SlideShare una empresa de Scribd logo

Security Framework Shakedown

Amazon Web Services
Amazon Web Services

Security Framework Shakedown. AWS Initiate Day, Austin, TX

1 de 47
Descargar para leer sin conexión
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Framework Shakedown Chart Your Journey with AWS Best Practices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objectives • Define a security strategy, deliver a security program and develop robust security operations on AWS • Explain, Implement AWS security best practices • Adopt AWS security services at an accelerated pace • Get some code!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • NAB Cloud security journey • Cloud adoption framework security perspective • AWS well-architected framework security pillar
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. National Australia Bank Our vision: To be Australia's leading bank, trusted by customers for exceptional service • One of Australia’s four major banks and largest business bank • More than 30,000 employees and 9 million customers across 900 locations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance Insights • We had to change our approach • Scale with automation and decentralization • Security compliments agile
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Foundations of continuous compliance Baseline Compliance Portfolio AWS Service Compliance Portfolio Application Compliance Portfolio Service A Service B API Gateway Amazon RDS Amazon EBS Prod Account Non-Prod Account Application Security Assessment AWS Service Control Review Security Posture
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS cloud adoption framework
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF security perspective Security Perspective Directive Preventative Detective Responsive
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Core five epics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS shared responsibility model
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define a strategy Identify your workloads moving to AWSIdentify stakeholders
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deliver a security program Rationalize security requirements Define data protections and controls Document security architecture
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security cartography
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF best practices Inventory current security requirements Adopt a security framework Identify workload security controls Map current security controls to cloud controls Create a security RACI Create a risk register
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Robust security operations Deploy architecture Automation Continuous monitoring Testing and Gameda
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity & Access Mgmt Detective Control Infrastructure Security Data Protection Incident Response Week 1 Week 2 Week 5Week 3 Week 4 Sample security Epics journey
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the AWS Well-Architected Framework? Pillars Design Principles Questions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pillars of AWS Well-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A mechanism for your cloud journey Learn Measure Improve
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security design principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Root account should never be used Consider AWS Organizations Set account security questions & contacts Centralize identities Continuously Audit
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Never store credentials or secrets in code Enforce MFA on everything Use IAM roles for users and services Establish least privileged policies Use temporary credentials
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enforce MFA User can only assume a role with MFA MFA token Permissions RoleUser AWS CloudPermissions http://bit.ly/AWSWALabs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Enable traceability Consider Amazon GuardDuty Configure application & infrastructure logging Centralize using a SIEM Proactively monitor Regular reviews of news & best practices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enable traceability Use AWS CloudFormation! http://bit.ly/D3T3cT
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Network protection Amazon CloudFront + AWS WAF Amazon VPC and security groups Private connectivity - VPC peering, VPN, AWS Direct Connect Service endpoints Enforce service level permission
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Network protection Bucket Instances Region VPC Users https://amzn.to/2PbHOpz WAF Automation www.example.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Apply security at all layers Harden operating systems & defaults Use anti-malware + intrusion detection Scan infrastructure Scan code Patch vulnerabilities
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: compute protection
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Scan vulnerabilities Scan instances with Amazon Inspector https://amzn.to/2DT9jyg Scan code in the pipeline Dependency Check: http://bit.ly/2SPzUAp Testing OWASP Zap: http://bit.ly/2yWwzqN
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Serverless • Authorization and authentication – API Gateway • Enforce boundaries - AWS services & network • Input validation • Protect sensitive data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Automate security best practices Template infra: AWS CloudFormation / AWS SAM Automate build and test AWS Config rules for verification Automate response to non-compliance Automate response to events
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate management Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate checks Config Rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Protect data Encryption mechanisms are enforced Verify accessibility of data, e.g. Amazon S3 & EBS Consider AWS Certificate Manager Consider tokenization to substitute sensitive data Data segmentation and isolation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Classify your data • Start classifying data based on sensitivity • Use resource tags to help define the policy Amazon Macie discover, classify, and protect sensitive data in AWS IAM control: http://bit.ly/IAMctrlTAG
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Keep people away from data Dashboards for users Tools for administrators
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Incident response Prepare for different scenarios Pre-deploy tools using automation Pre-provision access for response teams Practice responding through game days Continuously improve your processes
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Run incident response game day 1. Schedule a four to eight hour block 2. Find a prize (bribery) 3. Supply food & beverages 4. Pick relevant scenarios from: https://amzn.to/2PetNro 5. Create a runbook 6. Practice 7. Have fun!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Simple run book Event description [Attack Type] [Attack Description] Data to gather for troubleshooting [Evaluation of current data] Steps to troubleshoot and fix [Contain / impact / recovery / forensics] Urgency category [Critical, Important, moderate, informational] Communications & escalation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action! CAF: aws.amazon.com/professional-services/CAF/ W-A: aws.amazon.com/well-architected W-A Labs: http://bit.ly/AWSWALabs AWS sec twitter: @AWSSecurityInfo AWS sec blog: https://aws.amazon.com/blogs/security/

Recomendados

Drive Digital Transformation Using AI
Drive Digital Transformation Using AIDrive Digital Transformation Using AI
Drive Digital Transformation Using AIAmazon Web Services
 
Machine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersMachine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersAmazon Web Services
 
Amazon SageMaker
Amazon SageMakerAmazon SageMaker
Amazon SageMakerAmazon Web Services
 
Cloud Economics
Cloud EconomicsCloud Economics
Cloud EconomicsAmazon Web Services
 
Plenary Session
Plenary SessionPlenary Session
Plenary SessionAmazon Web Services
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOpsAmazon Web Services
 
Digital transformation on aws
Digital transformation on awsDigital transformation on aws
Digital transformation on awsReham Maher El-Safarini
 
Introduction to Cloud Economics for the UK Public Sector
Introduction to Cloud Economics for the UK Public SectorIntroduction to Cloud Economics for the UK Public Sector
Introduction to Cloud Economics for the UK Public SectorAmazon Web Services
 

Recomendados

Drive Digital Transformation Using AI
Drive Digital Transformation Using AIDrive Digital Transformation Using AI
Drive Digital Transformation Using AIAmazon Web Services
 
Machine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersMachine Learning Key Lessons Learned for Developers
Machine Learning Key Lessons Learned for DevelopersAmazon Web Services
 
Amazon SageMaker
Amazon SageMakerAmazon SageMaker
Amazon SageMakerAmazon Web Services
 
Cloud Economics
Cloud EconomicsCloud Economics
Cloud EconomicsAmazon Web Services
 
Plenary Session
Plenary SessionPlenary Session
Plenary SessionAmazon Web Services
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOpsAmazon Web Services
 
Digital transformation on aws
Digital transformation on awsDigital transformation on aws
Digital transformation on awsReham Maher El-Safarini
 
Introduction to Cloud Economics for the UK Public Sector
Introduction to Cloud Economics for the UK Public SectorIntroduction to Cloud Economics for the UK Public Sector
Introduction to Cloud Economics for the UK Public SectorAmazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Amazon Web Services
 
Big data johnson_public
Big data johnson_publicBig data johnson_public
Big data johnson_publicTunghai University
 
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAmazon Web Services
 
Unblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationUnblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationAmazon Web Services
 
Drive Digital Transformation using ML
Drive Digital Transformation using MLDrive Digital Transformation using ML
Drive Digital Transformation using MLAmazon Web Services
 
Democratizing AI
Democratizing AIDemocratizing AI
Democratizing AIAmazon Web Services
 
Cloud Economics
Cloud EconomicsCloud Economics
Cloud EconomicsAmazon Web Services
 
Financial Services Industry Forum
Financial Services Industry ForumFinancial Services Industry Forum
Financial Services Industry ForumAmazon Web Services LATAM
 
Quantifying_the_impact_of_AWS_on_your_business
Quantifying_the_impact_of_AWS_on_your_businessQuantifying_the_impact_of_AWS_on_your_business
Quantifying_the_impact_of_AWS_on_your_businessAmazon Web Services
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon WayAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAmazon Web Services
 
AWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAmazon Web Services
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summits
 
Trends in Digital Transformation
Trends in Digital TransformationTrends in Digital Transformation
Trends in Digital TransformationAmazon Web Services
 
Building the business case for AWS
Building the business case for AWSBuilding the business case for AWS
Building the business case for AWSAmazon Web Services
 
透過資料平台掌握關鍵數據消費者洞察極大化
透過資料平台掌握關鍵數據消費者洞察極大化透過資料平台掌握關鍵數據消費者洞察極大化
透過資料平台掌握關鍵數據消費者洞察極大化Amazon Web Services
 
Migrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudMigrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudAmazon Web Services
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAmazon Web Services LATAM
 
Cloud Migration Insights Forum - New Zealand
Cloud Migration Insights Forum - New ZealandCloud Migration Insights Forum - New Zealand
Cloud Migration Insights Forum - New ZealandAmazon Web Services
 
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Amazon Web Services LATAM
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 

Más contenido relacionado

La actualidad más candente

Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Amazon Web Services
 
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAmazon Web Services
 
Unblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationUnblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationAmazon Web Services
 
Drive Digital Transformation using ML
Drive Digital Transformation using MLDrive Digital Transformation using ML
Drive Digital Transformation using MLAmazon Web Services
 
Quantifying_the_impact_of_AWS_on_your_business
Quantifying_the_impact_of_AWS_on_your_businessQuantifying_the_impact_of_AWS_on_your_business
Quantifying_the_impact_of_AWS_on_your_businessAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAmazon Web Services
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summits
 
Trends in Digital Transformation
Trends in Digital TransformationTrends in Digital Transformation
Trends in Digital TransformationAmazon Web Services
 
Building the business case for AWS
Building the business case for AWSBuilding the business case for AWS
Building the business case for AWSAmazon Web Services
 
透過資料平台掌握關鍵數據消費者洞察極大化
透過資料平台掌握關鍵數據消費者洞察極大化透過資料平台掌握關鍵數據消費者洞察極大化
透過資料平台掌握關鍵數據消費者洞察極大化Amazon Web Services
 
Migrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudMigrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudAmazon Web Services
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAmazon Web Services LATAM
 
Cloud Migration Insights Forum - New Zealand
Cloud Migration Insights Forum - New ZealandCloud Migration Insights Forum - New Zealand
Cloud Migration Insights Forum - New ZealandAmazon Web Services
 

La actualidad más candente (20)

Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
 
Big data johnson_public
Big data johnson_publicBig data johnson_public
Big data johnson_public
 
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWSAWS Initiate Day Dublin 2019 – Cost Optimization on AWS
AWS Initiate Day Dublin 2019 – Cost Optimization on AWS
 
Unblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationUnblocking Innovation for Digital Transformation
Unblocking Innovation for Digital Transformation
 
Drive Digital Transformation using ML
Drive Digital Transformation using MLDrive Digital Transformation using ML
Drive Digital Transformation using ML
 
Democratizing AI
Democratizing AIDemocratizing AI
Democratizing AI
 
Cloud Economics
Cloud EconomicsCloud Economics
Cloud Economics
 
Financial Services Industry Forum
Financial Services Industry ForumFinancial Services Industry Forum
Financial Services Industry Forum
 
Quantifying_the_impact_of_AWS_on_your_business
Quantifying_the_impact_of_AWS_on_your_businessQuantifying_the_impact_of_AWS_on_your_business
Quantifying_the_impact_of_AWS_on_your_business
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon Way
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
 
AWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCAS
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
 
Trends in Digital Transformation
Trends in Digital TransformationTrends in Digital Transformation
Trends in Digital Transformation
 
Building the business case for AWS
Building the business case for AWSBuilding the business case for AWS
Building the business case for AWS
 
透過資料平台掌握關鍵數據消費者洞察極大化
透過資料平台掌握關鍵數據消費者洞察極大化透過資料平台掌握關鍵數據消費者洞察極大化
透過資料平台掌握關鍵數據消費者洞察極大化
 
Migrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudMigrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_Cloud
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWS
 
Cloud Migration Insights Forum - New Zealand
Cloud Migration Insights Forum - New ZealandCloud Migration Insights Forum - New Zealand
Cloud Migration Insights Forum - New Zealand
 

Similar a Security Framework Shakedown

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Amazon Web Services LATAM
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...Amazon Web Services LATAM
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?Amazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsAli Asgar Juzer
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayAmazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
AWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon WayAWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon WayAmazon Web Services
 
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...Amazon Web Services
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Amazon Web Services
 

Similar a Security Framework Shakedown (20)

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
 
AWS Initiate: Security framework shakedown
AWS Initiate: Security framework shakedownAWS Initiate: Security framework shakedown
AWS Initiate: Security framework shakedown
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS Migrations
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
AWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon WayAWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Manchester 2019 – Moving to DevOps the Amazon Way
 
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Security Framework Shakedown

  • 1. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Framework Shakedown Chart Your Journey with AWS Best Practices
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objectives • Define a security strategy, deliver a security program and develop robust security operations on AWS • Explain, Implement AWS security best practices • Adopt AWS security services at an accelerated pace • Get some code!
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • NAB Cloud security journey • Cloud adoption framework security perspective • AWS well-architected framework security pillar
  • 4.
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. National Australia Bank Our vision: To be Australia's leading bank, trusted by customers for exceptional service • One of Australia’s four major banks and largest business bank • More than 30,000 employees and 9 million customers across 900 locations
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance Insights • We had to change our approach • Scale with automation and decentralization • Security compliments agile
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Foundations of continuous compliance Baseline Compliance Portfolio AWS Service Compliance Portfolio Application Compliance Portfolio Service A Service B API Gateway Amazon RDS Amazon EBS Prod Account Non-Prod Account Application Security Assessment AWS Service Control Review Security Posture
  • 9.
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS cloud adoption framework
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF security perspective Security Perspective Directive Preventative Detective Responsive
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Core five epics
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS shared responsibility model
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define a strategy Identify your workloads moving to AWSIdentify stakeholders
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deliver a security program Rationalize security requirements Define data protections and controls Document security architecture
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security cartography
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF best practices Inventory current security requirements Adopt a security framework Identify workload security controls Map current security controls to cloud controls Create a security RACI Create a risk register
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Robust security operations Deploy architecture Automation Continuous monitoring Testing and Gameda
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity & Access Mgmt Detective Control Infrastructure Security Data Protection Incident Response Week 1 Week 2 Week 5Week 3 Week 4 Sample security Epics journey
  • 20.
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the AWS Well-Architected Framework? Pillars Design Principles Questions
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pillars of AWS Well-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A mechanism for your cloud journey Learn Measure Improve
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security design principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events
  • 25.
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Root account should never be used Consider AWS Organizations Set account security questions & contacts Centralize identities Continuously Audit
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Never store credentials or secrets in code Enforce MFA on everything Use IAM roles for users and services Establish least privileged policies Use temporary credentials
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enforce MFA User can only assume a role with MFA MFA token Permissions RoleUser AWS CloudPermissions http://bit.ly/AWSWALabs
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Enable traceability Consider Amazon GuardDuty Configure application & infrastructure logging Centralize using a SIEM Proactively monitor Regular reviews of news & best practices
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enable traceability Use AWS CloudFormation! http://bit.ly/D3T3cT
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Network protection Amazon CloudFront + AWS WAF Amazon VPC and security groups Private connectivity - VPC peering, VPN, AWS Direct Connect Service endpoints Enforce service level permission
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Network protection Bucket Instances Region VPC Users https://amzn.to/2PbHOpz WAF Automation www.example.com
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Apply security at all layers Harden operating systems & defaults Use anti-malware + intrusion detection Scan infrastructure Scan code Patch vulnerabilities
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: compute protection
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Scan vulnerabilities Scan instances with Amazon Inspector https://amzn.to/2DT9jyg Scan code in the pipeline Dependency Check: http://bit.ly/2SPzUAp Testing OWASP Zap: http://bit.ly/2yWwzqN
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Serverless • Authorization and authentication – API Gateway • Enforce boundaries - AWS services & network • Input validation • Protect sensitive data
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Automate security best practices Template infra: AWS CloudFormation / AWS SAM Automate build and test AWS Config rules for verification Automate response to non-compliance Automate response to events
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate management Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate checks Config Rules
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Protect data Encryption mechanisms are enforced Verify accessibility of data, e.g. Amazon S3 & EBS Consider AWS Certificate Manager Consider tokenization to substitute sensitive data Data segmentation and isolation
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Classify your data • Start classifying data based on sensitivity • Use resource tags to help define the policy Amazon Macie discover, classify, and protect sensitive data in AWS IAM control: http://bit.ly/IAMctrlTAG
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Keep people away from data Dashboards for users Tools for administrators
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Incident response Prepare for different scenarios Pre-deploy tools using automation Pre-provision access for response teams Practice responding through game days Continuously improve your processes
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Run incident response game day 1. Schedule a four to eight hour block 2. Find a prize (bribery) 3. Supply food & beverages 4. Pick relevant scenarios from: https://amzn.to/2PetNro 5. Create a runbook 6. Practice 7. Have fun!
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Simple run book Event description [Attack Type] [Attack Description] Data to gather for troubleshooting [Evaluation of current data] Steps to troubleshoot and fix [Contain / impact / recovery / forensics] Urgency category [Critical, Important, moderate, informational] Communications & escalation
  • 46.
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action! CAF: aws.amazon.com/professional-services/CAF/ W-A: aws.amazon.com/well-architected W-A Labs: http://bit.ly/AWSWALabs AWS sec twitter: @AWSSecurityInfo AWS sec blog: https://aws.amazon.com/blogs/security/