Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Stephen Schmidt
Vice President, Security Enginee...
1) Why is security such a hot topic?
Because it’s important, and it’s hard
2) Why is enterprise security traditionally so hard?
Because so much planning is needed
3) Why does planning take so long?
Because it requires so many processes
4) Why so many processes?
Because mistakes are easy
to make and hard to correct
5) Why are mistakes so hard to correct?
Lack of visibility Low degree of automation
So where does AWS come in?
AWS makes security
more agile
Lets you move fast while
staying safe
New tools to move fast and stay safe
Amazon Inspector
AWS WAF
AWS Config Rules
Amazon Inspector (Preview)
Security assessment tool analyzing end-to-end
application configuration and activity
Why Amazon Inspector?
Applications testing key to moving fast but staying safe
Security assessment highly manual, resultin...
Amazon Inspector features
Configuration Scanning Engine
Activity monitoring
Built-in content library
Automatable via API
F...
Amazon Inspector rulesets
CVE
Network Security Best Practices
Authentication Best Practices
Operating System Best Practice...
Amazon Inspector benefits
Increased agility
Embedded expertise
Improved security posture
Streamlined compliance
Getting started
Prioritized findings
Detailed remediation recommendations
AWS WAF
AWS WAF features
Web filtering
Amazon CloudFront integration
Centralized rule management
Real-time visibility
API automati...
AWS WAF benefits
Increased protection
against web attacks
Ease of deployment and
maintenance
Security embedded in
developm...
AWS WAF in action
AWS Management
ConsoleAdmins
Developers AWS API
Web app in
CloudFront
Define rules
Deploy
protection
AWS...
AWS WAF Partner integrations
• Alert Logic, Trend Micro, and Imperva integrating with AWS WAF
• Offer additional detection...
AWS Config Rules
AWS Config Rules features
Flexible rules evaluated continuously and
retroactively
Dashboard and reports for common goals
C...
AWS Config Rules
Broad ecosystem of solutions
AWS Config Rules benefits
Continuous monitoring for
unexpected changes
Shared compliance
across your organization
Simplifi...
AWS Config Rules
Putting it all together: Before
Auditor:
???
Develops
app
Reviews
app
Fixes
app
Updates
app
Fixes
broken
AWS
WAF
rules
Dep...
Putting it all together: After
Auditor has
full visibility
Defines
standards
Develops
app
Fixes
app
Defines
AWS WAF
rules
...
Making Life Easier
Making life easier
Choosing security does not mean giving up
on convenience or introducing complexity
© 2015 OCEDO
OCEDO FOR AMAZON WEB SERVICES
- Angelo Comazzetto
© 2015 OCEDO
Security Convenience
Ocedo for AWS
Automate your network
(C) Copyright Schmidt-Ohm & Partner GmbH, Hamburg,an...
© 2015 OCEDO
Ocedo for AWS
Automate your network
© 2015 OCEDO
Ocedo for AWS
Automate your network
Authenticate to AWS
© 2015 OCEDO
Authenticate to AWS
Import VPCs
Ocedo for AWS
Automate your network
© 2015 OCEDO
Authenticate to AWS
Import VPCs
Deploy Ocedo
Ocedo for AWS
Automate your network
© 2015 OCEDO
Authenticate to AWS
Import VPCs
Deploy Ocedo
Ocedo for AWS
Automate your network
© 2015 OCEDO
Your
AWS
account
Ocedo
Cloud
account
IAM
role
sts.assu
merole
Ocedo for AWS
Automate your network
© 2015 OCEDO
www.ocedo.com/aws
Send us your praises, your rants, and stories of glory!
aws@ocedo.com
Security by Design (SbD)
Security by Design – SbD
• Systematic approach to ensure security
• Formalizes AWS account design
• Automates security con...
SbD – Scripting your governance policy
Set of CloudFormation templates that accelerate
compliance with PCI, HIPAA, FFIEC, ...
How We Build Our Organization
AWS Security Team
Operations
Application Security
Engineering
Compliance
Aligned for agility
Security ownership as part of DNA
• Promotes culture of “everyone is an owner” for security
• Makes security a stakeholder...
Operating principles
Separation of duties
Different personnel across service lines
Least privilege
Technology to automate operational principles
Visibility through automation
Shrinking the protection boundaries
Ubiquitous...
Security Training
New security training
Training
Security Fundamentals on AWS
(Free online course)
Security Operations on AWS
(3-day class)
...
Certification and education
• Security Fundamentals on AWS
• Free online course for security auditors and analysts
• Secur...
The Bottom Line
Design and deploy
Define sensible defaults
Inherit compliance controls
Use available security
features
Manage templates—no...
Operate and improve
Constantly reduce the role of
people
Reduce privileged accounts
Concentrate on what matters
Conclusions
Security is critical
We’re creating tools to make it
easier
We’re creating ways to help
you build a world-clas...
Don’t take my word for it…
“CIOs and CISOs need to stop obsessing over
unsubstantiated cloud security worries, and instead...
Thank you!
Remember to complete
your evaluations!
Prochain SlideShare
Chargement dans…5
×

(SEC201) How Should We All Think About Security?

32 315 vues

Publié le

Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, Vice President and Chief Information Security Officer, shares his insights into cloud security and how AWS meets customers' demanding security and compliance requirements—and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers.

Publié dans : Technologie

(SEC201) How Should We All Think About Security?

  1. 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Stephen Schmidt Vice President, Security Engineering & CISO October 2015 SEC201 How Should We All Think About Security?
  2. 2. 1) Why is security such a hot topic? Because it’s important, and it’s hard
  3. 3. 2) Why is enterprise security traditionally so hard? Because so much planning is needed
  4. 4. 3) Why does planning take so long? Because it requires so many processes
  5. 5. 4) Why so many processes? Because mistakes are easy to make and hard to correct
  6. 6. 5) Why are mistakes so hard to correct? Lack of visibility Low degree of automation
  7. 7. So where does AWS come in? AWS makes security more agile Lets you move fast while staying safe
  8. 8. New tools to move fast and stay safe Amazon Inspector AWS WAF AWS Config Rules
  9. 9. Amazon Inspector (Preview) Security assessment tool analyzing end-to-end application configuration and activity
  10. 10. Why Amazon Inspector? Applications testing key to moving fast but staying safe Security assessment highly manual, resulting in delays or missed security checks Valuable security subject matter experts spending too much time on routine security assessment
  11. 11. Amazon Inspector features Configuration Scanning Engine Activity monitoring Built-in content library Automatable via API Fully auditable
  12. 12. Amazon Inspector rulesets CVE Network Security Best Practices Authentication Best Practices Operating System Best Practices Application Security Best Practices PCI DCSS 3.0 Readiness
  13. 13. Amazon Inspector benefits Increased agility Embedded expertise Improved security posture Streamlined compliance
  14. 14. Getting started
  15. 15. Prioritized findings
  16. 16. Detailed remediation recommendations
  17. 17. AWS WAF
  18. 18. AWS WAF features Web filtering Amazon CloudFront integration Centralized rule management Real-time visibility API automation
  19. 19. AWS WAF benefits Increased protection against web attacks Ease of deployment and maintenance Security embedded in development process
  20. 20. AWS WAF in action AWS Management ConsoleAdmins Developers AWS API Web app in CloudFront Define rules Deploy protection AWS WAF
  21. 21. AWS WAF Partner integrations • Alert Logic, Trend Micro, and Imperva integrating with AWS WAF • Offer additional detection and threat intelligence • Dynamically modify rulesets of AWS WAF for increased protection
  22. 22. AWS Config Rules
  23. 23. AWS Config Rules features Flexible rules evaluated continuously and retroactively Dashboard and reports for common goals Customizable remediation API automation
  24. 24. AWS Config Rules Broad ecosystem of solutions
  25. 25. AWS Config Rules benefits Continuous monitoring for unexpected changes Shared compliance across your organization Simplified management of configuration changes
  26. 26. AWS Config Rules
  27. 27. Putting it all together: Before Auditor: ??? Develops app Reviews app Fixes app Updates app Fixes broken AWS WAF rules Deploys AWS WAF rules Reviews app
  28. 28. Putting it all together: After Auditor has full visibility Defines standards Develops app Fixes app Defines AWS WAF rules Optimizes environment Runs security tests Rapid updates
  29. 29. Making Life Easier
  30. 30. Making life easier Choosing security does not mean giving up on convenience or introducing complexity
  31. 31. © 2015 OCEDO OCEDO FOR AMAZON WEB SERVICES - Angelo Comazzetto
  32. 32. © 2015 OCEDO Security Convenience Ocedo for AWS Automate your network (C) Copyright Schmidt-Ohm & Partner GmbH, Hamburg,and licensed for reuse under the Creative Commons Attribution 3.0 License.
  33. 33. © 2015 OCEDO Ocedo for AWS Automate your network
  34. 34. © 2015 OCEDO Ocedo for AWS Automate your network Authenticate to AWS
  35. 35. © 2015 OCEDO Authenticate to AWS Import VPCs Ocedo for AWS Automate your network
  36. 36. © 2015 OCEDO Authenticate to AWS Import VPCs Deploy Ocedo Ocedo for AWS Automate your network
  37. 37. © 2015 OCEDO Authenticate to AWS Import VPCs Deploy Ocedo Ocedo for AWS Automate your network
  38. 38. © 2015 OCEDO Your AWS account Ocedo Cloud account IAM role sts.assu merole Ocedo for AWS Automate your network
  39. 39. © 2015 OCEDO www.ocedo.com/aws Send us your praises, your rants, and stories of glory! aws@ocedo.com
  40. 40. Security by Design (SbD)
  41. 41. Security by Design – SbD • Systematic approach to ensure security • Formalizes AWS account design • Automates security controls • Streamlines auditing • Provides control insights throughout the IT management processAWS CloudTrail AWS CloudHSM AWS IAM AWS KMS AWS Config
  42. 42. SbD – Scripting your governance policy Set of CloudFormation templates that accelerate compliance with PCI, HIPAA, FFIEC, FISMA, CJIS Result: Reliable technical implementation of administrative controls
  43. 43. How We Build Our Organization
  44. 44. AWS Security Team Operations Application Security Engineering Compliance Aligned for agility
  45. 45. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
  46. 46. Operating principles Separation of duties Different personnel across service lines Least privilege
  47. 47. Technology to automate operational principles Visibility through automation Shrinking the protection boundaries Ubiquitous encryption
  48. 48. Security Training
  49. 49. New security training Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
  50. 50. Certification and education • Security Fundamentals on AWS • Free online course for security auditors and analysts • Security Operations on AWS • 3-day class for security engineers, architects, analysts, and auditors • Security Certification on AWS • Available here at re:Invent for those who have achieved AWS Solutions Architect – Professional certification
  51. 51. The Bottom Line
  52. 52. Design and deploy Define sensible defaults Inherit compliance controls Use available security features Manage templates—not instances
  53. 53. Operate and improve Constantly reduce the role of people Reduce privileged accounts Concentrate on what matters
  54. 54. Conclusions Security is critical We’re creating tools to make it easier We’re creating ways to help you build a world-class team You can move fast and stay safe
  55. 55. Don’t take my word for it… “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly and reliably leverage the benefits of this increasingly ubiquitous computing model.” Clouds Are Secure: Are You Using Them Securely? Published: 22 September 2015 -- Jay Heiser
  56. 56. Thank you!
  57. 57. Remember to complete your evaluations!

×