Your SlideShare is downloading. ×
0
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro

525

Published on

Learn how to increase the effectiveness of your security operations as you move to the Cloud. We will discuss how your current incident response, monitoring, and audit response tactics have to change …

Learn how to increase the effectiveness of your security operations as you move to the Cloud. We will discuss how your current incident response, monitoring, and audit response tactics have to change in the Cloud. Drawing from experiences helping clients move to the Cloud, industry research, and the 'school of hard knocks', this talk will help provide practical advice you can apply today. This session is recommended for technical users who want to know how the day-to-day work of securing their on-premises workloads should change when moving to the Cloud.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
525
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
34
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Security Features of AWS Services in AWS GovCloud (US) Alice Rison adeane@amazon.com Mark Ryland markry@amazon.com Mai-Lan Tomsen Bukovec mailan@amazon.com CJ Moses cmoses@amazon.com
  • 2. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 To enable businesses, governments, educational institutions, and developers to use web services to build scalable, sophisticated applications. g o v c l o u d p c f e d r a m p s s c r i t y t a r w 3 e m a i The AWS Mission
  • 3. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS GovCloud (US) AWS exclusive government community cloud restricted to vetted U.S. Government and U.S. commercial entities with government oriented and regulated workloads g o v c l o u d e s c r i t y
  • 4. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Compliance Regimes • International Traffic in Arms Regulations (ITAR): – 3rd Party ITAR attestation letter – US Persons only physical/ logical access – ITAR boundary defined in the AWS GovCloud Users Guide for all AWS services • FedRAMP: – FedRAMP Agency ATO with HHS – NIST 800-53 Security Controls – Boundary includes EC2, VPC, IAM, EBS, and S3 f e d r a m p i r t
  • 5. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Shared Responsibility Model • Security is a shared responsibility model • AWS – responsible for physical security of data centers through the virtualization level up to the host operating system • Customers – responsible for building secure applications • AWS services provide you with the features you need to create a reliable, secure, scalable, highly available and cost-efficient IT system a w t u c s r m o e
  • 6. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 AWS Identity & Access Management • AWS GovCloud (US): the IAM you know and love, except: – Disjoint principal database – Disjoint resource/ARN namespace (including S3) – No console access for root identity – Challenges for cross-region features • SAML Federation! • EC2 resource permissions: status and plans m a i i t r
  • 7. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Amazon S3 Features • Data confidentiality, integrity, and availability • Data access restricted by default: – Object: IAM policies, ACLs, Bucket Policies – Log access to buckets and objects • Plethora of encryption options: – data in transit: FIPS 140-2 validated endpoints in AWS GovCloud (US) and SSL options – data at rest: 256-bit Advanced Encryption Option (AES-256) with S3 SSE • Designed for 99.9% availability and up to eleven 9’s of durability • Amazon S3 Versioning’s MFA Delete feature r 3 t s o a g e
  • 8. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Master Security Group Amazon S3 Web App Server Virtual Private Cloud Corporate Data center Slave Security Group 1 1 2 5 7 VPN Gateway 2 3 4 5 6 6 3 4 Store your input and output data in S3 using S3 Server Side Encryption EMR reads and writes to S3 using https EMR creates security groups for the master and slaves. You can configure them to only allow certain ports/IPs Encrypt data stored on disk (optional) Encrypt data in transit between nodes (optional) Launch the cluster in a VPC 7 Connect to your own data center using VPN Amazon EMR EMR Cluster
  • 9. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Amazon EMR Features • EC2 Security Groups • Data is transferred to and from Amazon S3 using the FIPS validated endpoint • Cluster specific access control • Integration with VPC • Cohesive with data at rest encryption u e s c r i t y me
  • 10. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Customer’s network Amazon Web Services cloud Secure VPN connection over the Internet Subnets Customer’s isolated AWS resources Amazon VPC Architecture Router VPN gateway Internet NAT
  • 11. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Amazon VPC Features • AWS GovCloud (US) – mandatory VPC • Firewall/ Security Groups • Network Access Control Lists • Subnets and Route Tables • Virtual Private Gateways • Internet Gateways g o v c l o u d p c
  • 12. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Web & Mobile Applications Big Data & High Performance Computing Mission Oriented Applications Disaster Recovery & Archive Ideal Workloads
  • 13. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Case Study Organizational Benefits • The US Centers for Disease Control and Prevention’s (CDC) mission is to improve public health. • With the BioSense 2.0 program, the CDC is tasked with providing awareness for all health-related threats and to support responses to these threats at the national, state, and local level. • The CDC re-launched BioSense 2.0 on Amazon Web Services in AWS GovCloud (US) and other Regions using Amazon EC2, Amazon S3, Amazon EMR, and Amazon SES. • Needing to avoid purchasing expensive hardware and software, the organization turned to AWS for its low cost, pay-per- use model, high availability, as well as security and compliance practices. • The CDC leveraged service level security features in AWS GovCloud (US) to meet the confidentiality, availability and integrity security controls needed to obtain a FISMA Moderate Level ATO CDC BioSense 2.0
  • 14. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Learn More • Security White Papers: http://aws.amazon.com/security/security-resources/ – AWS Security Overview – AWS Security Best Practices – Securing Data Rest With Encryption – Amazon VPC Connectivity Options – Auditing Security Checklist – Security at Scale: Logging in AWS • AWS GovCloud (US) User Guide: http://docs.aws.amazon.com/govcloud-us
  • 15. AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014 Thank You!! http://aws.amazon.com/govcloud-us g o v c l o u d p c f e d r a m p s s c r i t y t a r w 3 e m a i

×