Getting started with AWS security

Similar documents
Getting started with AWS security

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Getting Started with AWS Security

Security & Compliance in the AWS Cloud. Amazon Web Services

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Security Aspekts on Services for Serverless Architectures. Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

AWS Data Security Security Update

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Title: Planning AWS Platform Security Assessment?

Expected Learning Outcomes Introduction To AWS

Compliance and Security in a Cloud-First Era

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

Additional Security Services on AWS

AWS Well Architected Framework

BERLIN. 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Architecting for Greater Security in AWS

Network Security & Access Control in AWS

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Amazon Web Services. Foundational Services for Research Computing. April Mike Kuentz, WWPS Solutions Architect

Cloud Transformation and Significance of Security

Securing Microservices Containerized Security in AWS

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Better, Faster, Stronger web apps with Amazon Web Services. Senior Technology Evangelist, Amazon Web Services

Standardized Architecture for NIST High-Impact Controls on the AWS Cloud Featuring Trend Micro Deep Security

Hackproof Your Cloud Responding to 2016 Threats

Introduction to AWS GoldBase. A Solution to Automate Security, Compliance, and Governance in AWS

Enroll Now to Take online Course Contact: Demo video By Chandra sir

Standardized Architecture for PCI DSS on the AWS Cloud

AWS Security Overview. Bill Shinn Principal Security Solutions Architect

Scaling on AWS. From 1 to 10 Million Users. Matthias Jung, Solutions Architect

Netflix OSS Spinnaker on the AWS Cloud

Cloud and Storage. Transforming IT with AWS and Zadara. Doug Cliche, Storage Solutions Architect June 5, 2018

Enhanced Threat Detection, Investigation, and Response

Deep Freeze Cloud. Architecture and Security Overview

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Advanced Techniques for DDoS Mitigation and Web Application Defense

Security by Design Running Compliant workloads in AWS

Amazon Web Services and Feb 28 outage. Overview presented by Divya

DocAve Online 3. Release Notes

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

What s New at AWS? looking at just a few new things for Enterprise. Philipp Behre, Enterprise Solutions Architect, Amazon Web Services

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Protecting Your Data in AWS. 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Aspirin as a Service: Using the Cloud to Cure Security Headaches

Introduction to Amazon Cloud & EC2 Overview

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

Training on Amazon AWS Cloud Computing. Course Content

Are You Sure Your AWS Cloud Is Secure? Alan Williamson Solution Architect at TriNimbus

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Joakim Stolpe AWS Nordics

Amazon Web Services Training. Training Topics:

Amazon Web Services 101 April 17 th, 2014 Joel Williams Solutions Architect. Amazon.com, Inc. and its affiliates. All rights reserved.

Amazon Web Services (AWS) Solutions Architect Intermediate Level Course Content

What s New at AWS? A selection of some new stuff. Constantin Gonzalez, Principal Solutions Architect, Amazon Web Services

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

Simple Security for Startups. Mark Bate, AWS Solutions Architect

Certificate of Registration

MarkLogic Cloud Service Pricing & Billing Effective: October 1, 2018

AWS 101. Patrick Pierson, IonChannel

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Cloud security 2.0: Joko nyt pilveen voi luottaa?

Mid-Atlantic CIO Forum

AWS Reference Design Document

Introduction to Cloud Computing

Grischa Baelden AWS Public Sector Account Manager, DACH. Brendan Bouffler. Worldwide Research and Technical Computing Lead

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Security, compliance and GDPR and Google Cloud

Certificate Certificate number:

CogniFit Technical Security Details

INTRO TO AWS: SECURITY

HPE Digital Learner AWS Certified SysOps Administrator (Intermediate) Content Pack

TECHNICAL WORKBOOK. PCI Compliance in the AWS Cloud A NITIAN. Report Date: October 17, Jordan Wiseman, QSA

WHITEPAPER AMAZON ELB: Your Master Key to a Secure, Cost-Efficient and Scalable Cloud.

Look Who s Hiring! AWS Solution Architect AWS Cloud TAM

Certificate. Certificate number: Certified by EY CertifyPoint since: February 28, 2017

Introduction to Amazon Cloud & EC2 Overview

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

What to expect from the session Technical recap VMware Cloud on AWS {Sample} Integration use case Services introduction & solution designs Solution su

Certificate. Certificate number: Certified by EY CertifyPoint since: November 20, 2015

Cloud Security Strategy - Adapt to Changes with Security Automation -

VMware Cloud on AWS Adoption in the Enterprise

AWS Networking Fundamentals

LINUX, WINDOWS(MCSE),

NEXT GENERATION CLOUD SECURITY

Designing Fault-Tolerant Applications

Building a Modular and Scalable Virtual Network Architecture with Amazon VPC

Securely Access Services Over AWS PrivateLink. January 2019

Cloud Computing /AWS Course Content

AWS Landing Zone. AWS User Guide. November 2018

AWS Direct Connect Deep Dive

We are ready to serve Latest IT Trends, Are you ready to learn? New Batches Info

AWS Integration Guide

Amazon Web Services (AWS) Training Course Content

Video on Demand on AWS

Standardized Architecture for NIST-based Assurance Frameworks in the AWS Cloud

Completing your AWS Cloud SECURING YOUR AMAZON WEB SERVICES ENVIRONMENT

AWS Solution Architect Associate

Creating Your Virtual Data Center

Transcription:

Getting started with AWS security Take a prescriptive approach Stephen Quigg Principal Security Solutions Architect 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Why is enterprise security traditionally hard? Lack of visibility Low degree of automation

Move Fast AND Stay Secure

Making life easier Choosing security does not mean giving up on convenience or introducing complexity

Take a prescriptive approach to security Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions

Understand how AWS practices security

SECURITY IS JOB ZERO

Security ownership is part of Amaon s DNA Distributed Embedded Promotes culture of everyone is an owner for security Makes security a stakeholder in business success Enables easier and smoother communication Automate functions to reduce human access to near-zero

Moving to AWS can strengthen your security posture Over 30 global compliance certifications and accreditations Security infrastructure built to satisfy global banks and other high-sensitivity organizations Get native security functionality and tools Benefit from AWS industry leading security teams 24/7 Leverage security enhancements gleaned from 1M+ customer experiences

Build On Strong Compliance Foundations

Get independent assurance from differnet sources GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Availability Zones Regions Edge Locations AWS is responsible for the security OF the Cloud

Customers control their own security policy Customers Client-side Data Encryption AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Customer applications & content Platform, Applications, Identity & Access Management EC2 Operating System, Network, & Firewall Configuration Server-side Data Encryption Availability Zones Regions Network Traffic Protection Edge Locations Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud

Integrate Identity and Access Management

Control access with AWS Identity and Access Management IAM Users IAM Groups IAM Roles IAM Policies Granular access control for least privileges Manage hierarchies of AWS Accounts with AWS Organizations Federate with your existing directory services Role-based access and segregation of duties Achieve just-in-time access using automation Create rich mobile applications without giving end-users long-term access keys

Enable Detective Controls

AWS CloudTrail informs you of activity and Amazon CloudWatch alerts you when alarms go off AWS CloudTrail Amazon CloudWatch Enable Globally for All AWS Regions Encryption and Integrity Validation of Log Files Archive and Forward Read by every industry-standard logging and SIEM platform Amazon CloudWatch Logs Metrics and Filters Alarms and Notifications Trigger automated actions Integrate with your existing ticketing systems

Establish Data Locality and Network Security

AWS Global Infrastructure 16 Regions 42 Availability Zones 74 Edge Locations Each region has at least two Availability Zones Availability Zone A Availability Zone C Availability Zone B Region & Number of Availability Zones AWS GovCloud (2) EU Ireland (3) US West Frankfurt (2) Oregon (3) London (2) Northern California (3) Asia Pacific US East Singapore (2) N. Virginia (5), Ohio (3) Canada Central (2) South America São Paulo (3) Announced Regions Paris, Ningxia, Stockholm Sydney (3), Tokyo (3), Seoul (2), Mumbai (2) China Beijing (2)

AWS Regions in Europe EU (Ireland) Region EU (Frankfurt) Region EC2 Availability Zones: 3 EC2 Availability Zones: 2 EU (London) Region EU (Paris) Region EC2 Availability Zones: 2 Announced launching 2017 EU (Stockholm) Region Announced launching 2018 AWS Edge Locations for CloudFront CDN and Route53 DNS Amsterdam, The Netherlands (2); Berlin, Germany; Dublin, Ireland; Frankfurt, Germany (5); London, England (4); Madrid, Spain; Marseille, France; Milan, Italy; Munich, Germany; Paris, France (2); Prague, Czech Republic; Stockholm, Sweden; Vienna, Austria; Warsaw, Poland; Zurich, Switzerland

You are in full control of privacy Customers retain full ownership and control of their content Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content, it s lifecycle and disposal We publish GDPR resources on our website to help you meet your own compliance

Build your own isolated infrastructure with Amazon VPC Amazon Virtual Private Cloud comes with granular security controls Customer Premises 10.10.1.0/24 10.20.1.0/24 VPC fully supports IPv6 10.20.30.0/24 10.20.0.0/16

Internet access is always optional Everything not destined for my VPC goes to the Internet via the NAT Gateway 0.0.0.0/0 Public IP: 54.2.0.12 0.0.0.0/0 Destination Target Status 10.10.1.0/24 10.10.2.0/24 NAT Gateway 10.10.0.0/16 local Active 0.0.0.0/0 NAT-Gateway ID012471 Active

VPC Flow Logs give you network insight Agentless From full VPC logging to a single NIC Logged to Amazon CloudWatch Logs so you can create alarms when metrics are breached Create your own network dashboards Interface Source IP Source port Protocol Packets AWS account Accept or reject Destination IP Destination port Bytes Start/end time

Block layer 7 attacks with AWS WAF Now includes REGEX filtering! Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning

Block DDoS attacks with AWS Shield Advanced mitigation techniques Deterministic filtering Traffic prioritization based on scoring Advanced routing policies

Implement Data Protection

AWS helps you encrypt everything, everywhere AWS KMS Deep integration with AWS Services to make encryption simple Undergoing FIPS 140-2 validation Log and audit access with CloudTrail AWS SDK for easy integration Import your own encryption keys Amazon CloudHSM Cloud-based Hardware Security Modules (HSMs) FIPS 140-2 Level 3 validated Integrate with on-premises HSMs Industry standard cryptographic APIs

Make every website HTTPS with Amazon Certificate Manager Everyone is moving to HTTPs so make it easy for yourself and remove the manual process Easily provision, manage and deploy TLS/SSL certificates to AWS Supports API Gateway, Cloudfront CDN and Elastic Load Balancer AWS Certificate Manager handles certificate renewals for you Provisioned certificates are free

Amazon Macie will classify and track your data MACHINE LEARNING SERVICE TO HELP CUSTOMERS PREVENT DATA LOSS IN AWS

When access to data changes, Macie will tell you PII and PHI Static website content Source code SSL certificates, private keys ios and Android app signing keys Database backups OAuth and Cloud SAAS API Keys

Optimize Change Management

AWS Config tracks changes to your resources and Config Rules assesses them against security policy AWS Config Config Rules Record configuration changes continuously Time-series view of resource changes Archive and compare Assess changes against your security policy Enforce best practices Automatically roll back unwanted changes Trigger additional workflow

Automate Security Functions

Trusted Advisor automates governance Remember when reports were done manually? AWS Trusted Advisor

AWS CloudFormation automates infrastructure as code AWS CloudFormation Template Stack Orchestrate changes across AWS Services Use as foundation to Service Catalog products Use with source code repositories to manage infrastructure changes JSON-based text file describing infrastructure Resources created from a template can be updated Updates can be restricted

You can evolve the practice of security architecture Security architecture should not be a separate function! Current Security Architecture Practice Static position papers, architecture diagrams, and documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes

Your architecture defines your operations Security becomes a core part of the maker team Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Jenkins

A prescriptive approach to cloud security get started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions

Everyone gets easy access to AWS Security training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training

Thank You! Stephen Quigg Principal Security Solutions Architect

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback