SlideShare une entreprise Scribd logo
1  sur  52
© 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
Understanding AWS security
Stephen Quigg,
Solutions Architect, Amazon Web Services, APAC
Our customers have different viewpoints on security
PR
Keep out of the news!
CEO
Protect shareholder
value
CI(S)O
Preserve the
confidentiality, integrity
and availability of data
Security is always our number one priority at AWS
PEOPLE &
PROCEDURES
NETWORK
SECURITY
PHYSICAL
SECURITY
PLATFORM
SECURITY
Comprehensive Security Capabilities to Support Virtually Any Workload
SECURITY IS SHARED
WHAT NEEDS
TO BE DONE
TO KEEP THE
SYSTEM SAFE
WHAT
WE DO
WHAT YOU
HAVE TO DO
EVERY CUSTOMER HAS ACCESS
TO THE SAME SECURITY
CAPABILITIES
CHOOSE WHAT’S RIGHT FOR YOUR BUSINESS
AWS SECURITY OFFERS MORE
VISIBILITY
AUDITABILITY
CONTROL
MORE VISIBILITY
CAN YOU MAP YOUR
NETWORK?
WHAT IS IN YOUR
ENVIRONMENT RIGHT NOW?
 Understanding AWS Security
 Understanding AWS Security
TRUSTED ADVISOR
 Understanding AWS Security
 Understanding AWS Security
MORE AUDITABILITY
 Understanding AWS Security
SECURITY CONTROL OBJECTIVES
1. SECURITY ORGANIZATION
2. AMAZON USER ACCESS
3. LOGICAL SECURITY
4. SECURE DATA HANDLING
5. PHYSICAL SECURITY AND ENV. SAFEGUARDS
6. CHANGE MANAGEMENT
7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY
8. INCIDENT HANDLING
 Understanding AWS Security
AWS CLOUDTRAIL
You are making
API calls...
On a growing set of
services …
CloudTrail is
continuously
recording API
calls…
And delivering
log files to you
Security analysis
Use log files as an input into log management and analysis solutions to perform
security analysis and to detect user behavior patterns.
Track changes to AWS resources
Track creation, modification, and deletion of AWS resources such as Amazon EC2
instances, Amazon VPC security groups and Amazon EBS volumes.
Troubleshoot operational issues
Quickly identify the most recent changes made to resources in your environment.
Compliance and audit aid
Easier to demonstrate compliance with internal policies and regulatory standards.
‣  CloudTrail records API calls and
delivers a log file to your S3 bucket.
‣  Typically, delivers an event within 15
minutes of the API call.
‣  Log files are delivered approximately
every 5 minutes.
‣  Multiple partners offer integrated
solutions to analyze log files,
including Splunk, SumoLogic and
Loggly
Amazon CloudWatch Logs can monitor your system,
application and custom log files from Amazon EC2
instances and other sources, for example:
Monitor your web server http log files and use
CloudWatch Metrics filters to identify 404 errors and
count the number of occurrences within a specified
time period
CloudWatch Alarms can then notify you when the
number of 404 errors breaches whatever threshold you
decide to set – you could use this to automatically
generate a ticket for investigation
Now monitor everything with CloudWatch logs
MORE CONTROL
Defense in Depth
Multi level security
•  Physical security of the data centers
•  Network security
•  System security
•  Data security DATA
AWS Security Delivers More Control & Granularity
Choose what’s right for your business needs
AWS
CloudHSM
Defense in depth
Rapid scale for security
Automated checks with AWS Trusted Advisor
Fine grained access controls
Server side encryption
Multi-factor authentication
Dedicated instances
Direct connection, Storage Gateway
HSM-based key storage
AWS IAM
Amazon VPC
AWS Direct
Connect
AWS Storage
Gateway
AWS EMPLOYEE ACCESS
‣  Staff vetting
‣  No logical access to customer instances
‣  Control-plane access limited and monitored
Bastion hosts, Least privileged model, Zoned data center
access
‣  Access based on strict business needs
‣  Separate PAMS
 Understanding AWS Security
Every network has fine-grained security control built-in
AvailabilityZoneA
AvailabilityZoneB
You control your VPC
address range
•  Your own private, isolated
section of the AWS cloud
•  Every VPC has a private IP
address space you define
•  Create your own subnets and
control all internal and
external connectivity
AWS network security
•  AWS network will prevent
spoofing and other common
layer 2 attacks
•  Every compute instance gets
multiple security groups -
stateful firewalls
•  Every subnet gets network
access control lists
Control firewalls for every host with security groups
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
EC
2
10.0.5.0/24
Jump
10.0.4.0/24
EC
2
App
“Web servers will accept Port 80
from load balancers”
“App servers will
accept Port 8080
from web
servers”
“Allow SSH
access only from
from Jump Hosts”
Log
EC
2
Web
Load
balancing
Control traffic between each subnet with NACLs
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
10.0.3.0/24
EC
2
10.0.5.0/24
Jump
10.0.4.0/24
EC
2
App Log
EC
2
Web
“Deny all traffic between the web
server subnet and the database
server subnet”
Load
balancing
Control all traffic routing to the Internet
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
EC
2
10.0.3.0/24
EC
2
10.0.4.0/24
EC
2
App
EC
2
WebEC
2
WebEC
2
EC
2
Web
Internet Gateway
Control Internet routing
•  Create Public subnets and
Private subnets
•  Implement DMZ architectures
as per normal best practices
•  Allocate static Elastic IP
addresses or use AWS-
managed public IP addresses
Load
balancing
Connect in private to your existing datacentres
VPC A - 10.0.0.0/16
AvailabilityZoneA
10.0.1.0/24
10.0.2.0/24
EC
2
10.0.3.0/24
EC
2
10.0.4.0/24
EC
2
App
EC
2
WebEC
2
WebEC
2
EC
2
Web
Use Internet VPNs
or use AWS Direct
Connect
Your premises
Load
balancing
Every website can absorb attack and scale out
Amazon S3
Distributed
attackers
Customers
Customers
Route53
Sydney region
CloudFront
Your VPC
WAFWAF WAFWAF
ELB ELB
ELB ELB
App App App App
Auto
Scaling
Auto
Scaling
Auto
Scaling
Auto
Scaling
MORE CONTROL
OF YOUR DATA
YOUR DATA STAYS
WHERE YOU PUT IT
AWS	
  Region	
  
US-WEST (N. California)
 EU-WEST (Ireland)
ASIA PAC (Tokyo)
ASIA PAC
(Singapore)
US-WEST (Oregon)
SOUTH AMERICA (Sao Paulo)
US-EAST (Virginia)
GOV CLOUD
ASIA PAC
(Sydney)
It’s not just having services in a couple of regions
You can stay onshore in Australia if you need to
AWS Sydney Region
Multiple availability
zones
MFA DELETE PROTECTION
 Understanding AWS Security
YOU CAN ENCRYPT ALL OF YOUR DATA
CHOOSE WHAT’S RIGHT FOR YOU
Automated – AWS manages encryption
Enabled – user manages encryption using AWS
Client-side – user manages encryption their own way
ENCRYPT YOUR SENSITIVE DATA
AWS CLOUDHSM
AMAZON S3 SSE
AMAZON GLACIER
AMAZON REDSHIFT
AMAZON RDS
Managed and monitored by AWS, but
you control the keys
Increase performance for applications
that use HSMs for key storage or
encryption
Comply with stringent regulatory and
contractual requirements for key
protection
EC2 Instance
AWS CloudHSM
AWS CloudHSM
You can store your encryption keys in AWS CloudHSM
CONTROL WHO CAN DO WHAT WITH YOUR
AWS ACCOUNT
 Understanding AWS Security
Control access and segregate duties everywhere
With	
  AWS	
  IAM	
  you	
  get	
  to	
  control	
  who	
  can	
  do	
  
what	
  in	
  your	
  AWS	
  environment	
  and	
  from	
  where	
  
	
  
Fine-­‐grained	
  control	
  of	
  your	
  AWS	
  cloud	
  with	
  two-­‐
factor	
  authen<ca<on	
  
	
  
Integrated	
  with	
  your	
  exis<ng	
  corporate	
  directory	
  
using	
  SAML	
  2.0	
  and	
  single	
  sign-­‐on	
  
AWS account
owner
Network
management
Security
management
Server
management
Storage
management
AWS IAM: Recent innovations
Securely control access to AWS services and resources
•  Delegation
–  Roles for Amazon EC2
–  Cross-account access
•  Powerful integrated permissions
–  Resource level permissions:
Amazon EC2, Amazon RDS,
Amazon DynamoDB, AWS
CloudFormation
–  Access control policy variables
–  Policy Simulator
–  Enhanced IAM support: Amazon
SWF, Amazon EMR, AWS Storage
Gateway, AWS CloudFormation,
Amazon Redshift, Elastic Beanstalk
•  Federation
–  Web Identity Federation
–  AD and Shibboleth examples
–  Partner integrations
•  Strong authentication
–  MFA-protected API access
–  Password policies
•  Enhanced documentation and
videos
PROTECT YOUR LOGS WITH IAM
ARCHIVE YOUR LOGS TO S3 AND
GLACIER
You get to do all of this in
DEVELOPMENT
TESTING
PRODUCTION
Expand your skills with AWS
Certification
aws.amazon.com/certification
Exams
Validate your proven
technical expertise with
the AWS platform
On-Demand
Resources
aws.amazon.com/training/
self-paced-labs
Videos & Labs
Get hands-on practice
working with AWS
technologies in a live
environment
aws.amazon.com/training
Instructor-Led
Courses
Training Classes
Expand your technical
expertise to design, deploy,
and operate scalable,
efficient applications on AWS
Thank you
Stephen Quigg
Principal Security Solutions Architect – Asia Pacific
Amazon Web Services

Contenu connexe

Tendances

AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
“Spikey Workloads” Emergency Management in the Cloud
“Spikey Workloads” Emergency Management in the Cloud“Spikey Workloads” Emergency Management in the Cloud
“Spikey Workloads” Emergency Management in the CloudAmazon Web Services
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...Amazon Web Services
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSAmazon Web Services
 
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityLalitMohanSharma8
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Amazon Web Services
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-securitykartikaryan4
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 

Tendances (20)

AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
“Spikey Workloads” Emergency Management in the Cloud
“Spikey Workloads” Emergency Management in the Cloud“Spikey Workloads” Emergency Management in the Cloud
“Spikey Workloads” Emergency Management in the Cloud
 
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
AWS re:Invent 2016: Security Automation: Spend Less Time Securing Your Applic...
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWS
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Using Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWSUsing Security to Build with Confidence in AWS
Using Security to Build with Confidence in AWS
 
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
Fundamentals of Networking and Security on AWS - AWS Summit Tel Aviv 2017
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
 
Aws certified-security
Aws certified-securityAws certified-security
Aws certified-security
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
Deep Dive on IoT at AWS
Deep Dive on IoT at AWSDeep Dive on IoT at AWS
Deep Dive on IoT at AWS
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 

En vedette

AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAmazon Web Services
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Amazon Web Services
 
Securing Your Data In The Cloud
Securing Your Data In The CloudSecuring Your Data In The Cloud
Securing Your Data In The CloudOmer Trajman
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriOWASP Delhi
 
Building Your Data Warehouse with Amazon Redshift
Building Your Data Warehouse with Amazon RedshiftBuilding Your Data Warehouse with Amazon Redshift
Building Your Data Warehouse with Amazon RedshiftAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...Amazon Web Services
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeAmazon Web Services
 

En vedette (20)

AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
Auto-Scaling Web Application Security in Amazon Web Services (SEC308) | AWS r...
 
Securing Your Data In The Cloud
Securing Your Data In The CloudSecuring Your Data In The Cloud
Securing Your Data In The Cloud
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 
AWS Deployment Best Practices
AWS Deployment Best PracticesAWS Deployment Best Practices
AWS Deployment Best Practices
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 
Cloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit GiriCloud security best practices in AWS by: Ankit Giri
Cloud security best practices in AWS by: Ankit Giri
 
Building Your Data Warehouse with Amazon Redshift
Building Your Data Warehouse with Amazon RedshiftBuilding Your Data Warehouse with Amazon Redshift
Building Your Data Warehouse with Amazon Redshift
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting Practice
 

Similaire à Understanding AWS Security

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도Amazon Web Services Korea
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...Amazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Amazon Web Services
 
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)Amazon Web Services
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats CloudCheckr
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
Architecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlayArchitecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlayAmazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security  - Usman ShakeelAWS Cloud Controls for Security  - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAmazon Web Services
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 

Similaire à Understanding AWS Security (20)

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
AWS re:Invent 2016: Hackproof Your Cloud: Responding to 2016 Threats (SAC308)
 
Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats Hackproof Your Cloud: Responding to 2016 Threats
Hackproof Your Cloud: Responding to 2016 Threats
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
Architecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlayArchitecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlay
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security  - Usman ShakeelAWS Cloud Controls for Security  - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Dernier

The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)codyslingerland1
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingMAGNIntelligence
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and businessFrancesco Corti
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarThousandEyes
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Libraryshyamraj55
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxNeo4j
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Muhammad Tiham Siddiqui
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch TuesdayIvanti
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 

Dernier (20)

The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)The New Cloud World Order Is FinOps (Slideshow)
The New Cloud World Order Is FinOps (Slideshow)
 
Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
IT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced ComputingIT Service Management (ITSM) Best Practices for Advanced Computing
IT Service Management (ITSM) Best Practices for Advanced Computing
 
From the origin to the future of Open Source model and business
From the origin to the future of  Open Source model and businessFrom the origin to the future of  Open Source model and business
From the origin to the future of Open Source model and business
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
EMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? WebinarEMEA What is ThousandEyes? Webinar
EMEA What is ThousandEyes? Webinar
 
How to release an Open Source Dataweave Library
How to release an Open Source Dataweave LibraryHow to release an Open Source Dataweave Library
How to release an Open Source Dataweave Library
 
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptxEmil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
Emil Eifrem at GraphSummit Copenhagen 2024 - The Art of the Possible.pptx
 
Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)Trailblazer Community - Flows Workshop (Session 2)
Trailblazer Community - Flows Workshop (Session 2)
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
March Patch Tuesday
March Patch TuesdayMarch Patch Tuesday
March Patch Tuesday
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Planetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile BrochurePlanetek Italia Srl - Corporate Profile Brochure
Planetek Italia Srl - Corporate Profile Brochure
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 

Understanding AWS Security

  • 1. © 2014 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc. Understanding AWS security Stephen Quigg, Solutions Architect, Amazon Web Services, APAC
  • 2. Our customers have different viewpoints on security PR Keep out of the news! CEO Protect shareholder value CI(S)O Preserve the confidentiality, integrity and availability of data
  • 3. Security is always our number one priority at AWS PEOPLE & PROCEDURES NETWORK SECURITY PHYSICAL SECURITY PLATFORM SECURITY Comprehensive Security Capabilities to Support Virtually Any Workload
  • 5. WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
  • 7. EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES CHOOSE WHAT’S RIGHT FOR YOUR BUSINESS
  • 8. AWS SECURITY OFFERS MORE VISIBILITY AUDITABILITY CONTROL
  • 10. CAN YOU MAP YOUR NETWORK? WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?
  • 18. SECURITY CONTROL OBJECTIVES 1. SECURITY ORGANIZATION 2. AMAZON USER ACCESS 3. LOGICAL SECURITY 4. SECURE DATA HANDLING 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS 6. CHANGE MANAGEMENT 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY 8. INCIDENT HANDLING
  • 21. You are making API calls... On a growing set of services … CloudTrail is continuously recording API calls… And delivering log files to you
  • 22. Security analysis Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns. Track changes to AWS resources Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot operational issues Quickly identify the most recent changes made to resources in your environment. Compliance and audit aid Easier to demonstrate compliance with internal policies and regulatory standards.
  • 23. ‣  CloudTrail records API calls and delivers a log file to your S3 bucket. ‣  Typically, delivers an event within 15 minutes of the API call. ‣  Log files are delivered approximately every 5 minutes. ‣  Multiple partners offer integrated solutions to analyze log files, including Splunk, SumoLogic and Loggly
  • 24. Amazon CloudWatch Logs can monitor your system, application and custom log files from Amazon EC2 instances and other sources, for example: Monitor your web server http log files and use CloudWatch Metrics filters to identify 404 errors and count the number of occurrences within a specified time period CloudWatch Alarms can then notify you when the number of 404 errors breaches whatever threshold you decide to set – you could use this to automatically generate a ticket for investigation Now monitor everything with CloudWatch logs
  • 26. Defense in Depth Multi level security •  Physical security of the data centers •  Network security •  System security •  Data security DATA
  • 27. AWS Security Delivers More Control & Granularity Choose what’s right for your business needs AWS CloudHSM Defense in depth Rapid scale for security Automated checks with AWS Trusted Advisor Fine grained access controls Server side encryption Multi-factor authentication Dedicated instances Direct connection, Storage Gateway HSM-based key storage AWS IAM Amazon VPC AWS Direct Connect AWS Storage Gateway
  • 28. AWS EMPLOYEE ACCESS ‣  Staff vetting ‣  No logical access to customer instances ‣  Control-plane access limited and monitored Bastion hosts, Least privileged model, Zoned data center access ‣  Access based on strict business needs ‣  Separate PAMS
  • 30. Every network has fine-grained security control built-in AvailabilityZoneA AvailabilityZoneB You control your VPC address range •  Your own private, isolated section of the AWS cloud •  Every VPC has a private IP address space you define •  Create your own subnets and control all internal and external connectivity AWS network security •  AWS network will prevent spoofing and other common layer 2 attacks •  Every compute instance gets multiple security groups - stateful firewalls •  Every subnet gets network access control lists
  • 31. Control firewalls for every host with security groups VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/24 Jump 10.0.4.0/24 EC 2 App “Web servers will accept Port 80 from load balancers” “App servers will accept Port 8080 from web servers” “Allow SSH access only from from Jump Hosts” Log EC 2 Web Load balancing
  • 32. Control traffic between each subnet with NACLs VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 10.0.3.0/24 EC 2 10.0.5.0/24 Jump 10.0.4.0/24 EC 2 App Log EC 2 Web “Deny all traffic between the web server subnet and the database server subnet” Load balancing
  • 33. Control all traffic routing to the Internet VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC 2 10.0.3.0/24 EC 2 10.0.4.0/24 EC 2 App EC 2 WebEC 2 WebEC 2 EC 2 Web Internet Gateway Control Internet routing •  Create Public subnets and Private subnets •  Implement DMZ architectures as per normal best practices •  Allocate static Elastic IP addresses or use AWS- managed public IP addresses Load balancing
  • 34. Connect in private to your existing datacentres VPC A - 10.0.0.0/16 AvailabilityZoneA 10.0.1.0/24 10.0.2.0/24 EC 2 10.0.3.0/24 EC 2 10.0.4.0/24 EC 2 App EC 2 WebEC 2 WebEC 2 EC 2 Web Use Internet VPNs or use AWS Direct Connect Your premises Load balancing
  • 35. Every website can absorb attack and scale out Amazon S3 Distributed attackers Customers Customers Route53 Sydney region CloudFront Your VPC WAFWAF WAFWAF ELB ELB ELB ELB App App App App Auto Scaling Auto Scaling Auto Scaling Auto Scaling
  • 37. YOUR DATA STAYS WHERE YOU PUT IT
  • 38. AWS  Region   US-WEST (N. California) EU-WEST (Ireland) ASIA PAC (Tokyo) ASIA PAC (Singapore) US-WEST (Oregon) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) GOV CLOUD ASIA PAC (Sydney) It’s not just having services in a couple of regions
  • 39. You can stay onshore in Australia if you need to AWS Sydney Region Multiple availability zones
  • 42. YOU CAN ENCRYPT ALL OF YOUR DATA CHOOSE WHAT’S RIGHT FOR YOU Automated – AWS manages encryption Enabled – user manages encryption using AWS Client-side – user manages encryption their own way
  • 43. ENCRYPT YOUR SENSITIVE DATA AWS CLOUDHSM AMAZON S3 SSE AMAZON GLACIER AMAZON REDSHIFT AMAZON RDS
  • 44. Managed and monitored by AWS, but you control the keys Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection EC2 Instance AWS CloudHSM AWS CloudHSM You can store your encryption keys in AWS CloudHSM
  • 45. CONTROL WHO CAN DO WHAT WITH YOUR AWS ACCOUNT
  • 47. Control access and segregate duties everywhere With  AWS  IAM  you  get  to  control  who  can  do   what  in  your  AWS  environment  and  from  where     Fine-­‐grained  control  of  your  AWS  cloud  with  two-­‐ factor  authen<ca<on     Integrated  with  your  exis<ng  corporate  directory   using  SAML  2.0  and  single  sign-­‐on   AWS account owner Network management Security management Server management Storage management
  • 48. AWS IAM: Recent innovations Securely control access to AWS services and resources •  Delegation –  Roles for Amazon EC2 –  Cross-account access •  Powerful integrated permissions –  Resource level permissions: Amazon EC2, Amazon RDS, Amazon DynamoDB, AWS CloudFormation –  Access control policy variables –  Policy Simulator –  Enhanced IAM support: Amazon SWF, Amazon EMR, AWS Storage Gateway, AWS CloudFormation, Amazon Redshift, Elastic Beanstalk •  Federation –  Web Identity Federation –  AD and Shibboleth examples –  Partner integrations •  Strong authentication –  MFA-protected API access –  Password policies •  Enhanced documentation and videos
  • 49. PROTECT YOUR LOGS WITH IAM ARCHIVE YOUR LOGS TO S3 AND GLACIER
  • 50. You get to do all of this in DEVELOPMENT TESTING PRODUCTION
  • 51. Expand your skills with AWS Certification aws.amazon.com/certification Exams Validate your proven technical expertise with the AWS platform On-Demand Resources aws.amazon.com/training/ self-paced-labs Videos & Labs Get hands-on practice working with AWS technologies in a live environment aws.amazon.com/training Instructor-Led Courses Training Classes Expand your technical expertise to design, deploy, and operate scalable, efficient applications on AWS
  • 52. Thank you Stephen Quigg Principal Security Solutions Architect – Asia Pacific Amazon Web Services