I. The cloud enables organizations to move faster, more securely, and transform their security posture. Common motivations for cloud migration include cost reduction, increased productivity, and market agility.
II. While security concerns are often cited as barriers to cloud adoption, the cloud can provide stronger security than traditional data centers due to controls like standardized environments, ubiquitous encryption, and consolidated logging.
III. Best practices for secure cloud migration include designing for security, implementing identity and access management, monitoring configurations and changes, and developing using security-focused methodologies like infrastructure as code.
AWS at 2017 FS-ISAC APAC Summit: Move Better, Faster and More Securely: Cloud-Enabled Security Solutions
1. Move Better, Faster, and More Securely
Cloud-Enabled Security Solutions
Pawan Agnihotri– AWS Principal Security Solutions Architect
2. Takeaways from today’s session
I. Revolution: Why the Cloud? The Inspirations and Motivations
II. Myth Busting: Common Security Misconceptions
III. Protection: Benefits of Cloud-Enabled Security for the Enterprise
IV. Transformation: Common Best Practices When Migrating to the Cloud
3. Revolution
“There has never been a time of greater promise, or one of greater potential peril. Today’s
decision-makers, however, are too often trapped in traditional, linear thinking, or too absorbed
by the multiple crises demanding their attention, to think strategically about the forces of
disruption and innovation shaping our future.”
- Klaus Schwab, Founder & Executive Chairman, World Economic Forum
4. 1784
Steam Power
Mechanical
Production
1870
Electricity
Mass
Production
1969
Electronics
Automated
Production
Today
Cloud
IoT
Digital
We stand on the brink of a technological revolution that will fundamentally alter the way we live, work, and relate to one
another. In its scale, scope, and complexity, the transformation will be unlike anything humankind has experienced before.
”
“
”
“
- Klaus Schwab, Founder & Executive Chairman, World Economic Forum
The First Industrial Revolution used water and steam power to mechanize production. The Second used electric power to create mass
production. The Third used electronics and information technology to automate production. Now a Fourth Industrial Revolution is
building on the Third, the digital revolution that has been occurring since the middle of the last century. It is characterized by a
fusion of technologies that is blurring the lines between the physical, digital, and biological spheres.
5. FinTech
Challenger BanksMarket Agility
Improved Margins
Risk Reduction
Onerous Regulations
Greater Transparency
Improved Responsiveness
Responsiveness
Resiliency
The Digital Agenda
Cost Reduction
Increased Productivity
Inspirations and Motivations for Migration
8. Myth Busting
“Cyber security is better in the cloud than it is in private managed data centers.”
- Steve Randich, EVP and CIO of FINRA
9. Some API-enabled services
Disparate APIs
No true control plane
Physical concealments
Often co-habited
Physical vs API
Fully API-enabled
API homogeneity
A “source of truth” control plane
Nowhere to hide
Nobody can “climb into” your account
12. We’ve helped our FSI customers successfully address regulatory requirements from these agencies, and many others around the world.
APAC Regulatory Landscape
14. Protection
“We worked closely with the Amazon team to develop a security model, which we believe
enables us to operate more securely in the public cloud than we can even in our data
centers.”
- Rob Alexander, CIO of Capital One
15. 16 Regions – 42 Availability Zones – 68 Edge Locations Region & Number of Availability Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California (3)
Asia Pacific
US East Singapore (2)
N. Virginia (5) Ohio (3) Sydney (2), Tokyo (3)
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3) New regions coming soon
Paris, Ningxia
Deploy Faster Wherever You Like
21. Administration
& Security
Access
Control
Identity
Management
Key Management
& Storage
Monitoring
& Logs
Resource &
Usage Auditing
Platform
Services
Analytics App Services Developer Tools & Operations Mobile Services
Data
Pipelines
Data
Warehouse
Hadoop
Real-time
Streaming Data
Application
Lifecycle
Management
Containers
Deployment
DevOps
Event-driven
Computing
Resource
Templates
Identity
Mobile
Analytics
Push
Notifications
Sync
App
Streaming
Email
Queuing &
Notifications
Search
Transcoding
Workflow
Core
Services
CDN
Compute
(VMs, Auto-scaling, and
Load Balancing)
Databases
(Relational, NoSQL, and
Caching)
Networking
(VPC, DX, and DNS)
Storage
(Object, Block, EFS,
and Archival)
Infrastructure
Availability
Zones
Points of
Presence
Regions
Enterprise
Applications
Business
Email
Sharing &
Collaboration
Virtual
Desktop
Technical &
Business Support
Account
Management
Partner
Ecosystem
Professional
Services
Security &
Pricing Reports
Solutions
Architects
Support
Training &
Certification
Machine
Learning
What is Amazon Web Services?
22. Transformation
“There’s so much security built into these cloud computing platforms today. For us, it’s our
No. 1 priority — it’s not even close, relative to anything else.”
- Rob Alexander, CIO of Capital One
32. Validate Change at Scale
+
Inventory, Configuration
History and Change
Baselines Rules for
Inventory and Configuration
Notas del editor
TALKING POINTS:
- THE INDUSTRY IS CHANGING, AND THIS CHANGE IS BEING REFERRED TO AS THE “FOURTH INDUSTRIAL REVOLUTION” – THE DIGITAL REVOLUTION.
– THIS QUOTE IS FROM THE EXEC CHAIRMAN OF THE WORLD ECONOMIC FORUM FROM THEIR MEETING THIS YEAR AT DAVOS
TALKING POINTS:
THIS REVOLUTION IS IN PROGRESS, AND ITS DIFFERENT THAN PRIOR ONES
IT WILL FUNDAMENTALLY ALTER HOW WE LIVE, WORK, AND RELATE TO ONE ANOTHER
TALKING POINTS:
WE COMMONLY HEAR FROM OUR CUSTOMERS THAT THESE ARE THINGS THAT ARE MOTIVATING THEIR EXPLORATION OF CLOUD.
ASK THE CUSTOMER: DO THESE RESONATE WITH YOU? WHAT IS MOTIVATING YOU IN YOUR EXPLORATION OF CLOUD?
For a long time, most organizations have had to make a choice between moving fast or maintaining a high degree of security
However, one of the fundamental benefits of the cloud is that it let’s you do both.
TALKING POINTS:
- THE INDUSTRY IS CHANGING, AND THIS CHANGE IS BEING REFERRED TO AS THE “FOURTH INDUSTRIAL REVOLUTION” – THE DIGITAL REVOLUTION.
– THIS QUOTE IS FROM THE EXEC CHAIRMAN OF THE WORLD ECONOMIC FORUM FROM THEIR MEETING THIS YEAR AT DAVOS
TALKING POINTS:
BASED ON CONFIDENTIALITY, WE’RE NOT ALWAYS PERMITED TO SPEAK OPENLY ABOUT OUR CUSTOMERS IN THE FINANCIAL SERVICES INDUSTRY
THE ORGANIZATIONS LISTED ON THIS SLIDE REPRESENT A SMALL # OF THOSE FIRMS THAT ALLOW US TO SPEAK ABOUT THEIR USE OF AWS. WE CAN SPEAK ABOUT EACH OF THESE FIRMS IN VARYING DEGREES OF DEPTH/BREADTH BASED ON EACH ORGANIZATIONS PREFERENCE
TALKING POINTS:
- THE INDUSTRY IS CHANGING, AND THIS CHANGE IS BEING REFERRED TO AS THE “FOURTH INDUSTRIAL REVOLUTION” – THE DIGITAL REVOLUTION.
– THIS QUOTE IS FROM THE EXEC CHAIRMAN OF THE WORLD ECONOMIC FORUM FROM THEIR MEETING THIS YEAR AT DAVOS
And finally… lots of options for global deployment. Gartner estimates that AWS has significantly more compute capacity than all other major cloud providers combined, and we do that while providing extremely high reliability. We currently provide 15 regions and 40 availability zones (or AZ’s). For us, a region will always contain at least two AZ’s on wholly separate power grids and flood plains, and an AZ is always comprised of multiple data centers to provide redundancy within the AZ. We don’t build single data center regions, because it wouldn’t offer the reliability required for enterprise businesses.
This highly available global network allows you deploy your applications near your customers much faster and simpler than what can be achieved with a traditional model.
SUGGESTED TALKING POINTS:
AWS has developed the broadest collection of services available from any cloud provider.
Our approach to regions, availability zones, and POPs provides global coverage for high availability, low latency applications.
Foundation services across compute, storage, security, and networking offer customers flexibility in their architecture. We have a full spectrum of options to meet most price-to-performance scenarios.
We offer the capability for both managed and unmanaged database options.
The offerings for Analytics and Application Services enable advanced data processing and workloads.
- AWS Redshift, our cloud-based data warehouse, is the fastest growing service in the history of AWS.
Our management tools offer a lot of insight and flexibility to let you manage your AWS resources through either our tools or the management tools you’re already familiar with.
Recent expansion into enterprise applications has been entirely driven by customer feedback on where they’d like us to deliver value.
TALKING POINTS:
- THE INDUSTRY IS CHANGING, AND THIS CHANGE IS BEING REFERRED TO AS THE “FOURTH INDUSTRIAL REVOLUTION” – THE DIGITAL REVOLUTION.
– THIS QUOTE IS FROM THE EXEC CHAIRMAN OF THE WORLD ECONOMIC FORUM FROM THEIR MEETING THIS YEAR AT DAVOS
1: Why it is an “and”
2: How AWS to do it
3: Case study
1: How do I share credentials, manage lifecycle of applications/users.
2: Temporary credentials + two way trust between AWS account (no creds sharing) + Application/3rd Party/Users as well
3:
1: Encryption is hard. It is a good security hygiene.
2:
3: Omise: Payment uses KMS
Talen Energy: an independent nuclear power producer CloudHSM
decided to migrate all of their IT assets to AWS because we could meet their operational, regulatory, and security needs through the breadth, depth, and maturity of the platform and people supporting it.
Nuclear Regulatory Commission (NRC) and the Federal Energy Regulatory Commission (FERC)
Resiliency against DDoS, against App failure, Infrastructure failure.
12 regions (10 Public, China Region and GovCloud Region)
2016 – Canada, Ohio, India, UK and another China Region
33 Availability zones (adding 11 more in 2016 across new Regions)
54 Edge locations
Over 1 million active customers across 190 countries (We define an “active customer” as non-Amazon customers who have account usage activity within the past month)
Get inventory of AWS resources
Discover new and deleted resources
Record configuration changes continuously
Get notified when configurations change