SlideShare una empresa de Scribd logo

Ultra Secure Cloud Data Center on AWS

Newvewm
Newvewm

This presentation is an introduction to Emind Systems' in-house best practice for an ultra-secure application deployment on the AWS cloud. This best practice is based on Emind's experience in performing dozens of infrastructure projects based on the Amazon Web Services’ platform.

1 de 19
Descargar para leer sin conexión
Ultra Secure Data Center on Amazon Cloud Lahav Savir, Architect & CEO Emind systems ltd. lahavs@emind.co
About Lahav Savir • 15+ years in on-line industry • Architect and CEO @ Emind Systems Emind Systems (est. 2006) • Boutique system integrator • AWS solution provider • 100+ AWS customers
Amazon (AWS) Certification Amazon Solution Provider & Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd
What is secure data center ? • Isolated and controlled • Data encryption • Firewalled • Antivirus • Secure access • Frequent updates – VPN • User management – SSL – One time password • Audited • One spot for monitoring • Intrusion detection & – Centralized alerts and prevention notifications • Configuration analysis • Regulatory compliance
Emind’s best practice
Access Management • Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic • Access control – Security groups • Identity access management – One-time-password – AWS IAM with MFA
ACL & Routing in the VPC
Emind’s best practice
Traffic Control • Log in / out traffic • Terminate encrypted connection • Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting
Emind’s best practice
Anomalies detection • Host based IDS – Detect configuration changes – Track running processes – Track file access – Resource access – Detect abnormal behavior ! • OS hardening • App cleanup
Emind’s best practice
Data Protection • In-flight – SSL encryption – IPSec • In-rest – Storage level encryption – Data base encryption
Emind’s best practice
Data aggregation • Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs • Detect patterns
Emind’s best practice
Security lifecycle management • Ongoing log discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys • Act on analysis result • Revel and solve cloud infrastructure settings • Make them all orchestrate together !
• goCloud – Emind’s optimal road to the cloud – Secure cloud architecture – Scalable & high-availability design – Customized system deployment – Orchestrating cloud and software – Cloud operation team – Monitoring and alerting – 24x7 SLA
Contact me, lahavs@emind.co 054-4321688

Recomendados

Entrepreneur un slideshow v6
Entrepreneur un slideshow v6Entrepreneur un slideshow v6
Entrepreneur un slideshow v6Newvewm
 
The Inevitable Cloud Outage
The Inevitable Cloud OutageThe Inevitable Cloud Outage
The Inevitable Cloud OutageNewvewm
 
Newvem's Utilization Heat Map
Newvem's Utilization Heat MapNewvem's Utilization Heat Map
Newvem's Utilization Heat MapNewvewm
 
Hitting Your Cloud’s Usage Sweet Spot
Hitting Your Cloud’s Usage Sweet SpotHitting Your Cloud’s Usage Sweet Spot
Hitting Your Cloud’s Usage Sweet SpotNewvewm
 
Cloudpreneurs - McKinsey Reveals Fast Growth of Cloud Adoption
Cloudpreneurs - McKinsey Reveals Fast Growth of Cloud AdoptionCloudpreneurs - McKinsey Reveals Fast Growth of Cloud Adoption
Cloudpreneurs - McKinsey Reveals Fast Growth of Cloud AdoptionNewvewm
 
Onavo aws summit 2012
Onavo aws summit 2012Onavo aws summit 2012
Onavo aws summit 2012Newvewm
 
ClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseNewvewm
 
SaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleSaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleNewvewm
 

Recomendados

Entrepreneur un slideshow v6
Entrepreneur un slideshow v6Entrepreneur un slideshow v6
Entrepreneur un slideshow v6Newvewm
 
The Inevitable Cloud Outage
The Inevitable Cloud OutageThe Inevitable Cloud Outage
The Inevitable Cloud OutageNewvewm
 
Newvem's Utilization Heat Map
Newvem's Utilization Heat MapNewvem's Utilization Heat Map
Newvem's Utilization Heat MapNewvewm
 
Hitting Your Cloud’s Usage Sweet Spot
Hitting Your Cloud’s Usage Sweet SpotHitting Your Cloud’s Usage Sweet Spot
Hitting Your Cloud’s Usage Sweet SpotNewvewm
 
Cloudpreneurs - McKinsey Reveals Fast Growth of Cloud Adoption
Cloudpreneurs - McKinsey Reveals Fast Growth of Cloud AdoptionCloudpreneurs - McKinsey Reveals Fast Growth of Cloud Adoption
Cloudpreneurs - McKinsey Reveals Fast Growth of Cloud AdoptionNewvewm
 
Onavo aws summit 2012
Onavo aws summit 2012Onavo aws summit 2012
Onavo aws summit 2012Newvewm
 
ClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseClickSoftware AWS Customer Case
ClickSoftware AWS Customer CaseNewvewm
 
SaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleSaaS as a Security Hazard - Google Apps Security Example
SaaS as a Security Hazard - Google Apps Security ExampleNewvewm
 

Más contenido relacionado

Ultra Secure Cloud Data Center on AWS

  • 1. Ultra Secure Data Center on Amazon Cloud Lahav Savir, Architect & CEO Emind systems ltd. lahavs@emind.co
  • 2. About Lahav Savir • 15+ years in on-line industry • Architect and CEO @ Emind Systems Emind Systems (est. 2006) • Boutique system integrator • AWS solution provider • 100+ AWS customers
  • 3. Amazon (AWS) Certification Amazon Solution Provider & Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd
  • 4. What is secure data center ? • Isolated and controlled • Data encryption • Firewalled • Antivirus • Secure access • Frequent updates – VPN • User management – SSL – One time password • Audited • One spot for monitoring • Intrusion detection & – Centralized alerts and prevention notifications • Configuration analysis • Regulatory compliance
  • 6. Access Management • Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic • Access control – Security groups • Identity access management – One-time-password – AWS IAM with MFA
  • 7. ACL & Routing in the VPC
  • 9. Traffic Control • Log in / out traffic • Terminate encrypted connection • Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting
  • 11. Anomalies detection • Host based IDS – Detect configuration changes – Track running processes – Track file access – Resource access – Detect abnormal behavior ! • OS hardening • App cleanup
  • 13. Data Protection • In-flight – SSL encryption – IPSec • In-rest – Storage level encryption – Data base encryption
  • 15. Data aggregation • Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs • Detect patterns
  • 17. Security lifecycle management • Ongoing log discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys • Act on analysis result • Revel and solve cloud infrastructure settings • Make them all orchestrate together !
  • 18. • goCloud – Emind’s optimal road to the cloud – Secure cloud architecture – Scalable & high-availability design – Customized system deployment – Orchestrating cloud and software – Cloud operation team – Monitoring and alerting – 24x7 SLA