SlideShare una empresa de Scribd logo

SEC307 Automating Security and Compliance Response in the Cloud

Amazon Web Services
Amazon Web Services

"Your enterprise cloud requires oversight and continuous management that can be more effectively addressed through security and compliance automation. In this session, learn how to ensure your cloud is compliant with standards critical to your business, and how you can replace outdated processes and tools that slow down delivery of new (and secure) code. We will look closely at issues that can make your environment vulnerable, like dead accounts and other inappropriate access-enabling risks, and misconfigurations that can create unwanted access points. Our session explains how security and compliance automation is used to eradicate these types of issues and many more by leveraging Amazon Simple Notification Service (SNS) and AWS Lambda workflows, integrations with DevOps tools and more. This session is brought to you by AWS Summit New York City sponsor, Evident.io."

Tecnología
1 de 35
Descargar para leer sin conexión
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. John Martinez, VP Customer Solutions, Evident.io August 14, 2017 Automating Security and Compliance Response in the Cloud
The audit’s done! Copyright © 2017
Who made that change? Copyright © 2017
Stop the madness! Copyright © 2017
Let’s Get You Back to Your Happy Place Start with the Best Workload is Shared Managed Continuously Automatic Fixes Reporting is Easy Auditors (& Customers) are Happy Copyright © 2017
Q: DO ANY OF THESE APPLY TO YOU? Copyright © 2017
Start with the best Compliant Cloud: AWS AWS Quick Starts: • NIST • NIST High-Impact • PCI DSS Security by Design Quick Start architecture for NIST-based frameworks on AWS Copyright © 2017
Q: WHO OWNS SECURITY & COMPLIANCE? SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Copyright © 2017
SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Administration, Investigation, Monitoring, Enforcement Copyright © 2017
SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Development, Testing, Maintenance, Mitigation Copyright © 2017
SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Audit, Governance, Reporting Copyright © 2017
SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Policy, Governance, Education Copyright © 2017
SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Oversight, Resource Allocation, Voice of Business Copyright © 2017
SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO We’re All in This Together! Copyright © 2017
“You Build It, You Run It” Drives Team Efficiency Ellie Mae’s north star is to automate everything that is automatable in the residential mortgage industry. They have been able to advance their cloud maturity by building out security as code to enable their DevOps team to move faster, securely. “I give new people AWS accounts with confidence because they get an ESP account, too.” Anthony Johnson Staff Engineer, Cloud Platform Copyright © 2017
Q: HOW OFTEN DO YOU REVIEW & REPORT? YEARLY QUARTERLY MONTHLY WEEKLY DAILY 2017 Q3 JULY JULY 24-30 JULY 26 Copyright © 2017
Q: HOW OFTEN DO YOU REVIEW & REPORT? DO YOU KNOW WHERE YOU STAND TODAY? YEARLY QUARTERLY MONTHLY WEEKLY DAILY 2017 Q3 JULY JULY 24-30 JULY 26 Copyright © 2017
ORGS THAT PRACTICE AGILE DEVELOPMENT Copyright © 2017
ORGS THAT PRACTICE AGILE COMPLIANCE Copyright © 2017
THE CLASSIC WAY TO MANAGE COMPLIANCE Start Measuring Spend 2-4 weeks/months fixing issues PANIC MODE… Start Fixing Issues REALLY Freak Out… Pull Everyone to Get Ready for Audit Sit with Auditors (& pray it’s all OK) Copyright © 2017
HOW DO YOU GET CONTROL OF YOUR COMPLIANCE BACKLOG?
BETTER WAY: MANAGE CONTINUOUSLY DEPLOY MONITOR TEST & ANALYZE ALERT DEVOPS APPLY FIXES NEW RELEASE NEW RELEASE DEPLOY DEPLOY
EVEN BETTER WAY: AUTOMATE ENFORCEMENT, TOO DEPLOY MONITOR TEST & ANALYZE NEW RELEASE NEW RELEASE DEPLOY DEPLOY COMPLIANT REMEDIATE
ESP Dashboard AWS Lambda Alert Fix Problem ESP Updated SNS Integration Find Problem/ Open Ticket Compliant Problem resolved Ticket updated 1 2 3 4 a b c d Copyright © 2017
AGILE COMPLIANCE = CONTINUOUS COMPLIANCE  Demonstrate compliance in small increments  Make improvements over time (don’t add to your backlog)  Get to a fully compliant state  Measure & report at regular intervals to stay compliant Copyright © 2017
EVIDENT SECURITY PLATFORM (ESP) DEMO
Simplifying NIST 800-53 Compliance in GovCloud Jive Software selected the Evident Security Platform (ESP) as an automation tool to continuously monitor vulnerabilities in their AWS infrastructure, saving them time and money. Simple one-click compliance reports for CIS AWS Foundations Benchmark, PCI and NIST 800-53 provides on-going measurement and industry frameworks. “I can’t do my job without ESP.” Matt Willman Principle Architect for FedRAMP Copyright © 2017
Q: HOW LONG DOES IT TAKE TO MANUALLY VALIDATE AND RECORD A CONTROL CHECK?
LET’S DO SOME COMPLIANCE MATH PCI DSS: 4 Accounts 12 Testable Controls 2,813 control checks X 2.5 minutes per 117.2 hours 10 weeks! NIST 800-53: 1 Account 35 Testable Controls 9,534 control checks X 2.5 minutes per 397 hours or Automation is a MUST
Isn’t it time to eliminate the massive spreadsheets?
TURN REPORTING SPEED INTO A COMPETITIVE ASSET Copyright © 2017
Managing Compliance, Continuously Like most other small credit unions, Vibrant was trying to do more with less and they implemented Evident.io’s security platform (ESP) to help with the pain of annual audits and continuous monitoring for vulnerabilities in their Amazon Web Services (AWS) environment. Evident.io has helped monitor VCU’s environments and helped the organization remain compliant throughout their year plus partnership. STEVE MCATEE, CIO VIBRANT CREDIT UNION Copyright © 2017
Let’s Get You Back to Your Happy Place Start With the Best Workload is Shared Managed Continuously Automatic Fixes Reporting is Easy Auditors (& Customers) are Happy Copyright © 2017
QUESTIONS? TRY OUT ESP FOR FREE: EVIDENT.IO/SIGN-UP LET’S TALK: BOOTH 118
Thank you!

Recomendados

SEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the CloudSEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the CloudAmazon Web Services
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016
AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016
AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016Amazon Web Services
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAmazon Web Services
 
The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017Amazon Web Services
 
SRV301 Getting the Most Bang for your Buck with #EC2 #Winning
SRV301 Getting the Most Bang for your Buck with #EC2 #WinningSRV301 Getting the Most Bang for your Buck with #EC2 #Winning
SRV301 Getting the Most Bang for your Buck with #EC2 #WinningAmazon Web Services
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceAmazon Web Services
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Amazon Web Services
 

Recomendados

SEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the CloudSEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the CloudAmazon Web Services
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016
AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016
AWS GovCloud (US) and the Enterprise | AWS Public Sector Summit 2016Amazon Web Services
 
AWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAWS APAC Webinar Week - Training & Certification Masterclass
AWS APAC Webinar Week - Training & Certification MasterclassAmazon Web Services
 
The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017Amazon Web Services
 
SRV301 Getting the Most Bang for your Buck with #EC2 #Winning
SRV301 Getting the Most Bang for your Buck with #EC2 #WinningSRV301 Getting the Most Bang for your Buck with #EC2 #Winning
SRV301 Getting the Most Bang for your Buck with #EC2 #WinningAmazon Web Services
 
SRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceSRV422 Deep Dive on AWS Database Migration Service
SRV422 Deep Dive on AWS Database Migration ServiceAmazon Web Services
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud Amazon Web Services
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesGetting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
New Achitectures
New AchitecturesNew Achitectures
New AchitecturesAmazon Web Services
 
Best Practices for Microsoft Architectures on AWS
Best Practices for Microsoft Architectures on AWSBest Practices for Microsoft Architectures on AWS
Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
Protecting Our Data on AWS
Protecting Our Data on AWSProtecting Our Data on AWS
Protecting Our Data on AWSAmazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
 
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...Amazon Web Services
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersAmazon Web Services
 
Dell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
Dell EMC: Protect Your Workloads on AWS With Increased Scale & PerformanceDell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
Dell EMC: Protect Your Workloads on AWS With Increased Scale & PerformanceAmazon Web Services
 
Closing Keynote - AWS Summit Stockholm
Closing Keynote - AWS Summit StockholmClosing Keynote - AWS Summit Stockholm
Closing Keynote - AWS Summit StockholmAmazon Web Services
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudKeeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
Moving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesMoving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesAmazon Web Services
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesAmazon Web Services
 
ENT203 Monitoring and Autoscaling, a Match Made in Heaven
ENT203 Monitoring and Autoscaling, a Match Made in HeavenENT203 Monitoring and Autoscaling, a Match Made in Heaven
ENT203 Monitoring and Autoscaling, a Match Made in HeavenAmazon Web Services
 
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...Amazon Web Services
 
Automating Security Event Reponse
Automating Security Event ReponseAutomating Security Event Reponse
Automating Security Event ReponseAmazon Web Services
 
Jumpstart Your Digital Journey
Jumpstart Your Digital JourneyJumpstart Your Digital Journey
Jumpstart Your Digital JourneyAmazon Web Services
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...AWS Germany
 
Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017Amazon Web Services
 
GPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkGPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkAmazon Web Services
 

Más contenido relacionado

La actualidad más candente

Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesGetting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
Best Practices for Microsoft Architectures on AWS
Best Practices for Microsoft Architectures on AWSBest Practices for Microsoft Architectures on AWS
Best Practices for Microsoft Architectures on AWSAmazon Web Services
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesAmazon Web Services
 
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...Amazon Web Services
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersAmazon Web Services
 
Dell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
Dell EMC: Protect Your Workloads on AWS With Increased Scale & PerformanceDell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
Dell EMC: Protect Your Workloads on AWS With Increased Scale & PerformanceAmazon Web Services
 
Closing Keynote - AWS Summit Stockholm
Closing Keynote - AWS Summit StockholmClosing Keynote - AWS Summit Stockholm
Closing Keynote - AWS Summit StockholmAmazon Web Services
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudKeeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for EnterprisesAmazon Web Services
 
Moving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesMoving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesAmazon Web Services
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesAmazon Web Services
 
ENT203 Monitoring and Autoscaling, a Match Made in Heaven
ENT203 Monitoring and Autoscaling, a Match Made in HeavenENT203 Monitoring and Autoscaling, a Match Made in Heaven
ENT203 Monitoring and Autoscaling, a Match Made in HeavenAmazon Web Services
 
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...Amazon Web Services
 
Automating Security Event Reponse
Automating Security Event ReponseAutomating Security Event Reponse
Automating Security Event ReponseAmazon Web Services
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...AWS Germany
 
Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

La actualidad más candente (20)

Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesGetting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces
 
New Achitectures
New AchitecturesNew Achitectures
New Achitectures
 
Best Practices for Microsoft Architectures on AWS
Best Practices for Microsoft Architectures on AWSBest Practices for Microsoft Architectures on AWS
Best Practices for Microsoft Architectures on AWS
 
Protecting Our Data on AWS
Protecting Our Data on AWSProtecting Our Data on AWS
Protecting Our Data on AWS
 
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot InstancesWKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
WKS401 Deploy a Deep Learning Framework on Amazon ECS and EC2 Spot Instances
 
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
ENT310 Microservices? Dynamic Infrastructure? - Adventures in Keeping Your Ap...
 
Build a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million UsersBuild a Website on AWS for Your First 10 Million Users
Build a Website on AWS for Your First 10 Million Users
 
Dell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
Dell EMC: Protect Your Workloads on AWS With Increased Scale & PerformanceDell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
Dell EMC: Protect Your Workloads on AWS With Increased Scale & Performance
 
Closing Keynote - AWS Summit Stockholm
Closing Keynote - AWS Summit StockholmClosing Keynote - AWS Summit Stockholm
Closing Keynote - AWS Summit Stockholm
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudKeeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
 
(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises(SEC321) Implementing Policy, Governance & Security for Enterprises
(SEC321) Implementing Policy, Governance & Security for Enterprises
 
Moving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesMoving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpaces
 
ENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New LaunchesENT302 Deep Dive on AWS Management Tools and New Launches
ENT302 Deep Dive on AWS Management Tools and New Launches
 
ENT203 Monitoring and Autoscaling, a Match Made in Heaven
ENT203 Monitoring and Autoscaling, a Match Made in HeavenENT203 Monitoring and Autoscaling, a Match Made in Heaven
ENT203 Monitoring and Autoscaling, a Match Made in Heaven
 
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
AWS re:Invent 2016: Store and collaborate on content securely with Amazon Wor...
 
Automating Security Event Reponse
Automating Security Event ReponseAutomating Security Event Reponse
Automating Security Event Reponse
 
Jumpstart Your Digital Journey
Jumpstart Your Digital JourneyJumpstart Your Digital Journey
Jumpstart Your Digital Journey
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
 
Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

Similar a SEC307 Automating Security and Compliance Response in the Cloud

GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017Amazon Web Services
 
GPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkGPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkAmazon Web Services
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Amazon Web Services
 
How to get from Zero to Hundreds of Certified Engineers
How to get from Zero to Hundreds of Certified EngineersHow to get from Zero to Hundreds of Certified Engineers
How to get from Zero to Hundreds of Certified EngineersAmazon Web Services
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsAmazon Web Services
 
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeGPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeAmazon Web Services
 
Introduction: AWS-Enabled Enterprise Storage Solutions
Introduction: AWS-Enabled Enterprise Storage SolutionsIntroduction: AWS-Enabled Enterprise Storage Solutions
Introduction: AWS-Enabled Enterprise Storage SolutionsAmazon Web Services
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Amazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
AWSome Day - Opening Keynote
AWSome Day - Opening KeynoteAWSome Day - Opening Keynote
AWSome Day - Opening KeynoteAdrian Hornsby
 
Keynote - AWSome Day Copenhagen
Keynote - AWSome Day Copenhagen Keynote - AWSome Day Copenhagen
Keynote - AWSome Day Copenhagen Amazon Web Services
 
An Overview of Best Practices for Large Scale Migrations
An Overview of Best Practices for Large Scale MigrationsAn Overview of Best Practices for Large Scale Migrations
An Overview of Best Practices for Large Scale MigrationsAmazon Web Services
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
WKS402A Well-Architected Workshop
WKS402A Well-Architected WorkshopWKS402A Well-Architected Workshop
WKS402A Well-Architected WorkshopAmazon Web Services
 
WKS402B Well-Architected Workshop
WKS402B Well-Architected WorkshopWKS402B Well-Architected Workshop
WKS402B Well-Architected WorkshopAmazon Web Services
 
AWS Melbourne CO Meetup - Introduction - 20 Nov 2017
AWS Melbourne CO Meetup - Introduction - 20 Nov 2017AWS Melbourne CO Meetup - Introduction - 20 Nov 2017
AWS Melbourne CO Meetup - Introduction - 20 Nov 2017Peter Shi
 
WKS402 Well-Architected Workshop
WKS402 Well-Architected WorkshopWKS402 Well-Architected Workshop
WKS402 Well-Architected WorkshopAmazon Web Services
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAmazon Web Services
 
規劃大規模遷移到 AWS 的最佳實踐
規劃大規模遷移到 AWS 的最佳實踐規劃大規模遷移到 AWS 的最佳實踐
規劃大規模遷移到 AWS 的最佳實踐Amazon Web Services
 

Similar a SEC307 Automating Security and Compliance Response in the Cloud (20)

GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
GPS: Starting Out with the AWS Partner Network - GPSBUS223 - re:Invent 2017
 
GPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner NetworkGPSBUS223-Starting Out with the AWS Partner Network
GPSBUS223-Starting Out with the AWS Partner Network
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing Zones
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 
How to get from Zero to Hundreds of Certified Engineers
How to get from Zero to Hundreds of Certified EngineersHow to get from Zero to Hundreds of Certified Engineers
How to get from Zero to Hundreds of Certified Engineers
 
ENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale MigrationsENT212-An Overview of Best Practices for Large-Scale Migrations
ENT212-An Overview of Best Practices for Large-Scale Migrations
 
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP PracticeGPSBUS204_Building a Profitable Next Generation AWS MSP Practice
GPSBUS204_Building a Profitable Next Generation AWS MSP Practice
 
Introduction: AWS-Enabled Enterprise Storage Solutions
Introduction: AWS-Enabled Enterprise Storage SolutionsIntroduction: AWS-Enabled Enterprise Storage Solutions
Introduction: AWS-Enabled Enterprise Storage Solutions
 
Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...Improving Microservice and Serverless Observability with Monitoring Data - SR...
Improving Microservice and Serverless Observability with Monitoring Data - SR...
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
AWSome Day - Opening Keynote
AWSome Day - Opening KeynoteAWSome Day - Opening Keynote
AWSome Day - Opening Keynote
 
Keynote - AWSome Day Copenhagen
Keynote - AWSome Day Copenhagen Keynote - AWSome Day Copenhagen
Keynote - AWSome Day Copenhagen
 
An Overview of Best Practices for Large Scale Migrations
An Overview of Best Practices for Large Scale MigrationsAn Overview of Best Practices for Large Scale Migrations
An Overview of Best Practices for Large Scale Migrations
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
WKS402A Well-Architected Workshop
WKS402A Well-Architected WorkshopWKS402A Well-Architected Workshop
WKS402A Well-Architected Workshop
 
WKS402B Well-Architected Workshop
WKS402B Well-Architected WorkshopWKS402B Well-Architected Workshop
WKS402B Well-Architected Workshop
 
AWS Melbourne CO Meetup - Introduction - 20 Nov 2017
AWS Melbourne CO Meetup - Introduction - 20 Nov 2017AWS Melbourne CO Meetup - Introduction - 20 Nov 2017
AWS Melbourne CO Meetup - Introduction - 20 Nov 2017
 
WKS402 Well-Architected Workshop
WKS402 Well-Architected WorkshopWKS402 Well-Architected Workshop
WKS402 Well-Architected Workshop
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
規劃大規模遷移到 AWS 的最佳實踐
規劃大規模遷移到 AWS 的最佳實踐規劃大規模遷移到 AWS 的最佳實踐
規劃大規模遷移到 AWS 的最佳實踐
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

Último (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

SEC307 Automating Security and Compliance Response in the Cloud

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. John Martinez, VP Customer Solutions, Evident.io August 14, 2017 Automating Security and Compliance Response in the Cloud
  • 5. Let’s Get You Back to Your Happy Place Start with the Best Workload is Shared Managed Continuously Automatic Fixes Reporting is Easy Auditors (& Customers) are Happy Copyright © 2017
  • 6. Q: DO ANY OF THESE APPLY TO YOU? Copyright © 2017
  • 7. Start with the best Compliant Cloud: AWS AWS Quick Starts: • NIST • NIST High-Impact • PCI DSS Security by Design Quick Start architecture for NIST-based frameworks on AWS Copyright © 2017
  • 8. Q: WHO OWNS SECURITY & COMPLIANCE? SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Copyright © 2017
  • 9. SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Administration, Investigation, Monitoring, Enforcement Copyright © 2017
  • 10. SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Development, Testing, Maintenance, Mitigation Copyright © 2017
  • 11. SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Audit, Governance, Reporting Copyright © 2017
  • 12. SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Policy, Governance, Education Copyright © 2017
  • 13. SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO Oversight, Resource Allocation, Voice of Business Copyright © 2017
  • 14. SHARING THE WORKLOAD SECOPS DEVOPS RISK & COMPLIANCE CISO CIO, CFO, CEO We’re All in This Together! Copyright © 2017
  • 15. “You Build It, You Run It” Drives Team Efficiency Ellie Mae’s north star is to automate everything that is automatable in the residential mortgage industry. They have been able to advance their cloud maturity by building out security as code to enable their DevOps team to move faster, securely. “I give new people AWS accounts with confidence because they get an ESP account, too.” Anthony Johnson Staff Engineer, Cloud Platform Copyright © 2017
  • 16. Q: HOW OFTEN DO YOU REVIEW & REPORT? YEARLY QUARTERLY MONTHLY WEEKLY DAILY 2017 Q3 JULY JULY 24-30 JULY 26 Copyright © 2017
  • 17. Q: HOW OFTEN DO YOU REVIEW & REPORT? DO YOU KNOW WHERE YOU STAND TODAY? YEARLY QUARTERLY MONTHLY WEEKLY DAILY 2017 Q3 JULY JULY 24-30 JULY 26 Copyright © 2017
  • 18. ORGS THAT PRACTICE AGILE DEVELOPMENT Copyright © 2017
  • 19. ORGS THAT PRACTICE AGILE COMPLIANCE Copyright © 2017
  • 20. THE CLASSIC WAY TO MANAGE COMPLIANCE Start Measuring Spend 2-4 weeks/months fixing issues PANIC MODE… Start Fixing Issues REALLY Freak Out… Pull Everyone to Get Ready for Audit Sit with Auditors (& pray it’s all OK) Copyright © 2017
  • 21. HOW DO YOU GET CONTROL OF YOUR COMPLIANCE BACKLOG?
  • 22. BETTER WAY: MANAGE CONTINUOUSLY DEPLOY MONITOR TEST & ANALYZE ALERT DEVOPS APPLY FIXES NEW RELEASE NEW RELEASE DEPLOY DEPLOY
  • 23. EVEN BETTER WAY: AUTOMATE ENFORCEMENT, TOO DEPLOY MONITOR TEST & ANALYZE NEW RELEASE NEW RELEASE DEPLOY DEPLOY COMPLIANT REMEDIATE
  • 24. ESP Dashboard AWS Lambda Alert Fix Problem ESP Updated SNS Integration Find Problem/ Open Ticket Compliant Problem resolved Ticket updated 1 2 3 4 a b c d Copyright © 2017
  • 25. AGILE COMPLIANCE = CONTINUOUS COMPLIANCE  Demonstrate compliance in small increments  Make improvements over time (don’t add to your backlog)  Get to a fully compliant state  Measure & report at regular intervals to stay compliant Copyright © 2017
  • 27. Simplifying NIST 800-53 Compliance in GovCloud Jive Software selected the Evident Security Platform (ESP) as an automation tool to continuously monitor vulnerabilities in their AWS infrastructure, saving them time and money. Simple one-click compliance reports for CIS AWS Foundations Benchmark, PCI and NIST 800-53 provides on-going measurement and industry frameworks. “I can’t do my job without ESP.” Matt Willman Principle Architect for FedRAMP Copyright © 2017
  • 28. Q: HOW LONG DOES IT TAKE TO MANUALLY VALIDATE AND RECORD A CONTROL CHECK?
  • 29. LET’S DO SOME COMPLIANCE MATH PCI DSS: 4 Accounts 12 Testable Controls 2,813 control checks X 2.5 minutes per 117.2 hours 10 weeks! NIST 800-53: 1 Account 35 Testable Controls 9,534 control checks X 2.5 minutes per 397 hours or Automation is a MUST
  • 30. Isn’t it time to eliminate the massive spreadsheets?
  • 31. TURN REPORTING SPEED INTO A COMPETITIVE ASSET Copyright © 2017
  • 32. Managing Compliance, Continuously Like most other small credit unions, Vibrant was trying to do more with less and they implemented Evident.io’s security platform (ESP) to help with the pain of annual audits and continuous monitoring for vulnerabilities in their Amazon Web Services (AWS) environment. Evident.io has helped monitor VCU’s environments and helped the organization remain compliant throughout their year plus partnership. STEVE MCATEE, CIO VIBRANT CREDIT UNION Copyright © 2017
  • 33. Let’s Get You Back to Your Happy Place Start With the Best Workload is Shared Managed Continuously Automatic Fixes Reporting is Easy Auditors (& Customers) are Happy Copyright © 2017
  • 34. QUESTIONS? TRY OUT ESP FOR FREE: EVIDENT.IO/SIGN-UP LET’S TALK: BOOTH 118