SlideShare una empresa de Scribd logo

How to Protect your AWS Environment

Lahav Savir
Lahav Savir

Emind's Public Best Practice for Secure AWS Environemnt

Tecnología
1 de 39
How to Protect Your AWS Environment Lahav Savir, CEO & Architect Emind Cloud Experts
A Global Expert in Cloud Enablement for Products, SaaS ISV, and Online Solutions
Top Level Partnership
A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS- specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
The future is all about cloud computing. Report shows how by 2018, over 78% of workloads will be managed by cloud data centers as against the remaining 22% processed by traditional data centers.
Where there is more data, there is bound to be more data breaches!
Security in the Cloud Security of the Cloud
Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
Why the Cloud is more Secure? ● More segmentation (separation) ● More encryption ● Stronger authentication ● More logging and monitoring
Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
Identity Federation
Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP No need for IAM Users
Network Access
Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: Not VPC Endpoints or transitive via VPC Peering ● Public Virtual Interface – Access to non-VPC Services
SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● Sophos ● pfSense ● … Others
Don’t assume your corporate network is secure and expose your production networks to all users
Smart Separation
Inbound Application Outbound
● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
Host Security
What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
Data Encryption
AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data-at- rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
Encrypt all your data, you never know who and when someone will request access to the data
Centrally Monitor and Audit
Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
● Create Clear Visibility ● Set Governance Rules ● Define Actions
Join our Fastlane to a Successful Cloud Deployment Thank you, lahavs@emind.co

Recomendados

How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWSLahav Savir
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Codit
 
Slide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprintSlide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprintGuy Vinograd ☁
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
Cloud Computing workshop
Cloud Computing workshopCloud Computing workshop
Cloud Computing workshopSuraj Kumar Jana
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureXpand IT
 
Advanced Event Brokers
Advanced Event BrokersAdvanced Event Brokers
Advanced Event BrokersSolace
 
Advanced Event Brokers
Advanced Event BrokersAdvanced Event Brokers
Advanced Event BrokersNick Donaldson
 

Recomendados

How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWSLahav Savir
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Codit
 
Slide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprintSlide share device to iot solution – a blueprint
Slide share device to iot solution – a blueprintGuy Vinograd ☁
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
Cloud Computing workshop
Cloud Computing workshopCloud Computing workshop
Cloud Computing workshopSuraj Kumar Jana
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureXpand IT
 
Advanced Event Brokers
Advanced Event BrokersAdvanced Event Brokers
Advanced Event BrokersSolace
 
Advanced Event Brokers
Advanced Event BrokersAdvanced Event Brokers
Advanced Event BrokersNick Donaldson
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure AdministratorViknaraj Manogararajah
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practicesMichael Pearce
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsBill Chesnut
 
Cloud computing
Cloud computingCloud computing
Cloud computingThor Tolo
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudFranklin Mosley
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud SecurityTudor Damian
 
Azure operational insights
Azure operational insightsAzure operational insights
Azure operational insightsIlyas F ☁☁☁
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-timeDynatrace
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure FundamentalsAdwait Ullal
 
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB
 
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flowsDataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flowsLenses.io
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Codit
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826Apcera
 
WSO2Con ASIA 2016: Planning Your Cloud Strategy
WSO2Con ASIA 2016: Planning Your Cloud StrategyWSO2Con ASIA 2016: Planning Your Cloud Strategy
WSO2Con ASIA 2016: Planning Your Cloud StrategyWSO2
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...Andrew Backhouse
 
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19marketingsyone
 
Moving Your Data to The Cloud
Moving Your Data to The CloudMoving Your Data to The Cloud
Moving Your Data to The CloudAdwait Ullal
 
Microsoft Azure News - 2018 May
Microsoft Azure News - 2018 MayMicrosoft Azure News - 2018 May
Microsoft Azure News - 2018 MayDaniel Toomey
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topologyIRSHAD RATHER
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practicesMichael Pearce
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsBill Chesnut
 
Cloud computing
Cloud computingCloud computing
Cloud computingThor Tolo
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudFranklin Mosley
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud SecurityTudor Damian
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-timeDynatrace
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure FundamentalsAdwait Ullal
 
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB
 
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flowsDataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flowsLenses.io
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Codit
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826Apcera
 
WSO2Con ASIA 2016: Planning Your Cloud Strategy
WSO2Con ASIA 2016: Planning Your Cloud StrategyWSO2Con ASIA 2016: Planning Your Cloud Strategy
WSO2Con ASIA 2016: Planning Your Cloud StrategyWSO2
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...Andrew Backhouse
 
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19marketingsyone
 
Moving Your Data to The Cloud
Moving Your Data to The CloudMoving Your Data to The Cloud
Moving Your Data to The CloudAdwait Ullal
 
Microsoft Azure News - 2018 May
Microsoft Azure News - 2018 MayMicrosoft Azure News - 2018 May
Microsoft Azure News - 2018 MayDaniel Toomey
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topologyIRSHAD RATHER
 

La actualidad más candente (20)

Azure Administrator
Azure AdministratorAzure Administrator
Azure Administrator
 
Cloud Security and some preferred practices
Cloud Security and some preferred practicesCloud Security and some preferred practices
Cloud Security and some preferred practices
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api Apps
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS Cloud
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
 
2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security2016, A new era of OS and Cloud Security
2016, A new era of OS and Cloud Security
 
Azure operational insights
Azure operational insightsAzure operational insights
Azure operational insights
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-time
 
Microsoft Azure Fundamentals
Microsoft Azure FundamentalsMicrosoft Azure Fundamentals
Microsoft Azure Fundamentals
 
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDBMongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
 
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flowsDataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
 
Nats meetup sf 20150826
Nats meetup sf 20150826Nats meetup sf 20150826
Nats meetup sf 20150826
 
WSO2Con ASIA 2016: Planning Your Cloud Strategy
WSO2Con ASIA 2016: Planning Your Cloud StrategyWSO2Con ASIA 2016: Planning Your Cloud Strategy
WSO2Con ASIA 2016: Planning Your Cloud Strategy
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
 
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
 
Moving Your Data to The Cloud
Moving Your Data to The CloudMoving Your Data to The Cloud
Moving Your Data to The Cloud
 
Microsoft Azure News - 2018 May
Microsoft Azure News - 2018 MayMicrosoft Azure News - 2018 May
Microsoft Azure News - 2018 May
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topology
 

Destacado

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...Amazon Web Services
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPAAmazon Web Services
 
Customer Case Study: Achieving PCI Compliance in AWS
Customer Case Study: Achieving PCI Compliance in AWSCustomer Case Study: Achieving PCI Compliance in AWS
Customer Case Study: Achieving PCI Compliance in AWSAmazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWSNext-Generation Security Operations with AWS
Next-Generation Security Operations with AWSAmazon Web Services
 
Getting Started with Amazon Redshift
Getting Started with Amazon RedshiftGetting Started with Amazon Redshift
Getting Started with Amazon RedshiftAmazon Web Services
 
Pengembangan sbi
Pengembangan sbiPengembangan sbi
Pengembangan sbismkfarmasi
 
La perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasdeLa perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasdemariaperezgamboa
 
Angela Brady - Keynote
Angela Brady - KeynoteAngela Brady - Keynote
Angela Brady - KeynoteCivic Agenda
 
Work1m33 25,9
Work1m33 25,9Work1m33 25,9
Work1m33 25,9RewV6
 
Transforming Xml Data Into Html
Transforming Xml Data Into HtmlTransforming Xml Data Into Html
Transforming Xml Data Into HtmlKarthikeyan Mkr
 
CGCA: Transition to Home School
CGCA: Transition to Home SchoolCGCA: Transition to Home School
CGCA: Transition to Home Schooleeniarrol
 
Why Form a Health Professions Training Program at Your Federally Qualified H...
Why Form a Health Professions Training Program at Your Federally Qualified H...Why Form a Health Professions Training Program at Your Federally Qualified H...
Why Form a Health Professions Training Program at Your Federally Qualified H...CHC Connecticut
 
Openstack install-guide-apt-kilo
Openstack install-guide-apt-kiloOpenstack install-guide-apt-kilo
Openstack install-guide-apt-kiloduchant
 
JBoye Presentation: WCM Trends for 2010
JBoye Presentation: WCM Trends for 2010JBoye Presentation: WCM Trends for 2010
JBoye Presentation: WCM Trends for 2010David Nuescheler
 

Destacado (20)

Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
AWS re:Invent 2016: The AWS Hero’s Journey to Achieving Autonomous, Self-Heal...
 
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPASecurity & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
Security & Privacy: Using AWS to Meet Requirements for HIPAA, CJIS, and FERPA
 
Customer Case Study: Achieving PCI Compliance in AWS
Customer Case Study: Achieving PCI Compliance in AWSCustomer Case Study: Achieving PCI Compliance in AWS
Customer Case Study: Achieving PCI Compliance in AWS
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
 
Next-Generation Security Operations with AWS
Next-Generation Security Operations with AWSNext-Generation Security Operations with AWS
Next-Generation Security Operations with AWS
 
Getting Started with Amazon Redshift
Getting Started with Amazon RedshiftGetting Started with Amazon Redshift
Getting Started with Amazon Redshift
 
Pengembangan sbi
Pengembangan sbiPengembangan sbi
Pengembangan sbi
 
La perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasdeLa perdurabilidad en las empresas amiliasde
La perdurabilidad en las empresas amiliasde
 
Thesis
ThesisThesis
Thesis
 
Angela Brady - Keynote
Angela Brady - KeynoteAngela Brady - Keynote
Angela Brady - Keynote
 
Work1m33 25,9
Work1m33 25,9Work1m33 25,9
Work1m33 25,9
 
Invest in the UK
Invest in the UKInvest in the UK
Invest in the UK
 
Transforming Xml Data Into Html
Transforming Xml Data Into HtmlTransforming Xml Data Into Html
Transforming Xml Data Into Html
 
CGCA: Transition to Home School
CGCA: Transition to Home SchoolCGCA: Transition to Home School
CGCA: Transition to Home School
 
Why Form a Health Professions Training Program at Your Federally Qualified H...
Why Form a Health Professions Training Program at Your Federally Qualified H...Why Form a Health Professions Training Program at Your Federally Qualified H...
Why Form a Health Professions Training Program at Your Federally Qualified H...
 
ValeryBassenkoResume
ValeryBassenkoResumeValeryBassenkoResume
ValeryBassenkoResume
 
Openstack install-guide-apt-kilo
Openstack install-guide-apt-kiloOpenstack install-guide-apt-kilo
Openstack install-guide-apt-kilo
 
JBoye Presentation: WCM Trends for 2010
JBoye Presentation: WCM Trends for 2010JBoye Presentation: WCM Trends for 2010
JBoye Presentation: WCM Trends for 2010
 
Redaccion
RedaccionRedaccion
Redaccion
 

Similar a How to Protect your AWS Environment

How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
Introduction to Microsoft on AWS
Introduction to Microsoft on AWS Introduction to Microsoft on AWS
Introduction to Microsoft on AWS Amazon Web Services
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
 
The Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSThe Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSRightScale
 
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...Amazon Web Services
 
Cloud computing
Cloud computingCloud computing
Cloud computinggd1410
 
Cloud computing ft
Cloud computing ftCloud computing ft
Cloud computing ftPallawi Bala
 
Smart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech WebinarSmart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech WebinarKellton Tech Solutions Ltd
 
Cloud Computing Pascal Walschots
Cloud Computing Pascal WalschotsCloud Computing Pascal Walschots
Cloud Computing Pascal WalschotsPWalschots
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueRapidValue
 
Software Engineering in the (AWS) Cloud
Software Engineering in the (AWS) CloudSoftware Engineering in the (AWS) Cloud
Software Engineering in the (AWS) CloudDhaval Nagar
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 

Similar a How to Protect your AWS Environment (20)

How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
 
Introduction to Microsoft on AWS
Introduction to Microsoft on AWS Introduction to Microsoft on AWS
Introduction to Microsoft on AWS
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
The Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSThe Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWS
 
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
The Best of Both Worlds: Implementing Hybrid IT with AWS (ENT218) | AWS re:In...
 
CC ASSIGNMENT 01.docx
CC ASSIGNMENT 01.docxCC ASSIGNMENT 01.docx
CC ASSIGNMENT 01.docx
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
cloud computing
cloud computingcloud computing
cloud computing
 
Cloud computing ft
Cloud computing ftCloud computing ft
Cloud computing ft
 
cloud computing
cloud computingcloud computing
cloud computing
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
Smart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech WebinarSmart Integration to the Cloud - Kellton Tech Webinar
Smart Integration to the Cloud - Kellton Tech Webinar
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Intro to cloud.pdf
Intro to cloud.pdfIntro to cloud.pdf
Intro to cloud.pdf
 
Cloud Computing Pascal Walschots
Cloud Computing Pascal WalschotsCloud Computing Pascal Walschots
Cloud Computing Pascal Walschots
 
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValueThe Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
The Ultimate Guide to Cloud Migration - A Whitepaper by RapidValue
 
Software Engineering in the (AWS) Cloud
Software Engineering in the (AWS) CloudSoftware Engineering in the (AWS) Cloud
Software Engineering in the (AWS) Cloud
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
Ccl basics
Ccl basicsCcl basics
Ccl basics
 

Más de Lahav Savir

How to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndHow to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndLahav Savir
 
Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationLahav Savir
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationLahav Savir
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkLahav Savir
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSLahav Savir
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWSLahav Savir
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudLahav Savir
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the CloudLahav Savir
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםLahav Savir
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1Lahav Savir
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir
 

Más de Lahav Savir (11)

How to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndHow to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-End
 
Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentation
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform Benchmark
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWS
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתיים
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile Gateways
 

Último

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Último (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

How to Protect your AWS Environment

  • 1. How to Protect Your AWS Environment Lahav Savir, CEO & Architect Emind Cloud Experts
  • 2. A Global Expert in Cloud Enablement for Products, SaaS ISV, and Online Solutions
  • 4. A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS- specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
  • 5. The future is all about cloud computing. Report shows how by 2018, over 78% of workloads will be managed by cloud data centers as against the remaining 22% processed by traditional data centers.
  • 6. Where there is more data, there is bound to be more data breaches!
  • 8. Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
  • 9. Why the Cloud is more Secure? ● More segmentation (separation) ● More encryption ● Stronger authentication ● More logging and monitoring
  • 10. Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
  • 12. Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
  • 13. Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
  • 14. Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
  • 15. ● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
  • 16. Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
  • 17. Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP No need for IAM Users
  • 18.
  • 20. Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
  • 21. Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: Not VPC Endpoints or transitive via VPC Peering ● Public Virtual Interface – Access to non-VPC Services
  • 22. SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● Sophos ● pfSense ● … Others
  • 23. Don’t assume your corporate network is secure and expose your production networks to all users
  • 26. ● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
  • 28. What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
  • 30. AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data-at- rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
  • 31. Encrypt all your data, you never know who and when someone will request access to the data
  • 33. Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
  • 34.
  • 35.
  • 36.
  • 37.
  • 38. ● Create Clear Visibility ● Set Governance Rules ● Define Actions
  • 39. Join our Fastlane to a Successful Cloud Deployment Thank you, lahavs@emind.co