SlideShare une entreprise Scribd logo

How We Should Think About Security

Amazon Web Services
Amazon Web Services

(Diapositivas de presentación son en inglés.)

Technologie
1  sur  58
Télécharger pour lire hors ligne
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill Murray AWS Security Programs June 2016 How We Should Think About Security
1) Why is security such a hot topic? Because it’s important, and it’s hard
2) Why is enterprise security traditionally so hard? Because so much planning is needed
3) Why does planning take so long? Because it requires so many processes
4) Why so many processes? Because mistakes are easy to make and hard to correct
5) Why are mistakes so hard to correct? Lack of visibility Low degree of automation
So where does AWS come in? AWS makes security more agile Lets you move fast while staying safe
Security is Job Zero Network Security Physical Security Platform Security People & Procedures
Security is Shared
Build everything on a constantly improving security baseline AWS  Founda+on  Services   Compute   Storage   Database   Networking   AWS  Global   Infrastructure   Regions   Availability  Zones   Edge  Loca+ons   GxP ISO 13485 AS9100 ISO/TS 16949
AWS  Founda+on  Services   Compute   Storage   Database   Networking   AWS  Global   Infrastructure   Regions   Availability  Zones   Edge  Loca+ons   Client-­‐side  Data   Encryp2on   Server-­‐side  Data   Encryp2on   Network  Traffic   Protec2on   Pla<orm,  Applica2ons,  Iden2ty  &  Access  Management   Opera2ng  System,  Network,  &  Firewall  Configura2on   Customer  applica2ons  &  content  Customers   Security & compliance is a shared responsibility Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud
Security is Familiar We strive to make security at AWS as familiar as what you are doing right now •  Visibility •  Auditability •  Controllability •  Agility
AWS Marketplace: One-stop shop for familiar tools Advanced   Threat   Analy+cs       Applica+on   Security         Iden+ty  and   Access  Mgmt       Encryp+on  &   Key  Mgmt         Server  &   Endpoint   Protec+on       Network   Security         Vulnerability     &  Pen   Tes+ng        
VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIRONMENT RIGHT NOW?
Security is Visible Who is accessing the resources? Who took what action? •  When? •  From where? •  What did they do? •  Logs Logs Logs
Tools to move fast and stay safe Amazon Inspector AWS WAF AWS Config Rules
Amazon Inspector Security assessment tool analyzing end-to-end application configuration and activity
Why Amazon Inspector? •  Application Security testing key to moving fast bust staying safe •  Security assessment highly manual - resulting in delays or missed security checks. •  Valuable security subject matter experts spending too much time on routine security assessment
Amazon Inspector Features Configuration Scanning Engine Activity Monitoring Built-in Content Library Automatable via API Fully Auditable
Amazon Inspector Rule Sets CVE Network Security Best Practices Authentication Best Practices CIS Operating System Benchmarks Application Security Best Practices Runtime Behavior Analysis
Amazon Inspector Benefits Increased Agility Embedded Expertise Improved Security Posture Streamlined Compliance
Getting started
Prioritized Findings
Detailed Remediation Recommendations
AWS WAF (Web Application Firewall)
AWS WAF Features Web Filtering CloudFront Integration Centralized Rule Management Real-Time Visibility API Automation
AWS WAF Benefits Increased Protection Against Web Attacks Ease of Deployment and Maintenance Security Embedded in Development Process
AWS WAF in Action AWS Management Console Admins Developers AWS API Web App in CloudFront Define rules Deploy protection AWS WAF
AWS WAF Partner integrations •  Alert Logic, Trend Micro & Imperva integrating with AWS WAF •  Offer additional detection and threat intelligence •  Dynamically modify rulesets of AWS WAF for increased protection
AWS Config Rules
AWS Config Rules Features Flexible Rules evaluated continuously and retroactively Dashboard and Reports for Common Goals Customizable Remediation API Automation
AWS Config Rules Benefits Continuous monitoring for unexpected changes Shared Compliance across your organization Simplified management of configuration changes
AWS Config Rules Broad Ecosystem of solutions
AWS Config Rules
Making Life Easier
Making Life Easier Choosing security does not mean giving up on convenience or introducing complexity
The AWS Journey Phase 1: How do I move to AWS? Time Experience
The journey we’re seeing with AWS customers Dev & Test True Production Mission Critical All-in Build production apps Migrate production apps Marketing Build mission-critical apps Migrate mission-critical apps Development and test environments Corporate standard 1 2 3 4
The AWS Journey Phase 2: How do I use AWS to improve? Time Experience
Example: Hardened InstancesQuestiontoanswer •  How many of my instances came from the correct “approved” server image? •  How many “approved” instances? TraditionalIT •  Manual IT process to prevent •  Even more manual process to audit AWS •  CloudTrail identifies instance launches with unapproved AMIs •  Continuously auditable •  Push notification rather than regular pull
Example: Entitlements ReportingQuestiontoanswer •  What accesses do your people have? TraditionalIT •  Inventory your assets and privileges •  Reconcile with user accounts •  All manual AWS •  IAM Auditing native API calls •  GetAccountAuthoriza tionDetails •  ListUserPolicies •  ListGroupPolicies •  ListRolePolicies
The AWS Journey Phase 3: How do I design for tomorrow? Time Experience
Security by Design (SbD)
Security by Design - SbD •  Systematic approach to ensure security •  Formalizes AWS account design •  Automates security controls •  Streamlines auditing. •  Provides control insights throughout the IT management processAWS CloudTrail AWS CloudHSM AWS IAM AWS KMS AWS 
 Config
SbD - Scripting your governance policy Set of CloudFormation Templates that accelerate compliance with PCI, HIPAA, FFIEC, FISMA, CJIS Result: Reliable technical implementation of administrative controls
How we build our organization
AWS Security Team Operations Application Security Engineering Compliance Aligned for agility
Security Ownership as part of DNA Promotes culture of “everyone is an owner” for security Makes security stakeholder in business success Enables easier and smoother communication Distributed Embedded
Operating Principles Separation of duties Different personnel across service lines Least privilege
Technology to automate operational principles Visibility through automation Shrinking the protection boundaries Ubiquitous encryption
The Bottom Line…….
Design & Deploy Define sensible defaults Inherit compliance controls Use available security features Manage templates - not instances
Operate & Improve Constantly reduce the role of people Reduce Privileged accounts Concentrate on what matters
Conclusions Security is critical We’re creating tools to make it easier We’re creating ways help you build a world class team You can move fast and stay safe
Don’t take my word for it….. CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly and reliably leverage the benefits of this increasingly ubiquitous computing model. Clouds Are Secure: Are You Using Them Securely? Published: 22 September 2015 -- Jay Heiser
How We Should Think About Security

Recommandé

What's New
What's NewWhat's New
What's New
Amazon Web Services
 
Using the Force.com Integration APIs
Using the Force.com Integration APIsUsing the Force.com Integration APIs
Using the Force.com Integration APIs
Richard Seroter
 
AWS Intro & History
AWS Intro & HistoryAWS Intro & History
AWS Intro & History
Amazon Web Services
 
Cloud First New Architecture
Cloud First New ArchitectureCloud First New Architecture
Cloud First New Architecture
Amazon Web Services
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day Intro
Amazon Web Services
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
Amazon Web Services
 

Recommandé

What's New
What's NewWhat's New
What's New
Amazon Web Services
 
Using the Force.com Integration APIs
Using the Force.com Integration APIsUsing the Force.com Integration APIs
Using the Force.com Integration APIs
Richard Seroter
 
AWS Intro & History
AWS Intro & HistoryAWS Intro & History
AWS Intro & History
Amazon Web Services
 
Cloud First New Architecture
Cloud First New ArchitectureCloud First New Architecture
Cloud First New Architecture
Amazon Web Services
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day Intro
Amazon Web Services
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
Amazon Web Services
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
Amazon Web Services
 
Keynote - Digital Innovation with AWS - Approach to Building Security Service...
Keynote - Digital Innovation with AWS - Approach to Building Security Service...Keynote - Digital Innovation with AWS - Approach to Building Security Service...
Keynote - Digital Innovation with AWS - Approach to Building Security Service...
Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Amazon Web Services
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the Cloud
Amazon Web Services
 
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
Amazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS Lambda
Amazon Web Services
 
Introduction to aws
Introduction to awsIntroduction to aws
Introduction to aws
mounir kadri
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
Amazon Web Services
 
AWS Greengrass is Generally Available
AWS Greengrass is Generally AvailableAWS Greengrass is Generally Available
AWS Greengrass is Generally Available
Amazon Web Services
 
(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale
Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
Amazon Web Services
 
Amazon s3
Amazon s3Amazon s3
Amazon s3
Ahmed Lazraq
 
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Amazon Web Services
 
Networking and Security
Networking and SecurityNetworking and Security
Networking and Security
Amazon Web Services
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
Amazon Web Services
 
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
Amazon Web Services
 
Amazon EC2
Amazon EC2Amazon EC2
Amazon EC2
Amazon Web Services
 
Aberdeen Oil & Gas Event - Introduction to the AWS Cloud
Aberdeen Oil & Gas Event - Introduction to the AWS CloudAberdeen Oil & Gas Event - Introduction to the AWS Cloud
Aberdeen Oil & Gas Event - Introduction to the AWS Cloud
Amazon Web Services
 
Lessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner Vogels
Lessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner VogelsLessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner Vogels
Lessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner Vogels
Amazon Web Services
 
Why You Need Automated and Manual Mobile App Testing
Why You Need Automated and Manual Mobile App TestingWhy You Need Automated and Manual Mobile App Testing
Why You Need Automated and Manual Mobile App Testing
Amazon Web Services
 
re:Invent Recap keynote - An introduction to the latest AWS services
re:Invent Recap keynote - An introduction to the latest AWS servicesre:Invent Recap keynote - An introduction to the latest AWS services
re:Invent Recap keynote - An introduction to the latest AWS services
Amazon Web Services
 

Contenu connexe

Tendances

3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
Amazon Web Services
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the Cloud
Amazon Web Services
 
(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale
Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
Amazon Web Services
 

Tendances (20)

Keynote - Digital Innovation with AWS - Approach to Building Security Service...
Keynote - Digital Innovation with AWS - Approach to Building Security Service...Keynote - Digital Innovation with AWS - Approach to Building Security Service...
Keynote - Digital Innovation with AWS - Approach to Building Security Service...
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
Module 3: Security, Identity and Access Management - AWSome Day Online Confer...
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the Cloud
 
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
AWS Foundational and Platform Services - Module 1 Parts 2 & 3 - AWSome Day 2017
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS Lambda
 
Introduction to aws
Introduction to awsIntroduction to aws
Introduction to aws
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
AWS Greengrass is Generally Available
AWS Greengrass is Generally AvailableAWS Greengrass is Generally Available
AWS Greengrass is Generally Available
 
(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
Amazon s3
Amazon s3Amazon s3
Amazon s3
 
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
Securing The AWS Cloud, Steve Riley, AWS Events, April 2010
 
Networking and Security
Networking and SecurityNetworking and Security
Networking and Security
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)
 
Amazon EC2
Amazon EC2Amazon EC2
Amazon EC2
 
Aberdeen Oil & Gas Event - Introduction to the AWS Cloud
Aberdeen Oil & Gas Event - Introduction to the AWS CloudAberdeen Oil & Gas Event - Introduction to the AWS Cloud
Aberdeen Oil & Gas Event - Introduction to the AWS Cloud
 
Lessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner Vogels
Lessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner VogelsLessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner Vogels
Lessons learned before AWS - AWS Startup Tour - SV - 2010 - Dr. Werner Vogels
 

En vedette

Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Amazon Web Services
 
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Amazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
Amazon Web Services
 

En vedette (20)

Why You Need Automated and Manual Mobile App Testing
Why You Need Automated and Manual Mobile App TestingWhy You Need Automated and Manual Mobile App Testing
Why You Need Automated and Manual Mobile App Testing
 
re:Invent Recap keynote - An introduction to the latest AWS services
re:Invent Recap keynote - An introduction to the latest AWS servicesre:Invent Recap keynote - An introduction to the latest AWS services
re:Invent Recap keynote - An introduction to the latest AWS services
 
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
Connect and Interconnect – The Mesh of Event-Driven Compute and Marvelous Vir...
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and ConnectivityCreating Your Virtual Data Center: VPC Fundamentals and Connectivity
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Deep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block StoreDeep Dive on Amazon Elastic Block Store
Deep Dive on Amazon Elastic Block Store
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
 
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
Deep Dive on Microservices and Amazon ECS by Raul Frias, Solutions Architect,...
 
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Thr...
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsCreating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and Compliance
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
Deep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDBDeep Dive on Amazon DynamoDB
Deep Dive on Amazon DynamoDB
 
Compliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” PrinciplesCompliance in the Cloud Using “Security by Design” Principles
Compliance in the Cloud Using “Security by Design” Principles
 
Powering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon WorkspacesPowering Remote Developers with Amazon Workspaces
Powering Remote Developers with Amazon Workspaces
 
AWS Summit Canberra Keynote 2016
AWS Summit Canberra Keynote 2016AWS Summit Canberra Keynote 2016
AWS Summit Canberra Keynote 2016
 
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
Running Microsoft Workloads on AWS | AWS Public Sector Summit 2016
 
Building Your Practice on AWS - An APN Breakfast Session
Building Your Practice on AWS - An APN Breakfast SessionBuilding Your Practice on AWS - An APN Breakfast Session
Building Your Practice on AWS - An APN Breakfast Session
 
Federation
FederationFederation
Federation
 

Similaire à How We Should Think About Security

(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
Amazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
Amazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
Amazon Web Services
 

Similaire à How We Should Think About Security (20)

AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Dernier (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 

How We Should Think About Security

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill Murray AWS Security Programs June 2016 How We Should Think About Security
  • 2. 1) Why is security such a hot topic? Because it’s important, and it’s hard
  • 3. 2) Why is enterprise security traditionally so hard? Because so much planning is needed
  • 4. 3) Why does planning take so long? Because it requires so many processes
  • 5. 4) Why so many processes? Because mistakes are easy to make and hard to correct
  • 6. 5) Why are mistakes so hard to correct? Lack of visibility Low degree of automation
  • 7. So where does AWS come in? AWS makes security more agile Lets you move fast while staying safe
  • 8. Security is Job Zero Network Security Physical Security Platform Security People & Procedures
  • 10. Build everything on a constantly improving security baseline AWS  Founda+on  Services   Compute   Storage   Database   Networking   AWS  Global   Infrastructure   Regions   Availability  Zones   Edge  Loca+ons   GxP ISO 13485 AS9100 ISO/TS 16949
  • 11. AWS  Founda+on  Services   Compute   Storage   Database   Networking   AWS  Global   Infrastructure   Regions   Availability  Zones   Edge  Loca+ons   Client-­‐side  Data   Encryp2on   Server-­‐side  Data   Encryp2on   Network  Traffic   Protec2on   Pla<orm,  Applica2ons,  Iden2ty  &  Access  Management   Opera2ng  System,  Network,  &  Firewall  Configura2on   Customer  applica2ons  &  content  Customers   Security & compliance is a shared responsibility Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud
  • 12. Security is Familiar We strive to make security at AWS as familiar as what you are doing right now •  Visibility •  Auditability •  Controllability •  Agility
  • 13. AWS Marketplace: One-stop shop for familiar tools Advanced   Threat   Analy+cs       Applica+on   Security         Iden+ty  and   Access  Mgmt       Encryp+on  &   Key  Mgmt         Server  &   Endpoint   Protec+on       Network   Security         Vulnerability     &  Pen   Tes+ng        
  • 14. VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIRONMENT RIGHT NOW?
  • 15.
  • 16.
  • 17. Security is Visible Who is accessing the resources? Who took what action? •  When? •  From where? •  What did they do? •  Logs Logs Logs
  • 18. Tools to move fast and stay safe Amazon Inspector AWS WAF AWS Config Rules
  • 19. Amazon Inspector Security assessment tool analyzing end-to-end application configuration and activity
  • 20. Why Amazon Inspector? •  Application Security testing key to moving fast bust staying safe •  Security assessment highly manual - resulting in delays or missed security checks. •  Valuable security subject matter experts spending too much time on routine security assessment
  • 21. Amazon Inspector Features Configuration Scanning Engine Activity Monitoring Built-in Content Library Automatable via API Fully Auditable
  • 22. Amazon Inspector Rule Sets CVE Network Security Best Practices Authentication Best Practices CIS Operating System Benchmarks Application Security Best Practices Runtime Behavior Analysis
  • 23. Amazon Inspector Benefits Increased Agility Embedded Expertise Improved Security Posture Streamlined Compliance
  • 28. AWS WAF Features Web Filtering CloudFront Integration Centralized Rule Management Real-Time Visibility API Automation
  • 29. AWS WAF Benefits Increased Protection Against Web Attacks Ease of Deployment and Maintenance Security Embedded in Development Process
  • 30. AWS WAF in Action AWS Management Console Admins Developers AWS API Web App in CloudFront Define rules Deploy protection AWS WAF
  • 31. AWS WAF Partner integrations •  Alert Logic, Trend Micro & Imperva integrating with AWS WAF •  Offer additional detection and threat intelligence •  Dynamically modify rulesets of AWS WAF for increased protection
  • 33. AWS Config Rules Features Flexible Rules evaluated continuously and retroactively Dashboard and Reports for Common Goals Customizable Remediation API Automation
  • 34. AWS Config Rules Benefits Continuous monitoring for unexpected changes Shared Compliance across your organization Simplified management of configuration changes
  • 35. AWS Config Rules Broad Ecosystem of solutions
  • 38. Making Life Easier Choosing security does not mean giving up on convenience or introducing complexity
  • 39. The AWS Journey Phase 1: How do I move to AWS? Time Experience
  • 40. The journey we’re seeing with AWS customers Dev & Test True Production Mission Critical All-in Build production apps Migrate production apps Marketing Build mission-critical apps Migrate mission-critical apps Development and test environments Corporate standard 1 2 3 4
  • 41. The AWS Journey Phase 2: How do I use AWS to improve? Time Experience
  • 42. Example: Hardened InstancesQuestiontoanswer •  How many of my instances came from the correct “approved” server image? •  How many “approved” instances? TraditionalIT •  Manual IT process to prevent •  Even more manual process to audit AWS •  CloudTrail identifies instance launches with unapproved AMIs •  Continuously auditable •  Push notification rather than regular pull
  • 43. Example: Entitlements ReportingQuestiontoanswer •  What accesses do your people have? TraditionalIT •  Inventory your assets and privileges •  Reconcile with user accounts •  All manual AWS •  IAM Auditing native API calls •  GetAccountAuthoriza tionDetails •  ListUserPolicies •  ListGroupPolicies •  ListRolePolicies
  • 44. The AWS Journey Phase 3: How do I design for tomorrow? Time Experience
  • 46. Security by Design - SbD •  Systematic approach to ensure security •  Formalizes AWS account design •  Automates security controls •  Streamlines auditing. •  Provides control insights throughout the IT management processAWS CloudTrail AWS CloudHSM AWS IAM AWS KMS AWS 
 Config
  • 47. SbD - Scripting your governance policy Set of CloudFormation Templates that accelerate compliance with PCI, HIPAA, FFIEC, FISMA, CJIS Result: Reliable technical implementation of administrative controls
  • 48. How we build our organization
  • 49. AWS Security Team Operations Application Security Engineering Compliance Aligned for agility
  • 50. Security Ownership as part of DNA Promotes culture of “everyone is an owner” for security Makes security stakeholder in business success Enables easier and smoother communication Distributed Embedded
  • 51. Operating Principles Separation of duties Different personnel across service lines Least privilege
  • 52. Technology to automate operational principles Visibility through automation Shrinking the protection boundaries Ubiquitous encryption
  • 54. Design & Deploy Define sensible defaults Inherit compliance controls Use available security features Manage templates - not instances
  • 55. Operate & Improve Constantly reduce the role of people Reduce Privileged accounts Concentrate on what matters
  • 56. Conclusions Security is critical We’re creating tools to make it easier We’re creating ways help you build a world class team You can move fast and stay safe
  • 57. Don’t take my word for it….. CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly and reliably leverage the benefits of this increasingly ubiquitous computing model. Clouds Are Secure: Are You Using Them Securely? Published: 22 September 2015 -- Jay Heiser