SlideShare a Scribd company logo

The AWS Shared Responsibility Model in Practice

Alert Logic
Alert Logic

The AWS Shared Responsibility Model in Practice - presented by Patrick McDowell.

Technology
1 of 26
Download to read offline
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security, Identity, and Compliance Patrick McDowell, Amazon Web Services April 2018
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is security traditionally so hard? Lack of visibility Low degree of automation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORMove fast Stay secure Before…
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORANDMove fast Stay secure Now…
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The most sensitive workloads run on AWS “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.” — Richard Daly, CEO DNAnexus “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” — Richard Crowley, Director of Operations, Slack “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” —John Brady, CISO, FINRA (Financial Industry Regulatory Authority)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Network Traffic Protection Encryption / Integrity / Identity AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Platform & Applications Management Customer content Customers AWS Shared Responsibility Model: forInfrastructureServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication AWSIAMCustomerIAM Operating System, Network & Firewall Configuration Server-Side Encryption Fire System and/or Data APIEndpoints Mgmt Protocols API Calls
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. InfrastructureService Example –EC2 • Foundation Services — Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints AWS • Customer Data • Customer Application • Operating System • Network & Firewall • Customer IAM (Corporate Directory Service) • High Availability, Scaling • Instance Management • Data Protection (Transit, Rest, Backup) • AWS IAM (Users, Groups, Roles, Policies) Customers RESPONSIBILITIES
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Firewall Configuration Platform & Applications Management Operating System, Network Configuration Customer content Customers AWS Shared Responsibility Model: forContainerServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWSIAMCustomerIAM APIEndpoints Mgmt Protocols API Calls
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ContainerService Example –RDS • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application AWS • Customer Data • Firewall (VPC) • Customer IAM (DB Users, Table Permissions) • AWS IAM (Users, Groups, Roles, Policies) • High Availability • Data Protection (Transit, Rest, Backup) • Scaling Customers RESPONSIBILITIES
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Platform & Applications Management Operating System, Network & Firewall Configuration Customer content Customers AWS Shared Responsibility Model: forAbstractServices Managed by Managed by Data Protection by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit (optional) Opaque Data: 1’s and 0’s (in flight / at rest) Client-Side Data Encryption & Data Integrity Authentication APIEndpoints AWSIAM API Calls
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Foundational Services • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application • Data Protection (Rest - SSE, Transit) • High Availability / Scaling AWS • Customer Data • Data Protection (Rest – CSE) • AWS IAM (Users, Groups, Roles, Policies) CustomersAbstractService Example –S3,Lambda
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary of Customer Responsibility in the Cloud Customer IAM AWS IAM Firewall Data AWS IAM Data Applications Operating System Networking/Firewall Data Customer IAM AWS IAM Infrastructure Services Container Services Abstract Services
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS Strengthen your security posture
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inherit global security and compliance controls
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management System (KMS) or managing your own encryption keys with Cloud HSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with integrated services CloudWatch Events Amazon CloudWatch CloudWatch Event Lambda Lambda Function AWS Lambda GuardDuty Amazon GuardDuty Automated threat remediation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity and Access Management (IAM) Securely control access to AWS services and resources AWS Organizations Policy-based management for multiple AWS accounts Amazon Cognito Add user sign-up, sign-in, and access control to your web and mobile apps AWS Directory Service Managed Microsoft Active Directory in the AWS Cloud AWS Single Sign-On Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications Define, enforce, and audit user permissions across AWS services, actions and resources. Identity & access management Identity and access management
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail Enable governance, compliance, and operational/risk auditing of your AWS account AWS Config Record and evaluate configurations of your AWS resources. Enable compliance auditing, security analysis, resource change tracking, and troubleshooting Amazon CloudWatch Monitor AWS Cloud resources and your applications on AWS to collect metrics, monitor log files, set alarms, and automatically react to changes Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads VPC Flow Logs Capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can GuardDuty detect? RDP Brute Force RAT Installed Exfiltrate temp IAM creds over DNS Probe api with temp creds Attempt to compromise account Known Malicious IP (Potentially) Unusual Ports DNS Exfiltration RDP Brute Force Unusual Traffic VolumeConnect to Blacklisted Site (Potentially) Recon Anonymizing Proxy Temp credentials Used off-instance Unusual ISP Caller Bitcoin Activity Unusual Instance Launch
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager Easily configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems AWS Shield Managed DDoS protection service that safeguards web applications running on AWS AWS Web Application Firewall (WAF) Protects your web applications from common web exploits ensuring availability and security Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon Virtual Private Cloud (VPC) Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Key Management Service (KMS) Easily create and control the keys used to encrypt your data AWS CloudHSM Managed hardware security module (HSM) on the AWS Cloud Amazon Macie Machine learning-powered security service to discover, classify, and protect sensitive data AWS Certificate Manager Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services Server Side Encryption Flexible data encryption options using AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state AWS Lambda Use our serverless compute service to run code without provisioning or managing servers so you can scale your programmed, automated response to incidents During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. Incident response
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority

Recommended

Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_EssentialsAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
 
Security@Scale
Security@ScaleSecurity@Scale
Security@ScaleAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAmazon Web Services
 

Recommended

Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_EssentialsAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
 
Security@Scale
Security@ScaleSecurity@Scale
Security@ScaleAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAmazon Web Services
 
Security overview-aws-lambda
Security overview-aws-lambdaSecurity overview-aws-lambda
Security overview-aws-lambdaVIJAY REDDY
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & ComplianceAmazon Web Services LATAM
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusCloudera, Inc.
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
State of the Union : Security
State of the Union : SecurityState of the Union : Security
State of the Union : SecurityAmazon Web Services
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWSAWS User Group Bengaluru
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAmazon Web Services
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSAmazon Web Services
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)Scott Arveseth
 
Federation & Access Management
Federation & Access ManagementFederation & Access Management
Federation & Access ManagementAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 

More Related Content

What's hot

Security overview-aws-lambda
Security overview-aws-lambdaSecurity overview-aws-lambda
Security overview-aws-lambdaVIJAY REDDY
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusCloudera, Inc.
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSAmazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 

What's hot (20)

Security overview-aws-lambda
Security overview-aws-lambdaSecurity overview-aws-lambda
Security overview-aws-lambda
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
State of the Union : Security
State of the Union : SecurityState of the Union : Security
State of the Union : Security
 
Demystifying identity on AWS
Demystifying identity on AWSDemystifying identity on AWS
Demystifying identity on AWS
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
 
Federation & Access Management
Federation & Access ManagementFederation & Access Management
Federation & Access Management
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 

Similar to The AWS Shared Responsibility Model in Practice

The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Marcela Cárdenas Hidalgo
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusCloudera, Inc.
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Amazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountAmazon Web Services
 
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Tom Laszewski
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 

Similar to The AWS Shared Responsibility Model in Practice (20)

The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
 
Oas un llamado a la accion
Oas un llamado a la accionOas un llamado a la accion
Oas un llamado a la accion
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
Lock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS AccountLock It Down: How to Secure Your Organization's AWS Account
Lock It Down: How to Secure Your Organization's AWS Account
 
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 

More from Alert Logic

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and ResponseAlert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack SurfaceAlert Logic
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOpsAlert Logic
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: PresidioAlert Logic
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the CloudAlert Logic
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the CloudAlert Logic
 

More from Alert Logic (20)

Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS ApplicationsManaged Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Managed Threat Detection and Response
Managed Threat Detection and ResponseManaged Threat Detection and Response
Managed Threat Detection and Response
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface
Reducing Your Attack SurfaceReducing Your Attack Surface
Reducing Your Attack Surface
 
Reality Check: Security in the Cloud
Reality Check: Security in the CloudReality Check: Security in the Cloud
Reality Check: Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-CenterSecurity Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
The Intersection of Security & DevOps
The Intersection of Security & DevOpsThe Intersection of Security & DevOps
The Intersection of Security & DevOps
 
Security Spotlight: Presidio
Security Spotlight: PresidioSecurity Spotlight: Presidio
Security Spotlight: Presidio
 
Security Implications of the Cloud
Security Implications of the CloudSecurity Implications of the Cloud
Security Implications of the Cloud
 
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionReducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
 
Realities of Security in the Cloud
Realities of Security in the CloudRealities of Security in the Cloud
Realities of Security in the Cloud
 
CSS 2018 Trivia
CSS 2018 TriviaCSS 2018 Trivia
CSS 2018 Trivia
 

Recently uploaded

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 

Recently uploaded (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 

The AWS Shared Responsibility Model in Practice

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security, Identity, and Compliance Patrick McDowell, Amazon Web Services April 2018
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is security traditionally so hard? Lack of visibility Low degree of automation
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORMove fast Stay secure Before…
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORANDMove fast Stay secure Now…
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The most sensitive workloads run on AWS “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.” — Richard Daly, CEO DNAnexus “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” — Richard Crowley, Director of Operations, Slack “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” —John Brady, CISO, FINRA (Financial Industry Regulatory Authority)
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Network Traffic Protection Encryption / Integrity / Identity AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Platform & Applications Management Customer content Customers AWS Shared Responsibility Model: forInfrastructureServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication AWSIAMCustomerIAM Operating System, Network & Firewall Configuration Server-Side Encryption Fire System and/or Data APIEndpoints Mgmt Protocols API Calls
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. InfrastructureService Example –EC2 • Foundation Services — Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints AWS • Customer Data • Customer Application • Operating System • Network & Firewall • Customer IAM (Corporate Directory Service) • High Availability, Scaling • Instance Management • Data Protection (Transit, Rest, Backup) • AWS IAM (Users, Groups, Roles, Policies) Customers RESPONSIBILITIES
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Firewall Configuration Platform & Applications Management Operating System, Network Configuration Customer content Customers AWS Shared Responsibility Model: forContainerServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWSIAMCustomerIAM APIEndpoints Mgmt Protocols API Calls
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ContainerService Example –RDS • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application AWS • Customer Data • Firewall (VPC) • Customer IAM (DB Users, Table Permissions) • AWS IAM (Users, Groups, Roles, Policies) • High Availability • Data Protection (Transit, Rest, Backup) • Scaling Customers RESPONSIBILITIES
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Platform & Applications Management Operating System, Network & Firewall Configuration Customer content Customers AWS Shared Responsibility Model: forAbstractServices Managed by Managed by Data Protection by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit (optional) Opaque Data: 1’s and 0’s (in flight / at rest) Client-Side Data Encryption & Data Integrity Authentication APIEndpoints AWSIAM API Calls
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Foundational Services • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application • Data Protection (Rest - SSE, Transit) • High Availability / Scaling AWS • Customer Data • Data Protection (Rest – CSE) • AWS IAM (Users, Groups, Roles, Policies) CustomersAbstractService Example –S3,Lambda
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary of Customer Responsibility in the Cloud Customer IAM AWS IAM Firewall Data AWS IAM Data Applications Operating System Networking/Firewall Data Customer IAM AWS IAM Infrastructure Services Container Services Abstract Services
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS Strengthen your security posture
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inherit global security and compliance controls
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management System (KMS) or managing your own encryption keys with Cloud HSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with integrated services CloudWatch Events Amazon CloudWatch CloudWatch Event Lambda Lambda Function AWS Lambda GuardDuty Amazon GuardDuty Automated threat remediation
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity and Access Management (IAM) Securely control access to AWS services and resources AWS Organizations Policy-based management for multiple AWS accounts Amazon Cognito Add user sign-up, sign-in, and access control to your web and mobile apps AWS Directory Service Managed Microsoft Active Directory in the AWS Cloud AWS Single Sign-On Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications Define, enforce, and audit user permissions across AWS services, actions and resources. Identity & access management Identity and access management
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail Enable governance, compliance, and operational/risk auditing of your AWS account AWS Config Record and evaluate configurations of your AWS resources. Enable compliance auditing, security analysis, resource change tracking, and troubleshooting Amazon CloudWatch Monitor AWS Cloud resources and your applications on AWS to collect metrics, monitor log files, set alarms, and automatically react to changes Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads VPC Flow Logs Capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What can GuardDuty detect? RDP Brute Force RAT Installed Exfiltrate temp IAM creds over DNS Probe api with temp creds Attempt to compromise account Known Malicious IP (Potentially) Unusual Ports DNS Exfiltration RDP Brute Force Unusual Traffic VolumeConnect to Blacklisted Site (Potentially) Recon Anonymizing Proxy Temp credentials Used off-instance Unusual ISP Caller Bitcoin Activity Unusual Instance Launch
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager Easily configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems AWS Shield Managed DDoS protection service that safeguards web applications running on AWS AWS Web Application Firewall (WAF) Protects your web applications from common web exploits ensuring availability and security Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon Virtual Private Cloud (VPC) Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Key Management Service (KMS) Easily create and control the keys used to encrypt your data AWS CloudHSM Managed hardware security module (HSM) on the AWS Cloud Amazon Macie Machine learning-powered security service to discover, classify, and protect sensitive data AWS Certificate Manager Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services Server Side Encryption Flexible data encryption options using AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state AWS Lambda Use our serverless compute service to run code without provisioning or managing servers so you can scale your programmed, automated response to incidents During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. Incident response
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority