SlideShare una empresa de Scribd logo

Security and Compliance in the Cloud

Amazon Web Services
Amazon Web Services

This session provides real guidance and practical answers to government users’ questions about security and compliance, helping agencies move away from the “worry-based fiction” of the cloud Speaker: Stephen Squigg, Solutions Architect, Amazon Web Services, APAC

Tecnología
1 de 71
AWS Government, Education, & Nonprofits Symposium Canberra, Australia | May 6, 2015 Stephen Quigg Principal Solutions Architect, APAC Amazon Web Services Security and Compliance in the Cloud
SECURITY IS JOB ZERO
Security is Job Zero Network Security Physical Security Platform Security People & Procedures
HOW DOES AWS PRACTICE SECURITY?
The practice of security at AWS is different, but the outcome is familiar: So what does your security team look like? • Operations • Engineering • Application Security • Compliance
Measure constantly, report regularly, and hold senior executives accountable for security – have them drive the right culture Our Culture:
Our Culture: Test, CONSTANTLY • Inside/outside • Privileged/unprivileged • Black-box/white-box • Vendor/self
Simple Security Controls
 Easy to Get Right
 Easy to Audit

This To This
SECURITY IS SHARED
Build everything on a constantly improving security baseline GxP ISO 13485 AS9100 ISO/TS 16949 AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations AWS is responsible for the security OF the Cloud
AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud Security is shared between AWS and its customers Customers
AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers get their own solutions and configurations assessed The AWS platform has been iRAP assessed and certified AWS is certified by the ASD for unclassified DLM Customers
AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Meet your own individual departmental needs We have many Government customers in Australia AWS  Foundation  Services Customers The AWS platform has been iRAP assessed and certified
SECURITY IS FAMILIAR
Security is Familiar • We strive to make security at AWS as familiar as what you are doing right now – Visibility – Auditability – Controllability – Agility
VISIBILITY
VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIRONMENT RIGHT NOW?
Trusted Advisor checks your account
Security is Visible • Who is accessing the resources? • Who took what action? – When? – From where? – What did they do? – Logs Logs Logs
You are making API calls... On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL Redshift AWS CloudFormation AWS Elastic Beanstalk
AWS Config tells you
 what has changed AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.
Continuous ChangeRecordingChanging Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
Use cases enabled by Config • Security Analysis: Am I safe? • Audit Compliance: Where is the evidence? • Change Management: What will this change affect? • Troubleshooting: What has changed?
What will this change affect? • When your resources are created, updated, or deleted, these configuration changes are streamed to Amazon SNS • Relationships between resources are understood, so that you can proactively assess change impact
What changed? • It is critical to be able to quickly answer “What has changed?” • You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files
Integrated Support from Our Partner Ecosystem
CONTROL
CONTROL OF YOUR DATA
You are in control of privacy Choose geographic location and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content Control content lifecycle and disposal Customers retain full ownership and control of their content
US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Your data stays where you put it 11 AWS Regions
US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Build resilience and durability everywhere 26 Availability Zones
Cache content close to your customers 53 CloudFront Edge locations
transit AWS region AWS edge AWS edge AWS edgetransit transit Route 53 CloudFront Exploit the resilience of an AWS Region
First class security and compliance starts (but doesn’t end!) with encryption Automatic encryption with managed keys Bring your own keys Dedicated hardware security modules
AWS Key Management Service One-click Encryption Centralized key management (create, delete, view, set policies) Enforced, automatic key rotation Visibility into any changes via CloudTrail Encryption key management and compliance made easy
Available, durable, and integrated with AWS Services Keys stored in HSMs Integrated with AWS Services Highly Available and durable
AWS Key Management Service
 Integrated with AWS IAM Console
AWS Key Management Service
 Integrated with Amazon EBS
AWS Key Management Service
 Integrated with Amazon S3
AWS Key Management Service
 Integrated with Amazon Redshift
• SafeNet Luna SA managed and monitored by AWS, but you fully control and manage the keys • Increase performance for applications that use HSMs for key storage or encryption • Comply with stringent requirements for key protection • You can also use your own HSMs in your own facilities EC2 Instance AWS CloudHSM AWS CloudHSM You can also store your Encryption Keys in AWS CloudHSM
CONTROL OF YOUR INFRASTRUCTURE
Create your own private, isolated section of the AWS cloud AvailabilityZoneA AvailabilityZoneB AWS Virtual Private Cloud • Provision a logically isolated section of the AWS cloud • You choose a private IP range for your VPC • Segment this into subnets to deploy your compute instances AWS network security • AWS network will prevent spoofing and other common layer 2 attacks • You cannot sniff anything but your own EC2 host network interface • Control all external routing and connectivity
Segregate your VPC into subnets to create your architecture Web App DBWeb
Each subnet has directional network access control lists App DBWeb Web Allow Deny all traffic Allow Allow
Each EC2 instance has five stateful security group firewalls App DB Port 3306 Web Web Port 443 Port 443 Port 443 Port 443 Port443
Control which subnets can route to the Internet or 
 on-premise App DBWeb Web PUBLIC PRIVATE PRIVATE REPLICATE ON-PREM
ApplicationServices You can securely share resources between VPCs Digital WebsitesBig Data Analytics Enterprise Apps Route traffic between VPCs in private and peer specific subnets between each VPC Even between AWS accounts Common Services Security Services AWS VPC Peering
You can connect resiliently and in private to your own datacentres YOUR AWS ENVIRONMENT AWS Direct Connect YOUR PREMISES Digital Websites Big Data Analytics Dev and Test Enterprise Apps AWS Internet VPN
Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like You get to apply your existing security policy Create or import your own ‘gold’ images • Import existing VMs to AWS or save your own custom images Choose how to build your standard host security environment Apply your existing host controls and configurations
SECURITY THROUGH AGILITY
As AWS innovates you get to innovate
Security is about how quickly you can protect DevOps isn’t just for coders • Make security be architecture rather than operations • Automate security patch deployment • When new patch released • Understand if you need it (software manifest) • Build and deploy patch in test environment • Automatically test the system still works • Promote to live environment == Patched as quickly as possible
Security is about detecting signs of an incident
 Cloudwatch Logs lets you grab everything and monitor activity • When storage is cheap you might as well collect and keep your logs • Cloudwatch Logs makes it easy to capture any log and store it in a durable manner • Integration with Cloudwatch Metrics and Alarms means you can continually scan for events you know might be suspicious IF (detect web attacker > 10 in a 1 minute period) ALARM == TRUE == INCIDENT IN PROGRESS!
Security is about how quickly you can react
 The first response should be your automation • Trigger workflow to act - automating the first line of response can markedly improve customers time to react during incidents • If == bad limit functionality whilst investigating, e.g. go read only or deny more user registration • If badness > really bad shut off internet connectivity until CERT can investigate
AUDIT EVERYTHING
Innovations Are For Auditors Too Auditing-centric services and features • New: AWS Config • New: AWS Key Management Service (AWS KMS) • AWS Trusted Advisor checks • Last AWS sign in • AWS CloudTrail • IAM Credential Reports • Policies
Step 1: Get an AWS User Account
Geographic data locality Control over regional replication Policies, resource level permissions, temporary credentials Fine-grained access control In-depth logging AWS CloudTrail and Config Fine-grained visibility and control for accounts, resources, data Visibility into resources and usage Service Describe* APIs and 
 AWS CloudWatch Control over deployment AWS CloudFormation Step 2: Get transparent governance
Step 3: Get evidence you can audit • Many compliance audits require access to the state of your systems at arbitrary times (i.e. PCI, HIPAA) • A complete inventory of all resources and their configuration attributes is available for any point in time
Ways to Inventory Assets
Last AWS Sign In
AWS CloudTrail
IAM Credential Reports
Policies
Security is Job Zero YOU ARE BETTER OFF IN AWS THAN YOU ARE IN YOUR OWN ENVIRONMENT – “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers.” -Tom Soderstrom, CTO, NASA JPL – Nearly 60% of organizations agreed that CSPs [cloud service providers] provide better security than their own IT organizations. Source: IDC 2013 U.S. Cloud Security Survey, doc #242836, September 2013
Resources for You • aws.amazon.com/compliance • Self-paced labs (Qwiklabs) https://run.qwiklab.com/ – Auditing Your AWS Security Architecture • aws.amazon.com/security – Special Australian Government iRAP guidance coming soon! – Best practices and operational checklists – Architectural guidance – Detailed security information about the AWS services
Thank You

Recomendados

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
Amazon Web Services Korea
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
Amazon Web Services
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
Amazon Web Services Korea
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 

Recomendados

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
AWS Summit Seoul 2023 | 가격은 저렴, 성능은 최대로! 확 달라진 Amazon EC2 알아보기
Amazon Web Services Korea
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
Amazon Web Services
 
Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트Security on AWS :: 이경수 솔루션즈아키텍트
Security on AWS :: 이경수 솔루션즈아키텍트
Amazon Web Services Korea
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017 AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
Amazon Web Services Korea
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The Cloud
Amazon Web Services
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
Amazon Web Services
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
Simplilearn
 
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptxTrack 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Amazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
Amazon Web Services
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To Guide
Amazon Web Services
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWS
sampath439572
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
Amazon Web Services Korea
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
Amazon Web Services Japan
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
Amazon Web Services Korea
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Edureka!
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 
Leveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer EngagementLeveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer Engagement
Amazon Web Services
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise Support
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017 AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
Amazon Web Services Korea
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
Simplilearn
 
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptxTrack 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Amazon Web Services
 
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
Amazon Web Services Korea
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
David J Rosenthal
 
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
Amazon Web Services Korea
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 

La actualidad más candente (20)

AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017 AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
AWS 엣지 서비스를 통한 글로벌 서비스 관리 전략 - AWS Summit Seoul 2017
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The Cloud
 
AWS Networking Fundamentals
AWS Networking FundamentalsAWS Networking Fundamentals
AWS Networking Fundamentals
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
AWS Cloud Adoption Framework
AWS Cloud Adoption Framework AWS Cloud Adoption Framework
AWS Cloud Adoption Framework
 
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
AWS Lambda Tutorial For Beginners | What is AWS Lambda? | AWS Tutorial For Be...
 
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptxTrack 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
Track 5 Session 4_ intel 透過AWS Outposts就地佈署 on-premises 雲端環境.pptx
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
Cloud Migration: A How-To Guide
Cloud Migration: A How-To GuideCloud Migration: A How-To Guide
Cloud Migration: A How-To Guide
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWS
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
AWS를 위한 도커, 컨테이너 (이미지) 환경 보안 방안 - 양희선 부장, TrendMicro :: AWS Summit Seoul 2019
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
20190319 AWS Black Belt Online Seminar Amazon FSx for Windows Server
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
고객의 플랫폼/서비스를 개선한 국내 사례 살펴보기 – 장준성 AWS 솔루션즈 아키텍트, 강산아 NDREAM 팀장, 송영호 야놀자 매니저, ...
 
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
Amazon CloudWatch Tutorial | AWS Certification | Cloud Monitoring Tools | AWS...
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
 

Destacado

Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloud
Hassan EL ALLOUSSI
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
Amazon Web Services
 
Flex pod spring2013-slideshare
Flex pod spring2013-slideshareFlex pod spring2013-slideshare
Flex pod spring2013-slideshare
Michael Harding
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
Amazon Web Services
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Amazon Web Services
 

Destacado (20)

Leveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer EngagementLeveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer Engagement
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise Support
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - Keynote
 
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloud
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
AMRO C.V
AMRO C.VAMRO C.V
AMRO C.V
 
Neev cloud services with AWS
Neev cloud services with AWSNeev cloud services with AWS
Neev cloud services with AWS
 
RDP Support escalation matrix
RDP Support escalation matrixRDP Support escalation matrix
RDP Support escalation matrix
 
Flex pod spring2013-slideshare
Flex pod spring2013-slideshareFlex pod spring2013-slideshare
Flex pod spring2013-slideshare
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Building Social Proficiency Across The Organization
Building Social Proficiency Across The OrganizationBuilding Social Proficiency Across The Organization
Building Social Proficiency Across The Organization
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
 
Azure App Service
Azure App ServiceAzure App Service
Azure App Service
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
 

Similar a Security and Compliance in the Cloud

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
Amazon Web Services Korea
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 

Similar a Security and Compliance in the Cloud (20)

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in Practice
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Último (20)

Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 

Security and Compliance in the Cloud

  • 1. AWS Government, Education, & Nonprofits Symposium Canberra, Australia | May 6, 2015 Stephen Quigg Principal Solutions Architect, APAC Amazon Web Services Security and Compliance in the Cloud
  • 3. Security is Job Zero Network Security Physical Security Platform Security People & Procedures
  • 4. HOW DOES AWS PRACTICE SECURITY?
  • 5. The practice of security at AWS is different, but the outcome is familiar: So what does your security team look like? • Operations • Engineering • Application Security • Compliance
  • 6. Measure constantly, report regularly, and hold senior executives accountable for security – have them drive the right culture Our Culture:
  • 7. Our Culture: Test, CONSTANTLY • Inside/outside • Privileged/unprivileged • Black-box/white-box • Vendor/self
  • 8. Simple Security Controls
 Easy to Get Right
 Easy to Audit

  • 11. Build everything on a constantly improving security baseline GxP ISO 13485 AS9100 ISO/TS 16949 AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations AWS is responsible for the security OF the Cloud
  • 12. AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud Security is shared between AWS and its customers Customers
  • 13. AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers get their own solutions and configurations assessed The AWS platform has been iRAP assessed and certified AWS is certified by the ASD for unclassified DLM Customers
  • 14. AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Meet your own individual departmental needs We have many Government customers in Australia AWS  Foundation  Services Customers The AWS platform has been iRAP assessed and certified
  • 16. Security is Familiar • We strive to make security at AWS as familiar as what you are doing right now – Visibility – Auditability – Controllability – Agility
  • 18. VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIRONMENT RIGHT NOW?
  • 19.
  • 20.
  • 21. Trusted Advisor checks your account
  • 22. Security is Visible • Who is accessing the resources? • Who took what action? – When? – From where? – What did they do? – Logs Logs Logs
  • 23. You are making API calls... On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL Redshift AWS CloudFormation AWS Elastic Beanstalk
  • 24. AWS Config tells you
 what has changed AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.
  • 25. Continuous ChangeRecordingChanging Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
  • 26. Use cases enabled by Config • Security Analysis: Am I safe? • Audit Compliance: Where is the evidence? • Change Management: What will this change affect? • Troubleshooting: What has changed?
  • 27. What will this change affect? • When your resources are created, updated, or deleted, these configuration changes are streamed to Amazon SNS • Relationships between resources are understood, so that you can proactively assess change impact
  • 28. What changed? • It is critical to be able to quickly answer “What has changed?” • You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files
  • 29. Integrated Support from Our Partner Ecosystem
  • 32. You are in control of privacy Choose geographic location and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content Control content lifecycle and disposal Customers retain full ownership and control of their content
  • 33. US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Your data stays where you put it 11 AWS Regions
  • 34. US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Build resilience and durability everywhere 26 Availability Zones
  • 35. Cache content close to your customers 53 CloudFront Edge locations
  • 37. First class security and compliance starts (but doesn’t end!) with encryption Automatic encryption with managed keys Bring your own keys Dedicated hardware security modules
  • 38. AWS Key Management Service One-click Encryption Centralized key management (create, delete, view, set policies) Enforced, automatic key rotation Visibility into any changes via CloudTrail Encryption key management and compliance made easy
  • 39. Available, durable, and integrated with AWS Services Keys stored in HSMs Integrated with AWS Services Highly Available and durable
  • 40. AWS Key Management Service
 Integrated with AWS IAM Console
  • 41. AWS Key Management Service
 Integrated with Amazon EBS
  • 42. AWS Key Management Service
 Integrated with Amazon S3
  • 43. AWS Key Management Service
 Integrated with Amazon Redshift
  • 44. • SafeNet Luna SA managed and monitored by AWS, but you fully control and manage the keys • Increase performance for applications that use HSMs for key storage or encryption • Comply with stringent requirements for key protection • You can also use your own HSMs in your own facilities EC2 Instance AWS CloudHSM AWS CloudHSM You can also store your Encryption Keys in AWS CloudHSM
  • 45. CONTROL OF YOUR INFRASTRUCTURE
  • 46. Create your own private, isolated section of the AWS cloud AvailabilityZoneA AvailabilityZoneB AWS Virtual Private Cloud • Provision a logically isolated section of the AWS cloud • You choose a private IP range for your VPC • Segment this into subnets to deploy your compute instances AWS network security • AWS network will prevent spoofing and other common layer 2 attacks • You cannot sniff anything but your own EC2 host network interface • Control all external routing and connectivity
  • 47. Segregate your VPC into subnets to create your architecture Web App DBWeb
  • 48. Each subnet has directional network access control lists App DBWeb Web Allow Deny all traffic Allow Allow
  • 49. Each EC2 instance has five stateful security group firewalls App DB Port 3306 Web Web Port 443 Port 443 Port 443 Port 443 Port443
  • 50. Control which subnets can route to the Internet or 
 on-premise App DBWeb Web PUBLIC PRIVATE PRIVATE REPLICATE ON-PREM
  • 51. ApplicationServices You can securely share resources between VPCs Digital WebsitesBig Data Analytics Enterprise Apps Route traffic between VPCs in private and peer specific subnets between each VPC Even between AWS accounts Common Services Security Services AWS VPC Peering
  • 52. You can connect resiliently and in private to your own datacentres YOUR AWS ENVIRONMENT AWS Direct Connect YOUR PREMISES Digital Websites Big Data Analytics Dev and Test Enterprise Apps AWS Internet VPN
  • 53. Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like You get to apply your existing security policy Create or import your own ‘gold’ images • Import existing VMs to AWS or save your own custom images Choose how to build your standard host security environment Apply your existing host controls and configurations
  • 55. As AWS innovates you get to innovate
  • 56. Security is about how quickly you can protect DevOps isn’t just for coders • Make security be architecture rather than operations • Automate security patch deployment • When new patch released • Understand if you need it (software manifest) • Build and deploy patch in test environment • Automatically test the system still works • Promote to live environment == Patched as quickly as possible
  • 57. Security is about detecting signs of an incident
 Cloudwatch Logs lets you grab everything and monitor activity • When storage is cheap you might as well collect and keep your logs • Cloudwatch Logs makes it easy to capture any log and store it in a durable manner • Integration with Cloudwatch Metrics and Alarms means you can continually scan for events you know might be suspicious IF (detect web attacker > 10 in a 1 minute period) ALARM == TRUE == INCIDENT IN PROGRESS!
  • 58. Security is about how quickly you can react
 The first response should be your automation • Trigger workflow to act - automating the first line of response can markedly improve customers time to react during incidents • If == bad limit functionality whilst investigating, e.g. go read only or deny more user registration • If badness > really bad shut off internet connectivity until CERT can investigate
  • 60. Innovations Are For Auditors Too Auditing-centric services and features • New: AWS Config • New: AWS Key Management Service (AWS KMS) • AWS Trusted Advisor checks • Last AWS sign in • AWS CloudTrail • IAM Credential Reports • Policies
  • 61. Step 1: Get an AWS User Account
  • 62. Geographic data locality Control over regional replication Policies, resource level permissions, temporary credentials Fine-grained access control In-depth logging AWS CloudTrail and Config Fine-grained visibility and control for accounts, resources, data Visibility into resources and usage Service Describe* APIs and 
 AWS CloudWatch Control over deployment AWS CloudFormation Step 2: Get transparent governance
  • 63. Step 3: Get evidence you can audit • Many compliance audits require access to the state of your systems at arbitrary times (i.e. PCI, HIPAA) • A complete inventory of all resources and their configuration attributes is available for any point in time
  • 69. Security is Job Zero YOU ARE BETTER OFF IN AWS THAN YOU ARE IN YOUR OWN ENVIRONMENT – “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers.” -Tom Soderstrom, CTO, NASA JPL – Nearly 60% of organizations agreed that CSPs [cloud service providers] provide better security than their own IT organizations. Source: IDC 2013 U.S. Cloud Security Survey, doc #242836, September 2013
  • 70. Resources for You • aws.amazon.com/compliance • Self-paced labs (Qwiklabs) https://run.qwiklab.com/ – Auditing Your AWS Security Architecture • aws.amazon.com/security – Special Australian Government iRAP guidance coming soon! – Best practices and operational checklists – Architectural guidance – Detailed security information about the AWS services