Ultra Secure Data Center    on Amazon Cloud  Lahav Savir, Architect & CEO      Emind systems ltd.      lahavs@emind.co
AboutLahav Savir• 15+ years in on-line industry• Architect and CEO @ Emind SystemsEmind Systems (est. 2006)• Boutique syst...
Amazon (AWS) Certification        Amazon Solution Provider          & Consulting Partner https://aws.amazon.com/solution-p...
What is secure data center ?• Isolated and controlled   •   Data encryption• Firewalled                •   Antivirus• Secu...
Emind’s best practice
Access Management• Control the data flow  –   AWS VPC  –   ACL  –   Routing  –   Handle all in/out traffic• Access control...
ACL & Routing in the VPC
Emind’s best practice
Traffic Control• Log in / out traffic• Terminate encrypted connection• Sanitize in / out packets  – Real-time decisions  –...
Emind’s best practice
Anomalies detection• Host based IDS  – Detect configuration changes  – Track running processes  – Track file access  – Res...
Emind’s best practice
Data Protection• In-flight   – SSL encryption   – IPSec• In-rest   – Storage level encryption   – Data base encryption
Emind’s best practice
Data aggregation• Need to aggregate  – VPN access logs  – Traffic audit logs  – Network IDS logs  – Host IDS logs  – Anti ...
Emind’s best practice
Security lifecycle management• Ongoing log discovery & analysis  – Access  – Traffic  – IDS  – Anti virus  – Encryption ke...
• goCloud – Emind’s optimal road to the cloud  – Secure cloud architecture  – Scalable & high-availability design  – Custo...
Contact me, lahavs@emind.co        054-4321688
Upcoming SlideShare
Loading in...5
×

Ultra Secure Cloud Data Center on AWS

418
-1

Published on

This presentation is an introduction to Emind Systems' in-house best practice for an ultra-secure application deployment on the AWS cloud. This best practice is based on Emind's experience in performing dozens of infrastructure projects based on the Amazon Web Services’ platform.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
418
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Ultra Secure Cloud Data Center on AWS

  1. 1. Ultra Secure Data Center on Amazon Cloud Lahav Savir, Architect & CEO Emind systems ltd. lahavs@emind.co
  2. 2. AboutLahav Savir• 15+ years in on-line industry• Architect and CEO @ Emind SystemsEmind Systems (est. 2006)• Boutique system integrator• AWS solution provider• 100+ AWS customers
  3. 3. Amazon (AWS) Certification Amazon Solution Provider & Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd
  4. 4. What is secure data center ?• Isolated and controlled • Data encryption• Firewalled • Antivirus• Secure access • Frequent updates – VPN • User management – SSL – One time password• Audited • One spot for monitoring• Intrusion detection & – Centralized alerts and prevention notifications• Configuration analysis • Regulatory compliance
  5. 5. Emind’s best practice
  6. 6. Access Management• Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic• Access control – Security groups• Identity access management – One-time-password – AWS IAM with MFA
  7. 7. ACL & Routing in the VPC
  8. 8. Emind’s best practice
  9. 9. Traffic Control• Log in / out traffic• Terminate encrypted connection• Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting
  10. 10. Emind’s best practice
  11. 11. Anomalies detection• Host based IDS – Detect configuration changes – Track running processes – Track file access – Resource access – Detect abnormal behavior !• OS hardening• App cleanup
  12. 12. Emind’s best practice
  13. 13. Data Protection• In-flight – SSL encryption – IPSec• In-rest – Storage level encryption – Data base encryption
  14. 14. Emind’s best practice
  15. 15. Data aggregation• Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs• Detect patterns
  16. 16. Emind’s best practice
  17. 17. Security lifecycle management• Ongoing log discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys• Act on analysis result• Revel and solve cloud infrastructure settings• Make them all orchestrate together !
  18. 18. • goCloud – Emind’s optimal road to the cloud – Secure cloud architecture – Scalable & high-availability design – Customized system deployment – Orchestrating cloud and software – Cloud operation team – Monitoring and alerting – 24x7 SLA
  19. 19. Contact me, lahavs@emind.co 054-4321688
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×