Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Marc Doublet
Business Development Manager
AWS Marketplace – Amazon Web Services
Cloud DevSecOps and compliance
considerations leveraging AWS
Marketplace sellers

Cloud DevSecOps Considerations Leveraging
AWS Marketplace Software
• Cloud native procurement, entitlement
& deployment
• Why DevSecOps?
• DevSecOps Secure AMI Factory
• What we hear from customers
• Mapping security to compliance
controls
• RansomWare? No More Ransom
2
A G E N D A

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.3
Cloud native procurement, entitlement &
deployment
• 35 software categories
• 1,400+ ISVs
• 4,200+ product listings
• Deployed in 16 regions around the world
• Billed through AWS account
• 170,000 active customers
• 550M EC2 hours deployed per month
A W S M A R K E T P L A C E

Why DevSecOps?
Business Imperatives
Competing forces
Development
Build it faster
Operations
Keep it stable
Security
Make it secure
D E V O P S
BUILD TEST DISTRIBUTE
MONITOR
Developers Users
D E V S E C O P S
BUILD TEST DISTRIBUTE
MONITOR
Developers Users
SECURITY

29 Accounts | 62 VPCs
2016
Shared Services
Security
Data Center
2017
+
Production
Non-Prod
2015
CLOUD-FIRST
• The cloud is not just another data center with virtual machines
• Leverage managed services
• For every problem, ask: how do we best solve this in the cloud
using current best practices?
• Let modern tools solve old hard problems
SECURITY BY DESIGN
• Secure every part all
the time
• Apply the principle
of Least Privilege
AUTOMATE EVERYTHING
• Build everything as
Infrastructure as Code
• Do not log in to the console
and make changes
• Never log in to a server
Customer Journey C H A N G E H E A L T H C A R E

DevSecOps: Secure AMI Factory
BUILD TEST MONITORDISTRIBUTE
• Select Marketplace OS
• Protect instance integrity
• Tailor to your toolchain policy
• Harden to risk profile
• Follow industry regulations
• Next gen endpoint protection
• File integrity monitoring
• Secure AMI template
• Effective, Reliable, Stable
• Mitigated risk
Build Phase
Process
Outcome

• Anitian PCI (OS)
• Center for Internet Security (OS)
• Cloud Passage Server Secure
• Chef Automate
• Puppet Enterprise
• Trend Micro Deep Security
• Amazon EC2
• Amazon EC2 SSM
• Amazon CloudWatch
• Amazon ECS, S3
Build Phase

Test Phase: Approve
• Configuration and vulnerability
analysis
• Inspect scan reports
• Logging and monitoring
• Automated config management
• Baseline AMI is devoid of
vulnerabilities
• Security requirements are met
Process
Outcome

• Alert Logic Cloud Defender
• Evident.io
• CloudPassage Server Secure
• Microfocus Unified Functional
Testing
• Splunk Cloud
• AlienVault USM
• Amazon Inspector
• Amazon EC2 SSMTest Phase: Approve

Distribution Phase
• Generate CloudFormation
• Deploy and distribute using a
Continuous Integration server
• Deploy across regions
• Deploy across accounts
• Control the distribution by policy
to teams with Service Catalog
• AMI is deployed across all
regions and accounts
• AWS Service Catalog portfolios
are updated
Outcome
Process

• CloudPassage Server Secure
• Shippable
• Electric Cloud ElectricFlow
• Midvision RapidDeploy
• Splunk Cloud
• AlienVault USM
• AWS CodeCommit
• AWS CodePipeline
• AWS Service Catalog
Distribution Phase

• AMI is free of CVEs
• Continuous operational
intelligence
Monitor Phase
• Regularly scan to ensure AMI
doesn’t contain CVEs
• Monitor, analyze and visualize data
• Behavioral monitoring
• Log Management
Outcome Process

• SumoLogic
• Dynatrace
• Elasticsearch
• New Relic
• CA Application
Performance
Management
• Amazon CloudWatch
• Amazon Inspector
• Amazon Macie
• Amazon GuardDuty
Monitor Phase
• Trend Micro Deep
Security
• Splunk Enterprise
• AlienVault USM
• AppDynamics
• CloudPassage
Server Secure

Security & compliance is a shared responsibility
Customer
Responsible
for Security
IN the Cloud
AWS
Responsible
for Security
OF the Cloud
Customer data
Applications, identity & access management
Operating system, network & firewall configuration
Client-side data
encryption &
Data integrity
authentication
Server-side encryption
(file system and/or
data)
Network traffic
protection
(encryption/
integrity/identity)
Compute Storage Database Networking
AWS global
infrastructure
Regions
Edge locations
Availability zones

AWS Security Competency Solutions
Network
security
Security
intelligence
Identity & access
management
Security
orchestration
Cloud workload
security
Data
security
Application
security
Easy, fast, and secure
way to search, analyze,
and visualize massive
data streams
Secures access through
single sign-on, multi-
factor authentication and
privileged access security
Protection of data, digital
identities, payments, and
transactions from the edge
to the core
Get hourly proactive
protection for your AWS
workloads with Trend
Micro Deep Security
Technology and managed
security services to assess
vulnerabilities and
streamline compliance
Extends all security and
management capabilities
of the world's most-
trusted web application
firewall to Amazon Web
Services environments
Quickly create a hybrid
architecture that
extends your existing
data center into AWS
via encrypted tunnels
Collect, compress, and
securely transfer all of
your log data regardless of
volume, type, or location
OneLogin, the innovator
in Identity and Access
Management-as-
a-Service (IDaaS)
Offers encryption with
integrated key
management to secure
machines and data
throughout their lifecycle
Automates AWS security
groups and adds an extra
layer of protection against
hackers
Complementing AWS
services, enabling you to
deploy a comprehensive
security architecture and
seamless experience across
cloud and on-premises
Other popular
solutions:
Fortinet
Other popular
solutions:
Bitium, ClearLogin,
Ping Identity
Other popular
solutions:
CTERA
Other popular
solutions:
Tenable, Qualys
Other popular
solutions:
McAfee, CrowdStrike
Other popular
solutions:
F5, Fortinet
Other popular
solutions:
Check Point,
Fortinet, Alert Logic
Delivers complete
content and network
protection by combining
stateful inspection with
a comprehensive suite
of powerful security
features
Automates security for
public cloud workloads,
enabling agility, risk
reduction, and cost
savings, while easing
DevOps & admin burdens
15
15

What we hear from our
customers
Software entitlement
& deployment models
16
C H A L L E N G E
Rapidly innovate by buying
and deploying software
solutions on-demand
C U S T O M E R S W A N T T O

customers
Out-of-date procurement mechanisms,
with multiple places to procure
software
17
C H A L L E N G E
Reduce cost while
picking new standards

customers
Compliance in hybrid and
cloud computing
18
C H A L L E N G E
Understand what AWS Services
and Seller listings provide
compliance

customers
Complex agreement management and
constant renewal and replacement
19
C H A L L E N G E
Simplify and streamline purchasing,
license management, invoicing and
upgrade on demand

Enterprise Contract for AWS Marketplace
9 commonly
negotiated clauses
50+ participating
companies
Standardized
contract template
Decrease Time Spent Negotiating Contracts

• Compliance controls mapped to
AWS Marketplace products
• Select a product and quickly see all
the controls it fulfills
• Select a control and see what AWS
Marketplace products cover it
• Generate a report of selected
products; link to AWS Marketplace
listing page
• Free for customers
• Visit amzn.to/RPM
22
Allgress Regulatory
Product Mapping

#NoMoreRansom Stats
24
• Can decrypt 84 ransomware families with 52
decryption tools in 29 languages
• 120 partners: (including founding members,
Barracuda and AWS)
• 40 LEA: New: Cypriot & Estonian police
• 80 non-LEA: New: KPN; Telenor; CPIC
• 1.6 million visitors from more than 180 countries
• More than 35,000 people have retrieved their
files for free, preventing criminals from profiting
from more than $12M USD
• CryptXXX, CrySIS and Dharma are the most
detected infections.
• NoMoreRansom.org

Call to Action
• Learn more about how AWS Marketplace can help strengthen your Security
Posture in the Cloud: https://aws.amazon.com/mp/security-network/
• Reach out to the AWS Marketplace Customer Advisor team for more
information about DevSecOps solutions available on Marketplace:
aws-mp-ca-team@amazon.com
M O R E I N F O R M A T I O N
25

Please complete the session survey in
the summit mobile app.

M A R C D O U B L E T
mddouble@amazon.lu
Thank You!

Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers

Similaire à Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers (20)

Plus de Amazon Web Services

Plus de Amazon Web Services (20)

Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers