• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
T4 – Understanding aws security
 

T4 – Understanding aws security

on

  • 381 views

...



The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, the tools and services AWS makes available to customers to secure and manage their resources and best practices on how to use them.

This session is recommended for anyone with questions about how AWS can meet the compliance requirements of their applications.

Statistics

Views

Total Views
381
Views on SlideShare
381
Embed Views
0

Actions

Likes
2
Downloads
56
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    T4 – Understanding aws security T4 – Understanding aws security Presentation Transcript

    • AWS Summit 2014 Understanding AWS Security Carlos Conde Head of EMEA Evangelism @caarlco
    • Different customer viewpoints on security PR exec keep out of the news CEO protect shareholder value CI{S}O preserve the confidentiality, integrity and availability of data
    • Security is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload PEOPLE & PROCEDURES NETWORK SECURITY PHYSICAL SECURITY PLATFORM SECURITY
    • SECURITY IS SHARED
    • WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
    • WHAT WE DO WHAT YOU HAVE TO DO
    • SOC CONTROL OBJECTIVES 1. SECURITY ORGANIZATION 2. AMAZON USER ACCESS 3. LOGICAL SECURITY 4. SECURE DATA HANDLING 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS 6. CHANGE MANAGEMENT 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY 8. INCIDENT HANDLING
    • YOUR DATA IS YOUR MOST IMPORTANT ASSET IF YOUR DATA IS NOT SECURE, YOU’RE NOT SECURE
    • NETWORK SECURITY
    • “GAME DAYS” INSERT ARTIFICIAL SECURITY INCIDENTS. MEASURE SPEED OF DETECTION AND EXECUTION.
    • EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES CHOOSE WHAT’S RIGHT FOR YOUR BUSINESS
    • AWS SECURITY OFFERS MORE VISIBILITY AUDITABILITY CONTROL
    • MORE VISIBILITY
    • CAN YOU MAP YOUR NETWORK? WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?
    • TRUSTED ADVISOR
    • MORE AUDITABILITY
    • AWS CLOUDTRAIL
    • You are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to you
    • Security Analysis Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns. Track Changes to AWS Resources Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot Operational Issues Quickly identify the most recent changes made to resources in your environment. Compliance Aid Easier to demonstrate compliance with internal policies and regulatory standards.
    • LOGS OBTAINED, RETAINED, ANALYZED
    • PROTECT YOUR LOGS WITH IAM ARCHIVE YOUR LOGS
    • VULNERABILITY & PENETRATION TESTING
    • VULNERABILITY & PENETRATION TESTING
    • MORE CONTROL
    • LEAST PRIVILEGE PRINCIPLE CONFINE ROLES ONLY TO THE MATERIAL REQUIRED TO DO A SPECIFIC WORK
    • AWS STAFF ACCESS ‣  Staff vetting ‣  Staff has no logical access to customer instances ‣  Staff control-plane access limited & monitored Bastion hosts, Least privileged model, Zoned data center access ‣  Business needs ‣  Separate PAMS
    • USE SEPARATE SETS OF CREDENTIALS
    • USE AWS IAM IDENTITY & ACCESS MANAGEMENT
    • CONTROL WHO CAN DO WHAT IN YOUR AWS ACCOUNT
    • ACCESS TO SERVICE APIs
    • Amazon DynamoDB Fine Grained Access Control Directly and securely access application data in Amazon DynamoDB Specify access permissions at table, item and attribute levels With Web Identity Federation, completely remove the need for proxy servers to perform authorization
    • DEPLOYMENT PROCESS HAS TO BE CONSTRAINED
    • DEV & TEST ENVIRONMENT AWS ACCOUNT A PRODUCTION ENVIRONMENT AWS ACCOUNT B
    • “If you need to SSH into your instance, your deployment process is broken.”
    • VERSIONED AWS CLOUDFORMATION SCRIPTS + AWS OPSWORKS
    • MORE CONTROL ON YOUR DATA
    • MFA PROTECTION
    • YOUR DATA STAYS WHERE YOU PUT IT
    • USE MULTIPLE AZs AMAZON S3 AMAZON DYNAMODB AMAZON RDS MULTI-AZ AMAZON EBS SNAPSHOTS
    • DATA ENCRYPTION CHOOSE WHAT’S RIGHT FOR YOU: Automated – AWS manages encryption Enabled – user manages encryption using AWS Client-side – user manages encryption using their own mean
    • ENCRYPT YOUR DATA AWS CLOUDHSM AMAZON S3 SSE AMAZON GLACIER AMAZON REDSHIFT AMAZON RDS …
    • MORE AUDITABILITY MORE VISIBILITY MORE CONTROL
    • “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom – CTO – NASA JPL
    • AWS.AMAZON.COM/SECURITY
    • AWS SECURITY WHITEPAPERS RISK & COMPLIANCE AUDITING SECURITY CHECKLIST SECURITY PROCESSES SECURITY BEST PRACTICES
    • Thank You! AWS EXPERT? GET CERTIFIED! aws.amazon.com/certification Carlos Conde Head of EMEA Evangelism @caarlco