Architecting for Greater Security on AWS

•

9 j'aime•7,632 vues

Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.

Technologie

©2015, Amazon Web Services, Inc. or its aﬃliates. All rights reserved
Architecting for Greater Security
in AWS
Bill Shinn
Principal Security Solutions Architect

1) Why does security come first in enterprise cloud
adoption?
AWS Job Zero New Territory Enterprise Security
is Traditionally
Hard

2) Why is enterprise security traditionally so hard?
So much planning Slows down feature flow

3) Why so much planning which takes so long?
So many processes So many hand-offs Built-in pauses

4) Why so many processes?
Processes detect
unwanted change
Visibility, control and
quality are
essential
Reduce impact of failure

5) Why are change detection and low-risk changes
so difficult?
Lack of visibility No stimulus+response Low degree of automation

So where does AWS come in?
AWS makes security faster Lets you move fast but stay safe

1) Secure, Sensible Defaults - Access
IAM Users, Groups, Roles
Managed and inline policies
Versioned IAM policies
Multi-factor authentication
Workforce lifecycle management (SAML Federation, Connected Directory)

1) Secure, Sensible Defaults - Network
Virtual Private Cloud
DirectConnect & Virtual Private Gateway
Routing control – private and public subnets
IAM policies limit who can launch instances by trust zone
Security Groups

2) Improve Trust & Accountability with Better
Visibility
AWS CloudTrail
AWS CloudWatch Logs
AWS Config
Tagging
Asset Management

3) Inherit compliance and controls
Map AWS certifications into your enterprise GRC
Recognized industry audit standards
Jurisdiction
Regulatory and contractual options (FedRAMP, HIPAA Business Associate Addendum,
EU DPD Data Protection Addendum, PCI Attestation of Compliance)

4) Ride the pace of innovation
Find projects in your 3-year strategy where we innovating and let us do it
Most companies do not encrypt content internally
Encryption is built into EBS, S3, RDS, RedShift, Glacier, Elastic MapReduce, etc.
Key Management Service give you more control and visibility at cloud prices
We launched ~190 security-related features last year

5) Much Smaller Batch, Faster Changes
CloudFormation
Infrastructure as code, checked into source code control
Route53 or ELB cutover in deployments
Elastic Beanstalk application versions
Integrate teams across functions - less hand-offs between teams, but far greater
awareness and control of lower-risk changes

6) Reduce the impact of failure
Multi-Availability Zone deployments
Use multiple regions
Replicate data – S3, EBS, RDS
Lifecycle policies
Auto-scaling
Auto-recovery

7) Further improve automation
Access and deployments are no longer performed by people
EC2 Instance Profiles and service roles (Security Token Service)
AWS CodeDeploy
Continuous Integration & Deployment
Extends to on-premises workloads

8) Make security actionable
Review what matters
-  Internet Gateway
-  Identity and Access Management
-  VPC – Subnet and NACL changes
-  Security Groups
Shut things down automatically
Scan what change
Roll-back automatically
Use Lambda

Benefits of Enterprise Security on AWS
Higher degree of visibility, transparency and accountability (secure and can prove it)
Higher degree of trust and autonomy
Significant reductions in long-term, privileged access
Focus a greater proportion of limited security resources on application security
Have a much higher rate of successful change and changes are delivered more quickly

Contenu connexe

Tendances

Aws security Fundamentals

Christopher Caplan

Introduction to AWS Security

LalitMohanSharma8

Security is a top priority to both AWS and its customers and many enterprises trust us with some of their most sensitive information, including financial, personal and health information. Learn about the key security features of AWS that these enterprise customers are using to build their own secure applications and secure and encrypt their content. We will also share how you can integrate AWS into your existing security policies and how partners like Trend Micro can help you extend this into the AWS Cloud.

AWS Enterprise Day | Securing your Web Applications in the Cloud

Amazon Web Services

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that "Tom is the only person who can access this data object that I store with Amazon, and he can do so only from his corporate desktop on the corporate network, from Monday–Friday 9–5, and when he uses MFA?" That's the level of granularity you can choose to implement if you wish. In this session, we'll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

Intro to AWS: Security

Amazon Web Services

Once a team is able to automatically produce deliverables, deploy them in a test environment and automatically assess some aspects of its quality, it has all the tools in hand to be able to automatically roll out code in a production environment. While the main tools and techniques are already in place, this step cannot be taken lightly and presents its own challenges. This presentation explains the different techniques for rolling out code in a production environment while limiting or avoiding downtime. More advanced techniques such as A / B testing or deployments rollbacks will also be covered. Topics included in this slide: - Using Amazon Route53 to balance traffic between two deployments. - Pushing updates to the production environment using Amazon OpsWorks Watch a recording of this presentation here:

DevOps for the Enterprise: Continuous Deployment

Amazon Web Services

Integrated Security & Operations for Scaling Securely in AWS

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish. In this session, we'll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

The 2014 AWS Enterprise Summit - Understanding AWS Security

Amazon Web Services

Migrating the GoPro Plus Cloud Service to Amazon ECS

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture. Speakers: Rob Whitmore, AWS Solutions Architect

Introduction to AWS Security

Amazon Web Services

Shared Security in AWS

PolarSeven Pty Ltd

AWS provides tools to improve your security posture, by providing ways of implementing detective and reactive controls that will detect and remediate security threats. We’ll look at the various services and the features that you can employee, such as AWS Inspector, AWS Trusted Advisor, AWS Config and Config Rules and CloudTrail. We’ll explore how they work and how they should be deployed as part of an overall security strategy.

Toward Full Stack Security

Amazon Web Services

With the rapid increase of complexity in managing security for distributed IT and cloud computing, security, and compliance managers can innovate in how to ensure a high level of security is practiced to manage AWS resources. In this session, Chad Woolf, Director of Compliance for AWS will discuss which AWS service features can be leveraged to achieve a high level of security assurance over AWS resources, giving you more control of the security of your data and preparing you for a wide range of audits. Attendees will also learn first-hand what some AWS customers have accomplished by leveraging AWS features to meet specific industry compliance requirements.

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Amazon Web Services

Introduction to DevSecOps on AWS

Amazon Web Services

If you're trying to figure out how to run enterprise applications and services on AWS securely, come join Intuit and the AWS Professional Services team to learn how to embrace a new discipline called DevSecOps. You'll learn more about software-defined security and why we think that DevSecOps helps organizations large and small adopt cloud services at a rapid pace. We'll provide you with links and information to help you get started with creating your own DevSecOps team.

(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014

Amazon Web Services

Learn how to increase the effectiveness of your security operations as you move to the cloud. We will discuss how your current incident response, forensic investigations, monitoring, and audit response tactics have to change in the cloud. Pulling from experiences helping clients move to the cloud, industry research, and the school of hard knocks, this talk will help provide practical advice you can apply today.

Updating Security Operations for the Cloud

Amazon Web Services

Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, Vice President and Chief Information Security Officer, shares his insights into cloud security and how AWS meets customers' demanding security and compliance requirements—and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers.

(SEC201) How Should We All Think About Security?

Amazon Web Services

Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering flexibility for customers to build a wide range of applications. Helping to protect the security of our customers’ content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services. AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This webinar focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.

AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices

Amazon Web Services

The AWS platform offers a rich set of capabilities that can be leveraged by the customer to better control applications state, configuration, and supporting infrastructure throughout the service lifecycle – all while operating with security best practices such as audit and accountability, access control, change review and governance, and systems integrity. We will showcase and discuss design patterns for using these capabilities in synergy with fast-paced and agile application development methodologies – such as DevOps – to achieve an integrated security operations program.

Putting it All Together: Securing Systems at Cloud Scale

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.

Understanding AWS Security

Amazon Web Services

Tendances (20)

Aws security Fundamentals

Introduction to AWS Security

AWS Enterprise Day | Securing your Web Applications in the Cloud

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...

Intro to AWS: Security

DevOps for the Enterprise: Continuous Deployment

Integrated Security & Operations for Scaling Securely in AWS

The 2014 AWS Enterprise Summit - Understanding AWS Security

Migrating the GoPro Plus Cloud Service to Amazon ECS

Introduction to AWS Security

Shared Security in AWS

Toward Full Stack Security

Security Assurance and Governance in AWS (SEC203) | AWS re:Invent 2013

Introduction to DevSecOps on AWS

(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014

Updating Security Operations for the Cloud

(SEC201) How Should We All Think About Security?

AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices

Putting it All Together: Securing Systems at Cloud Scale

Understanding AWS Security

En vedette

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Getting Started with AWS Security

Amazon Web Services

Security & Compliance in AWS

Amazon Web Services

Shared Responsibility Deep Dive

Amazon Web Services

AWS Security

Amazon Web Services

The AWS Shared Security Responsibility Model in Practice

Amazon Web Services

Automating Your CloudStack Cloud with Puppet

buildacloud

Shared Responsibility In Action

Mark Nunnikhoven

Today, many enterprises' data centers are at capacity, and these data centers are looking to expand their infrastructure footprint using the cloud. By leveraging a hybrid architecture, enterprises can expand their capabilities while maintaining some or all of their existing management tools. This session will go into detail on managing your AWS infrastructure with the AWS Management Portal for vCenter, integrating the AWS Management Pack for Microsoft System Center for monitoring your AWS resources, and possible future System Center and vCenter AWS cloud management features and functionality.

(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...

Amazon Web Services

AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.

Amazon Web Services

Amazon Web Services Security

Jason Chan

In Depth: AWS Shared Security Model

Amazon Web Services

AWS Security and SecOps

Shiva Narayanaswamy

Information Security in AWS - Dave Walker

East Midlands Cyber Security Forum

Cloud migrations are hardly one size fits all. It can be challenging to migrate from a large-scale data center to an optimized AWS environment without draining IT resources. By leveraging CSC, organizations are able to determine exactly what they need from their IT infrastructure and efficiently migrate to a customized cloud environment on AWS that meets those needs. With 400+ AWS certified architects and 30+ experts with AWS professional-level certification, CSC helps organizations experience seamless, results-oriented migrations. Register for the upcoming webinar to hear speakers from CSC and AWS discuss the ins and outs of a successful large-scale migration to AWS. Join us to learn: How CSC helped a large federal systems integration company migrate their workloads to the AWS Cloud in less than three months How CSC has facilitated customers split from their shared IT environment in less than 3 months The step-by-step process of an efficient data center migration Who Should Attend: IT Manager, IT Security Manager, Solution Architect, Cloud App Architect, System Administrator, IT Project Manager, Product Manager, Business Development

Large-Scale AWS Migrations with CSC

Amazon Web Services

You can help maintain control of your environment by choosing the right AWS security tools. In this webinar, we show how AWS Identity and Access Management (IAM), AWS Config Rules, and AWS Cloud Trail can help you maintain that control. In a live demo, we show you how to track changes, monitor compliance, and keep an audit record of API requests. Learning Objectives: • Learn what IAM is and how to leverage it appropriately. • Gain familiarity with how to track changes and monitor for compliance. • Keep an audit record of API requests for reporting purposes. • Understand how these services complement each other.

Introduction to Three AWS Security Services - November 2016 Webinar Series

Amazon Web Services

What's Better than Microservices? Serverless Microservices.

Apigee | Google Cloud

You automated your deployment, elasticized your workloads, and dynamically provisioned your fleet. What do you do next? Tackle automating your security needs using the latest capabilities in the cloud! There’s no single path to building an automated and continuous security architecture that works for every organization, but certain key principles and techniques are used by the early adopter cloud elite that give them distinct advantages. It's time to re-think your organization’s processes and behaviors to demonstrate the latest efficiencies in your security operations. In this webinar, learn how Intuit implements cloud security automation with Evident.io and other innovative cloud technologies. Join us to learn: • How security will be integrated into the overall processes of development and deployment. • How to tie security acceptance tests, a subset of your key security controls, right into the end of your functional testing process to promote builds with confidence at greater speed. • How to be successful with API-enabled, continuous security tools in the cloud. • How to operationalize security alarms, enabling world-class incident response and remediation capabilities.

Automating your AWS Security Operations

Amazon Web Services

Intro to AWS Security

Amazon Web Services

AWS Security Best Practices and Design Patterns

Amazon Web Services

This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need. Learning Objectives: • Understand the security measures AWS puts in place to secure the environment where your data lives • Understand the tools AWS offers to help you create a resilient environment with the security you need • Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud Who Should Attend: - Prospects and customers with a security background - Who are interested in using AWS to manage security-sensitive workloads

AWS Webcast - Understanding the AWS Security Model

Amazon Web Services

En vedette (20)

Getting Started with AWS Security

Security & Compliance in AWS

Shared Responsibility Deep Dive

AWS Security

The AWS Shared Security Responsibility Model in Practice

Automating Your CloudStack Cloud with Puppet

Shared Responsibility In Action

(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...

AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C.

Amazon Web Services Security

In Depth: AWS Shared Security Model

AWS Security and SecOps

Information Security in AWS - Dave Walker

Large-Scale AWS Migrations with CSC

Introduction to Three AWS Security Services - November 2016 Webinar Series

What's Better than Microservices? Serverless Microservices.

Automating your AWS Security Operations

Intro to AWS Security

AWS Security Best Practices and Design Patterns

AWS Webcast - Understanding the AWS Security Model

Similaire à Architecting for Greater Security on AWS

Security and Compliance

Amazon Web Services

The cloud is accelerating the pace at which companies innovate and has shifted the focus on how to approach technology governance and compliance. AWS elects to have a variety of security assessments performed and provides several built-in security features to help meet your security and compliance objectives. In this open roundtable session, we look at how AWS attestations and governance automation can reduce scope to drive security, compliance, and audit assertions across customers organizations. Come and join a discussion with AWS security and compliance Solutions Architects.

AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...

Amazon Web Services

Does moving core business applications to AWS make sense for your organization? This session covers key business and IT considerations gathered from industry experts and real-world enterprise customers who have chosen to move their mission critical ERP applications to the AWS cloud, resulting in lower costs and better service. This session covers the following: - Insights from industry experts and analysts, who explain how the cloud affects costs from three angles: launch, operations, and long-term infrastructure expense - Review of how time-to-value and cloud launch processes differ from on-premises infrastructure - How AWS offers increased security and reliability over what some enterprises can afford on their own Sponsored by Infor

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...

Amazon Web Services

This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.

(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...

Amazon Web Services

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)

Glenn Ambler

AWS provides enterprises numerous ways to migrate to the cloud, based on your business needs. Because AWS was built with the most data-sensitive, regulated industries in mind, enterprises have access to the most robust networking and security controls to safeguard a protected and seamless migration. In this session, AWS security professionals provide an overview of what security essentials you need to consider when migrating to the cloud. We will also provide a compliance update on what you need to consider in relation to regulatory issues.

FS-ISAC 2017 Amazon Web Services & Cloud Security

Amazon Web Services

Compliance In The Cloud Using Security By Design

Amazon Web Services

How We Should Think About Security

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speakers: Myles Hosford, Security Solutions Architect APAC, AWS Anthony Hodge, Head, Cloud Engineering and Delivery, Standard Chartered Bank

Fintech Pace Security on AWS: The Customer Perspective

Amazon Web Services

Speaker: Jonathan Allen, Enterprise Strategist, AWS Hear why customers adopt, how you can follow and the positive impact of Financial Services customers choosing to use AWS Cloud. This session will be presented by Jonathan Allen – AWS Enterprise Strategist and Evangelist. Sharing some of his experience and lessons learned when he was the CTO of Capital One UK, across the paradigms of People, Process and Technology and leveraging first-hand knowledge of the AWS Cloud Adoption Framework and Mass Migration best practices.

AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned

AWS Summits

Spca2014 navigating clouds sp_con14_mackie

NCCOMMS

Availability of cloud computing is helping Financial Services organizations realize accelerated go-to-market speeds, global scalability, and cost efficiencies. This new world forces considerations for security programs – what is different in the cloud and what do I do differently? AWS Security Architects will share protocols that need to be considered in the cloud, on premises, or in a hybrid model. They will also share best practices, lessons learned, efficiencies, and design patterns and architectures unique to cloud.

An Evolving Security Landscape – Security Patterns in the Cloud

Amazon Web Services

AWS Security Overview and “What’s New”

Amazon Web Services

Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.

Compliance in the Cloud Using Security by Design

Amazon Web Services

Microservices principles are revolutionizing the way applications are built, by enabling a more decoupled and decentralized approach to implementation, creating greater agility, scalability and resilience. These applications still need to be connected to one another, and to existing systems of record. Agile integration architecture brings the benefits of cloud-ready containerization to the integration space. It provides the opportunity to move from the heavily centralized ESB pattern to integration within more empowered and autonomous application teams. We look at the architectural differences in this approach compared to traditional integration, and also at how it enables more decentralized organizational structure better suited to digital transformation. You can read a more detailed paper on this approach at http://ibm.biz/AgileIntegArchPaper. This presentation was recorded for Integration Developer News (http://www.idevnews.com/) and is available here: http://ibm.biz/AgileIntegArchWebinar

Agile Integration Architecture: A Containerized and Decentralized Approach to...

Kim Clark

RightScale User Conference NYC 2011 - Michael Crandell - CEO, RightScale Brian Adler - Solutions Architect, RightScale Cloud misconceptions and corporate inertia often surface as the greatest inhibitors of enterprise cloud adoption. In this session, we'll share successful enterprise use cases and give you practical tips on addressing legitimate concerns to accelerate cloud adoption within your organization. We'll discuss specific issues that enterprises often encounter when using cloud-based resource pools, such as managing security, visibility, and control through infrastructure audits.

Advancing Cloud Initiatives and Removing Barriers to Adoption

RightScale

AWS Security Week: Why Your Customers Care About Compliance

Amazon Web Services

ISV Integrations

BlueFish

Layer 7: Enterprise Service Governance with SecureSpan

CA API Management

DevSecOps is the premise that everyone in the software development lifecycle is responsible for security. DevSecOps aims to embed security in every part of the development process. In this *workshop*, participants explore taking a standard CI/CD pipeline and adding security stages to improve security posture. Learn how to use AWS CodeCommit and AWS CodePipeline to build and publish golden AMI images. Also, learn how to modify pipeline flow to add security test cases. You also have to opportunity to perform CVE analysis and code analysis using Amazon Inspector and perform observational container analysis using Amazon GuardDuty.

Adding the Sec to Your DevOps Pipelines

Amazon Web Services

Similaire à Architecting for Greater Security on AWS (20)

Security and Compliance

AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...

(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)

FS-ISAC 2017 Amazon Web Services & Cloud Security

Compliance In The Cloud Using Security By Design

How We Should Think About Security

Fintech Pace Security on AWS: The Customer Perspective

AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned

Spca2014 navigating clouds sp_con14_mackie

An Evolving Security Landscape – Security Patterns in the Cloud

AWS Security Overview and “What’s New”

Compliance in the Cloud Using Security by Design

Agile Integration Architecture: A Containerized and Decentralized Approach to...

Advancing Cloud Initiatives and Removing Barriers to Adoption

AWS Security Week: Why Your Customers Care About Compliance

ISV Integrations

Layer 7: Enterprise Service Governance with SecureSpan

Adding the Sec to Your DevOps Pipelines

Plus de Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Dernier

Enterprise Knowledge’s Urmi Majumder, Principal Data Architecture Consultant, and Fernando Aguilar Islas, Senior Data Science Consultant, presented "Driving Behavioral Change for Information Management through Data-Driven Green Strategy" on March 27, 2024 at Enterprise Data World (EDW) in Orlando, Florida. In this presentation, Urmi and Fernando discussed a case study describing how the information management division in a large supply chain organization drove user behavior change through awareness of the carbon footprint of their duplicated and near-duplicated content, identified via advanced data analytics. Check out their presentation to gain valuable perspectives on utilizing data-driven strategies to influence positive behavioral shifts and support sustainability initiatives within your organization. In this session, participants gained answers to the following questions: - What is a Green Information Management (IM) Strategy, and why should you have one? - How can Artificial Intelligence (AI) and Machine Learning (ML) support your Green IM Strategy through content deduplication? - How can an organization use insights into their data to influence employee behavior for IM? - How can you reap additional benefits from content reduction that go beyond Green IM?

Driving Behavioral Change for Information Management through Data-Driven Gree...

Enterprise Knowledge

GenCyber Cyber Security Day Presentation

Michael W. Hawkins

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

Heather Hedden, Senior Consultant at Enterprise Knowledge, presented “The Role of Taxonomy and Ontology in Semantic Layers” at a webinar hosted by Progress Semaphore on April 16, 2024. Taxonomies at their core enable effective tagging and retrieval of content, and combined with ontologies they extend to the management and understanding of related data. There are even greater benefits of taxonomies and ontologies to enhance your enterprise information architecture when applying them to a semantic layer. A survey by DBP-Institute found that enterprises using a semantic layer see their business outcomes improve by four times, while reducing their data and analytics costs. Extending taxonomies to a semantic layer can be a game-changing solution, allowing you to connect information silos, alleviate knowledge gaps, and derive new insights. Hedden, who specializes in taxonomy design and implementation, presented how the value of taxonomies shouldn’t reside in silos but be integrated with ontologies into a semantic layer. Learn about: - The essence and purpose of taxonomies and ontologies in information and knowledge management; - Advantages of semantic layers leveraging organizational taxonomies; and - Components and approaches to creating a semantic layer, including the integration of taxonomies and ontologies

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Enterprise Knowledge

In this session, we will delve into strategic approaches for optimizing knowledge management within Microsoft 365, amidst the evolving landscape of Copilot. From leveraging automatic metadata classification and permission governance with SharePoint Premium, to unlocking Viva Engage for the cultivation of knowledge and communities, you will gain actionable insights to bolster your organization's knowledge-sharing initiatives. In this session, we will also explore how to facilitate solutions to enable your employees to find answers and expertise within Microsoft 365. You will leave equipped with practical techniques and a deeper understanding of how there is more to effective knowledge management than just enabling Copilot, but building actual solutions to prepare the knowledge that Copilot and your employees can use.

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

Drew Madelung

BooK Now Call us at +918448380779 to hire a gorgeous and seductive call girl for sex. Take a Delhi Escort Service. The help of our escort agency is mostly meant for men who want sexual Indian Escorts In Delhi NCR. It should be noted that any impersonator will get 100 attention from our Young Girls Escorts in Delhi. They will assume the position of reliable allies. VIP Call Girl With Original Photos Book Tonight +918448380779 Our Cheap Price 1 Hour not available 2 Hours 5000 Full Night 8000 TAG: Call Girls in Delhi, Noida, Gurgaon, Ghaziabad, Connaught Place, Greater Kailash Delhi, Lajpat Nagar Delhi, Mayur Vihar Delhi, Chanakyapuri Delhi, New Friends Colony Delhi, Majnu Ka Tilla, Karol Bagh, Malviya Nagar, Saket, Khan Market, Noida Sector 18, Noida Sector 76, Noida Sector 51, Gurgaon Mg Road, Iffco Chowk Gurgaon, Rajiv Chowk Gurgaon All Delhi Ncr Free Home Deliver

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Delhi Call girls

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

08448380779 Call Girls In Civil Lines Women Seeking Men

Delhi Call girls

Building Digital Trust in a Digital Economy Veronica Tan, Director - Cyber Security Agency of Singapore Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

apidays

In an era where artificial intelligence (AI) stands at the forefront of business innovation, Information Architecture (IA) is at the core of functionality. See “There’s No AI Without IA” – (from 2016 but even more relevant today) Understanding and leveraging how Information Architecture (IA) supports AI synergies between knowledge engineering and prompt engineering is critical for senior leaders looking to successfully deploy AI for internal and externally facing knowledge processes. This webinar be a high-level overview of the methodologies that can elevate AI-driven knowledge processes supporting both employees and customers. Core Insights Include: Strategic Knowledge Engineering: Delve into how structuring AI's knowledge base is required to prevent hallucinations, enable contextual retrieval of accurate information. This will include discussion of gold standard libraries of use cases support testing various LLMs and structures and configurations of knowledge base. Precision in Prompt Engineering: Learn the art of crafting prompts that direct AI to deliver targeted, relevant responses, thereby optimizing customer experiences and business outcomes. Unified Approach for Enhanced AI Performance: Explore the intersection of knowledge and prompt engineering to develop AI systems that are not only more responsive but also aligned with overarching business strategies. Guiding Principles for Implementation: Equip yourself with best practices, ethical guidelines, and strategic considerations for embedding these technologies into your business ecosystem effectively. This webinar is designed to empower business and technology leaders with the knowledge to harness the full potential of AI, ensuring their organizations not only keep pace with digital transformation but lead the charge. Join us to map a roadmap to fully leverage Information Architecture (IA) and AI chart a course towards a future where AI is a key pillar of strategic innovation and business success.

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

Earley Information Science

A Domino Admins Adventures (Engage 2024)

Gabriella Davis

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Rafal Los

Evaluating the top large language models.pdf

ChristopherTHyatt

MySQL Webinar, presented on the 25th of April, 2024. Summary: MySQL solutions enable the deployment of diverse Database Architectures tailored to specific needs, including High Availability, Disaster Recovery, and Read Scale-Out. With MySQL Shell's AdminAPI, administrators can seamlessly set up, manage, and monitor these solutions, ensuring efficiency and ease of use in their administration. MySQL Router, on the other hand, provides transparent routing from the application traffic to the backend servers in the architectures, requiring minimal configuration. Completely built in-house and supported by Oracle, these solutions have been adopted by enterprises of all sizes for their business-critical applications. In this presentation, we'll delve into various database architecture solutions to help you choose the right one based on your business requirements. Focusing on technical details and the latest features to maximize the potential of these solutions.

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Miguel Araújo

The Raspberry Pi 5 was announced on October 2023. This new version of the popular embedded device comes with a new iteration of Broadcom’s VideoCore GPU platform, and was released with a fully open source driver stack, developed by Igalia. The presentation will discuss some of the major changes required to support this new Video Core iteration, the challenges we faced in the process and the solutions we provided in order to deliver conformant OpenGL ES and Vulkan drivers. The talk will also cover the next steps for the open source Raspberry Pi 5 graphics stack. (c) Embedded Open Source Summit 2024 April 16-18, 2024 Seattle, Washington (US) https://events.linuxfoundation.org/embedded-open-source-summit/ https://eoss24.sched.com/event/1aBEx

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

Igalia

CNv6 Instructor Chapter 6 Quality of Service

giselly40

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly. How will data privacy evolve in the US in 2024? How to stay compliant? Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements. This webinar will review: - The essential aspects of each state's privacy landscape and the latest updates - Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence - Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

TrustArc

Histor y of HAM Radio presentation slide

vu2urc

Dernier (20)

Driving Behavioral Change for Information Management through Data-Driven Gree...

GenCyber Cyber Security Day Presentation

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Presentation on how to chat with PDF using ChatGPT code interpreter

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...

08448380779 Call Girls In Greater Kailash - I Women Seeking Men

Automating Google Workspace (GWS) & more with Apps Script

08448380779 Call Girls In Civil Lines Women Seeking Men

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx

A Domino Admins Adventures (Engage 2024)

The 7 Things I Know About Cyber Security After 25 Years | April 2024

Evaluating the top large language models.pdf

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...

Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...

CNv6 Instructor Chapter 6 Quality of Service

Finology Group – Insurtech Innovation Award 2024

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments

Histor y of HAM Radio presentation slide

Architecting for Greater Security on AWS

2. 1) Why does security come first in enterprise cloud adoption? AWS Job Zero New Territory Enterprise Security is Traditionally Hard

3. 2) Why is enterprise security traditionally so hard? So much planning Slows down feature flow

4. 3) Why so much planning which takes so long? So many processes So many hand-offs Built-in pauses

5. 4) Why so many processes? Processes detect unwanted change Visibility, control and quality are essential Reduce impact of failure

6. 5) Why are change detection and low-risk changes so difficult? Lack of visibility No stimulus+response Low degree of automation

7. So where does AWS come in? AWS makes security faster Lets you move fast but stay safe

8. 1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)

10.

11.

12.

13.

14. 1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)

15. 1) Secure, Sensible Defaults - Network Virtual Private Cloud DirectConnect & Virtual Private Gateway Routing control – private and public subnets IAM policies limit who can launch instances by trust zone Security Groups

16.

17.

18.

19.

20. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

21.

22.

23.

24.

25. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

26.

27.

28.

29. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

30.

31. 3) Inherit compliance and controls Map AWS certifications into your enterprise GRC Recognized industry audit standards Jurisdiction Regulatory and contractual options (FedRAMP, HIPAA Business Associate Addendum, EU DPD Data Protection Addendum, PCI Attestation of Compliance)

32. 4) Ride the pace of innovation Find projects in your 3-year strategy where we innovating and let us do it Most companies do not encrypt content internally Encryption is built into EBS, S3, RDS, RedShift, Glacier, Elastic MapReduce, etc. Key Management Service give you more control and visibility at cloud prices We launched ~190 security-related features last year

33. 5) Much Smaller Batch, Faster Changes CloudFormation Infrastructure as code, checked into source code control Route53 or ELB cutover in deployments Elastic Beanstalk application versions Integrate teams across functions - less hand-offs between teams, but far greater awareness and control of lower-risk changes

34.

35.

36. 6) Reduce the impact of failure Multi-Availability Zone deployments Use multiple regions Replicate data – S3, EBS, RDS Lifecycle policies Auto-scaling Auto-recovery

37. 7) Further improve automation Access and deployments are no longer performed by people EC2 Instance Profiles and service roles (Security Token Service) AWS CodeDeploy Continuous Integration & Deployment Extends to on-premises workloads

38. 8) Make security actionable Review what matters -  Internet Gateway -  Identity and Access Management -  VPC – Subnet and NACL changes -  Security Groups Shut things down automatically Scan what change Roll-back automatically Use Lambda

39. Benefits of Enterprise Security on AWS Higher degree of visibility, transparency and accountability (secure and can prove it) Higher degree of trust and autonomy Significant reductions in long-term, privileged access Focus a greater proportion of limited security resources on application security Have a much higher rate of successful change and changes are delivered more quickly

40. Thank you!

Architecting for Greater Security on AWS

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

En vedette

En vedette (20)

Similaire à Architecting for Greater Security on AWS

Similaire à Architecting for Greater Security on AWS (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Dernier

Dernier (20)

Architecting for Greater Security on AWS