SlideShare une entreprise Scribd logo

Managing Enterprise security in the Cloud

Amazon Web Services
Amazon Web Services

Managing Enterprise security in the Cloud

1  sur  54
Télécharger pour lire hors ligne
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Managing Enterprise Security in the Cloud Koen van Blijderveen Security, Risk & Compliance Consultant – AWS Professional Services Bas Wouwenaar Chief Information Officer - Ohpen B U S 0 0 1
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Global Infrastructure 20 Regions – 61 Availability Zones – 158 Edge Locations Announced Regions Bahrain, Cape Town, Hong Kong, Jakarta, Milan US East N. Virginia (6), Ohio (3) US West N. California (3), Oregon (4) Asia Pacific Mumbai (2), Seoul (2), Singapore (3), Sydney (3), Tokyo (4), Osaka- Local (1) Canada Central (2) China Beijing (2), Ningxia (3) Europe Frankfurt (3), Ireland (3), London (3), Paris (3), Stockholm (3) South America São Paulo (3) AWS GovCloud (US) US-East (3), US-West (3) Region & Number of Availability Zones
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Move to AWS – Strengthen Your Security Posture
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJIS DoD SRG FERPA SEC Rule 17a-4(f) VPAT Section 508 GxP MPAA My Number Act G-Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared Responsibility Model Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer AWS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security Engineering – Then and Now
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T But, do I have to?... CostScale Reliability/ Repeatability
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Networking Governance, Compliance, and Encryption Identity Active Directory integration SAML Federation Amazon VPC AWS Direct Connect Flow logs Route table Amazon VPC PrivateLink AWS WAF AWS Shield AWS Identity and Access Management MFATemporary security credentials AWS Organizations AWS Secrets Manager AWS Security Hub AWS Single Sign- On AWS Artifact Amazon Macie Amazon Cognito Amazon GuardDuty Amazon Inspector AWS Service Catalog AWS Systems Manager AWS CloudTrail Amazon CloudWatch AWS Config AWS Directory Service AWS Firewall Manager AWS Certificate Manager AWS Key Management Service AWS VPN AWS Transit Gateway AWS Trusted Advisor AWS Control Tower AWS CloudHSM Client-side Encryption Access a deep set of cloud security tools
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Organizations AWS Master Account Organization Unit - Business Unit #1 Organization Unit - Business Unit #2 AWS Organizations AWS Account Development #1 AWS Account AWS Account Test #1 AWS Account AWS Account Production #1 AWS Account AWS Account AWS Account AWS Account AWS Account Development #2 AWS Account AWS Account Test #2 AWS Account AWS Account Production #2 AWS Account AWS Account AWS Account AWS Account
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Organizations AWS Master Account Organization Unit - Business Unit #1 Organization Unit - Business Unit #2 AWS Organizations AWS Account Development #1 AWS Account AWS Account Test #1 AWS Account AWS Account Production #1 AWS Account AWS Account AWS Account AWS Account AWS Account Development #2 AWS Account AWS Account Test #2 AWS Account AWS Account Production #2 AWS Account AWS Account AWS Account AWS Account Service Control Policy Service Control Policy Service Control Policy Service Control Policy
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS CloudTrail AWS Software Development Kit (SDK) AWS Management Console AWS Command Line Interface (CLI) >_ AWS Cloud Services Supported by AWS CloudTrail AWS CloudTrail Partner Solution SNS Topic S3 Bucket Amazon CloudWatch
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS CloudTrail – Centralized Logging AWS Account 111111111111 Services Supported by AWS CloudTrail AWS CloudTrail S3 Bucket AWS Account 222222222222 Services Supported by AWS CloudTrail AWS CloudTrail AWS Account 333333333333 Services Supported by AWS CloudTrail AWS CloudTrail AWS Account 444444444444 Services Supported by AWS CloudTrail AWS CloudTrail
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon GuardDuty
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config Rules Changing Resources AWS Config RulesAWS Config Normalized SNS Topic AWS API Endpoint CloudWatch Event The image part with relationship ID rId53 was not found in the file. AWS Systems Manager Automation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config Rules
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config – Aggregation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudWatch Events Event (event-based) Event (time-based) Targets Custom AWS APIs AWS Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudWatch Events Not just API
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager - Capabilities Automation Documents Patch Manager Parameter Store Inventory Maintenance Windows State Manager Run Command
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Focus on the Ins and Outs DevSecOps Events Alerts AWS Resources Automation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps DEV Develop software & Infrastructure-as-code following same processes and standards as application development SEC Security is embedded in your delivery processes and scans your deployment code for/based on: • Threats • Policies • Identity and Access Controls • And more OPS The security-focused software developed runs as a part of ongoing operations for your applications/ organization • Automated • Embedded in process • Always-on • An extension of your team + +
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps – Example Pipeline #1 AWS Lambda (or AWS CodeBuild) AWS CodeCommit (or S3/GitHub) AWS CodePipeline AWS CodePipeline Developer commits CloudFormation Policy FAIL PASS Developers Stack
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps – Automating Pipelines https://github.com/awslabs/aws-deployment-framework
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Focus on the Ins and Outs DevSecOps Events Automation Alerts AWS Resources
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security Automation & Compliance Focus on the evidence Mapping evidence & requirements to specific controls Not just the what, but also the how Enable your compliance team! (Yes, they are your friends)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Lambda Function Services (Anything) Changes in data state Requests to endpoints Changes in resource state • Node • Python • Java • C# • Go Event Source AWS Lambda allows you to run code in response to an event
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Wrangling Information Sources The image part with relationship ID rId3 was not found in the file. The image part with relationship ID rId16 was not found in the file. The image part with relationship ID rId39 was not found in the file. The image part with relationship ID rId40 was not found in the file. The image part with relationship ID rId41 was not found in the file. The image part with relationship ID rId42 was not found in the file. The image part with relationship ID rId44 was not found in the file. The image part with relationship ID rId45 was not found in the file. The image part with relationship ID rId47 was not found in the file. The image part with relationship ID rId48 was not found in the file. The image part with relationship ID rId49 was not found in the file. Macie CloudTrail GuardDuty Inspector Security Hub On-instance Logs VPC Flow Logs CloudWatch Logs CloudWatch Event CloudWatch Alarm The image part with relationship ID rId51 was not found in the file. S3 Data Events The image part with relationship ID rId41 was not found in the file. CloudWatch Event The image part with relationship ID rId53 was not found in the file. AWS Config AWS Lambda Function
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automated Security Response Workflow Users AWS API Endpoints AWS CloudTrail Amazon CloudWatch Event Amazon S3 Bucket AWS Lambda With IAM Role AWS API Endpoints Amazon SNS Topic (HTTP) Amazon SNS Topic (E-Mail) SecOps Engineer Third Party Tool/Ticketing System Third Party SIEM
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 4 34 THE THINGS WE WANTED TO FIX WHEN WE STARTED OHPEN… Old software leading to high hardware costs and low performance Spaghetti of applications Old fashioned customer service Insufficient audit trail and basic analytics Record keeping Vendors did not understand our business
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T From this
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T To This
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T RUTHLESSLY EFFECTIVE CLOUD-BASED CORE BANKING ENGINE
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enterprise Risk & Security
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Excel, we have to let you go
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls and risks
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What you want from compliance * Just enough: you don’t get an award for being “more compliant” –minimize costs and overhead Free: where possible, take advantage of work that people are already doing Clear: everyone should know when they are doing things right/wrong Measurable: you can tell if you are doing things right/wong Practical: rules that people can and will follow Shareable: work can be reused across systems/teams Consistent: checks/tests that work every time Non-blocking: don’t stop people from getting useful work done
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls and risks HOW? DevOps àDevSecOps àCompliance as Code
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls and risks steps 1: Risk Assessment 2. Decide on tooling 3. Setup Control Framework 4. Determine security and compliance controls
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJIS DoD SRG FERPA SEC Rule 17a-4(f) VPAT Section 508 GxP MPAA My Number Act G-Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Ohpen global security and compliance controls
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls 1. Authority Documents 2. Citations / Control Objectives 3. Map Policies 4. Setup Control Templates 5. Set Scope 6. Generate Controls 7. Automate Evidencing
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automate Evidencing DevSecOps Events Automation Alerts AWS Resources
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automate Evidencing Query your log sources Evidence your automated controls
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Networking Governance, Compliance, and Encryption Identity Active Directory integration SAML Federation Amazon VPC AWS Direct Connect Flow logs Route table Amazon VPC PrivateLink AWS WAF AWS Shield AWS Identity and Access Management MFATemporary security credentials AWS Organizations AWS Secrets Manager AWS Security Hub AWS Single Sign- On AWS Artifact Amazon Macie Amazon Cognito Amazon GuardDuty Amazon Inspector AWS Service Catalog AWS Systems Manager AWS CloudTrail Amazon CloudWatch AWS Config AWS Directory Service AWS Firewall Manager AWS Certificate Manager AWS Key Management Service AWS VPN AWS Transit Gateway AWS Trusted Advisor AWS Control Tower AWS CloudHSM Client-side Encryption Ohpen uses..
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Ohpen uses..
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Takeaways
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommandé

Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWSAmazon Web Services
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWSAmazon Web Services
 
Migrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSMigrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSAmazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...Amazon Web Services
 
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitDetecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
Building intelligent applications using AI services
Building intelligent applications using AI servicesBuilding intelligent applications using AI services
Building intelligent applications using AI servicesAmazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 

Recommandé

Building AR-VR applications on AWS
Building AR-VR applications on AWSBuilding AR-VR applications on AWS
Building AR-VR applications on AWSAmazon Web Services
 
Networking and Edge Services on AWS
Networking and Edge Services on AWSNetworking and Edge Services on AWS
Networking and Edge Services on AWSAmazon Web Services
 
Migrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSMigrating Business Critical Applications to AWS
Migrating Business Critical Applications to AWSAmazon Web Services
 
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...
AWS identity services: Enabling and securing your cloud journey - SEC203 - Ne...Amazon Web Services
 
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitDetecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
Building intelligent applications using AI services
Building intelligent applications using AI servicesBuilding intelligent applications using AI services
Building intelligent applications using AI servicesAmazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Amazon Web Services
 
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...Amazon Web Services
 
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...Amazon Web Services
 
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Amazon Web Services
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Amazon Web Services
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Amazon Web Services
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Amazon Web Services
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon Web Services
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Alexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAlexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAmazon Web Services
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Amazon Web Services
 
Breaking language barriers with AI
Breaking language barriers with AIBreaking language barriers with AI
Breaking language barriers with AIAmazon Web Services
 
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAdd intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAmazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep DiveAmazon Web Services
 
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0Amazon Web Services
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 

Contenu connexe

Tendances

Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Amazon Web Services
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitAmazon Web Services
 
Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Amazon Web Services
 
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...Amazon Web Services
 
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...Amazon Web Services
 
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Amazon Web Services
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Amazon Web Services
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Amazon Web Services
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Amazon Web Services
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Amazon Web Services
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon Web Services
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Alexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAlexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAmazon Web Services
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Amazon Web Services
 
Breaking language barriers with AI
Breaking language barriers with AIBreaking language barriers with AI
Breaking language barriers with AIAmazon Web Services
 
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAdd intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAmazon Web Services
 
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0Amazon Web Services
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Amazon Web Services
 

Tendances (20)

Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
Accelerate and secure your applications running on AWS - SVC208 - Santa Clara...
 
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
Find All the Threats: AWS Threat Detection and Remediation - SEC303 - Anaheim...
 
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS SummitDiscuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
Discuss data migration with AWS experts - STG304 - Santa Clara AWS Summit
 
Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...Accelerating product development with high performance computing - CMP301 - S...
Accelerating product development with high performance computing - CMP301 - S...
 
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
Get hands-on with AWS DeepRacer and compete in the AWS DeepRacer League - AIM...
 
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
Build intelligent applications quickly with AWS AI services - AIM301 - New Yo...
 
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
Simplified data protection with Veeam, N2WS, and AWS - DEM10 - Santa Clara AW...
 
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...Network visibility into the traffic traversing your AWS infrastructure - SVC2...
Network visibility into the traffic traversing your AWS infrastructure - SVC2...
 
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
Migliora la disponibilità e le prestazioni delle tue applicazioni con Amazon ...
 
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
Next generation intelligent data lakes, powered by GraphQL & AWS AppSync - MA...
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
 
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS SummitAmazon digital user engagement solutions - SVC221 - New York AWS Summit
Amazon digital user engagement solutions - SVC221 - New York AWS Summit
 
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdfWhat's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
What's new in Amazon Aurora - ADB204 - Santa Clara AWS Summit.pdf
 
Alexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS SummitAlexa + IoT - SVC203 - New York AWS Summit
Alexa + IoT - SVC203 - New York AWS Summit
 
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
Deep dive on AWS Cloud storage offerings - What to use, where, and why - STG3...
 
Breaking language barriers with AI
Breaking language barriers with AIBreaking language barriers with AI
Breaking language barriers with AI
 
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdfAdd intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
Add intelligence to applications - AIM205 - Santa Clara AWS Summit.pdf
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
Move users to AWS with Amazon WorkSpaces and Amazon AppStream 2-0
 
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
Introduction to EC2 A1 instances, powered by the AWS Graviton processor - CMP...
 

Similaire à Managing Enterprise security in the Cloud

Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitAmazon Web Services
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Amazon Web Services
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Amazon Web Services
 
Security at the Speed of Cloud How to Think About it & How You Can Do it Now
Security at the Speed of Cloud How to Think About it & How You Can Do it NowSecurity at the Speed of Cloud How to Think About it & How You Can Do it Now
Security at the Speed of Cloud How to Think About it & How You Can Do it NowAmazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Amazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitAmazon Web Services
 
Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...
Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...
Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...Amazon Web Services
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Amazon Web Services
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitAmazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 

Similaire à Managing Enterprise security in the Cloud (20)

Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWS
 
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS SummitThreat detection and mitigation at AWS - SEC201 - New York AWS Summit
Threat detection and mitigation at AWS - SEC201 - New York AWS Summit
 
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
Find all the threats: AWS threat detection and mitigation - SEC302 - Santa Cl...
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...Continuous security monitoring and threat detection with AWS services - SEC20...
Continuous security monitoring and threat detection with AWS services - SEC20...
 
Security at the Speed of Cloud How to Think About it & How You Can Do it Now
Security at the Speed of Cloud How to Think About it & How You Can Do it NowSecurity at the Speed of Cloud How to Think About it & How You Can Do it Now
Security at the Speed of Cloud How to Think About it & How You Can Do it Now
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
 
Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...
Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...
Beyond Security Automation: How to Move Past Developing Ad-hoc Tools and Make...
 
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
Find all the threats - AWS threat detection and remediation - SEC202 - Atlant...
 
Threat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS SummitThreat detection - SEC207 - New York AWS Summit
Threat detection - SEC207 - New York AWS Summit
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Managing Enterprise security in the Cloud

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Managing Enterprise Security in the Cloud Koen van Blijderveen Security, Risk & Compliance Consultant – AWS Professional Services Bas Wouwenaar Chief Information Officer - Ohpen B U S 0 0 1
  • 2. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Global Infrastructure 20 Regions – 61 Availability Zones – 158 Edge Locations Announced Regions Bahrain, Cape Town, Hong Kong, Jakarta, Milan US East N. Virginia (6), Ohio (3) US West N. California (3), Oregon (4) Asia Pacific Mumbai (2), Seoul (2), Singapore (3), Sydney (3), Tokyo (4), Osaka- Local (1) Canada Central (2) China Beijing (2), Ningxia (3) Europe Frankfurt (3), Ireland (3), London (3), Paris (3), Stockholm (3) South America São Paulo (3) AWS GovCloud (US) US-East (3), US-West (3) Region & Number of Availability Zones
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Move to AWS – Strengthen Your Security Posture
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJIS DoD SRG FERPA SEC Rule 17a-4(f) VPAT Section 508 GxP MPAA My Number Act G-Cloud
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared Responsibility Model Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer AWS
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security Engineering – Then and Now
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T But, do I have to?... CostScale Reliability/ Repeatability
  • 9. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Networking Governance, Compliance, and Encryption Identity Active Directory integration SAML Federation Amazon VPC AWS Direct Connect Flow logs Route table Amazon VPC PrivateLink AWS WAF AWS Shield AWS Identity and Access Management MFATemporary security credentials AWS Organizations AWS Secrets Manager AWS Security Hub AWS Single Sign- On AWS Artifact Amazon Macie Amazon Cognito Amazon GuardDuty Amazon Inspector AWS Service Catalog AWS Systems Manager AWS CloudTrail Amazon CloudWatch AWS Config AWS Directory Service AWS Firewall Manager AWS Certificate Manager AWS Key Management Service AWS VPN AWS Transit Gateway AWS Trusted Advisor AWS Control Tower AWS CloudHSM Client-side Encryption Access a deep set of cloud security tools
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Organizations AWS Master Account Organization Unit - Business Unit #1 Organization Unit - Business Unit #2 AWS Organizations AWS Account Development #1 AWS Account AWS Account Test #1 AWS Account AWS Account Production #1 AWS Account AWS Account AWS Account AWS Account AWS Account Development #2 AWS Account AWS Account Test #2 AWS Account AWS Account Production #2 AWS Account AWS Account AWS Account AWS Account
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Organizations AWS Master Account Organization Unit - Business Unit #1 Organization Unit - Business Unit #2 AWS Organizations AWS Account Development #1 AWS Account AWS Account Test #1 AWS Account AWS Account Production #1 AWS Account AWS Account AWS Account AWS Account AWS Account Development #2 AWS Account AWS Account Test #2 AWS Account AWS Account Production #2 AWS Account AWS Account AWS Account AWS Account Service Control Policy Service Control Policy Service Control Policy Service Control Policy
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS CloudTrail AWS Software Development Kit (SDK) AWS Management Console AWS Command Line Interface (CLI) >_ AWS Cloud Services Supported by AWS CloudTrail AWS CloudTrail Partner Solution SNS Topic S3 Bucket Amazon CloudWatch
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS CloudTrail – Centralized Logging AWS Account 111111111111 Services Supported by AWS CloudTrail AWS CloudTrail S3 Bucket AWS Account 222222222222 Services Supported by AWS CloudTrail AWS CloudTrail AWS Account 333333333333 Services Supported by AWS CloudTrail AWS CloudTrail AWS Account 444444444444 Services Supported by AWS CloudTrail AWS CloudTrail
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon GuardDuty
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config Rules Changing Resources AWS Config RulesAWS Config Normalized SNS Topic AWS API Endpoint CloudWatch Event The image part with relationship ID rId53 was not found in the file. AWS Systems Manager Automation
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config Rules
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Config – Aggregation
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudWatch Events Event (event-based) Event (time-based) Targets Custom AWS APIs AWS Cloud
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Amazon CloudWatch Events Not just API
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Systems Manager - Capabilities Automation Documents Patch Manager Parameter Store Inventory Maintenance Windows State Manager Run Command
  • 23. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Focus on the Ins and Outs DevSecOps Events Alerts AWS Resources Automation
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps DEV Develop software & Infrastructure-as-code following same processes and standards as application development SEC Security is embedded in your delivery processes and scans your deployment code for/based on: • Threats • Policies • Identity and Access Controls • And more OPS The security-focused software developed runs as a part of ongoing operations for your applications/ organization • Automated • Embedded in process • Always-on • An extension of your team + +
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps – Example Pipeline #1 AWS Lambda (or AWS CodeBuild) AWS CodeCommit (or S3/GitHub) AWS CodePipeline AWS CodePipeline Developer commits CloudFormation Policy FAIL PASS Developers Stack
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps – Automating Pipelines https://github.com/awslabs/aws-deployment-framework
  • 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Focus on the Ins and Outs DevSecOps Events Automation Alerts AWS Resources
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security Automation & Compliance Focus on the evidence Mapping evidence & requirements to specific controls Not just the what, but also the how Enable your compliance team! (Yes, they are your friends)
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T AWS Lambda Function Services (Anything) Changes in data state Requests to endpoints Changes in resource state • Node • Python • Java • C# • Go Event Source AWS Lambda allows you to run code in response to an event
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Wrangling Information Sources The image part with relationship ID rId3 was not found in the file. The image part with relationship ID rId16 was not found in the file. The image part with relationship ID rId39 was not found in the file. The image part with relationship ID rId40 was not found in the file. The image part with relationship ID rId41 was not found in the file. The image part with relationship ID rId42 was not found in the file. The image part with relationship ID rId44 was not found in the file. The image part with relationship ID rId45 was not found in the file. The image part with relationship ID rId47 was not found in the file. The image part with relationship ID rId48 was not found in the file. The image part with relationship ID rId49 was not found in the file. Macie CloudTrail GuardDuty Inspector Security Hub On-instance Logs VPC Flow Logs CloudWatch Logs CloudWatch Event CloudWatch Alarm The image part with relationship ID rId51 was not found in the file. S3 Data Events The image part with relationship ID rId41 was not found in the file. CloudWatch Event The image part with relationship ID rId53 was not found in the file. AWS Config AWS Lambda Function
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automated Security Response Workflow Users AWS API Endpoints AWS CloudTrail Amazon CloudWatch Event Amazon S3 Bucket AWS Lambda With IAM Role AWS API Endpoints Amazon SNS Topic (HTTP) Amazon SNS Topic (E-Mail) SecOps Engineer Third Party Tool/Ticketing System Third Party SIEM
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 4 34 THE THINGS WE WANTED TO FIX WHEN WE STARTED OHPEN… Old software leading to high hardware costs and low performance Spaghetti of applications Old fashioned customer service Insufficient audit trail and basic analytics Record keeping Vendors did not understand our business
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T From this
  • 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T To This
  • 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T RUTHLESSLY EFFECTIVE CLOUD-BASED CORE BANKING ENGINE
  • 38. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enterprise Risk & Security
  • 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Excel, we have to let you go
  • 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls and risks
  • 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What you want from compliance * Just enough: you don’t get an award for being “more compliant” –minimize costs and overhead Free: where possible, take advantage of work that people are already doing Clear: everyone should know when they are doing things right/wrong Measurable: you can tell if you are doing things right/wong Practical: rules that people can and will follow Shareable: work can be reused across systems/teams Consistent: checks/tests that work every time Non-blocking: don’t stop people from getting useful work done
  • 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls and risks HOW? DevOps àDevSecOps àCompliance as Code
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls and risks steps 1: Risk Assessment 2. Decide on tooling 3. Setup Control Framework 4. Determine security and compliance controls
  • 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJIS DoD SRG FERPA SEC Rule 17a-4(f) VPAT Section 508 GxP MPAA My Number Act G-Cloud
  • 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Ohpen global security and compliance controls
  • 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automating controls 1. Authority Documents 2. Citations / Control Objectives 3. Map Policies 4. Setup Control Templates 5. Set Scope 6. Generate Controls 7. Automate Evidencing
  • 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automate Evidencing DevSecOps Events Automation Alerts AWS Resources
  • 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Automate Evidencing Query your log sources Evidence your automated controls
  • 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Networking Governance, Compliance, and Encryption Identity Active Directory integration SAML Federation Amazon VPC AWS Direct Connect Flow logs Route table Amazon VPC PrivateLink AWS WAF AWS Shield AWS Identity and Access Management MFATemporary security credentials AWS Organizations AWS Secrets Manager AWS Security Hub AWS Single Sign- On AWS Artifact Amazon Macie Amazon Cognito Amazon GuardDuty Amazon Inspector AWS Service Catalog AWS Systems Manager AWS CloudTrail Amazon CloudWatch AWS Config AWS Directory Service AWS Firewall Manager AWS Certificate Manager AWS Key Management Service AWS VPN AWS Transit Gateway AWS Trusted Advisor AWS Control Tower AWS CloudHSM Client-side Encryption Ohpen uses..
  • 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Ohpen uses..
  • 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T
  • 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Takeaways
  • 54. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.