SlideShare una empresa de Scribd logo

AWS Summit Nordics - Security Keynote

Amazon Web Services
Amazon Web Services
Tecnología
1 de 26
Descargar para leer sin conexión
Bill Murray General Manager, AWS Security Programs AWS Cloud Security
Cloud Security is: • Universal • Visible • Auditable • Transparent • Shared • Familiar
Universal Cloud Security • Every Customer Has Access to the Same Security Capabilities, and Gets to Choose What’s Right for Their Business - Governments - Financial Sector - Pharmaceuticals - Entertainment - Start-Ups - Social Media - Home Users - Retail
Visible Cloud Security • AWS allows you to see your ENTIRE infrastructure at the click of a mouse. - Can you map your current network? This Or This?
Auditable Cloud Security • How do you know AWS is right for your business? - 3rd Party Audits • Independent auditors - Artifacts • Plans, Policies and Procedures - Logs • Obtained • Retained • Analyzed
Transparent Cloud Security • Choose the audit/certification that’s right for you: - ISO-27001 - SOC-1, SOC-2, SOC-3 - FedRAMP - PCI
Security & Compliance Control Objectives • Control Objective 1: Security Organization – Who we are – Proper control & access within the organization • Control Objective 2: Amazon User Access – How we vet our staff – Minimization of access
Security & Compliance Control Objectives • Control Objective 3: Logical Security – Our staff start with no systems access – Need-based access grants – Rigorous systems separation – Systems access grants regularly re-evaluated & automatically revoked
Security & Compliance Control Objectives • Control Objective 4: Secure Data Handling – Storage media destroyed before being permitted outside our datacenters – Media destruction consistent with US Dept. of Defense Directive 5220.22 • Control Objective 5: Physical Security and Environmental Safeguards – Keeping our facilities safe – Maintaining the physical operating parameters of our datacenters
Security & Compliance Control Objectives • Control Objective 6: Change Management – Continuous Operation • Control Objective 7: Data Integrity, Availability and Redundancy – Ensuring your data remains safe, intact & available • Control Objective 8: Incident Handling – Processes & procedures for mitigating and managing potential issues
Shared Responsibility • Let AWS do the heavy lifting • This is what we do – and we do it all the time • As the AWS customer you can focus on your business and not be distracted by the muck • AWS • Facilities • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualization Infrastructure • Customer • Choice of Guest OS • Application Configuration Options • Account Management flexibility • Security Groups • Network ACLs
Physical Security • Large non-descript facilities • Robust perimeter controls • 2 factor authentication for entry • Controlled, need-based access for AWS employees • All access is logged and reviewed
Physical Security • Distributed Regions – Multiple Availability Zones
Network Security • DDoS attacks defended at the border • Man in the Middle attacks • SSL endpoints • IP Spoofing prohibited • Port scanning prohibited • Packet Sniffing prevented
Amazon EC2 Security • Host operating system – Individual SSH keyed logins via bastion host for AWS admins – All accesses logged and audited • Guest operating system – Customer controlled at root level – AWS admins cannot log in – Customer-generated keypairs • Stateful firewall – Mandatory inbound firewall, default deny mode • Signed API calls – Require X.509 certificate or customer’s secret AWS key
Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups
Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources Amazon VPC Architecture Router VPN Gateway Internet NAT AWS Direct Connect – Dedicated Path/Bandwidth
VPC - Dedicated Instances • Option to ensure physical hosts are not shared with other customers • $10/hr flat fee per Region + small hourly charge • Can identify specific Instances as dedicated • Optionally configure entire VPC as dedicated
• Customers have requirements that require them to use specific encryption key management procedures not previously possible on AWS – Requirements are based on contractual or regulatory mandates for keeping encryption keys stored in a specific manner or with specific access controls – Good key management is c • Customers want to run applications and store data in AWS but previously had to retain keys in HSMs in on-premises datacenters – Applications may slow down due to network latency – Requires several DCs to provide high availability, disaster recovery and durability of keys Customer Challenge: Encryption
• AWS offers several data protection mechanisms including access control, encryption, etc. • AWS data encryption solutions allow customers to: – Encrypt and decrypt sensitive data inside or outside AWS – Decide which data to encrypt • AWS CloudHSM complements existing AWS data protection and encryption solutions • With AWS CloudHSM customers can: – Encrypt data inside AWS – Store keys in AWS within a Hardware Security Module – Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions and key storage for customer applications – Use third party validated hardware for key storage • AWS CloudHSMs are designed to meet Common Criteria EAL4+ and FIPS 140-2 standards) AWS Data Protection Solutions 9/23/2013 Slides not intended for redistribution.
• Customers receive dedicated access to HSM appliances • HSMs are physically located in AWS datacenters – in close network proximity to Amazon EC2 instances • Physically managed and monitored by AWS, but customers control their own keys • HSMs are inside customer’s VPC – dedicated to the customer and isolated from the rest of the network What is AWS CloudHSM? AWS CloudHSM
• Secure Key Storage – customers retain control of their own keys and cryptographic operations on the HSM • Contractual and Regulatory Compliance – helps customers comply with the most stringent regulatory and contractual requirements for key protection • Reliable and Durable Key Storage – AWS CloudHSMs are located in multiple Availability Zones and Regions to help customers build highly available applications that require secure key storage • Simple and Secure Connectivity – AWS CloudHSMs are in the customer’s VPC • Better Application Performance – reduce network latency and increase the performance of AWS applications that use HSMs AWS CloudHSM Service Highlights
AWS Deployment Models Logical Server and Application Isolation Granular Information Access Policy Logical Network Isolation Physical server Isolation Government Only Physical Network and Facility Isolation ITAR Compliant (US Persons Only) Sample Workloads Commercial Cloud   Public facing apps. Web sites, Dev test etc. Virtual Private Cloud (VPC)     Data Center extension, TIC environment, email, FISMA low and Moderate AWS GovCloud (US)       US Persons Compliant and Government Specific Apps.
Familiar Cloud Security • Everything You Do Now Can Be Done in the Cloud - Intrusion Detection - Intrusion Prevention - Packet Capture - Firewalls - Access Control Lists - Multi-Factor Authentication - Identity and Access Management
AWS Security Resources • http://aws.amazon.com/security/ • Security Whitepaper • Risk and Compliance Whitepaper • Regularly Updated • Feedback is welcome
THANK YOU!! • bmurray@amazon.com • #billmurray00

Recomendados

AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSecurity Innovation
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azureAbdul Khan
 
AWS Security
AWS SecurityAWS Security
AWS SecurityVijayendra Bhati
 
Venom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoVenom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoAkash Mahajan
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 

Recomendados

AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSecurity Innovation
 
Security Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudSecurity Considerations for Microservices and Multi cloud
Security Considerations for Microservices and Multi cloudNeelkamal Gaharwar
 
Cloud security comparisons between aws and azure
Cloud security comparisons between aws and azureCloud security comparisons between aws and azure
Cloud security comparisons between aws and azureAbdul Khan
 
AWS Security
AWS SecurityAWS Security
AWS SecurityVijayendra Bhati
 
Venom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoVenom vulnerability Overview and a basic demo
Venom vulnerability Overview and a basic demoAkash Mahajan
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
Will Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityWill Your Cloud Be Compliant? OpenStack Security
Will Your Cloud Be Compliant? OpenStack SecurityScott Carlson
 
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Kangaroot
 
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRUso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRMariaDB plc
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
More than hosting
More than hostingMore than hosting
More than hostingwebhostingguy
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghNCCOMMS
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshopkanimozhin
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...kanimozhin
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 

Más contenido relacionado

La actualidad más candente

Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Kangaroot
 
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRUso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRMariaDB plc
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsCloudPassage
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterVishwas Manral
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overviewleanne_abarro
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghNCCOMMS
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with ZosShiu-Fun Poon
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security FundamentalsLorenzo Barbieri
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...RightScale
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017Micro Focus
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Zoho Corporation
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudCryptzone
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshopkanimozhin
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...kanimozhin
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksZoho Corporation
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and ManagementAllen Brokken
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRSAravindan A
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 

La actualidad más candente (20)

Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
Using MariaDB TX and MaxScale to meet GDPR - #OPEN18
 
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPRUso de MariaDB TX y MaxScale para el cumplimiento de GDPR
Uso de MariaDB TX y MaxScale para el cumplimiento de GDPR
 
Secure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOpsSecure Cloud Development Resources with DevOps
Secure Cloud Development Resources with DevOps
 
CSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined PerimeterCSA Presentation - Software Defined Perimeter
CSA Presentation - Software Defined Perimeter
 
SnapComms Technical Overview
SnapComms Technical OverviewSnapComms Technical Overview
SnapComms Technical Overview
 
More than hosting
More than hostingMore than hosting
More than hosting
 
CSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert HoitinghCSF18 Azure Information Protection - Albert Hoitingh
CSF18 Azure Information Protection - Albert Hoitingh
 
How to integration DataPower with Zos
How to integration DataPower with ZosHow to integration DataPower with Zos
How to integration DataPower with Zos
 
Azure Security Fundamentals
Azure Security FundamentalsAzure Security Fundamentals
Azure Security Fundamentals
 
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
[RightScale Webinar] Architecting Databases in the cloud: How RightScale Doe...
 
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
BIG IRON, BIG RISK? SECURING THE MAINFRAME - #MFSummit2017
 
Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​Decrypting the security mystery with SIEM (Part 1) ​
Decrypting the security mystery with SIEM (Part 1) ​
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
 
AppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the CloudAppGate: Achieving Compliance in the Cloud
AppGate: Achieving Compliance in the Cloud
 
Techcello hp-arch workshop
Techcello hp-arch workshopTechcello hp-arch workshop
Techcello hp-arch workshop
 
Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...Building multi tenant highly secured applications on .net for any cloud - dem...
Building multi tenant highly secured applications on .net for any cloud - dem...
 
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password AttacksProtecting Windows Passwords and Preventing Windows Computer / Password Attacks
Protecting Windows Passwords and Preventing Windows Computer / Password Attacks
 
Azure Security and Management
Azure Security and ManagementAzure Security and Management
Azure Security and Management
 
Basic security and Barracuda VRS
Basic security and Barracuda VRSBasic security and Barracuda VRS
Basic security and Barracuda VRS
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 

Destacado

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
Streamline Identity Management & Administration on AWS
Streamline Identity Management & Administration on AWSStreamline Identity Management & Administration on AWS
Streamline Identity Management & Administration on AWSAmazon Web Services
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 

Destacado (7)

Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Streamline Identity Management & Administration on AWS
Streamline Identity Management & Administration on AWSStreamline Identity Management & Administration on AWS
Streamline Identity Management & Administration on AWS
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Introduction to AWS
Introduction to AWS Introduction to AWS
Introduction to AWS
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 

Similar a AWS Summit Nordics - Security Keynote

AWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Germany
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAmazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Aws security best practices
Aws security best practicesAws security best practices
Aws security best practicesSundeep Roxx
 
AWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAmazon Web Services
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAmazon Web Services
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23Rolf Koski
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAmazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...Amazon Web Services
 
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 

Similar a AWS Summit Nordics - Security Keynote (20)

AWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve Schmidt
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Aws security best practices
Aws security best practicesAws security best practices
Aws security best practices
 
AWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen SchmidtAWS Summit London - Keynote - Stephen Schmidt
AWS Summit London - Keynote - Stephen Schmidt
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAPN Partner Webinar - Security & Compliance for AWS EMEA Partners
APN Partner Webinar - Security & Compliance for AWS EMEA Partners
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS Security
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
 
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 

Último (20)

Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 

AWS Summit Nordics - Security Keynote

  • 1. Bill Murray General Manager, AWS Security Programs AWS Cloud Security
  • 2. Cloud Security is: • Universal • Visible • Auditable • Transparent • Shared • Familiar
  • 3. Universal Cloud Security • Every Customer Has Access to the Same Security Capabilities, and Gets to Choose What’s Right for Their Business - Governments - Financial Sector - Pharmaceuticals - Entertainment - Start-Ups - Social Media - Home Users - Retail
  • 4. Visible Cloud Security • AWS allows you to see your ENTIRE infrastructure at the click of a mouse. - Can you map your current network? This Or This?
  • 5. Auditable Cloud Security • How do you know AWS is right for your business? - 3rd Party Audits • Independent auditors - Artifacts • Plans, Policies and Procedures - Logs • Obtained • Retained • Analyzed
  • 6. Transparent Cloud Security • Choose the audit/certification that’s right for you: - ISO-27001 - SOC-1, SOC-2, SOC-3 - FedRAMP - PCI
  • 7. Security & Compliance Control Objectives • Control Objective 1: Security Organization – Who we are – Proper control & access within the organization • Control Objective 2: Amazon User Access – How we vet our staff – Minimization of access
  • 8. Security & Compliance Control Objectives • Control Objective 3: Logical Security – Our staff start with no systems access – Need-based access grants – Rigorous systems separation – Systems access grants regularly re-evaluated & automatically revoked
  • 9. Security & Compliance Control Objectives • Control Objective 4: Secure Data Handling – Storage media destroyed before being permitted outside our datacenters – Media destruction consistent with US Dept. of Defense Directive 5220.22 • Control Objective 5: Physical Security and Environmental Safeguards – Keeping our facilities safe – Maintaining the physical operating parameters of our datacenters
  • 10. Security & Compliance Control Objectives • Control Objective 6: Change Management – Continuous Operation • Control Objective 7: Data Integrity, Availability and Redundancy – Ensuring your data remains safe, intact & available • Control Objective 8: Incident Handling – Processes & procedures for mitigating and managing potential issues
  • 11. Shared Responsibility • Let AWS do the heavy lifting • This is what we do – and we do it all the time • As the AWS customer you can focus on your business and not be distracted by the muck • AWS • Facilities • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualization Infrastructure • Customer • Choice of Guest OS • Application Configuration Options • Account Management flexibility • Security Groups • Network ACLs
  • 12. Physical Security • Large non-descript facilities • Robust perimeter controls • 2 factor authentication for entry • Controlled, need-based access for AWS employees • All access is logged and reviewed
  • 13. Physical Security • Distributed Regions – Multiple Availability Zones
  • 14. Network Security • DDoS attacks defended at the border • Man in the Middle attacks • SSL endpoints • IP Spoofing prohibited • Port scanning prohibited • Packet Sniffing prevented
  • 15. Amazon EC2 Security • Host operating system – Individual SSH keyed logins via bastion host for AWS admins – All accesses logged and audited • Guest operating system – Customer controlled at root level – AWS admins cannot log in – Customer-generated keypairs • Stateful firewall – Mandatory inbound firewall, default deny mode • Signed API calls – Require X.509 certificate or customer’s secret AWS key
  • 16. Physical Interfaces Customer 1 Hypervisor Customer 2 Customer n … … Virtual Interfaces Firewall Customer 1 Security Groups Customer 2 Security Groups Customer n Security Groups
  • 17. Customer’s Network Amazon Web Services Cloud Secure VPN Connection over the Internet Subnets Customer’s isolated AWS resources Amazon VPC Architecture Router VPN Gateway Internet NAT AWS Direct Connect – Dedicated Path/Bandwidth
  • 18. VPC - Dedicated Instances • Option to ensure physical hosts are not shared with other customers • $10/hr flat fee per Region + small hourly charge • Can identify specific Instances as dedicated • Optionally configure entire VPC as dedicated
  • 19. • Customers have requirements that require them to use specific encryption key management procedures not previously possible on AWS – Requirements are based on contractual or regulatory mandates for keeping encryption keys stored in a specific manner or with specific access controls – Good key management is c • Customers want to run applications and store data in AWS but previously had to retain keys in HSMs in on-premises datacenters – Applications may slow down due to network latency – Requires several DCs to provide high availability, disaster recovery and durability of keys Customer Challenge: Encryption
  • 20. • AWS offers several data protection mechanisms including access control, encryption, etc. • AWS data encryption solutions allow customers to: – Encrypt and decrypt sensitive data inside or outside AWS – Decide which data to encrypt • AWS CloudHSM complements existing AWS data protection and encryption solutions • With AWS CloudHSM customers can: – Encrypt data inside AWS – Store keys in AWS within a Hardware Security Module – Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions and key storage for customer applications – Use third party validated hardware for key storage • AWS CloudHSMs are designed to meet Common Criteria EAL4+ and FIPS 140-2 standards) AWS Data Protection Solutions 9/23/2013 Slides not intended for redistribution.
  • 21. • Customers receive dedicated access to HSM appliances • HSMs are physically located in AWS datacenters – in close network proximity to Amazon EC2 instances • Physically managed and monitored by AWS, but customers control their own keys • HSMs are inside customer’s VPC – dedicated to the customer and isolated from the rest of the network What is AWS CloudHSM? AWS CloudHSM
  • 22. • Secure Key Storage – customers retain control of their own keys and cryptographic operations on the HSM • Contractual and Regulatory Compliance – helps customers comply with the most stringent regulatory and contractual requirements for key protection • Reliable and Durable Key Storage – AWS CloudHSMs are located in multiple Availability Zones and Regions to help customers build highly available applications that require secure key storage • Simple and Secure Connectivity – AWS CloudHSMs are in the customer’s VPC • Better Application Performance – reduce network latency and increase the performance of AWS applications that use HSMs AWS CloudHSM Service Highlights
  • 23. AWS Deployment Models Logical Server and Application Isolation Granular Information Access Policy Logical Network Isolation Physical server Isolation Government Only Physical Network and Facility Isolation ITAR Compliant (US Persons Only) Sample Workloads Commercial Cloud   Public facing apps. Web sites, Dev test etc. Virtual Private Cloud (VPC)     Data Center extension, TIC environment, email, FISMA low and Moderate AWS GovCloud (US)       US Persons Compliant and Government Specific Apps.
  • 24. Familiar Cloud Security • Everything You Do Now Can Be Done in the Cloud - Intrusion Detection - Intrusion Prevention - Packet Capture - Firewalls - Access Control Lists - Multi-Factor Authentication - Identity and Access Management
  • 25. AWS Security Resources • http://aws.amazon.com/security/ • Security Whitepaper • Risk and Compliance Whitepaper • Regularly Updated • Feedback is welcome