• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
 

Security in the Cloud - AWS Symposium 2014 - Washington D.C.

on

  • 506 views

Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but ...

Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.

Statistics

Views

Total Views
506
Views on SlideShare
502
Embed Views
4

Actions

Likes
3
Downloads
38
Comments
0

2 Embeds 4

https://twitter.com 3
http://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Security in the Cloud - AWS Symposium 2014 - Washington D.C. Security in the Cloud - AWS Symposium 2014 - Washington D.C. Presentation Transcript

    • Security in the Cloud Stephen E. Schmidt, Vice President, Security Engineering & Chief Information Security Officer AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
    • 8th Birthday Launched on March 14th, 2006
    • Startups on AWS
    • Enterprises on AWS
    • Public Sector on AWS
    • System Integrators on AWS
    • ISVs on AWS
    • Why are enterprises & government adopting cloud computing and AWS so quickly?
    • The primary reason enterprises & governments are moving so quickly to AWS and the cloud #1: Agility
    • Why does agility matter?
    • Old World: Infrastructure in weeks Enterprises & Government Can’t Afford to Be Slow
    • A Culture of Innovation: Experiment Often & Fail Without Risk
    • Regions Availability Zones Content Delivery POPs #2: Platform Breadth and Depth
    • 10 regions 26 availability zones 51 edge locations It’s Not Just Having Services in a Couple of Regions…
    • Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RD S MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Direct Connect Route 53VPC Networking Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53 VP C Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Technology Partners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Support CertificationTrainingProfessional Services Technology Partners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
    • Security is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload PEOPLE & PROCEDURES NETWORK SECURITY PHYSICAL SECURITY PLATFORM SECURITY
    • “[Enterprise customers are] skipping the years of early getting-their-feet-wet, and immediately jumping in with more significant projects, with more ambitious goals…”
    • “Increasingly, organizations are asking what can’t go to the cloud, rather than what can…”
    • “As 2014 dawns, we’re moving into an era of truly mainstream adoption of cloud…”
    • • SECURITY IS SHARED
    • WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
    • WHAT WE DO FOR YOU WHAT YOU DO YOURSELF
    • • EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES • CHOOSE WHAT’S RIGHT FOR YOUR WORKLOAD
    • • CLOUD SECURITY OFFERS MORE • VISIBILITY • AUDITABILITY • CONTROL
    • • MORE VISIBILITY
    • • CAN YOU MAP YOUR NETWORK? • WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?
    • • MORE AUDITABILITY
    • • SECURITY CONTROL OBJECTIVES • 1. SECURITY ORGANIZATION • 2. AMAZON USER ACCESS • 3. LOGICAL SECURITY • 4. SECURE DATA HANDLING • 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS • 6. CHANGE MANAGEMENT • 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY • 8. INCIDENT HANDLING
    • • MORE CONTROL
    • Defense in Depth Multi level security • Physical security of the data centers • Network security • System security • Data security
    • • LEAST PRIVILEGE PRINCIPLE • AT AWS
    • • LEAST PRIVILEGE PRINCIPLE CONFINE ROLES ONLY TO THE MATERIAL REQUIRED TO DO SPECIFIC WORK
    • • LEAST PRIVILEGE PRINCIPLE SEPARATE NETWORKS FOR CORPORATE WORK VS. ACCESSING CUSTOMER DATA
    • • LEAST PRIVILEGE PRINCIPLE MUST HAVE A BUSINESS NEED-TO-KNOW ABOUT SENSITIVE INFORMATION LIKE DATACENTER LOCATIONS
    • • LEAST PRIVILEGE PRINCIPLE MUST HAVE A BUSINESS NEED-TO-KNOW IN ORDER TO ACCESS DATACENTERS
    • • SIMPLE SECURITY CONTROLS ARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT, AND EASIEST TO ENFORCE
    • • IDC Survey • Attitudes and Perceptions Around Security and Cloud Services • Nearly 60% of organizations agreed that CSPs [Cloud Service Providers] provide better security than their own IT organization • Source: IDC 2013 U.S. Cloud Security Survey • Doc #242836, September 2013
    • • “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom – CTO – NASA JPL
    • AWS Security Stephen E. Schmidt, Chief Information Security Officer Thank You!