• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
 

Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro

on

  • 183 views

Learn how to increase the effectiveness of your security operations as you move to the Cloud. We will discuss how your current incident response, monitoring, and audit response tactics have to change ...

Learn how to increase the effectiveness of your security operations as you move to the Cloud. We will discuss how your current incident response, monitoring, and audit response tactics have to change in the Cloud. Drawing from experiences helping clients move to the Cloud, industry research, and the 'school of hard knocks', this talk will help provide practical advice you can apply today. This session is recommended for technical users who want to know how the day-to-day work of securing their on-premises workloads should change when moving to the Cloud.

Statistics

Views

Total Views
183
Views on SlideShare
183
Embed Views
0

Actions

Likes
0
Downloads
17
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro Presentation Transcript

    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Security Features of AWS Services in AWS GovCloud (US) Alice Rison adeane@amazon.com Mark Ryland markry@amazon.com Mai-Lan Tomsen Bukovec mailan@amazon.com CJ Moses cmoses@amazon.com
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 To enable businesses, governments, educational institutions, and developers to use web services to build scalable, sophisticated applications. g o v c l o u d p c f e d r a m p s s c r i t y t a r w 3 e m a i The AWS Mission
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS GovCloud (US) AWS exclusive government community cloud restricted to vetted U.S. Government and U.S. commercial entities with government oriented and regulated workloads g o v c l o u d e s c r i t y
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Compliance Regimes • International Traffic in Arms Regulations (ITAR): – 3rd Party ITAR attestation letter – US Persons only physical/ logical access – ITAR boundary defined in the AWS GovCloud Users Guide for all AWS services • FedRAMP: – FedRAMP Agency ATO with HHS – NIST 800-53 Security Controls – Boundary includes EC2, VPC, IAM, EBS, and S3 f e d r a m p i r t
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Shared Responsibility Model • Security is a shared responsibility model • AWS – responsible for physical security of data centers through the virtualization level up to the host operating system • Customers – responsible for building secure applications • AWS services provide you with the features you need to create a reliable, secure, scalable, highly available and cost-efficient IT system a w t u c s r m o e
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Identity & Access Management • AWS GovCloud (US): the IAM you know and love, except: – Disjoint principal database – Disjoint resource/ARN namespace (including S3) – No console access for root identity – Challenges for cross-region features • SAML Federation! • EC2 resource permissions: status and plans m a i i t r
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Amazon S3 Features • Data confidentiality, integrity, and availability • Data access restricted by default: – Object: IAM policies, ACLs, Bucket Policies – Log access to buckets and objects • Plethora of encryption options: – data in transit: FIPS 140-2 validated endpoints in AWS GovCloud (US) and SSL options – data at rest: 256-bit Advanced Encryption Option (AES-256) with S3 SSE • Designed for 99.9% availability and up to eleven 9’s of durability • Amazon S3 Versioning’s MFA Delete feature r 3 t s o a g e
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Master Security Group Amazon S3 Web App Server Virtual Private Cloud Corporate Data center Slave Security Group 1 1 2 5 7 VPN Gateway 2 3 4 5 6 6 3 4 Store your input and output data in S3 using S3 Server Side Encryption EMR reads and writes to S3 using https EMR creates security groups for the master and slaves. You can configure them to only allow certain ports/IPs Encrypt data stored on disk (optional) Encrypt data in transit between nodes (optional) Launch the cluster in a VPC 7 Connect to your own data center using VPN Amazon EMR EMR Cluster
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Amazon EMR Features • EC2 Security Groups • Data is transferred to and from Amazon S3 using the FIPS validated endpoint • Cluster specific access control • Integration with VPC • Cohesive with data at rest encryption u e s c r i t y me
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Customer’s network Amazon Web Services cloud Secure VPN connection over the Internet Subnets Customer’s isolated AWS resources Amazon VPC Architecture Router VPN gateway Internet NAT
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Amazon VPC Features • AWS GovCloud (US) – mandatory VPC • Firewall/ Security Groups • Network Access Control Lists • Subnets and Route Tables • Virtual Private Gateways • Internet Gateways g o v c l o u d p c
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Web & Mobile Applications Big Data & High Performance Computing Mission Oriented Applications Disaster Recovery & Archive Ideal Workloads
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Case Study Organizational Benefits • The US Centers for Disease Control and Prevention’s (CDC) mission is to improve public health. • With the BioSense 2.0 program, the CDC is tasked with providing awareness for all health-related threats and to support responses to these threats at the national, state, and local level. • The CDC re-launched BioSense 2.0 on Amazon Web Services in AWS GovCloud (US) and other Regions using Amazon EC2, Amazon S3, Amazon EMR, and Amazon SES. • Needing to avoid purchasing expensive hardware and software, the organization turned to AWS for its low cost, pay-per- use model, high availability, as well as security and compliance practices. • The CDC leveraged service level security features in AWS GovCloud (US) to meet the confidentiality, availability and integrity security controls needed to obtain a FISMA Moderate Level ATO CDC BioSense 2.0
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Learn More • Security White Papers: http://aws.amazon.com/security/security-resources/ – AWS Security Overview – AWS Security Best Practices – Securing Data Rest With Encryption – Amazon VPC Connectivity Options – Auditing Security Checklist – Security at Scale: Logging in AWS • AWS GovCloud (US) User Guide: http://docs.aws.amazon.com/govcloud-us
    • AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Thank You!! http://aws.amazon.com/govcloud-us g o v c l o u d p c f e d r a m p s s c r i t y t a r w 3 e m a i