SlideShare une entreprise Scribd logo

AWS Security & Compliance

Amazon Web Services
Amazon Web Services

AWSome Day Warsaw | AWS Security & Compliance

Technologie
1  sur  40
Télécharger pour lire hors ligne
Security and Compliance in AWS Warsaw Tomasz Stachlewski AWS Solutions Architect stachlew@amazon.pl
1. AWS Shared Responsibility Model 2. Where is my data? 3. Infrastructure security 4. Identity and access management 5. Encryption 6. Configuration management Topics to discuss
Rob Alexander Capital One's CIO "The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers."
Partner ecosystem Security Benefits from Community Network Effect Customer ecosystem Everyone benefits
AWS • AWS • Facilities • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualization Infrastructure CustomerCustomerShared Responsibility • Shared Responsibility  Let AWS do the heavy lifting  Focus on what’s most valuable to your business • Customer • Operating System • Application • Security Groups • OS Firewalls • Network Configuration • Account Management
Amazon EC2, Amazon EBS, Amazon VPC Shared Responsibility: Infrastructure Services
How does AWS get security?
• Amazon has been building large-scale data centers for many years. • Important attributes: – Non-descript facilities – Robust perimeter controls – Strictly controlled physical access – Two or more levels of two-factor authentication • Controlled, need-based access. • All access is logged and reviewed. • Separation of Duties – Employees with physical access don’t have logical privileges. AWS Responsibilities Physical Security of Data Center
This To This How does AWS get security?
Such as Amazon S3, Amazon DynamoDB, and Amazon Kinesis Shared Responsibility: Abstract Services
Choose where to store your data! Ireland EU-CENTRAL (Frankfurt) Frankfurt Sidney Singapore Tokyo Seul Beijing Sao Paulo N. Virginia Oregon N. California GovCloud
IRELAND FRANKFURT S3 designed for 99.999999999% durability Be safe!
… never delete it! Amazon Glacier is a low-cost storage service for archival data with long- term retention requirements. Non-overwrite, non-erasable records
You can choose to keep all your content onshore in any AWS region of YOUR choice: • Managing your privacy objectives any way that you want • Keep data in your chosen format and move it, or delete it, at any time you choose • No automatic replication of data outside of your chosen AWS Region • Customers can encrypt their content any way they choose You always have full ownership and control
Amazon EC2 Multiple Layers of Security
Or maybe no neighbors? ONLY ME! ONLY ME! ONLY ME! ONLY ME!
AWS Service Health Dashboard
AWS CloudTrail • Who made the API call? • When was the API call made? • What was the API call? • What were the resources that were acted up on in the API call? • Where was the API call made from?
AWS CloudTrail Web service that records AWS API calls for your account and delivers logs. Who? When? What? Where to? Where from? Bill 3:27pm Launch Instance us-west-2 72.21.198.64 Alice 8:19am Added Bob to admin group us-east-1 127.0.0.1 Steve 2:22pm Deleted DynamoDB table eu-west-1 205.251.233.176
CloudWatch Logs: Centralize Your Logs • Send existing system, application, and custom log files to CloudWatch Logs via our agent, and monitor these logs in near real-time. • This can help you better understand and operate your systems and applications, and you can store your logs using highly durable, low-cost storage for later access
Continuous ChangeRecording AWS Config Changing Resources
Continuous ChangeRecordingChanging Resources AWS Config Snapshot (ex. 2014-11-05) History AWS Config
Amazon Virtual Private Cloud (VPC) Server Server VPC: • Logical isolation of the Amazon Web Services (AWS) Cloud • Complete control of your virtual networking environment
Amazon Virtual Private Cloud (VPC) Server Server Security Control: • Security Groups, Network Access Control List – native AWS Firewalls – control who has got access to servers.
Amazon Virtual Private Cloud (VPC) Server Server DATA CENTER Internet Dedicated Connection
Identity and Access Management • Users & Groups • Unique Security Credentials • Temporary Security Credentials • Policies & Permissions • Roles • Multi-factor Authentication
Encryption. Protecting data in-transit and at-rest. Details about encryption can be found in the AWS Whitepaper, “Securing Data at Rest with Encryption”. Encryption In-Transit HTTPS SSL/TLS VPN / IPSEC SSH Encryption At-Rest Object Database Filesystem Disk
Key Management Infrastructure Managing encryption keys is critical yet difficult! • How will you manage keys and make sure they are available when required, for example at instance start-up? • How will you keep them available and prevent loss? How will you rotate keys on a regular basis and keep them private?
AWS Key Management Service Customer Master Key(s) Data Key 1 Amazon S3 Object Amazon EBS Volume Amazon Redshift Cluster Data Key 2 Data Key 3 Data Key 4 Managed service to securely create, control, rotate, and use encryption keys.
AWS Key Management Service
AWS Key Management Service
AWS CloudHSM AWS CloudHSM AWS Administrator – manages the appliance You – control keys and crypto operations Amazon Virtual Private Cloud Help meet compliance requirements for data security by using a dedicated Hardware Security Module appliance with AWS. • Dedicated, single-tenant hardware device • Can be deployed as HA and load balanced • Customer use cases: • Oracle TDE • MS SQL Server TDE • Setup SSL connections • Digital Rights Management (DRM) • Document Signing
Trusted advisor
Trusted advisor
AWS Marketplace: over 2600 applications Advanced Threat Analytics Application Security Identity and Access Mgmt Encryption & Key Mgmt Server & Endpoint Protection Network Security Vulnerability & Pen Testing
“Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom, CTO, NASA JPL Security is Job Zero
? Questions? stachlew@amazon.pl

Recommandé

AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon InspectorAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 

Recommandé

AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar AWS Web Application Firewall and AWS Shield - Webinar
AWS Web Application Firewall and AWS Shield - Webinar Amazon Web Services
 
Getting Started with Amazon Inspector
Getting Started with Amazon InspectorGetting Started with Amazon Inspector
Getting Started with Amazon InspectorAmazon Web Services
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control TowerCloudHesive
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAMAmazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerAmazon Web Services
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon InspectorAmazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty LabAmazon Web Services
 
AWS Account Best Practices
AWS Account Best PracticesAWS Account Best Practices
AWS Account Best PracticesAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportAmazon Web Services
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Webcast - Introduction to AWS Support Services
AWS Webcast - Introduction to AWS Support ServicesAWS Webcast - Introduction to AWS Support Services
AWS Webcast - Introduction to AWS Support ServicesAmazon Web Services
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDSAmazon Web Services
 
AWS 101
AWS 101AWS 101
AWS 101Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 

Contenu connexe

Tendances

(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon InspectorAmazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportAmazon Web Services
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost ManagementAmazon Web Services
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Amazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatchAmazon Web Services
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
 
AWS Webcast - Introduction to AWS Support Services
AWS Webcast - Introduction to AWS Support ServicesAWS Webcast - Introduction to AWS Support Services
AWS Webcast - Introduction to AWS Support ServicesAmazon Web Services
 

Tendances (20)

(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
 
AWS Account Best Practices
AWS Account Best PracticesAWS Account Best Practices
AWS Account Best Practices
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise Support
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost Management
 
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
Automated Solution for Deploying AWS Landing Zone (GPSWS407) - AWS re:Invent ...
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Using AWS Control Tower to govern multi-account AWS environments at scale - G...
Using AWS Control Tower to govern multi-account AWS environments at scale - G...
 
AWS Webcast - Introduction to AWS Support Services
AWS Webcast - Introduction to AWS Support ServicesAWS Webcast - Introduction to AWS Support Services
AWS Webcast - Introduction to AWS Support Services
 
Deep Dive: Amazon RDS
Deep Dive: Amazon RDSDeep Dive: Amazon RDS
Deep Dive: Amazon RDS
 
AWS 101
AWS 101AWS 101
AWS 101
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 

En vedette

Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
Getting started with SAP PI/PO an overview presentation
Getting started with SAP PI/PO an overview presentationGetting started with SAP PI/PO an overview presentation
Getting started with SAP PI/PO an overview presentationFigaf.com
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftMuleSoft
 
Assessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAssessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAmazon Web Services
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Alta White Paper D2C eCommerce Case Study 2016
Alta White Paper D2C eCommerce Case Study 2016Alta White Paper D2C eCommerce Case Study 2016
Alta White Paper D2C eCommerce Case Study 2016Patrick Nicholson
 
Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution Wuzna Haroon
 

En vedette (18)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
Getting started with SAP PI/PO an overview presentation
Getting started with SAP PI/PO an overview presentationGetting started with SAP PI/PO an overview presentation
Getting started with SAP PI/PO an overview presentation
 
SAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoftSAP Integration: Best Practices | MuleSoft
SAP Integration: Best Practices | MuleSoft
 
Assessing Your Company's Cloud Readiness
Assessing Your Company's Cloud ReadinessAssessing Your Company's Cloud Readiness
Assessing Your Company's Cloud Readiness
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Introduction to AWS
Introduction to AWS Introduction to AWS
Introduction to AWS
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
Nt1310 project
Nt1310 projectNt1310 project
Nt1310 project
 
Alta White Paper D2C eCommerce Case Study 2016
Alta White Paper D2C eCommerce Case Study 2016Alta White Paper D2C eCommerce Case Study 2016
Alta White Paper D2C eCommerce Case Study 2016
 
Information från Läkemedelsverket #5 2013
Information från Läkemedelsverket #5 2013Information från Läkemedelsverket #5 2013
Information från Läkemedelsverket #5 2013
 
Credit cards
Credit cardsCredit cards
Credit cards
 
Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution Diarrhea:Myths and facts, Precaution
Diarrhea:Myths and facts, Precaution
 
Basics of Coding in Pediatrics Medical Billing
Basics of Coding in Pediatrics Medical BillingBasics of Coding in Pediatrics Medical Billing
Basics of Coding in Pediatrics Medical Billing
 
cathy resume
cathy resumecathy resume
cathy resume
 

Similaire à AWS Security & Compliance

AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at RestAmazon Web Services
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_awssaifam
 
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도Amazon Web Services Korea
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityLalitMohanSharma8
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailPawel Rzepa
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
Practical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWSPractical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWSAmazon Web Services
 
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Amazon Web Services
 

Similaire à AWS Security & Compliance (20)

Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_aws
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
 
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detail
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
Practical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWSPractical Steps to Hackproofing AWS
Practical Steps to Hackproofing AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
Hack-Proof Your Cloud: Responding to 2016 Threats | AWS Public Sector Summit ...
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 

Dernier (20)

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 

AWS Security & Compliance

  • 1. Security and Compliance in AWS Warsaw Tomasz Stachlewski AWS Solutions Architect stachlew@amazon.pl
  • 2. 1. AWS Shared Responsibility Model 2. Where is my data? 3. Infrastructure security 4. Identity and access management 5. Encryption 6. Configuration management Topics to discuss
  • 3. Rob Alexander Capital One's CIO "The financial service industry attracts some of the worst cyber criminals. We work closely with AWS to develop a security model, which we believe enables us to operate more securely in the public cloud than we can in our own data centers."
  • 4. Partner ecosystem Security Benefits from Community Network Effect Customer ecosystem Everyone benefits
  • 5. AWS • AWS • Facilities • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualization Infrastructure CustomerCustomerShared Responsibility • Shared Responsibility  Let AWS do the heavy lifting  Focus on what’s most valuable to your business • Customer • Operating System • Application • Security Groups • OS Firewalls • Network Configuration • Account Management
  • 6. Amazon EC2, Amazon EBS, Amazon VPC Shared Responsibility: Infrastructure Services
  • 7. How does AWS get security?
  • 8. • Amazon has been building large-scale data centers for many years. • Important attributes: – Non-descript facilities – Robust perimeter controls – Strictly controlled physical access – Two or more levels of two-factor authentication • Controlled, need-based access. • All access is logged and reviewed. • Separation of Duties – Employees with physical access don’t have logical privileges. AWS Responsibilities Physical Security of Data Center
  • 9.
  • 10. This To This How does AWS get security?
  • 11. Such as Amazon S3, Amazon DynamoDB, and Amazon Kinesis Shared Responsibility: Abstract Services
  • 12. Choose where to store your data! Ireland EU-CENTRAL (Frankfurt) Frankfurt Sidney Singapore Tokyo Seul Beijing Sao Paulo N. Virginia Oregon N. California GovCloud
  • 14. … never delete it! Amazon Glacier is a low-cost storage service for archival data with long- term retention requirements. Non-overwrite, non-erasable records
  • 15. You can choose to keep all your content onshore in any AWS region of YOUR choice: • Managing your privacy objectives any way that you want • Keep data in your chosen format and move it, or delete it, at any time you choose • No automatic replication of data outside of your chosen AWS Region • Customers can encrypt their content any way they choose You always have full ownership and control
  • 16. Amazon EC2 Multiple Layers of Security
  • 17. Or maybe no neighbors? ONLY ME! ONLY ME! ONLY ME! ONLY ME!
  • 18. AWS Service Health Dashboard
  • 19.
  • 20.
  • 21. AWS CloudTrail • Who made the API call? • When was the API call made? • What was the API call? • What were the resources that were acted up on in the API call? • Where was the API call made from?
  • 22. AWS CloudTrail Web service that records AWS API calls for your account and delivers logs. Who? When? What? Where to? Where from? Bill 3:27pm Launch Instance us-west-2 72.21.198.64 Alice 8:19am Added Bob to admin group us-east-1 127.0.0.1 Steve 2:22pm Deleted DynamoDB table eu-west-1 205.251.233.176
  • 23. CloudWatch Logs: Centralize Your Logs • Send existing system, application, and custom log files to CloudWatch Logs via our agent, and monitor these logs in near real-time. • This can help you better understand and operate your systems and applications, and you can store your logs using highly durable, low-cost storage for later access
  • 26. Amazon Virtual Private Cloud (VPC) Server Server VPC: • Logical isolation of the Amazon Web Services (AWS) Cloud • Complete control of your virtual networking environment
  • 27. Amazon Virtual Private Cloud (VPC) Server Server Security Control: • Security Groups, Network Access Control List – native AWS Firewalls – control who has got access to servers.
  • 28. Amazon Virtual Private Cloud (VPC) Server Server DATA CENTER Internet Dedicated Connection
  • 29. Identity and Access Management • Users & Groups • Unique Security Credentials • Temporary Security Credentials • Policies & Permissions • Roles • Multi-factor Authentication
  • 30. Encryption. Protecting data in-transit and at-rest. Details about encryption can be found in the AWS Whitepaper, “Securing Data at Rest with Encryption”. Encryption In-Transit HTTPS SSL/TLS VPN / IPSEC SSH Encryption At-Rest Object Database Filesystem Disk
  • 31. Key Management Infrastructure Managing encryption keys is critical yet difficult! • How will you manage keys and make sure they are available when required, for example at instance start-up? • How will you keep them available and prevent loss? How will you rotate keys on a regular basis and keep them private?
  • 32. AWS Key Management Service Customer Master Key(s) Data Key 1 Amazon S3 Object Amazon EBS Volume Amazon Redshift Cluster Data Key 2 Data Key 3 Data Key 4 Managed service to securely create, control, rotate, and use encryption keys.
  • 35. AWS CloudHSM AWS CloudHSM AWS Administrator – manages the appliance You – control keys and crypto operations Amazon Virtual Private Cloud Help meet compliance requirements for data security by using a dedicated Hardware Security Module appliance with AWS. • Dedicated, single-tenant hardware device • Can be deployed as HA and load balanced • Customer use cases: • Oracle TDE • MS SQL Server TDE • Setup SSL connections • Digital Rights Management (DRM) • Document Signing
  • 38. AWS Marketplace: over 2600 applications Advanced Threat Analytics Application Security Identity and Access Mgmt Encryption & Key Mgmt Server & Endpoint Protection Network Security Vulnerability & Pen Testing
  • 39. “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom, CTO, NASA JPL Security is Job Zero