SlideShare una empresa de Scribd logo

Benefits of Cloud Computing

Amazon Web Services
Amazon Web Services

Here is the presentation for the benefits of cloud computing given by Bas De Natris

Software
1 de 33
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bas de Natris, Brussels April 21, 2017 AWS Journey to the Cloud Approach and Governance
A typical “Cloud Journey” shows workloads moving at different speed Stages of Adoption Ø Project stage Ø Foundation stage Ø Migration stage Ø Reinvention Tipping points Ø Cloud-First ‘intent’ Ø All-in ‘intent’ 2
Your recommended 1st 90 days Create Cloud ‘Minimum Viable product’ Create ‘Cloud Centre of Excellence’ Get Proof-of-Concepts and Early adopters onto platform ASAP Iterative development Use continuous feedback and cycles of learning to develop MVP Tiger team of IT and business SMEs to plan, develop and build cloud capability Critical to delivering value ASAP Hold Cloud Discovery Workshop Executive Sponsor, Key Business Stakeholders, IT Leadership Build out your initial cloud capability Create Cloud Operations Model, Business Case & Roadmap• Use the AWS CAF to guide your planning • Understand Business Drivers, expected outcomes and current environment • Overview of AWS services & identification of POC workloads • Identify AWS services and partners to accelerate adoption • Roadmap to establishing AWS cloud foundation • Creates and drives a compelling vision and business case for the adoption and use of cloud capabilities • Minimal set of AWS capabilities required to deliver clear business value • Creation of the Cloud Operating Model, Business Case and Transformation Roadmap
An example Customer cloud journey… The First Year 1.0 MVP Month 0-3 1.1 Iteration-1 Month 4-6 1.2 Iteration-2 Month 7-9 Platform Build SDLC CCoE Application Migration (Business risk appetite) Demonstrate high value apps on AWS Network, IAM & Security Financial Reporting Basic EC2, RDS, EBS Templates Standard Pipelines & Developer Tools Standard Cloud SOE AMI Baking Process Standard Release, Change, Event Management Self- Service Service Catalog Move simple, low-risk apps Non-critical apps move using CI/CD Critical apps move using CI/CD Legacy apps move using lift & shift SDLC Security, Resilience & Compliance Production ITIL workflow automation Incident, Problem, Management Production Assurance Testing Value Time Usage spike as Self-Service becomes available
The Adoption Journey Continued Year 1 Year 2 Year 3 Year 4 • Early Discovery • Learning • POCs • TCO/ROI Analysis • Security & Risk Preparation • Cloud Strategy • Foundational Architecture • New Application Patterns (MSA, CI/CD) • Dev/Test • Production Application Migration • Operational Integration • Billing Optimization Value • Portfolio Mass Migration • DC Shutdown • Horizontal Solutions (VDI, Back- up/Archive, Broad storage) • Advanced Operational Patterns (CI/CD) • Optimization • Infrastructure fully automated • App/Dev owns full solution stack with tools and service catalogs Time Year 5
What is a Landing Zone and do I need one? H - A configured secure enterprise multi-account AWS environment based on best practices - A starting point for your application migration journey - An environment that allows for iteration & extension over time
Our Journey Today Domains Direct Connect Start Accounts End User Interaction AutomationService Catalog Central Services Migrate Iterate Operate & Optimize Logging Config Access Identities Federation Network Security Identity & Access Cloud Users What’s Next ? image
Infrastructure Request Current State Typical Enterprise Situation Governance & Service Management Central IT Lines of Business Provisioning Characteristics • Lead times ~days to weeks • Service catalogue of components • Often process-heavy service management
Agility versus Control How to choose? We want agility, so we can innovate in our business I need control, so I can protect our business Business & Business IT Central IT?
Monitor & Respond Landing Zone Templates Policy & Best Practices Landscape Management Current State Opportunity to achieve agility and control Automation Lines of Business Central IT Opportunities • Lead times in minutes • Service catalogue of landscapes • Automated service management
Security Automation Cloud IT Consumers Current State Guiding Principles
Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
Account Structure • Don’t overdo on Day One • Use separate accounts for: Security and Compliance Isolation (production non-prod, logging) Cost Allocation Resource Management and Ownership
Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
Network Key Considerations Non-overlapping IP range VPC Design Access Control Lists & Security Groups Logging and Monitoring AWS Direct Connect Subnet Design
Network Direct Connect for connecting on-prem and AWS environment Customer Gateway VPN backup Direct Connect Location Virtual Interface #1 Virtual Interface #2 Secondary Direct Connect Location ` ` Partner Network
Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
Our Landing Zone needs to be safe and secure Insight is the first step • Who is accessing our Amazon accounts and what are they doing? • How will we know if anyone breaks our security policy? • What does the traffic on our infrastructure look like and are all of our resources isolated? • How can we easily analyze our logs?
AWS CloudTrail records who is accessing APIs Store/archive Central logging account Troubleshoot Monitor & alarm AWS accounts make API call On a growing set of AWS services around the world.. CloudTrail is continuously recording API calls Amazon EBS
AWS Config informs you of policy violations Compliance Guideline Non-compliance Action All storage volumes should be encrypted Automatically encrypt storage volumes Instances must not have unrestricted Internet access on Port 22 Remove Port 22 access from any Internet host Instances must be tagged with environment type Notify developer (email, page, SNS) Pre-configured rules: https://github.com/awslabs/aws-config-rules
Log everything centrally for analysis The AWS centralized logging solution makes it easy for security teams to consolidate AWS logs and analyze them to detect incidents Amazon EC2 flow logs VPC subnet AWS CloudTrail Amazon S3 Amazon CloudWatch AWS Lambda Amazon Elasticsearch Service You can do this by simply using: • Amazon ElasticSearch Service • CloudTrail logs • VPC flow logs • EC2 server logs Log Transform Search https://aws.amazon.com/answers/ logging/centralized-logging
Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like You get to apply your existing security policy Two options to create or import your own ‘gold’ images 1. Import existing VMs to AWS 2. Procure partner AMI from AWS Marketplace 3. Create and save your own custom images On 3: choose how to build your standard host security environment Choose how to start your compute Private images or import your current ones CIS AMI: https://aws.amazon.com/marketplace/seller-profile?id=6b3b0dc2-c6f4-487b-8f29-9edba5f39eed
Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with your existing corporate directory and provide SSO to your customers. Support for SAML 2.0 (like your existing Active Directory) and OpenID compatible Identity Providers (IdPs). You can use AWS managed policies, policies for typical job functions or customer-generated policies using the policy generator and test with the policy simulator AWS account owner Identity and Access Management Control access and segregate duties everywhere
Corporate Data Center Browser interface Identity Store Identity and Access Management Federation with on-prem directory AD Group Identity and authentication Mapping to specific IAM role with access policy Access to AWS http://docs.aws.amazon.com/directoryservice/latest/admin-guide/manage_apps_services.html
Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
Customers want to: • Define the resources and landscapes where software and applications are deployed • ‘Approve once and deploy many’ • Enable self-service, deploy with confidence • Automate deployments Agility and Control What do customers tell us about asset management deployment?
Agility and Control AWS Service Catalog AWS Service Catalog allows organizations to create and manage catalogs of IT services. It enables users to quickly deploy approved IT services they need in a self-service manner. Administrator Users Control Standardization Governance Agility Self-service Time to market
Product = Template CloudFormation Running stack JSON formatted file Parameter definition Resource creation Configuration actions Configured AWS services Comprehensive service support Service event-aware Customizable Framework Stack creation Stack updates Error detection and rollback Administrator Interaction CloudFormation to create products
Browse products 4 3 2 1 Portfolio Cloud consumers Select version, Provision product, configure parametersDeploy Notifications and outputs Notifications and outputs 4 Administrator Cloud Consumer Interaction AWS Service Catalog
Agility and Control Service Catalog – End-User View
Agility and Control Service Catalog – Stack deployed with schedule https://aws.amazon.com/answers/infrastructure-management/ec2-scheduler/
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you

Recomendados

Security & Compliance (Part 1)
Security & Compliance (Part 1)Security & Compliance (Part 1)
Security & Compliance (Part 1)
Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
Amazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
The Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT ThingThe Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT Thing
Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
Amazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Amazon Web Services
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 

Recomendados

Security & Compliance (Part 1)
Security & Compliance (Part 1)Security & Compliance (Part 1)
Security & Compliance (Part 1)
Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
Amazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
Amazon Web Services
 
The Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT ThingThe Lifecycle of an AWS IoT Thing
The Lifecycle of an AWS IoT Thing
Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
Amazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Amazon Web Services
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
Windows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate TorontoWindows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate Toronto
Amazon Web Services
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million Users
Amazon Web Services
 
Running Mission Critical Workload for Financial Services Institutions on AWS
Running Mission Critical Workload for Financial Services Institutions on AWSRunning Mission Critical Workload for Financial Services Institutions on AWS
Running Mission Critical Workload for Financial Services Institutions on AWS
Amazon Web Services
 
Business Track
Business Track Business Track
Business Track
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - Keynote
Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
Amazon Web Services
 
FS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud SecurityFS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud Security
Amazon Web Services
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
Amazon Web Services
 
AWS Security and Compliance
AWS Security and ComplianceAWS Security and Compliance
AWS Security and Compliance
Amazon Web Services
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
Amazon Web Services
 
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...
Brian Andrzejewski
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
Amazon Web Services
 
Cloud Migration for Financial Services - Toronto - October 2016
Cloud Migration for Financial Services - Toronto - October 2016Cloud Migration for Financial Services - Toronto - October 2016
Cloud Migration for Financial Services - Toronto - October 2016
Amazon Web Services
 
Aufbau von agilen und effizienten IT Organisationen mit DevOps
Aufbau von agilen und effizienten IT Organisationen mit DevOpsAufbau von agilen und effizienten IT Organisationen mit DevOps
Aufbau von agilen und effizienten IT Organisationen mit DevOps
AWS Germany
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by Design
Amazon Web Services
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & Controls
Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Aufbau von agilen und effizienten IT Organisationen mit DevOps
Aufbau von agilen und effizienten IT Organisationen mit DevOpsAufbau von agilen und effizienten IT Organisationen mit DevOps
Aufbau von agilen und effizienten IT Organisationen mit DevOps
AWS Germany
 

La actualidad más candente (20)

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Windows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate TorontoWindows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate Toronto
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million Users
 
Running Mission Critical Workload for Financial Services Institutions on AWS
Running Mission Critical Workload for Financial Services Institutions on AWSRunning Mission Critical Workload for Financial Services Institutions on AWS
Running Mission Critical Workload for Financial Services Institutions on AWS
 
Business Track
Business Track Business Track
Business Track
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - Keynote
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...From Monolith to Microservices - Containerized Microservices on AWS - April 2...
From Monolith to Microservices - Containerized Microservices on AWS - April 2...
 
FS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud SecurityFS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud Security
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
AWS Security and Compliance
AWS Security and ComplianceAWS Security and Compliance
AWS Security and Compliance
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...
AWS ReInvent 2020: SEC313 - A security operator’s guide to practical AWS Clou...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Cloud Migration for Financial Services - Toronto - October 2016
Cloud Migration for Financial Services - Toronto - October 2016Cloud Migration for Financial Services - Toronto - October 2016
Cloud Migration for Financial Services - Toronto - October 2016
 
Aufbau von agilen und effizienten IT Organisationen mit DevOps
Aufbau von agilen und effizienten IT Organisationen mit DevOpsAufbau von agilen und effizienten IT Organisationen mit DevOps
Aufbau von agilen und effizienten IT Organisationen mit DevOps
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by Design
 
Security, Risk, Compliance & Controls
Security, Risk, Compliance & ControlsSecurity, Risk, Compliance & Controls
Security, Risk, Compliance & Controls
 

Similar a Benefits of Cloud Computing

AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
Amazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Amazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Amazon Web Services
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
Amazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Amazon Web Services
 
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
Amazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
Amazon Web Services
 

Similar a Benefits of Cloud Computing (20)

Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Accelerating your Business with Security
Accelerating your Business with SecurityAccelerating your Business with Security
Accelerating your Business with Security
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptxSteve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with Security
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
Migración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores PrácticasMigración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores Prácticas
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools ENT302 Deep Dive on AWS Management Tools
ENT302 Deep Dive on AWS Management Tools
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
(ISM315) How to Quantify TCO & Increase Business Value Gains Using AWS
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
Governance at Scale
Governance at Scale Governance at Scale
Governance at Scale
 
Expanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud InfrastructureExpanding Your Data Center with Hybrid Cloud Infrastructure
Expanding Your Data Center with Hybrid Cloud Infrastructure
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud Infrastructure
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Alberto González Trastoy
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Steffen Staab
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
VishalKumarJha10
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
shinachiaurasa2
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Nitya salvi
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
ayushiqss
 

Último (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Pharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodologyPharm-D Biostatistics and Research methodology
Pharm-D Biostatistics and Research methodology
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park %in ivory park+277-882-255-28 abortion pills for sale in ivory park
%in ivory park+277-882-255-28 abortion pills for sale in ivory park
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdfintroduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf
 
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdfAzure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
Azure_Native_Qumulo_High_Performance_Compute_Benchmarks.pdf
 
The title is not connected to what is inside
The title is not connected to what is insideThe title is not connected to what is inside
The title is not connected to what is inside
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Define the academic and professional writing..pdf
Define the academic and professional writing..pdfDefine the academic and professional writing..pdf
Define the academic and professional writing..pdf
 
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...
 
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdfThe Top App Development Trends Shaping the Industry in 2024-25 .pdf
The Top App Development Trends Shaping the Industry in 2024-25 .pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students8257 interfacing 2 in microprocessor for btech students
8257 interfacing 2 in microprocessor for btech students
 

Benefits of Cloud Computing

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bas de Natris, Brussels April 21, 2017 AWS Journey to the Cloud Approach and Governance
  • 2. A typical “Cloud Journey” shows workloads moving at different speed Stages of Adoption Ø Project stage Ø Foundation stage Ø Migration stage Ø Reinvention Tipping points Ø Cloud-First ‘intent’ Ø All-in ‘intent’ 2
  • 3. Your recommended 1st 90 days Create Cloud ‘Minimum Viable product’ Create ‘Cloud Centre of Excellence’ Get Proof-of-Concepts and Early adopters onto platform ASAP Iterative development Use continuous feedback and cycles of learning to develop MVP Tiger team of IT and business SMEs to plan, develop and build cloud capability Critical to delivering value ASAP Hold Cloud Discovery Workshop Executive Sponsor, Key Business Stakeholders, IT Leadership Build out your initial cloud capability Create Cloud Operations Model, Business Case & Roadmap• Use the AWS CAF to guide your planning • Understand Business Drivers, expected outcomes and current environment • Overview of AWS services & identification of POC workloads • Identify AWS services and partners to accelerate adoption • Roadmap to establishing AWS cloud foundation • Creates and drives a compelling vision and business case for the adoption and use of cloud capabilities • Minimal set of AWS capabilities required to deliver clear business value • Creation of the Cloud Operating Model, Business Case and Transformation Roadmap
  • 4. An example Customer cloud journey… The First Year 1.0 MVP Month 0-3 1.1 Iteration-1 Month 4-6 1.2 Iteration-2 Month 7-9 Platform Build SDLC CCoE Application Migration (Business risk appetite) Demonstrate high value apps on AWS Network, IAM & Security Financial Reporting Basic EC2, RDS, EBS Templates Standard Pipelines & Developer Tools Standard Cloud SOE AMI Baking Process Standard Release, Change, Event Management Self- Service Service Catalog Move simple, low-risk apps Non-critical apps move using CI/CD Critical apps move using CI/CD Legacy apps move using lift & shift SDLC Security, Resilience & Compliance Production ITIL workflow automation Incident, Problem, Management Production Assurance Testing Value Time Usage spike as Self-Service becomes available
  • 5. The Adoption Journey Continued Year 1 Year 2 Year 3 Year 4 • Early Discovery • Learning • POCs • TCO/ROI Analysis • Security & Risk Preparation • Cloud Strategy • Foundational Architecture • New Application Patterns (MSA, CI/CD) • Dev/Test • Production Application Migration • Operational Integration • Billing Optimization Value • Portfolio Mass Migration • DC Shutdown • Horizontal Solutions (VDI, Back- up/Archive, Broad storage) • Advanced Operational Patterns (CI/CD) • Optimization • Infrastructure fully automated • App/Dev owns full solution stack with tools and service catalogs Time Year 5
  • 6. What is a Landing Zone and do I need one? H - A configured secure enterprise multi-account AWS environment based on best practices - A starting point for your application migration journey - An environment that allows for iteration & extension over time
  • 7. Our Journey Today Domains Direct Connect Start Accounts End User Interaction AutomationService Catalog Central Services Migrate Iterate Operate & Optimize Logging Config Access Identities Federation Network Security Identity & Access Cloud Users What’s Next ? image
  • 8. Infrastructure Request Current State Typical Enterprise Situation Governance & Service Management Central IT Lines of Business Provisioning Characteristics • Lead times ~days to weeks • Service catalogue of components • Often process-heavy service management
  • 9. Agility versus Control How to choose? We want agility, so we can innovate in our business I need control, so I can protect our business Business & Business IT Central IT?
  • 10. Monitor & Respond Landing Zone Templates Policy & Best Practices Landscape Management Current State Opportunity to achieve agility and control Automation Lines of Business Central IT Opportunities • Lead times in minutes • Service catalogue of landscapes • Automated service management
  • 11. Security Automation Cloud IT Consumers Current State Guiding Principles
  • 12. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 13. Account Structure • Don’t overdo on Day One • Use separate accounts for: Security and Compliance Isolation (production non-prod, logging) Cost Allocation Resource Management and Ownership
  • 14. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 15. Network Key Considerations Non-overlapping IP range VPC Design Access Control Lists & Security Groups Logging and Monitoring AWS Direct Connect Subnet Design
  • 16. Network Direct Connect for connecting on-prem and AWS environment Customer Gateway VPN backup Direct Connect Location Virtual Interface #1 Virtual Interface #2 Secondary Direct Connect Location ` ` Partner Network
  • 17. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 18. Our Landing Zone needs to be safe and secure Insight is the first step • Who is accessing our Amazon accounts and what are they doing? • How will we know if anyone breaks our security policy? • What does the traffic on our infrastructure look like and are all of our resources isolated? • How can we easily analyze our logs?
  • 19. AWS CloudTrail records who is accessing APIs Store/archive Central logging account Troubleshoot Monitor & alarm AWS accounts make API call On a growing set of AWS services around the world.. CloudTrail is continuously recording API calls Amazon EBS
  • 20. AWS Config informs you of policy violations Compliance Guideline Non-compliance Action All storage volumes should be encrypted Automatically encrypt storage volumes Instances must not have unrestricted Internet access on Port 22 Remove Port 22 access from any Internet host Instances must be tagged with environment type Notify developer (email, page, SNS) Pre-configured rules: https://github.com/awslabs/aws-config-rules
  • 21. Log everything centrally for analysis The AWS centralized logging solution makes it easy for security teams to consolidate AWS logs and analyze them to detect incidents Amazon EC2 flow logs VPC subnet AWS CloudTrail Amazon S3 Amazon CloudWatch AWS Lambda Amazon Elasticsearch Service You can do this by simply using: • Amazon ElasticSearch Service • CloudTrail logs • VPC flow logs • EC2 server logs Log Transform Search https://aws.amazon.com/answers/ logging/centralized-logging
  • 22. Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like You get to apply your existing security policy Two options to create or import your own ‘gold’ images 1. Import existing VMs to AWS 2. Procure partner AMI from AWS Marketplace 3. Create and save your own custom images On 3: choose how to build your standard host security environment Choose how to start your compute Private images or import your current ones CIS AMI: https://aws.amazon.com/marketplace/seller-profile?id=6b3b0dc2-c6f4-487b-8f29-9edba5f39eed
  • 23. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 24. You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with your existing corporate directory and provide SSO to your customers. Support for SAML 2.0 (like your existing Active Directory) and OpenID compatible Identity Providers (IdPs). You can use AWS managed policies, policies for typical job functions or customer-generated policies using the policy generator and test with the policy simulator AWS account owner Identity and Access Management Control access and segregate duties everywhere
  • 25. Corporate Data Center Browser interface Identity Store Identity and Access Management Federation with on-prem directory AD Group Identity and authentication Mapping to specific IAM role with access policy Access to AWS http://docs.aws.amazon.com/directoryservice/latest/admin-guide/manage_apps_services.html
  • 26. Start Accounts Network Security Identity & Access Cloud Users What’s Next ?
  • 27. Customers want to: • Define the resources and landscapes where software and applications are deployed • ‘Approve once and deploy many’ • Enable self-service, deploy with confidence • Automate deployments Agility and Control What do customers tell us about asset management deployment?
  • 28. Agility and Control AWS Service Catalog AWS Service Catalog allows organizations to create and manage catalogs of IT services. It enables users to quickly deploy approved IT services they need in a self-service manner. Administrator Users Control Standardization Governance Agility Self-service Time to market
  • 29. Product = Template CloudFormation Running stack JSON formatted file Parameter definition Resource creation Configuration actions Configured AWS services Comprehensive service support Service event-aware Customizable Framework Stack creation Stack updates Error detection and rollback Administrator Interaction CloudFormation to create products
  • 31. Agility and Control Service Catalog – End-User View
  • 32. Agility and Control Service Catalog – Stack deployed with schedule https://aws.amazon.com/answers/infrastructure-management/ec2-scheduler/
  • 33. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you