Submit Search
Upload
The AWS Shared Responsibility Model in Practice
•
0 likes
•
150 views
Alert Logic
Follow
The AWS Shared Responsibility Model in Practice - presented by Patrick McDowell.
Read less
Read more
Technology
Report
Share
Report
Share
1 of 26
Download now
Download to read offline
Recommended
Security & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
Amazon Web Services
AWS_Security_Essentials
AWS_Security_Essentials
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Amazon Web Services
Security@Scale
Security@Scale
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics Webinar
Amazon Web Services
Recommended
Security & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
Amazon Web Services
AWS_Security_Essentials
AWS_Security_Essentials
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Amazon Web Services
Security@Scale
Security@Scale
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics Webinar
Amazon Web Services
Security overview-aws-lambda
Security overview-aws-lambda
VIJAY REDDY
Managing Security on AWS
Managing Security on AWS
Amazon Web Services
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
Amazon Web Services
Fundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
AWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Amazon Web Services
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
State of the Union : Security
State of the Union : Security
Amazon Web Services
Demystifying identity on AWS
Demystifying identity on AWS
AWS User Group Bengaluru
AWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Amazon Web Services
Getting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
Amazon Web Services
Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
Federation & Access Management
Federation & Access Management
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
AWS Security Hub
AWS Security Hub
Amazon Web Services
Scaling threat detection and response on AWS
Scaling threat detection and response on AWS
Amazon Web Services
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
Amazon Web Services
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
More Related Content
What's hot
Security overview-aws-lambda
Security overview-aws-lambda
VIJAY REDDY
Managing Security on AWS
Managing Security on AWS
Amazon Web Services
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
Amazon Web Services
Fundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
AWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Amazon Web Services
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
State of the Union : Security
State of the Union : Security
Amazon Web Services
Demystifying identity on AWS
Demystifying identity on AWS
AWS User Group Bengaluru
AWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Amazon Web Services
Getting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
Amazon Web Services
Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
Federation & Access Management
Federation & Access Management
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
AWS Security Hub
AWS Security Hub
Amazon Web Services
Scaling threat detection and response on AWS
Scaling threat detection and response on AWS
Amazon Web Services
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
Amazon Web Services
What's hot
(20)
Security overview-aws-lambda
Security overview-aws-lambda
Managing Security on AWS
Managing Security on AWS
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
Fundamentals of AWS Security
Fundamentals of AWS Security
AWS - Security & Compliance
AWS - Security & Compliance
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
State of the Union : Security
State of the Union : Security
Demystifying identity on AWS
Demystifying identity on AWS
AWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Getting Started with AWS Security
Getting Started with AWS Security
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
Cloud Security (AWS)
Cloud Security (AWS)
Federation & Access Management
Federation & Access Management
Introduction to AWS Security
Introduction to AWS Security
AWS Security Hub
AWS Security Hub
Scaling threat detection and response on AWS
Scaling threat detection and response on AWS
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
Similar to The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Marcela Cárdenas Hidalgo
Oas un llamado a la accion
Oas un llamado a la accion
Marcela Cárdenas Hidalgo
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Amazon Web Services
Protecting Your Data
Protecting Your Data
Amazon Web Services
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Amazon Web Services
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Amazon Web Services
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
Amazon Web Services
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Tom Laszewski
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
Amazon Web Services
AWS Security by Design
AWS Security by Design
Amazon Web Services
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Amazon Web Services
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Riyadh User Group
Similar to The AWS Shared Responsibility Model in Practice
(20)
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Introduction to AWS Security
Introduction to AWS Security
Introduction to AWS Security
Introduction to AWS Security
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion
Oas un llamado a la accion
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Protecting Your Data
Protecting Your Data
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
AWS Security by Design
AWS Security by Design
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
More from Alert Logic
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
Managed Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
Security Implications of the Cloud
Security Implications of the Cloud
Alert Logic
Reducing Your Attack Surface
Reducing Your Attack Surface
Alert Logic
Reality Check: Security in the Cloud
Reality Check: Security in the Cloud
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Security Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
Alert Logic
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
Security Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
Security Implications of the Cloud
Security Implications of the Cloud
Alert Logic
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
CSS 2018 Trivia
CSS 2018 Trivia
Alert Logic
More from Alert Logic
(20)
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Managed Threat Detection and Response
Managed Threat Detection and Response
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Security Implications of the Cloud
Security Implications of the Cloud
Reducing Your Attack Surface
Reducing Your Attack Surface
Reality Check: Security in the Cloud
Reality Check: Security in the Cloud
The Intersection of Security & DevOps
The Intersection of Security & DevOps
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Security Spotlight: Presidio
Security Spotlight: Presidio
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Realities of Security in the Cloud
Realities of Security in the Cloud
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Security Spotlight: Presidio
Security Spotlight: Presidio
Security Implications of the Cloud
Security Implications of the Cloud
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Realities of Security in the Cloud
Realities of Security in the Cloud
CSS 2018 Trivia
CSS 2018 Trivia
Recently uploaded
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Mattias Andersson
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Enterprise Knowledge
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Manik S Magar
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
UiPathCommunity
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
The Digital Insurer
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Memoori
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
Zilliz
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Mark Simos
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Fwdays
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
Alex Barbosa Coqueiro
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Sergiu Bodiu
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Wonjun Hwang
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Florian Wilhelm
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Kalema Edgar
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
hariprasad279825
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Fwdays
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
Slibray Presentation
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
SeasiaInfotech2
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
Recently uploaded
(20)
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
The AWS Shared Responsibility Model in Practice
1.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security, Identity, and Compliance Patrick McDowell, Amazon Web Services April 2018
2.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Why is security traditionally so hard? Lack of visibility Low degree of automation
3.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. ORMove fast Stay secure Before…
4.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. ORANDMove fast Stay secure Now…
5.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. The most sensitive workloads run on AWS “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.” — Richard Daly, CEO DNAnexus “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” — Richard Crowley, Director of Operations, Slack “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” —John Brady, CISO, FINRA (Financial Industry Regulatory Authority)
6.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
7.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Network Traffic Protection Encryption / Integrity / Identity AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Platform & Applications Management Customer content Customers AWS Shared Responsibility Model: forInfrastructureServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication AWSIAMCustomerIAM Operating System, Network & Firewall Configuration Server-Side Encryption Fire System and/or Data APIEndpoints Mgmt Protocols API Calls
8.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. InfrastructureService Example –EC2 • Foundation Services — Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints AWS • Customer Data • Customer Application • Operating System • Network & Firewall • Customer IAM (Corporate Directory Service) • High Availability, Scaling • Instance Management • Data Protection (Transit, Rest, Backup) • AWS IAM (Users, Groups, Roles, Policies) Customers RESPONSIBILITIES
9.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Firewall Configuration Platform & Applications Management Operating System, Network Configuration Customer content Customers AWS Shared Responsibility Model: forContainerServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWSIAMCustomerIAM APIEndpoints Mgmt Protocols API Calls
10.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. ContainerService Example –RDS • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application AWS • Customer Data • Firewall (VPC) • Customer IAM (DB Users, Table Permissions) • AWS IAM (Users, Groups, Roles, Policies) • High Availability • Data Protection (Transit, Rest, Backup) • Scaling Customers RESPONSIBILITIES
11.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Platform & Applications Management Operating System, Network & Firewall Configuration Customer content Customers AWS Shared Responsibility Model: forAbstractServices Managed by Managed by Data Protection by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit (optional) Opaque Data: 1’s and 0’s (in flight / at rest) Client-Side Data Encryption & Data Integrity Authentication APIEndpoints AWSIAM API Calls
12.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. • Foundational Services • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application • Data Protection (Rest - SSE, Transit) • High Availability / Scaling AWS • Customer Data • Data Protection (Rest – CSE) • AWS IAM (Users, Groups, Roles, Policies) CustomersAbstractService Example –S3,Lambda
13.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Summary of Customer Responsibility in the Cloud Customer IAM AWS IAM Firewall Data AWS IAM Data Applications Operating System Networking/Firewall Data Customer IAM AWS IAM Infrastructure Services Container Services Abstract Services
14.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS Strengthen your security posture
15.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Inherit global security and compliance controls
16.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
17.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management System (KMS) or managing your own encryption keys with Cloud HSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
18.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Automate with integrated services CloudWatch Events Amazon CloudWatch CloudWatch Event Lambda Lambda Function AWS Lambda GuardDuty Amazon GuardDuty Automated threat remediation
19.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
20.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity and Access Management (IAM) Securely control access to AWS services and resources AWS Organizations Policy-based management for multiple AWS accounts Amazon Cognito Add user sign-up, sign-in, and access control to your web and mobile apps AWS Directory Service Managed Microsoft Active Directory in the AWS Cloud AWS Single Sign-On Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications Define, enforce, and audit user permissions across AWS services, actions and resources. Identity & access management Identity and access management
21.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail Enable governance, compliance, and operational/risk auditing of your AWS account AWS Config Record and evaluate configurations of your AWS resources. Enable compliance auditing, security analysis, resource change tracking, and troubleshooting Amazon CloudWatch Monitor AWS Cloud resources and your applications on AWS to collect metrics, monitor log files, set alarms, and automatically react to changes Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads VPC Flow Logs Capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control
22.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. What can GuardDuty detect? RDP Brute Force RAT Installed Exfiltrate temp IAM creds over DNS Probe api with temp creds Attempt to compromise account Known Malicious IP (Potentially) Unusual Ports DNS Exfiltration RDP Brute Force Unusual Traffic VolumeConnect to Blacklisted Site (Potentially) Recon Anonymizing Proxy Temp credentials Used off-instance Unusual ISP Caller Bitcoin Activity Unusual Instance Launch
23.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager Easily configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems AWS Shield Managed DDoS protection service that safeguards web applications running on AWS AWS Web Application Firewall (WAF) Protects your web applications from common web exploits ensuring availability and security Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon Virtual Private Cloud (VPC) Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security
24.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Key Management Service (KMS) Easily create and control the keys used to encrypt your data AWS CloudHSM Managed hardware security module (HSM) on the AWS Cloud Amazon Macie Machine learning-powered security service to discover, classify, and protect sensitive data AWS Certificate Manager Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services Server Side Encryption Flexible data encryption options using AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection
25.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state AWS Lambda Use our serverless compute service to run code without provisioning or managing servers so you can scale your programmed, automated response to incidents During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. Incident response
26.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority
Download now