"Are you a CISO in cloud or security operations and architecture? The decisions you make when migrating and securing workloads at scale in the AWS cloud have a large impact on your business. This session will help you jump-start your migration to AWS or, if you’re already running workloads in AWS, teach you how your organization can secure and improve the efficiency of those deployments. Infor’s Chief Information Security Officer will share what the organization learned tackling these issues at scale. You’ll hear how managing a traditional large-scale infrastructure can be simplified in AWS. You’ll understand why designing around the workload can simplify the structure of your teams and help them focus. Finally, you’ll see what these changes mean to your CxOs and how better visibility and understanding of your workloads will drive business success.  Session sponsored by Trend Micro."

1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jim Hoover, Chief Information Security Officer
Matt Yanchyshyn, Sr. Manager, Solutions Architecture
Adam Boyle, Director of Product Management, Cloud Workload Security
October 2015
DVO206
Lessons from a CISO
How to Securely Scale Teams,
Workloads, and Budgets

2. Takeaways
Scale workload security
Level up security teams
Improve CxO visibility

3. Jim Hoover, CISO

5. 3,500+Customers in the cloud
8+ PBData in the Infor cloud
45m+Users
6300+Sites
Infor at Scale in the Cloud

6. Iron to APIs

7. Data Center Security Challenges
Lots of different groups
Lots of different tools
Nothing speaking the same language

8. “Security in the Cloud” Concerns
Tools
Security controls
Compliance

9. The Infor Security Stack in AWS Cloud
AWS cloud
Shared
responsibility
Compliance

10. Best Practices for Large-Scale Security
1. Segment your AWS environment
2. Control access and segregate duties
3. Monitor for unexpected behavior

11. Your organization
Project Teams Marketing
Business Units Reporting
Web &
Mobile
Dev / Test Analytics
Internal
Enterprise
Apps
Amazon S3
Amazon
Glacier
Storage/
Backup
Large-Scale Security Best Practice #1
Segment your AWS environment

12. • Multi-factor authentication
• Federation and single sign-on
• Fine-grained access control
• Restrict human access
AWS
account
owner
Network
management
Security
management
Server
management
Storage
management
Large-Scale Security Best Practice #2
Control access, segregate duties

13. • AWS CloudTrail
• API and console usage
• AWS Config
• Infrastructure history and changes
• Amazon CloudWatch
• Resource metrics and log monitoring
• AWS Billing and Cost Management
Large-Scale Security Best Practice #3
Monitor for unexpected behavior

14. Team Works

15. Data Center Security Operations Challenges
Security team Application teams

16. Security Operations Skill Development
Security ops Cloud security DevOps

17. Security Operations in AWS Cloud
Cloud security DevOps Application teams

18. AWS Security Rock Star Cookbook
1. AWS-specific security knowledge
• https://aws.amazon.com/security
2. Analytics: Threat intelligence; log analysis at scale
• https://aws.amazon.com/big-data
3. DevSecOps: The ability to quickly and continuously
respond to new threats as they emerge
• https://aws.amazon.com/training/course-descriptions/devops-
engineering

19. CxO Visibility

20. CxO Visibility at Scale
CISO CIO COO CFO

21. In Summary
Simplicity & visibility = scale
SecOps: Do more with less
CxO: Visibility & compliance

22. Thank you!

23. Come see us at Booth #1004
http://aws.trendmicro.com

24. Remember to complete
your evaluations!