservices on AWS. Matthias Jung, Solutions Architect AWS

FireMon Security manager

security mindfulness dwayne.

AWS Lambda: Event-driven Code in the Cloud

Cisco Tetration Analytics

How to get the Enterprise to Understand the Value of Security

HIPAA Compliance and Auditing in the Public Cloud

locuz.com SOC Services

WITH ACTIVEWATCH EXPERT BACKED, DETECTION AND THREAT RESPONSE BENEFITS HOW THREAT MANAGER WORKS SOLUTION OVERVIEW:

Introduction. Deployment Models. IBM Watson on the IBM Cloud Security Overview

Amazon Web Services. For Government, Education, and Nonprofit Organizations

The Etihad Journey to a Secure Cloud

IAM Recommended Practices

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Security by Default: Enabling Transformation Through Cyber Resilience

Confirmed VPN Privacy Audit and Open Watch Analysis Summary Report and Documentation

Lessons from the Human Immune System Gavin Hill, Director Threat Intelligence

The SD-WAN security guide

Best Practices for PCI DSS Version 3.2 Network Security Compliance

AWS Solutions Architect Associate (SAA-C01) Sample Exam Questions

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

Solution Overview Cisco Tetration Analytics and AlgoSec: Business Application Connectivity Visibility, Policy Enforcement, and Business-Based Risk and

Transform your network and your customer experience. Introducing SD-WAN Concierge

Microservices Architekturen aufbauen, aber wie?

Application Security at Scale

The Evolution of Data Center Security, Risk and Compliance

How can you implement this through a script that a scheduling daemon runs daily on the application servers?

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Data Security and Privacy : Compliance to Stewardship. Jignesh Patel Solution Consultant,Oracle

Unlock the Power of Data

PREPARE & PREVENT. The SD Comprehensive Cybersecurity Portfolio for Business Aviation

Use AWS Config to Monitor License Compliance on Amazon EC2 Dedicated Hosts. April 2016

The Business of Security in the Cloud

Sirius Security Overview

Migrating to the Cloud

Minfy MS Workloads Use Case

Introduction to Cloud Computing

Cloud & DevOps April Big Group. April 24, 2015 Friday 1:30-2:30 p.m. Science Center Hall E

For Australia January 2018

AWS Certifications. Columbus Amazon Web Services Meetup - February 2018

Cloud & AWS Essentials Agenda. Introduction What is the cloud? DevOps approach Basic AWS overview. VPC EC2 and EBS S3 RDS.

Securing Your Cloud Introduction Presentation

How Security Policy Orchestration Extends to Hybrid Cloud Platforms

Transcription:

INTRO TO AWS: SECURITY Rob Whitmore Solutions Architect 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Security is the foundation Familiar security model Validated by security experts Collaboration on Enhancements Every Customer Benefits Physical Security Network Security Platform Security People & Procedures

SECURITY IS SHARED

Build everything on a constantly improving security baseline GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute AWS Global Infrastructure Storage Database Availability Zones Regions Networking Edge Locations AWS is responsible for the security OF the Cloud

Security & compliance is a shared responsibility Customers AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Customer applications & content Platform, Applications, Identity & Access Management Operating System, Network, & Firewall Configuration Client-side Data Encryption Server-side Data Encryption Availability Zones Regions Network Traffic Protection Edge Locations Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud

SECURITY IS FAMILIAR

Security is Familiar We make security at AWS as familiar as what you are doing right now Visibility Auditability Controllability Agility

AWS Marketplace: One-stop shop for familiar tools Advanced Threat Analy/cs Applica/on Security Iden/ty and Access Mgmt Server & Endpoint Protec/on Network Security Encryp/on & Key Mgmt Vulnerability & Pen Tes/ng

SECURITY REQUIRES VISIBILITY

VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT S IN YOUR ENVIRONMENT RIGHT NOW?

Security is Visible Who is accessing the resources? Who took what action? When? From where? What did they do? Logs Logs Logs

AWS CLOUDTRAIL You are making API calls... On a growing set of services around the world AWS CloudTrail is continuously recording API calls And delivering log files to you

Use cases enabled by CloudTrail Security Analysis Track Changes to AWS Resources Troubleshoot Operational Issues Compliance Aid

CloudTrail Regional Availability

SECURITY IS AUDITABLE

AWS Config AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.

AWS Config Changing Resources Recording Continuous Change History Stream AWS Config Snapshot (ex. 2014-11-05)

Use cases enabled by Config Security Analysis: Am I safe? Audit Compliance: Where is the evidence? Change Management: What will this change affect? Troubleshooting: What has changed?

Am I safe? Properly configured resources are critical to security Config enables you to continuously monitor the configurations of your resources and evaluate these configurations for potential security weaknesses

Where is the evidence? Many compliance audits require access to the state of your systems at arbitrary times (i.e. PCI, HIPAA) A complete inventory of all resources and their configuration attributes is available for any point in time

What will this change affect? When your resources are created, updated, or deleted, these configuration changes are streamed to Amazon SNS Relationships between resources are understood, so that you can proactively assess change impact

What changed? It is critical to be able to quickly answer What has changed? You can quickly identifying the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files

SECURITY PROVIDES CONTROL

First class security and compliance starts (but doesn t end!) with encryption Automatic encryption with managed keys Bring your own keys Dedicated hardware security modules

Data Protection Best Practice with AWS Managed key encryption Key storage with AWS CloudHSM Customer-supplied key encryption DIY on Amazon EC2 Create, store, & retrieve keys securely Rotate keys regularly Securely audit access to keys Partner enablement of crypto

AWS Key Management Service A managed service that makes it easy for you to create, control, and use your data protection keys Integrated with AWS SDKs and AWS services including Amazon EBS, Amazon S3, and Amazon Redshift Integrated with AWS CloudTrail to provide auditable logs to help your regulatory and compliance activities

AWS Key Management Service Integrated with AWS IAM Console

AWS Key Management Service Integrated with Amazon EBS

AWS Key Management Service Integrated with Amazon S3

AWS Key Management Service Integrated with Amazon Redshift

SECURITY IS AGILE

HOW DOES AWS PRACTISE SECURITY?

The practice of security at AWS is different, but the outcome is familiar: So what does your security team look like? Operations Engineering Application Security Compliance

Our Culture: Everyone s an owner When the problem is mine rather than hers there s a much higher likelihood I ll do the right thing

Our Culture: Measure constantly, report regularly, and hold senior executives accountable for security have them drive the right culture

Our Culture: Measure measure measure 5 min metrics are too coarse 1 min metrics just barely OK

Our Culture: Saying no is a failure

Our Culture: Apply more effort to the why rather than the how Why is what really matters When something goes wrong, ask the five whys

Our Culture: Decentralise - don t be a bottleneck It s human nature to go around a bottleneck Produce services that others can consume through hardened APIs

Our Culture:

Our Culture: Test, CONSTANTLY Inside/outside Privileged/unprivileged Black-box/white-box Vendor/self

Our Culture: Proactive monitoring rules the day What s normal in your environment? Depending on signatures == waiting to find out WHEN you ve been had

Our Culture: Collect, digest, disseminate, & use intelligence Make your compliance team a part of your security operations

Our Culture: Make your compliance team a part of your security operations

Our Culture: Base decisions on facts, metrics, & detailed understanding of your environment and adversaries

Simple Security Controls Easy to Get Right Easy to Audit Easy to Enforce

To This This

CONSTANT REDUCTION IN SURFACE AREA

CONSTANT REDUCTION IN HUMAN ACCESS POTENTIAL

UBIQUITOUS ENCRYPTION

EVEN MORE GRANULAR SEPARATION

Security is the foundation YOU ARE BETTER OFF IN AWS THAN YOU ARE IN YOUR OWN ENVIRONMENT Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers. -Tom Soderstrom, CTO, NASA JPL Nearly 60% of organizations agreed that CSPs [cloud service providers] provide better security than their own IT organizations. Source: IDC 2013 U.S. Cloud Security Survey, doc #242836, September 2013

More information.. AUDITING SECURITY CHECKLIST SECURITY BEST PRACTICES SECURITY PROCESSES RISK & COMPLIANCE http://aws.amazon.com/security/security-resources/

LONDON

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback