SlideShare una empresa de Scribd logo
1 de 44
Descargar para leer sin conexión
Security of your digital content and
media applications on AWS
Usman Shakeel | Principal Solutions Architect
Amazon Web Services© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved©
*******
Why is security such a hot topic?
So where does AWS come in?
AWS makes security
more agile
Lets you move fast while
staying safe
Digital Media Workloads
Content Production
Content
Distribution
Processing &
Management
Content Storage
 Modelling
 Rendering
 Video editing
 Post production
 Broadcast signal
acquisition
 Digital
dailies/approvals
 B2C streaming of live
and VOD content
 B2B distribution
 Video advertising
insertion
 High speed ingest
 Library storage and
archiving
 Tier management
 Content/asset
management
 En/Transcode
 Packaging
 Encryption,
watermarking
 Digital Rights
Management
 Workflow, job
scheduling,
automation
Content
Consumption
 Analytics, reporting,
log analysis
 Real-time monitoring
 Content discovery
 Content
recommendation
engine
Studio
Post House + Other Service Providers
Affiliates + Broadcasters + Distributors
Shared Responsibility
• AWS responsible for all
backend infrastructure
security
• Customer is responsible for
AWS architecture in their
account and application
security
MPAA Common Guidelines – Security Model
MPAA Application/Cloud Guidelines
Security of your content on AWS
Security of the Cloud
Security on the Cloud
Security on the Cloud
Cloud Security
Organization &
Management
Operations Data Security
Application Security
Development
Lifecycle
Authentication &
Access
Secure Coding &
Vulnerability
Management
Digital Security
Content
Management
Content Transfer
Security of the Cloud
Facilities
Physical security
Physical infrastructure
Network infrastructure
Virtualization infrastructure
Certifications
MPAA best practices alignment
https://aws.amazon.com/compliance/mpaa/
Cloud Security
Organization &
Management
Operations Data Security
Alignment to MPAA guidelines
MPAA Guidelines
ISO
27001
MPAA Alignment
PCI DSS Level1
SOC
What’s in scope for MPAA (guidelines) alignment
The entire AWS Services stack
Security on the Cloud (application and content security)
Application Security
Development
Lifecycle
Authentication &
Access
Secure Coding &
Vulnerability
Management
Digital Security
Content
Management
Content Transfer
Storage | S3, Glacier, EBS, Instance Store, EFS
Processing| EC2, Database (RDS/DynamoDB), EMR, ECS, Lambda, SNS, SQS, SWF
Network | VPC, VPN, Direct Connect
Access | IAM, AWS Config, CloudTrail, CloudWatch
Making life easier
Choosing security does not mean giving up on
convenience or introducing complexity
Application Development Security
Development
Lifecycle
Authentication &
Access
Secure Coding &
Vulnerability
Management
AWS Config AWS IAM AWS CloudTrail AWS Inspector
(preview)
Application Security
Continuous ChangeRecordingChanging
Resources
AWS Config
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config
Log, Monitor, Act Proactively
You are making API
calls and accessing
your content ...
On a growing set of
services around the
world accessing your
content
Amazon CloudTrail is
continuously
recording API calls…
And delivering log
files to you…
Elastic Load
Balancing
Amazon S3 Amazon
Glacier
Amazon
CloudFront
Amazon S3/Amazon
CloudFront/App Logs
Access Logs
Feed Logs in Amazon
Cloudwatch or monitor
patterns on Logs
Act Fast or automate
based on realtime
notifications and alerts
Amazon CloudTrail
Elastic
Transcoder
Launch a CloudFormation stack
with all the infrastructure
resources for a specific project
Autoscale the stack as
appropriate
AMI
CloudFormation
Template
CloudFormation
Terminate
Template
Recycle Infrastructure often
Digital Security
Content
Management
Content Transfer
Content Security
Security of Studio/Post House Applications
Content Production
Processing &
Management
Content Storage
 Modelling
 Rendering
 Video editing
 Post production
 Broadcast signal
acquisition
 Digital
dailies/approvals
 High speed ingest
 Library storage and
archiving
 Tier management
 Content/asset
management
 En/Transcode
 Packaging
 Encryption,
watermarking
 Digital Rights
Management
 Workflow, job
scheduling,
automation
Security of Studio/Post House Workflows
• FAQs
– Highly Valued Pre-Released Assets
– Secure Transfer (physical in many cases)
– Encryption & Key Management
– Access Control
– Deletion Protection
– Isolated from public access (internet)
– Logging and Monitoring
– Content location
Security of the Studio/Post House Workflows
corporate data center AWS cloud
users
Content
Servers
disk
tape storage
Amazon S3 Amazon Glacier
Content
Encrypted at Rest
Encrypted in Transit
Using my Keys
Over Private Connection
Access Policies
Protection
Processing
Layer
Amazon EBS
Server-side encryption using KMS
Amazon S3 AWS KMSRequest
Policy
Keys managed centrally in Amazon KMS with permissions and auditing of usage
Security of the Studio/Post House Workflows
(Content encryption and access)
corporate data center AWS cloud
users
Content
Servers
disk
tape storage
Processing
Layer
Amazon S3
Amazon EBS
Amazon Glacier
KMS/
HSMClient side
encryption
role
IAM
role
Encrypted
Content
AWS Import/Export
Snowball
Prior to S3 VPCE
Locking down S3 access with virtual private
endpoint (VPCE)
Using S3 VPCE
Public IP on EC2 Instances and IGW
Private IP on EC2 Instances and NAT
Access S3 using S3 Private Endpoint (VPE) without
using NAT instances or Gateways
Increased security
Amazon S3
S3
Security of the Studio/Post House Workflows
(No Public network traversal)
corporate data center AWS cloud
users
Content
Servers
disk
tape storage
Processing
Layer
Amazon S3
Amazon EBS
Amazon Glacier
KMS/
HSMClient side
encryption
role
IAM
Encrypted
Content
role
Direct Connect
S3VPCEndpoint
Secure Media Supply Chains – A Reference Architecture
Key Management Service
Provide CPK for S3
encryption at rest
EC2, ETS can request
the data-key on behalf
of customerStore and deliver object
specific keys in Dynamo
S3 Ingest For Source, Renditions, Metadata Sidecar Files
Ingest
AWS Elastic
Beanstalk
Content
Consumption
CloudFront
Distribution
Amazon
DynamoDB
Individual Key Storage
Other Media
processing on EC2
Elastic
Transcoder
Processing
Authentication/
Authorization
Content owner provides
the master key
11 Regions
30 Availability Zones
52 Edge locations
Where is my content?
Source
(Virginia)
Destination
(Oregon)
• Only replicates new PUTs. Once S3 is
configured, all new uploads into a
source bucket will be replicated
• Entire bucket or prefix based
• 1:1 replication between any 2 regions
Use cases
Compliance - store data hundreds of miles apart
Lower latency - distribute data to regional customers)
Security - create remote replicas managed by separate AWS accounts
S3 cross-region replication
Automated, fast, and reliable asynchronous replication of data across AWS regions
Additional Storage Security Controls
Amazon S3
PermissionsAccess Logs
Amazon Glacier
AWS CloudTrail
Vault lock
Versioning Durability
Additional Security Controls
(Elastic Transcoder Security)
• Encryption at rest
Server managed keys
Client provided keys
• Integration with AWS Key Management Service
Amazon Elastic Transcoder only accepts AWS KMS protected keys
Key is never written or stored in cleartext
• Encryption for HLS streams
Built on top of “client provided keys” API
Amazon Elastic Transcoder generates HLS playlists embedding URI for decryption key
• Digital Rights Management
PlayReady DRM packaging
• CloudTrail Integration
AWS CloudTrail
Elastic Transcoder
KMS
Amazon S3
role
Watermarking
Security of Distribution (B2B) applications
Content
Distribution
 B2B distribution
Security of Content Distribution Applications
• FAQs
– Secure Transfer (physical in many cases)
– Encryption & Key Management
– Access Control
– Logging and Monitoring
Security of the Distribution (content transfer)
Workflow (B2B)
AWS cloud
Proxy Layer (Optional)Amazon S3
KMS/
HSM
IAM
role
S3 VPC Endpoint
Internal Users
Vendors/Partners
Affiliates/Distributors
Fine grained temporary access
Temporary Access
Temporary Access
Access Logs
Remote Application
Streaming
Security of Distribution (B2C) applications
Content
Distribution
 B2C streaming of live
and VOD content
 Video advertising
insertion
Content
Consumption
 Analytics, reporting,
log analysis
 Real-time monitoring
 Content discovery
 Content
recommendation
engine
Security of Content Distribution Applications
• FAQs
– Access Control, Rights Management & Content
Monetization
– DRM Packaging
– Encryption
– Logging and Monitoring
Differentuse cases call for different
security measures
Use Case
Example Media
Distributor
Content Security Solution
Commonly in Practice
Delivery Solution
Free/Public UGC Vimeo, WeVideo Open Progressive downloads, streaming
Free/Secure UGC WeVideo, YouTube Signed URLs Progressive downloads, streaming
Ad Supported Sony Crackle, TMZ AES encryption, signed URLs Mostly HTTP or RTMP streaming
Premium Content
(Live Linear or VOD)
Netflix, Amazon Instant
Video
AES Encryption, signed URLs,
DRM
HTTP or RTMP streaming
Prereleased Content Studios
Encryption, watermarking,
DRM
Mezzanine file transfer (mostly B2B), proxy
streaming
AWS mechanisms for securing media delivery
Token / signed
URLs
AES encryption
DRM
Geoblocking
Watermarking
Amazon CloudFront – Private Content (Signed URLs, signed Cookies, OAIs)
Amazon Elastic Transcoder – HLS with AES-128 encryption
AWS Key Management Service – Key Management for Amazon Elastic Transcoder, Amazon EC2, and
Amazon S3
Amazon Elastic Transcoder – PlayReady DRM packaging
Amazon CloudFront – Geo-restriction
Amazon Elastic Transcoder – Visual watermarks
Amazon S3
(Media Storage)
Amazon CloudFront
CDN Security (Amazon CloudFront Security)
End User
HTTP
• CloudFront’s private content feature
Only deliver content to securely signed requests
• HTTPS ONLY requests/delivery
• Signed URL verification
Policy based on a timed URL or a CIDR block of the requestor
• HTTPS ONLY origin fetches
• Trusted signers
• Access logs
• CloudFront origin access identity
• Signed Cookies for Private Content
Include Signature in the cookie itself
Delivery EC2 Instances
Security Group
Signed Request
Amazon S3
(Logs Storage)
Signed Cookie
Verification
Amazon S3 bucket
Amazon
CloudFront
distribution
Availability Zone a
Elastic Load
Balancing
Amazon EC2 instance
web app
server
Availability Zone b
Amazon Elastic
Transcoder
Media owner
AWS Key Management Service
Amazon S3 bucket
Amazon EC2 instance
Amazon DynamoDB
Key Name Base64 Encoded Key
Big Buck Bunny EuoK6SNJcoZ7V8gRqSszdA6yp8MZTbrBY…
Elephants Dream T4iu3N8ZAyzk1JMesuyEQ46tCW5BA43sad…
Security of the Distribution Workflow (B2C) –
A reference streaming workflow
Amazon WAF
A few other topics
• FAQs
– Third Party Media Security Products
• Watermarking
• DRM
– Software Patching and Updates
– Real-time notifications on any security/access
breaches/anomalies
INGEST STORE MANAGE SECUREPROCESS
CREATE
MONETIZE
INTEGRATEDELIVER
Media Security Software on AWS
SECURE
Media Security Software on AWS
SECURE
Questions?
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content & Applications on AWS

Más contenido relacionado

La actualidad más candente

[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015
[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015
[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015Amazon Web Services
 
Cloud Transcoding with Amazon Web Services
Cloud Transcoding with Amazon Web ServicesCloud Transcoding with Amazon Web Services
Cloud Transcoding with Amazon Web ServicesPaolo latella
 
AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...
AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...
AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...Amazon Web Services
 
AWS를 활용한 미디어 스트리밍 서비스
AWS를 활용한 미디어 스트리밍 서비스AWS를 활용한 미디어 스트리밍 서비스
AWS를 활용한 미디어 스트리밍 서비스Amazon Web Services Korea
 
AWS Elemental Services for Video Processing and Delivery
AWS Elemental Services for Video Processing and DeliveryAWS Elemental Services for Video Processing and Delivery
AWS Elemental Services for Video Processing and DeliveryAmazon Web Services
 
How to run your startup on Amazon Web Services, by Alex Iskold
How to run your startup on Amazon Web Services, by Alex IskoldHow to run your startup on Amazon Web Services, by Alex Iskold
How to run your startup on Amazon Web Services, by Alex IskoldAlex Iskold
 
Automate your M&E workflows on AWS
Automate your M&E workflows on AWSAutomate your M&E workflows on AWS
Automate your M&E workflows on AWSAmazon Web Services
 
Deliver and monetize your content with video center operations on aws
Deliver and monetize your content with video center operations on awsDeliver and monetize your content with video center operations on aws
Deliver and monetize your content with video center operations on awsAmazon Web Services
 
AWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsAWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsRightScale
 
Shoot the Bird: Linear Broadcast Distribution on AWS
Shoot the Bird: Linear Broadcast Distribution on AWSShoot the Bird: Linear Broadcast Distribution on AWS
Shoot the Bird: Linear Broadcast Distribution on AWSAmazon Web Services
 
DEV317_Deep Dive on AWS CloudFormation
DEV317_Deep Dive on AWS CloudFormationDEV317_Deep Dive on AWS CloudFormation
DEV317_Deep Dive on AWS CloudFormationAmazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
 
Understanding VMware Cloud on AWS
Understanding VMware Cloud on AWSUnderstanding VMware Cloud on AWS
Understanding VMware Cloud on AWSRightScale
 
Building a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuilding a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuurst
 
Building High Quality Video Operations in the Cloud - Synacor
Building High Quality Video Operations in the Cloud - SynacorBuilding High Quality Video Operations in the Cloud - Synacor
Building High Quality Video Operations in the Cloud - SynacorAmazon Web Services
 
(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices ArchitectureAmazon Web Services
 
What if we put everything in the cloud? - Practical experiences of making it ...
What if we put everything in the cloud? - Practical experiences of making it ...What if we put everything in the cloud? - Practical experiences of making it ...
What if we put everything in the cloud? - Practical experiences of making it ...Amazon Web Services
 
Build on AWS: Delivering and Modernizing.
Build on AWS: Delivering and Modernizing. Build on AWS: Delivering and Modernizing.
Build on AWS: Delivering and Modernizing. Amazon Web Services
 

La actualidad más candente (20)

[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015
[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015
[AWS LA Media & Entertainment Event 2015]: M&E Ecosystem Update Q4 2015
 
Cloud Transcoding with Amazon Web Services
Cloud Transcoding with Amazon Web ServicesCloud Transcoding with Amazon Web Services
Cloud Transcoding with Amazon Web Services
 
AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...
AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...
AWS re:Invent 2016: Deliver and Monetize Your Content with Video Center Opera...
 
AWS를 활용한 미디어 스트리밍 서비스
AWS를 활용한 미디어 스트리밍 서비스AWS를 활용한 미디어 스트리밍 서비스
AWS를 활용한 미디어 스트리밍 서비스
 
AWS Elemental Services for Video Processing and Delivery
AWS Elemental Services for Video Processing and DeliveryAWS Elemental Services for Video Processing and Delivery
AWS Elemental Services for Video Processing and Delivery
 
How to run your startup on Amazon Web Services, by Alex Iskold
How to run your startup on Amazon Web Services, by Alex IskoldHow to run your startup on Amazon Web Services, by Alex Iskold
How to run your startup on Amazon Web Services, by Alex Iskold
 
Automate your M&E workflows on AWS
Automate your M&E workflows on AWSAutomate your M&E workflows on AWS
Automate your M&E workflows on AWS
 
Deliver and monetize your content with video center operations on aws
Deliver and monetize your content with video center operations on awsDeliver and monetize your content with video center operations on aws
Deliver and monetize your content with video center operations on aws
 
GPSTEC325-Enterprise Storage
GPSTEC325-Enterprise StorageGPSTEC325-Enterprise Storage
GPSTEC325-Enterprise Storage
 
AWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid EnvironmentsAWS and VMware: How to Architect and Manage Hybrid Environments
AWS and VMware: How to Architect and Manage Hybrid Environments
 
Shoot the Bird: Linear Broadcast Distribution on AWS
Shoot the Bird: Linear Broadcast Distribution on AWSShoot the Bird: Linear Broadcast Distribution on AWS
Shoot the Bird: Linear Broadcast Distribution on AWS
 
DEV317_Deep Dive on AWS CloudFormation
DEV317_Deep Dive on AWS CloudFormationDEV317_Deep Dive on AWS CloudFormation
DEV317_Deep Dive on AWS CloudFormation
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
 
Understanding VMware Cloud on AWS
Understanding VMware Cloud on AWSUnderstanding VMware Cloud on AWS
Understanding VMware Cloud on AWS
 
Building a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphereBuilding a Hybrid Cloud with AWS and VMware vSphere
Building a Hybrid Cloud with AWS and VMware vSphere
 
Building High Quality Video Operations in the Cloud - Synacor
Building High Quality Video Operations in the Cloud - SynacorBuilding High Quality Video Operations in the Cloud - Synacor
Building High Quality Video Operations in the Cloud - Synacor
 
(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture(ARC303) Pure Play Video OTT: A Microservices Architecture
(ARC303) Pure Play Video OTT: A Microservices Architecture
 
What if we put everything in the cloud? - Practical experiences of making it ...
What if we put everything in the cloud? - Practical experiences of making it ...What if we put everything in the cloud? - Practical experiences of making it ...
What if we put everything in the cloud? - Practical experiences of making it ...
 
Build on AWS: Delivering and Modernizing.
Build on AWS: Delivering and Modernizing. Build on AWS: Delivering and Modernizing.
Build on AWS: Delivering and Modernizing.
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 

Destacado

Media streaming on aws
Media streaming on awsMedia streaming on aws
Media streaming on awscloudnonstop
 
Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...
Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...
Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...ETCenter
 
Content Supply Chain Webinar Summary
Content Supply Chain Webinar Summary Content Supply Chain Webinar Summary
Content Supply Chain Webinar Summary ComBlu, Inc.
 
DTT Regionalization @ iTVF2015 - Istanbul
DTT Regionalization @ iTVF2015 - IstanbulDTT Regionalization @ iTVF2015 - Istanbul
DTT Regionalization @ iTVF2015 - IstanbulBerry Eskes
 
Over the Top Content Delivery: State of the Art and Challenges Ahead
Over the Top Content Delivery: State of the Art and Challenges AheadOver the Top Content Delivery: State of the Art and Challenges Ahead
Over the Top Content Delivery: State of the Art and Challenges AheadAlpen-Adria-Universität
 
OpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa Palmer
OpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa PalmerOpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa Palmer
OpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa Palmervmiss33
 
(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS
(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS
(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWSAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...
AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...
AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...Amazon Web Services
 
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...Amazon Web Services
 
Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013
Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013
Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013Amazon Web Services
 
AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...
AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...
AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...Amazon Web Services
 
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...Amazon Web Services
 
AWS in Media: Cloud and Serverless Architectures
AWS in Media: Cloud and Serverless ArchitecturesAWS in Media: Cloud and Serverless Architectures
AWS in Media: Cloud and Serverless ArchitecturesAmazon Web Services
 
2016 AWS Media & Entertainment Cloud Symposium - New York, NY: May 18, 2016
2016 AWS Media & Entertainment Cloud Symposium - New York, NY:  May 18, 20162016 AWS Media & Entertainment Cloud Symposium - New York, NY:  May 18, 2016
2016 AWS Media & Entertainment Cloud Symposium - New York, NY: May 18, 2016Amazon Web Services
 
Migrating the media supply chain to the AWS cloud
Migrating the media supply chain to the AWS cloud Migrating the media supply chain to the AWS cloud
Migrating the media supply chain to the AWS cloud Amazon Web Services
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksSlideShare
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 

Destacado (19)

Media streaming on aws
Media streaming on awsMedia streaming on aws
Media streaming on aws
 
Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...
Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...
Managing the New Content Supply Chain: Efficiently Reach and Monetize Audienc...
 
Content Supply Chain Webinar Summary
Content Supply Chain Webinar Summary Content Supply Chain Webinar Summary
Content Supply Chain Webinar Summary
 
DTT Regionalization @ iTVF2015 - Istanbul
DTT Regionalization @ iTVF2015 - IstanbulDTT Regionalization @ iTVF2015 - Istanbul
DTT Regionalization @ iTVF2015 - Istanbul
 
Over the Top Content Delivery: State of the Art and Challenges Ahead
Over the Top Content Delivery: State of the Art and Challenges AheadOver the Top Content Delivery: State of the Art and Challenges Ahead
Over the Top Content Delivery: State of the Art and Challenges Ahead
 
OpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa Palmer
OpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa PalmerOpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa Palmer
OpenStack in the Enterprise - NJ VMUG June 9, 2015 - Melissa Palmer
 
(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS
(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS
(ISM307) Migrating Fox's Media Supply Chains to the Cloud with AWS
 
Media Streaming on AWS
Media Streaming on AWSMedia Streaming on AWS
Media Streaming on AWS
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
 
AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...
AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...
AWS for Media: Content in the Cloud, Miles Ward (Amazon Web Services) and Bha...
 
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
 
Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013
Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013
Scalable Media Processing in the Cloud (MED302) | AWS re:Invent 2013
 
AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...
AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...
AWS re:Invent 2016: Getting Started with the Hybrid Cloud: Enterprise Backup ...
 
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
 
AWS in Media: Cloud and Serverless Architectures
AWS in Media: Cloud and Serverless ArchitecturesAWS in Media: Cloud and Serverless Architectures
AWS in Media: Cloud and Serverless Architectures
 
2016 AWS Media & Entertainment Cloud Symposium - New York, NY: May 18, 2016
2016 AWS Media & Entertainment Cloud Symposium - New York, NY:  May 18, 20162016 AWS Media & Entertainment Cloud Symposium - New York, NY:  May 18, 2016
2016 AWS Media & Entertainment Cloud Symposium - New York, NY: May 18, 2016
 
Migrating the media supply chain to the AWS cloud
Migrating the media supply chain to the AWS cloud Migrating the media supply chain to the AWS cloud
Migrating the media supply chain to the AWS cloud
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & Tricks
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShare
 

Similar a [AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content & Applications on AWS

Highly secure content delivery at global scale with amazon cloudfront
Highly secure content delivery at global scale with amazon cloudfrontHighly secure content delivery at global scale with amazon cloudfront
Highly secure content delivery at global scale with amazon cloudfrontAmazon Web Services
 
Security: cloud controls to secure digital media workloads
Security: cloud controls to secure digital media workloadsSecurity: cloud controls to secure digital media workloads
Security: cloud controls to secure digital media workloadsAmazon Web Services
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security  - Usman ShakeelAWS Cloud Controls for Security  - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAmazon Web Services
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAmazon Web Services
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Amazon Web Services
 
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도Amazon Web Services Korea
 
AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...
AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...
AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...Amazon Web Services
 
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniContent Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniAmazon Web Services
 
ENT306 Migrating Large Scale Data Sets to the Cloud
ENT306 Migrating Large Scale Data Sets to the CloudENT306 Migrating Large Scale Data Sets to the Cloud
ENT306 Migrating Large Scale Data Sets to the CloudAmazon Web Services
 
On demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_aws
On demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_awsOn demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_aws
On demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_awsSumit Arora
 

Similar a [AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content & Applications on AWS (20)

Highly secure content delivery at global scale with amazon cloudfront
Highly secure content delivery at global scale with amazon cloudfrontHighly secure content delivery at global scale with amazon cloudfront
Highly secure content delivery at global scale with amazon cloudfront
 
Security: cloud controls to secure digital media workloads
Security: cloud controls to secure digital media workloadsSecurity: cloud controls to secure digital media workloads
Security: cloud controls to secure digital media workloads
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security  - Usman ShakeelAWS Cloud Controls for Security  - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
 
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...
 
Staying Secure in the Cloud
Staying Secure in the CloudStaying Secure in the Cloud
Staying Secure in the Cloud
 
Alert Logic
Alert LogicAlert Logic
Alert Logic
 
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...
AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...
AWS April Webinar Series - Securely Deliver High Quality Content with AWS and...
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioniContent Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
Content Delivery: accelerare in modo sicuro e flessibile siti web e applicazioni
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
ENT306 Migrating Large Scale Data Sets to the Cloud
ENT306 Migrating Large Scale Data Sets to the CloudENT306 Migrating Large Scale Data Sets to the Cloud
ENT306 Migrating Large Scale Data Sets to the Cloud
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
On demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_aws
On demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_awsOn demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_aws
On demand video_streaming_apps_and_its_server_side_cloud_infrastructure_at_aws
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfAnna Loughnan Colquhoun
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 

Último (20)

How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Spring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdfSpring24-Release Overview - Wellingtion User Group-1.pdf
Spring24-Release Overview - Wellingtion User Group-1.pdf
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 

[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content & Applications on AWS

  • 1. Security of your digital content and media applications on AWS Usman Shakeel | Principal Solutions Architect Amazon Web Services© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved©
  • 2. ******* Why is security such a hot topic?
  • 3. So where does AWS come in? AWS makes security more agile Lets you move fast while staying safe
  • 4. Digital Media Workloads Content Production Content Distribution Processing & Management Content Storage  Modelling  Rendering  Video editing  Post production  Broadcast signal acquisition  Digital dailies/approvals  B2C streaming of live and VOD content  B2B distribution  Video advertising insertion  High speed ingest  Library storage and archiving  Tier management  Content/asset management  En/Transcode  Packaging  Encryption, watermarking  Digital Rights Management  Workflow, job scheduling, automation Content Consumption  Analytics, reporting, log analysis  Real-time monitoring  Content discovery  Content recommendation engine Studio Post House + Other Service Providers Affiliates + Broadcasters + Distributors
  • 5. Shared Responsibility • AWS responsible for all backend infrastructure security • Customer is responsible for AWS architecture in their account and application security
  • 6. MPAA Common Guidelines – Security Model
  • 8. Security of your content on AWS Security of the Cloud Security on the Cloud Security on the Cloud Cloud Security Organization & Management Operations Data Security Application Security Development Lifecycle Authentication & Access Secure Coding & Vulnerability Management Digital Security Content Management Content Transfer
  • 9. Security of the Cloud Facilities Physical security Physical infrastructure Network infrastructure Virtualization infrastructure Certifications MPAA best practices alignment https://aws.amazon.com/compliance/mpaa/ Cloud Security Organization & Management Operations Data Security
  • 10. Alignment to MPAA guidelines MPAA Guidelines ISO 27001 MPAA Alignment PCI DSS Level1 SOC
  • 11. What’s in scope for MPAA (guidelines) alignment The entire AWS Services stack
  • 12. Security on the Cloud (application and content security) Application Security Development Lifecycle Authentication & Access Secure Coding & Vulnerability Management Digital Security Content Management Content Transfer Storage | S3, Glacier, EBS, Instance Store, EFS Processing| EC2, Database (RDS/DynamoDB), EMR, ECS, Lambda, SNS, SQS, SWF Network | VPC, VPN, Direct Connect Access | IAM, AWS Config, CloudTrail, CloudWatch
  • 13. Making life easier Choosing security does not mean giving up on convenience or introducing complexity
  • 14. Application Development Security Development Lifecycle Authentication & Access Secure Coding & Vulnerability Management AWS Config AWS IAM AWS CloudTrail AWS Inspector (preview) Application Security
  • 16. Log, Monitor, Act Proactively You are making API calls and accessing your content ... On a growing set of services around the world accessing your content Amazon CloudTrail is continuously recording API calls… And delivering log files to you… Elastic Load Balancing Amazon S3 Amazon Glacier Amazon CloudFront Amazon S3/Amazon CloudFront/App Logs Access Logs Feed Logs in Amazon Cloudwatch or monitor patterns on Logs Act Fast or automate based on realtime notifications and alerts Amazon CloudTrail Elastic Transcoder
  • 17. Launch a CloudFormation stack with all the infrastructure resources for a specific project Autoscale the stack as appropriate AMI CloudFormation Template CloudFormation Terminate Template Recycle Infrastructure often
  • 19. Security of Studio/Post House Applications Content Production Processing & Management Content Storage  Modelling  Rendering  Video editing  Post production  Broadcast signal acquisition  Digital dailies/approvals  High speed ingest  Library storage and archiving  Tier management  Content/asset management  En/Transcode  Packaging  Encryption, watermarking  Digital Rights Management  Workflow, job scheduling, automation
  • 20. Security of Studio/Post House Workflows • FAQs – Highly Valued Pre-Released Assets – Secure Transfer (physical in many cases) – Encryption & Key Management – Access Control – Deletion Protection – Isolated from public access (internet) – Logging and Monitoring – Content location
  • 21. Security of the Studio/Post House Workflows corporate data center AWS cloud users Content Servers disk tape storage Amazon S3 Amazon Glacier Content Encrypted at Rest Encrypted in Transit Using my Keys Over Private Connection Access Policies Protection Processing Layer Amazon EBS
  • 22. Server-side encryption using KMS Amazon S3 AWS KMSRequest Policy Keys managed centrally in Amazon KMS with permissions and auditing of usage
  • 23. Security of the Studio/Post House Workflows (Content encryption and access) corporate data center AWS cloud users Content Servers disk tape storage Processing Layer Amazon S3 Amazon EBS Amazon Glacier KMS/ HSMClient side encryption role IAM role Encrypted Content AWS Import/Export Snowball
  • 24. Prior to S3 VPCE Locking down S3 access with virtual private endpoint (VPCE) Using S3 VPCE Public IP on EC2 Instances and IGW Private IP on EC2 Instances and NAT Access S3 using S3 Private Endpoint (VPE) without using NAT instances or Gateways Increased security Amazon S3 S3
  • 25. Security of the Studio/Post House Workflows (No Public network traversal) corporate data center AWS cloud users Content Servers disk tape storage Processing Layer Amazon S3 Amazon EBS Amazon Glacier KMS/ HSMClient side encryption role IAM Encrypted Content role Direct Connect S3VPCEndpoint
  • 26. Secure Media Supply Chains – A Reference Architecture Key Management Service Provide CPK for S3 encryption at rest EC2, ETS can request the data-key on behalf of customerStore and deliver object specific keys in Dynamo S3 Ingest For Source, Renditions, Metadata Sidecar Files Ingest AWS Elastic Beanstalk Content Consumption CloudFront Distribution Amazon DynamoDB Individual Key Storage Other Media processing on EC2 Elastic Transcoder Processing Authentication/ Authorization Content owner provides the master key
  • 27. 11 Regions 30 Availability Zones 52 Edge locations Where is my content?
  • 28. Source (Virginia) Destination (Oregon) • Only replicates new PUTs. Once S3 is configured, all new uploads into a source bucket will be replicated • Entire bucket or prefix based • 1:1 replication between any 2 regions Use cases Compliance - store data hundreds of miles apart Lower latency - distribute data to regional customers) Security - create remote replicas managed by separate AWS accounts S3 cross-region replication Automated, fast, and reliable asynchronous replication of data across AWS regions
  • 29. Additional Storage Security Controls Amazon S3 PermissionsAccess Logs Amazon Glacier AWS CloudTrail Vault lock Versioning Durability
  • 30. Additional Security Controls (Elastic Transcoder Security) • Encryption at rest Server managed keys Client provided keys • Integration with AWS Key Management Service Amazon Elastic Transcoder only accepts AWS KMS protected keys Key is never written or stored in cleartext • Encryption for HLS streams Built on top of “client provided keys” API Amazon Elastic Transcoder generates HLS playlists embedding URI for decryption key • Digital Rights Management PlayReady DRM packaging • CloudTrail Integration AWS CloudTrail Elastic Transcoder KMS Amazon S3 role Watermarking
  • 31. Security of Distribution (B2B) applications Content Distribution  B2B distribution
  • 32. Security of Content Distribution Applications • FAQs – Secure Transfer (physical in many cases) – Encryption & Key Management – Access Control – Logging and Monitoring
  • 33. Security of the Distribution (content transfer) Workflow (B2B) AWS cloud Proxy Layer (Optional)Amazon S3 KMS/ HSM IAM role S3 VPC Endpoint Internal Users Vendors/Partners Affiliates/Distributors Fine grained temporary access Temporary Access Temporary Access Access Logs Remote Application Streaming
  • 34. Security of Distribution (B2C) applications Content Distribution  B2C streaming of live and VOD content  Video advertising insertion Content Consumption  Analytics, reporting, log analysis  Real-time monitoring  Content discovery  Content recommendation engine
  • 35. Security of Content Distribution Applications • FAQs – Access Control, Rights Management & Content Monetization – DRM Packaging – Encryption – Logging and Monitoring
  • 36. Differentuse cases call for different security measures Use Case Example Media Distributor Content Security Solution Commonly in Practice Delivery Solution Free/Public UGC Vimeo, WeVideo Open Progressive downloads, streaming Free/Secure UGC WeVideo, YouTube Signed URLs Progressive downloads, streaming Ad Supported Sony Crackle, TMZ AES encryption, signed URLs Mostly HTTP or RTMP streaming Premium Content (Live Linear or VOD) Netflix, Amazon Instant Video AES Encryption, signed URLs, DRM HTTP or RTMP streaming Prereleased Content Studios Encryption, watermarking, DRM Mezzanine file transfer (mostly B2B), proxy streaming
  • 37. AWS mechanisms for securing media delivery Token / signed URLs AES encryption DRM Geoblocking Watermarking Amazon CloudFront – Private Content (Signed URLs, signed Cookies, OAIs) Amazon Elastic Transcoder – HLS with AES-128 encryption AWS Key Management Service – Key Management for Amazon Elastic Transcoder, Amazon EC2, and Amazon S3 Amazon Elastic Transcoder – PlayReady DRM packaging Amazon CloudFront – Geo-restriction Amazon Elastic Transcoder – Visual watermarks
  • 38. Amazon S3 (Media Storage) Amazon CloudFront CDN Security (Amazon CloudFront Security) End User HTTP • CloudFront’s private content feature Only deliver content to securely signed requests • HTTPS ONLY requests/delivery • Signed URL verification Policy based on a timed URL or a CIDR block of the requestor • HTTPS ONLY origin fetches • Trusted signers • Access logs • CloudFront origin access identity • Signed Cookies for Private Content Include Signature in the cookie itself Delivery EC2 Instances Security Group Signed Request Amazon S3 (Logs Storage) Signed Cookie Verification
  • 39. Amazon S3 bucket Amazon CloudFront distribution Availability Zone a Elastic Load Balancing Amazon EC2 instance web app server Availability Zone b Amazon Elastic Transcoder Media owner AWS Key Management Service Amazon S3 bucket Amazon EC2 instance Amazon DynamoDB Key Name Base64 Encoded Key Big Buck Bunny EuoK6SNJcoZ7V8gRqSszdA6yp8MZTbrBY… Elephants Dream T4iu3N8ZAyzk1JMesuyEQ46tCW5BA43sad… Security of the Distribution Workflow (B2C) – A reference streaming workflow Amazon WAF
  • 40. A few other topics • FAQs – Third Party Media Security Products • Watermarking • DRM – Software Patching and Updates – Real-time notifications on any security/access breaches/anomalies
  • 41. INGEST STORE MANAGE SECUREPROCESS CREATE MONETIZE INTEGRATEDELIVER Media Security Software on AWS SECURE
  • 42. Media Security Software on AWS SECURE