Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.
2 0 1 9
Principales mitos de
seguridad en AWS!
Eliminados!
M a r t i n D o m i n g u e z
S o l u t i o n s A r c h i t e c t
m p _...
SECURITY IS
JOB ZERO
The three stages of cloud security curiosity
General cloud
security
Specific service
security
Data
security
New to cloud
a...
Cloud security
Service security
Part 1: General cloud security
Data
security
Myth 01
“La nube publica no es tan segura
como mi infraestructura on-premises
y no es tan segura como mi nube
privada”
01: AWS security of the cloud and in the cloud
Visible AutomatedPhysical
AWS’s global infrastructure is built to meet the ...
Myth 02
“Cuando ponga mis datos en la nube
pierdo propiedad de ellos y talvez se
muevan a traves de diferentes
paises.”
02: You own and control your content
Access TraceabilityOwnership
You retain ownership and control of your content, and yo...
Myth 03
“Soy un negocio altamente
regulado y no puedo usar la nube
por mis requerimientos de
cumplimiento legales.”
03: AWS global compliance program
Countries Enterprise
agreement
Certifications
Our security assurance program meets or ex...
Myth 04
“Mi negocio requiere datos
personales confidenciales, no
puedo usar la nube.”
04: Using encryption on AWS
AWS KMS High standardsUbiquitous
AWS encryption services are integrated into dozens of our ser...
Myth 05
“Tengo requisitos para pruebas de
seguridad, no puedo hacer esto en
la nube.”
05: Security testing on AWS
Seek approval Or use
pre-approved
Shared
responsibility
AWS permits security testing of your r...
Cloud security
Service security
Data
security
Part 2: Specific service security
Myth 06
“Todos mis sistemas operativos son
parchados automáticamente en la
nube.”
06: Patch management on AWS
How we help Our
responsibility
Your
responsibility
You are responsible for patching operating ...
Myth 07
“No puedo usar la nube para
almacenar datos confidenciales
porque todos tendrán acceso a
ellos.”
07: How to secure data in Amazon Simple Storage
Service (Amazon S3)
Notify RespondProtect
Amazon S3 and our other storage ...
Myth 08
“Escucho que las claves secretas
son robadas, la forma en que
ustedes otorgan el acceso no es
seguro.”
08: How to protect AWS credentials
Amazon
GuardDuty
Multi-factor
authentication
AWS provides a number of tools to protect ...
Myth 09
“No puedo controlar la eliminación
de mis datos y no puedo verificar
que se hayan eliminado.”
09: How AWS manages data deletion
Physical ValidatedLogical
When you delete your data we take multiple steps to wipe it an...
Myth 10
“Los servicios serverless no son
seguros porque se comparten
entre clientes.”
10: How AWS protects serverless services
Identity Limited surface
When you use AWS’s serverless services you inherit the m...
Cloud security
Service security
Data
security
Part 2: Specific service security
Myth 11
“El gobierno puede acceder a mis
datos en cualquier momento.”
11: How AWS manages information requests
Notification EncryptionValid requests
Amazon does not disclose customer informati...
Myth 12
“Un usuario malintencionado
puede ver mis datos a través de su
acceso administrativo compartido.”
12: How AWS manages administrative access
Process
controls
Technology
controls
AWS strictly controls our infrequent admini...
Myth 13
“Es posible pasar por alto su tecnología de
aislamiento y acceder a los datos de otra
persona.”
13: How AWS secures the hypervisor
Experience
AWS has over a decade of experience securing our virtualization
technology. ...
Cloud security
Service security
Data
security
Part 2: Specific service security
Security benefits of the AWS cloud
Automate
with deeply
integrated
security
services
Inherit
global
security and
complianc...
SECURITY IS
JOB ZERO
¡GRACIAS!
Transformation Track AWS Cloud Experience Argentina - Principales Mitos de Seguridad en AWS
Prochain SlideShare
Chargement dans…5
×

Transformation Track AWS Cloud Experience Argentina - Principales Mitos de Seguridad en AWS

87 vues

Publié le

Principales Mitos de Seguridad en AWS - AWS Cloud Experience Argentina

Publié dans : Technologie
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Transformation Track AWS Cloud Experience Argentina - Principales Mitos de Seguridad en AWS

  1. 1. 2 0 1 9
  2. 2. Principales mitos de seguridad en AWS! Eliminados! M a r t i n D o m i n g u e z S o l u t i o n s A r c h i t e c t m p _ d o m i n g u e z J a v i e r O l i v o C l o u d S p e c i a l i s t M c A f e e
  3. 3. SECURITY IS JOB ZERO
  4. 4. The three stages of cloud security curiosity General cloud security Specific service security Data security New to cloud and / or business teams Experienced in cloud and / or technology teams Advanced in cloud and / or risk teams
  5. 5. Cloud security Service security Part 1: General cloud security Data security
  6. 6. Myth 01 “La nube publica no es tan segura como mi infraestructura on-premises y no es tan segura como mi nube privada”
  7. 7. 01: AWS security of the cloud and in the cloud Visible AutomatedPhysical AWS’s global infrastructure is built to meet the requirements of the most security-sensitive organizations in the world
  8. 8. Myth 02 “Cuando ponga mis datos en la nube pierdo propiedad de ellos y talvez se muevan a traves de diferentes paises.”
  9. 9. 02: You own and control your content Access TraceabilityOwnership You retain ownership and control of your content, and you choose which region that content resides in
  10. 10. Myth 03 “Soy un negocio altamente regulado y no puedo usar la nube por mis requerimientos de cumplimiento legales.”
  11. 11. 03: AWS global compliance program Countries Enterprise agreement Certifications Our security assurance program meets or exceeds industry, country- specific, and global security requirements
  12. 12. Myth 04 “Mi negocio requiere datos personales confidenciales, no puedo usar la nube.”
  13. 13. 04: Using encryption on AWS AWS KMS High standardsUbiquitous AWS encryption services are integrated into dozens of our services and meet the strictest industry requirements
  14. 14. Myth 05 “Tengo requisitos para pruebas de seguridad, no puedo hacer esto en la nube.”
  15. 15. 05: Security testing on AWS Seek approval Or use pre-approved Shared responsibility AWS permits security testing of your resources in line with our acceptable usage policy, and we provide tools to help you
  16. 16. Cloud security Service security Data security Part 2: Specific service security
  17. 17. Myth 06 “Todos mis sistemas operativos son parchados automáticamente en la nube.”
  18. 18. 06: Patch management on AWS How we help Our responsibility Your responsibility You are responsible for patching operating systems that you manage. AWS is responsible for patching services that we manage
  19. 19. Myth 07 “No puedo usar la nube para almacenar datos confidenciales porque todos tendrán acceso a ellos.”
  20. 20. 07: How to secure data in Amazon Simple Storage Service (Amazon S3) Notify RespondProtect Amazon S3 and our other storage services are secure by default. Customers control who can access their data, and AWS provides multiple tools so you can understand how access is configured
  21. 21. Myth 08 “Escucho que las claves secretas son robadas, la forma en que ustedes otorgan el acceso no es seguro.”
  22. 22. 08: How to protect AWS credentials Amazon GuardDuty Multi-factor authentication AWS provides a number of tools to protect your identity and access credentials and to help you detect misuse Temporary access
  23. 23. Myth 09 “No puedo controlar la eliminación de mis datos y no puedo verificar que se hayan eliminado.”
  24. 24. 09: How AWS manages data deletion Physical ValidatedLogical When you delete your data we take multiple steps to wipe it and eventually destroy it. This process is validated by independent third parties
  25. 25. Myth 10 “Los servicios serverless no son seguros porque se comparten entre clientes.”
  26. 26. 10: How AWS protects serverless services Identity Limited surface When you use AWS’s serverless services you inherit the multiple layers of strong security controls that are built into our core services Building blocks
  27. 27. Cloud security Service security Data security Part 2: Specific service security
  28. 28. Myth 11 “El gobierno puede acceder a mis datos en cualquier momento.”
  29. 29. 11: How AWS manages information requests Notification EncryptionValid requests Amazon does not disclose customer information unless we’re required to do so to comply with a legally valid and binding order. Where we need to act publicly to protect customers, we do
  30. 30. Myth 12 “Un usuario malintencionado puede ver mis datos a través de su acceso administrativo compartido.”
  31. 31. 12: How AWS manages administrative access Process controls Technology controls AWS strictly controls our infrequent administrative access to services. This process has executive oversight within AWS and is validated by independent third parties Automation
  32. 32. Myth 13 “Es posible pasar por alto su tecnología de aislamiento y acceder a los datos de otra persona.”
  33. 33. 13: How AWS secures the hypervisor Experience AWS has over a decade of experience securing our virtualization technology. We provide a deep level of isolation within the cloud Customization & innovation Isolation
  34. 34. Cloud security Service security Data security Part 2: Specific service security
  35. 35. Security benefits of the AWS cloud Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control
  36. 36. SECURITY IS JOB ZERO
  37. 37. ¡GRACIAS!

×