SlideShare a Scribd company logo

Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canberra 2017

Amazon Web Services
Amazon Web Services

How can you architect your applications for regulatory and organisational compliance? How can you automate security, auditability, and governance controls using best practice? In this session, Accenture draws from real-world examples to showcase how the cloud can strengthen your security and compliance posture, while ensuring maximum agility – articulated through the lifecycle of an application moving to the cloud. Speaker: Chris Fleischmann, Managing Director, Journey To Cloud, Accenture Level: 200

1 of 28
CHRIS FLEISCHMANN JOURNEY TO CLOUD OFFERING EXECUTIVE ACCELERATING CLOUD ADOPTION FOR YOUR REGULATED WORKLOADS AWS SUMMIT 30 August 2017
AGENDA • Continuous Compliance • The Accenture Security Framework for AWS • Demo • AWS Cloud Security Reference Architecture • Application Walk-through • Experience Copyright © 2017 Accenture. All rights reserved. 2
Improve Workplace Productivity • Less time spent managing and tracking inventory • Document updates to meet new requirements • Reduce time spent on unplanned assessments CONTINUOUS COMPLIANCE WHY AUTOMATE COMPLIANCE? Improve Customer Experience • Less data loss • Resources have more time to address customer problems Fewer Unplanned Outages • Improve traceability through automated logging of all interactions • Increase data protection through less manual intervention Copyright © 2017 Accenture. All rights reserved. 3
Shared Responsibilities Who is responsible for what CONTINUOUS COMPLIANCE THREE LINES OF DEFENCE AWS Services The services used to manage, monitor and control the data flow control between users and applications Application Controls What can you control Copyright © 2017 Accenture. All rights reserved. 4
CONTINUOUS COMPLIANCE WHO IS RESPONSIBLE FOR WHAT? Copyright © 2017 Accenture. All rights reserved. 5 Accenture Security Framework Audit
AWS CLOUD SECURITY REFERENCE ARCHITECTURE OVERVIEW Copyright © 2017 Accenture. All rights reserved. 6 Optimized security controls Incremental security controls Native security controls Application Security Digital Identity Foundation Security Data Privacy and Protection Cyber Security Operations Governance & Risk Management Accenture Cloud Security CapabilitiesCustomer Managed AWS security toolsAWS Managed Accenture SupportedLegend: AWS Native Security Tools AWS Incremental Security Controls AWS Optimized Security Controls Technical recommendations available Foundation Security Computer Storage Network Database Configuration Management & Alerting Security Assessment Identity, Access and Entitlement Management Security Information and Event Management Data Privacy and Protection Governance & Risk Management Regions Availability Zones Edge Locations
• AWS IAM • AWS CloudTrail • VPC FlowLogs • AWS Config • S3 Encryption and • EBS Encryption. • AWS Certificate Manager • NAT Gateway • MFA… • … • There are more every day. CONTINUOUS COMPLIANCE? CONTROLS; THEM BE THE CONTROLS… Common AWS Services used to control the flow of information; Monitoring, Configuration, Alerting…: Copyright © 2017 Accenture. All rights reserved. 7
CONTINUOUS COMPLIANCE ACCENTURE VALUE-ADD, A.K.A. MORE CONTROLS Accenture provides a framework to help you meet compliance. It provides the following controls: 1 of 3: Copyright © 2017 Accenture. All rights reserved. 8 Control Feature for AWS Component AWS Services Third-Party Services Access Controls Access Based on Business Needs Identification and Authentication Techniques Data Leakage Cryptographic Techniques to Restrict Data Data Protection and Access Controls • Role-Based Access Controls • Externalisation of Keys • Authentication and Access Controls • Encryption and Tokenisation • Encrypted Storage Volumes • Encryption in Transit • Encryption and Tokenisation Auditing and Configuration Management • Tamper-Proof Metrics • AWS IAM • AWS CloudHSM • AWS KMS • MFA • NAT Gateway • AWS CloudTrail • Amazon EBS Full Disk Encryption • Amazon S3 Encryption • AWS Certificate Manager • Amazon RDS • Ping • Microsoft Active Directory • [operating system authentication] Bastion Host • Remote Desktop • Native DN Transparent Database Encryption • CipherCloud Accenture Security Framework
CONTINUOUS COMPLIANCE ACCENTURE CONTROLS 2 of 3: Copyright © 2017 Accenture. All rights reserved. 9 Control Feature For AWS Component AWS Services Third-Party Services IT Asset Lifecycle Management Controls Physical Security Secure Software Development Legacy Technologies Emerging Technologies Monitoring Process Incident Management Auditing and Configuration Management • Tamper-Proof Metrics • Configuration and Change Management • Continuous Deployment • Hydration • Alarms and Actions • Log and Capture Flows Separation and Flow Controls • AWS Compliance Reports • AWS CodeCommit • AWS CodeDeploy • AWS CodeWorkflow • Auto Scaling groups • AWS CloudWatch • AWS CloudFormation • IAM Accounts • Amazon Virtual Private Cloud (VPC) Security Groups • AWS CloudTrail • Amazon AMI • Amazon Snapshot AMI • GitHub • Jenkins • Native DN Transparent Database Encryption • CipherCloud • Nagios • ZenOss • Splunk Accenture Security Framework
CONTINUOUS COMPLIANCE ACCENTURE CONTROLS 3 of 3: Copyright © 2017 Accenture. All rights reserved. 10 Control Feature for AWS Component AWS Services Third-Party Services Monitoring and Incident Management Accountability and Audit Trails Auditing and Configuration Management • Alarms and Actions • Log and Capture Flows • AWS CloudWatch • AWS CloudTrail • Splunk • CyberArk • PUAM • QualysGuard IT Security Reporting and Metrics Regular Reporting Effective Security Metrics Auditing and Configuration Management • Alarms and Actions • Log and Capture Flows • Tamper-Proof Metrics • AWS CloudWatch • AWS CloudTrail • Splunk Business Disruption Reliance Auditing and Configuration Management • Continuous Deployment • Hydration • Alarms and Actions Separation and Flow Controls • IAM Accounts • VPC • Security Groups • AWS CodeDeploy, CodeCommit, CodeWorkflow • VPC: subnets, routing, gateways • Security Groups • IAM Accounts • CloudWatch • AutoScale Groups • Amazon ELB • Amazon RDS • DynamoDB • Amazon S3 Assurance IT Security and Assurance Auditing and Configuration Management • Role-based access • Alerting on deviation from defined configuration baselines • Roles and permissions used to store audit logs with correct permissions • AWS Compliance Reports • AWS Config Rules • S3 Permissions and Lifecycle Rules Accenture Security Framework
CONTINUOUS COMPLIANCE PUTTING IT ALL TOGETHER: “It's easier to stop something happening in the first place than to repair the damage after it has happened”. Copyright © 2017 Accenture. All rights reserved. 11 DEMO TIME: PREVENTION IS BETTER THAN CURE
CONTINUOUS COMPLIANCE Using AWS Config along with AWS Config Rules to check to make sure that port 22 is not open in any production security group. Copyright © 2017 Accenture. All rights reserved. 12 AWS Config Rules AWS Lambda Amazon SNS Trigger Lambda function when a user, group, role, or policy changes Run policy validation on resources to check if they are compliant. Alert when compliant status changes based on Lambda validation. 1 2 3 4 Proactively respond to the trigger using Lambda, revert change For further discussion: https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to- amazon-ec2-security-groups/
SECURITY RECOMMENDATIONS Copyright © 2017 Accenture. All rights reserved. 13
ACCOUNTS – REGIONS – AZS Copyright © 2017 Accenture. All rights reserved. 14 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Maximizes environment isolation with separate IAM domains Create a separate account for every environment to increase isolation at the expense of manageability. AWS PROD AWS Sydney DEV
VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 15 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Isolated VPCs with no inter-dependencies Primary Region Production Development UAT / Test Isolation between accounts and VPCs by deploying separate instances of all infrastructure and security tools.
VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 16 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Build tiers of applications with common functionality within subnets and distribute across multiple AZs for high availability. Use subnets and network ACLs to segment tiers of applications Presentation subnet security groupsecurity group security group Database subnet Application subnet security group security group security group security group security group security group Internet Gateway Web App Web App Web App App App App DB DB DB Corporate DC
VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 17 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Use subnets and network ACLs to segment tiers of applications EC2 Instance Global – Rules that are common to all instances such as DNS or NTP Operating System – Rules specific to an operating system such as the SSH port for Linux and RDP for Windows Application – Rules specific to all components of an application Role – Rules that apply to all instances of an application that perform the same function, a pool of web servers for instance
VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 18 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services For business critical applications ensure that redundant connectivity exists between AWS and client facilities AWS Direct Connect Direct Connect Location Direct Connect Partner Internet Internet VPN VPN MPLS MPLS Customer Gateway #2 Primary corporate data center DR corporate data center Customer Gateway #1 Region Production Development Management Virtual Private Gateway Virtual Private Gateway Virtual Private Gateway
USE ENCRYPTION IN TRANSIT AND AT REST Copyright © 2017 Accenture. All rights reserved. 19 AWS Storage Services Your applications in Amazon EC2 Your applications in your data center Encrypted Data S3 Glacier EBS Redshift RDS DynamoDB
THE ACCENTURE SECURITY FRAMEWORK FOR AWS The Accenture Security Framework for AWS employs a layered approach to security, building on security features as required by the workload. Copyright © 2017 Accenture. All rights reserved. 20 Separation and Network Flow Controls Auditing and Configuration Management Data Protection and Access Management
SEPARATION AND NETWORK FLOW CONTROLS Main Components of AWS: • AWS Accounts • Amazon Virtual Private Cloud (VPC), Internet Gateway & Peering • Subnets • Route Tables • Security Groups Copyright © 2017 Accenture. All rights reserved. 21
DATA PROTECTION AND ACCESS MANAGEMENT Main Components of AWS: • Role-Based Access Controls • Externalisation of Keys • Authentication and Access Controls • Encryption and Tokenisation • Encrypted Storage Volumes • Encryption in Transit Copyright © 2017 Accenture. All rights reserved. 22
AUDITING AND CONFIGURATION MANAGEMENT Main Components of AWS: • Log Capture and Flows • Tamper-Proof Metrics • Alarms and Actions • Configuration and Change Management • Continuous Deployment • Hydration Copyright © 2017 Accenture. All rights reserved. 23
STOP…THE ARCHITECTURE CHANGES How to prevent the Architecture from unwelcome change? Copyright © 2017 Accenture. All rights reserved. 24 … ENTER DEMO
CLOUD SECURITY OPERATING MODEL Use this Model to translate Cloud Security Strategy to Operating Results Cloud Security Operating Model results are measured by: • Business Risk Reduction • Cost Profile • Flexibility • Performance Metrics • Ability to Scale Cloud Security Strategy defines: • Cloud Security Vision and guiding principles • Service Strategy • Sourcing Strategy • Investments Objectives CLOUD SECURITY OPERATING MODEL How we execute the work Who is accountable for doing the work How we make, sponsor and enforce the right decisions around cloud security How we measure security effectiveness What enabling technology we use to deliver Cloud services How we interact to deliver consistent services How we organise ourselves to deliver services FUNCTIONS GOVERNANCE ORGANISATION, ROLES & SOURCING PERFORMANCE METRICS TOOLS INTERFACES PROCESSES Security Operating Model Copyright © 2017 Accenture. All rights re25
ACCENTURE AWS OFFERINGS SUPPORT SCALE JOINTLY DEVELOPED AND DELIVERED SERVICES AND SOLUTIONS Copyright © 2017 Accenture. All rights reserved. 26 Run and operate via AWS managed services provider certified Accenture cloud platform Analytics & big data on AWS Accelerated path to analytics driven business relevant outcomes. The Accenture Insights Platform, AWS Edition leverages AWS’ big data and analytics services An enabler for industries that manage risk and compliance challenges of regulated data in the AWS cloud Iot solutions and services on AWS Comprehensive industry solutions and secure, scalable IoT platform. Industry-specific solutions include Connected Home and Insurance Telematics, with more to follow. Solutions run on Accenture Connected Products as a Service (CPaaS) our broadly deployed and open IoT platform architecture, integrated with and optimised for AWS IoT services. Cloud transformation services optimised for AWS Move existing applications to and develop new applications on AWS. Services include: • Cloud strategy • Organisational and architecture design • Application migration and refactoring • Application development services • Migration ‘factory’ to automate processes SAP migration to AWS Simplify and accelerate the journey of most customers moving their SAP applications to the cloud in the next 2-5 years. Services include: • SAP Implementation • Cloud Infrastructure Architecture and Setup • SAP Run Support for Basis, Functional, and Development • Cloud Infrastructure Project & Run Support Cloud operating model – security solutions Enhanced security solutions focus on defence in depth depth to secure client data and applications emphasising visibility and auditability. Services include: • Security assessment and strategy for full migration or hybrid AWS cloud scenarios • Security architecture and design • Security expertise in cyber defenses: intrusion and anomaly detection, breach protection, vulnerability assessment with Accenture Cyber Defence Platform Strategic solutions • Workplace-as-a-Service • Accenture Digital Video
CALL TO ACTION • Do you have compliance concerns that need addressing today? • Do you have cloud auditing set up? Is it automated? • Do you have a cloud security operate model? Copyright © 2017 Accenture. All rights reserved. 27
THANK YOU!

Recommended

The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...
The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...
The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...Amazon Web Services
 
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...Amazon Web Services
 
Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...
Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...
Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...Amazon Web Services
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017Amazon Web Services
 
Architecting a 24x7 Live Linear Broadcast for Availability on AWS
Architecting a 24x7 Live Linear Broadcast for Availability on AWSArchitecting a 24x7 Live Linear Broadcast for Availability on AWS
Architecting a 24x7 Live Linear Broadcast for Availability on AWSAmazon Web Services
 
Application Migrations at Scale
Application Migrations at ScaleApplication Migrations at Scale
Application Migrations at ScaleAmazon Web Services
 

Recommended

The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...
The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...
The Changing Landscape of Development with AWS Cloud - AWS PS Summit Canberra...Amazon Web Services
 
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...Amazon Web Services
 
Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...
Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...
Seamless Migration of Public Sector Data and Workloads to the AWS Cloud - AWS...Amazon Web Services
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017The State of Serverless Computing | AWS Public Sector Summit 2017
The State of Serverless Computing | AWS Public Sector Summit 2017Amazon Web Services
 
Architecting a 24x7 Live Linear Broadcast for Availability on AWS
Architecting a 24x7 Live Linear Broadcast for Availability on AWSArchitecting a 24x7 Live Linear Broadcast for Availability on AWS
Architecting a 24x7 Live Linear Broadcast for Availability on AWSAmazon Web Services
 
Application Migrations at Scale
Application Migrations at ScaleApplication Migrations at Scale
Application Migrations at ScaleAmazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...Amazon Web Services
 
Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...Amazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
Introducing AWS Greengrass
Introducing AWS GreengrassIntroducing AWS Greengrass
Introducing AWS GreengrassAmazon Web Services
 
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...Amazon Web Services
 
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...Amazon Web Services
 
Vancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakVancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakAmazon Web Services
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
 
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...Amazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...Amazon Web Services
 
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels Amazon Web Services
 
Building Your First Big Data Application on AWS
Building Your First Big Data Application on AWSBuilding Your First Big Data Application on AWS
Building Your First Big Data Application on AWSAmazon Web Services
 
Rackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSRackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSAmazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
 
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...Amazon Web Services
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...Amazon Web Services
 
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 

More Related Content

What's hot

AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...Amazon Web Services
 
Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...Amazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...Amazon Web Services
 
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...Amazon Web Services
 
Vancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakVancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakAmazon Web Services
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
 
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...Amazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...Amazon Web Services
 
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels Amazon Web Services
 
Building Your First Big Data Application on AWS
Building Your First Big Data Application on AWSBuilding Your First Big Data Application on AWS
Building Your First Big Data Application on AWSAmazon Web Services
 
Rackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSRackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSAmazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
 
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...Amazon Web Services
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...Amazon Web Services
 
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)Amazon Web Services
 

What's hot (20)

AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
 
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
AWS re:Invent 2016: Accelerating the Transition to Broadcast and OTT Infrastr...
 
Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016Reactive Cloud Security | AWS Public Sector Summit 2016
Reactive Cloud Security | AWS Public Sector Summit 2016
 
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
AWS re:Invent 2016: Using AWS Lambda to Build Control Systems for Your AWS In...
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
 
Introducing AWS Greengrass
Introducing AWS GreengrassIntroducing AWS Greengrass
Introducing AWS Greengrass
 
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
Customer Case Study: Terraforming Geoscience with Infracode - AWS PS Summit C...
 
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
AWS Compute Overview: Servers, Containers, Serverless, and Batch | AWS Public...
 
Vancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakVancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam Elmalak
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
 
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
Deep Dive On Object Storage: Amazon S3 and Amazon Glacier - AWS PS Summit Can...
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017
 
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
Amazon CloudWatch Logs and AWS Lambda: A Match Made in Heaven | AWS Public Se...
 
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
 
Building Your First Big Data Application on AWS
Building Your First Big Data Application on AWSBuilding Your First Big Data Application on AWS
Building Your First Big Data Application on AWS
 
Rackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWSRackspace Best Practices for DevOps on AWS
Rackspace Best Practices for DevOps on AWS
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
 
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
Understanding AWS Managed Database and Analytics Services | AWS Public Sector...
 
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
AWS re:Invent 2016: How Gree Launched New Games Faster and More Securely with...
 
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
AWS re:Invent 2016: Offload Security Heavy-lifting to the AWS Edge (CTD204)
 

Similar to Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canberra 2017

Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAmazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Similar to Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canberra 2017 (20)

Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
The Tightrope for K12 IT
The Tightrope for K12 ITThe Tightrope for K12 IT
The Tightrope for K12 IT
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canberra 2017

  • 1. CHRIS FLEISCHMANN JOURNEY TO CLOUD OFFERING EXECUTIVE ACCELERATING CLOUD ADOPTION FOR YOUR REGULATED WORKLOADS AWS SUMMIT 30 August 2017
  • 2. AGENDA • Continuous Compliance • The Accenture Security Framework for AWS • Demo • AWS Cloud Security Reference Architecture • Application Walk-through • Experience Copyright © 2017 Accenture. All rights reserved. 2
  • 3. Improve Workplace Productivity • Less time spent managing and tracking inventory • Document updates to meet new requirements • Reduce time spent on unplanned assessments CONTINUOUS COMPLIANCE WHY AUTOMATE COMPLIANCE? Improve Customer Experience • Less data loss • Resources have more time to address customer problems Fewer Unplanned Outages • Improve traceability through automated logging of all interactions • Increase data protection through less manual intervention Copyright © 2017 Accenture. All rights reserved. 3
  • 4. Shared Responsibilities Who is responsible for what CONTINUOUS COMPLIANCE THREE LINES OF DEFENCE AWS Services The services used to manage, monitor and control the data flow control between users and applications Application Controls What can you control Copyright © 2017 Accenture. All rights reserved. 4
  • 5. CONTINUOUS COMPLIANCE WHO IS RESPONSIBLE FOR WHAT? Copyright © 2017 Accenture. All rights reserved. 5 Accenture Security Framework Audit
  • 6. AWS CLOUD SECURITY REFERENCE ARCHITECTURE OVERVIEW Copyright © 2017 Accenture. All rights reserved. 6 Optimized security controls Incremental security controls Native security controls Application Security Digital Identity Foundation Security Data Privacy and Protection Cyber Security Operations Governance & Risk Management Accenture Cloud Security CapabilitiesCustomer Managed AWS security toolsAWS Managed Accenture SupportedLegend: AWS Native Security Tools AWS Incremental Security Controls AWS Optimized Security Controls Technical recommendations available Foundation Security Computer Storage Network Database Configuration Management & Alerting Security Assessment Identity, Access and Entitlement Management Security Information and Event Management Data Privacy and Protection Governance & Risk Management Regions Availability Zones Edge Locations
  • 7. • AWS IAM • AWS CloudTrail • VPC FlowLogs • AWS Config • S3 Encryption and • EBS Encryption. • AWS Certificate Manager • NAT Gateway • MFA… • … • There are more every day. CONTINUOUS COMPLIANCE? CONTROLS; THEM BE THE CONTROLS… Common AWS Services used to control the flow of information; Monitoring, Configuration, Alerting…: Copyright © 2017 Accenture. All rights reserved. 7
  • 8. CONTINUOUS COMPLIANCE ACCENTURE VALUE-ADD, A.K.A. MORE CONTROLS Accenture provides a framework to help you meet compliance. It provides the following controls: 1 of 3: Copyright © 2017 Accenture. All rights reserved. 8 Control Feature for AWS Component AWS Services Third-Party Services Access Controls Access Based on Business Needs Identification and Authentication Techniques Data Leakage Cryptographic Techniques to Restrict Data Data Protection and Access Controls • Role-Based Access Controls • Externalisation of Keys • Authentication and Access Controls • Encryption and Tokenisation • Encrypted Storage Volumes • Encryption in Transit • Encryption and Tokenisation Auditing and Configuration Management • Tamper-Proof Metrics • AWS IAM • AWS CloudHSM • AWS KMS • MFA • NAT Gateway • AWS CloudTrail • Amazon EBS Full Disk Encryption • Amazon S3 Encryption • AWS Certificate Manager • Amazon RDS • Ping • Microsoft Active Directory • [operating system authentication] Bastion Host • Remote Desktop • Native DN Transparent Database Encryption • CipherCloud Accenture Security Framework
  • 9. CONTINUOUS COMPLIANCE ACCENTURE CONTROLS 2 of 3: Copyright © 2017 Accenture. All rights reserved. 9 Control Feature For AWS Component AWS Services Third-Party Services IT Asset Lifecycle Management Controls Physical Security Secure Software Development Legacy Technologies Emerging Technologies Monitoring Process Incident Management Auditing and Configuration Management • Tamper-Proof Metrics • Configuration and Change Management • Continuous Deployment • Hydration • Alarms and Actions • Log and Capture Flows Separation and Flow Controls • AWS Compliance Reports • AWS CodeCommit • AWS CodeDeploy • AWS CodeWorkflow • Auto Scaling groups • AWS CloudWatch • AWS CloudFormation • IAM Accounts • Amazon Virtual Private Cloud (VPC) Security Groups • AWS CloudTrail • Amazon AMI • Amazon Snapshot AMI • GitHub • Jenkins • Native DN Transparent Database Encryption • CipherCloud • Nagios • ZenOss • Splunk Accenture Security Framework
  • 10. CONTINUOUS COMPLIANCE ACCENTURE CONTROLS 3 of 3: Copyright © 2017 Accenture. All rights reserved. 10 Control Feature for AWS Component AWS Services Third-Party Services Monitoring and Incident Management Accountability and Audit Trails Auditing and Configuration Management • Alarms and Actions • Log and Capture Flows • AWS CloudWatch • AWS CloudTrail • Splunk • CyberArk • PUAM • QualysGuard IT Security Reporting and Metrics Regular Reporting Effective Security Metrics Auditing and Configuration Management • Alarms and Actions • Log and Capture Flows • Tamper-Proof Metrics • AWS CloudWatch • AWS CloudTrail • Splunk Business Disruption Reliance Auditing and Configuration Management • Continuous Deployment • Hydration • Alarms and Actions Separation and Flow Controls • IAM Accounts • VPC • Security Groups • AWS CodeDeploy, CodeCommit, CodeWorkflow • VPC: subnets, routing, gateways • Security Groups • IAM Accounts • CloudWatch • AutoScale Groups • Amazon ELB • Amazon RDS • DynamoDB • Amazon S3 Assurance IT Security and Assurance Auditing and Configuration Management • Role-based access • Alerting on deviation from defined configuration baselines • Roles and permissions used to store audit logs with correct permissions • AWS Compliance Reports • AWS Config Rules • S3 Permissions and Lifecycle Rules Accenture Security Framework
  • 11. CONTINUOUS COMPLIANCE PUTTING IT ALL TOGETHER: “It's easier to stop something happening in the first place than to repair the damage after it has happened”. Copyright © 2017 Accenture. All rights reserved. 11 DEMO TIME: PREVENTION IS BETTER THAN CURE
  • 12. CONTINUOUS COMPLIANCE Using AWS Config along with AWS Config Rules to check to make sure that port 22 is not open in any production security group. Copyright © 2017 Accenture. All rights reserved. 12 AWS Config Rules AWS Lambda Amazon SNS Trigger Lambda function when a user, group, role, or policy changes Run policy validation on resources to check if they are compliant. Alert when compliant status changes based on Lambda validation. 1 2 3 4 Proactively respond to the trigger using Lambda, revert change For further discussion: https://aws.amazon.com/blogs/security/how-to-monitor-aws-account-configuration-changes-and-api-calls-to- amazon-ec2-security-groups/
  • 13. SECURITY RECOMMENDATIONS Copyright © 2017 Accenture. All rights reserved. 13
  • 14. ACCOUNTS – REGIONS – AZS Copyright © 2017 Accenture. All rights reserved. 14 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Maximizes environment isolation with separate IAM domains Create a separate account for every environment to increase isolation at the expense of manageability. AWS PROD AWS Sydney DEV
  • 15. VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 15 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Isolated VPCs with no inter-dependencies Primary Region Production Development UAT / Test Isolation between accounts and VPCs by deploying separate instances of all infrastructure and security tools.
  • 16. VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 16 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Build tiers of applications with common functionality within subnets and distribute across multiple AZs for high availability. Use subnets and network ACLs to segment tiers of applications Presentation subnet security groupsecurity group security group Database subnet Application subnet security group security group security group security group security group security group Internet Gateway Web App Web App Web App App App App DB DB DB Corporate DC
  • 17. VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 17 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services Use subnets and network ACLs to segment tiers of applications EC2 Instance Global – Rules that are common to all instances such as DNS or NTP Operating System – Rules specific to an operating system such as the SSH port for Linux and RDP for Windows Application – Rules specific to all components of an application Role – Rules that apply to all instances of an application that perform the same function, a pool of web servers for instance
  • 18. VIRTUAL PRIVATE CLOUD (VPC) Copyright © 2017 Accenture. All rights reserved. 18 Acc Reg AZs NACLs Security Groups VPC Direct Connect Cyber Defense Services For business critical applications ensure that redundant connectivity exists between AWS and client facilities AWS Direct Connect Direct Connect Location Direct Connect Partner Internet Internet VPN VPN MPLS MPLS Customer Gateway #2 Primary corporate data center DR corporate data center Customer Gateway #1 Region Production Development Management Virtual Private Gateway Virtual Private Gateway Virtual Private Gateway
  • 19. USE ENCRYPTION IN TRANSIT AND AT REST Copyright © 2017 Accenture. All rights reserved. 19 AWS Storage Services Your applications in Amazon EC2 Your applications in your data center Encrypted Data S3 Glacier EBS Redshift RDS DynamoDB
  • 20. THE ACCENTURE SECURITY FRAMEWORK FOR AWS The Accenture Security Framework for AWS employs a layered approach to security, building on security features as required by the workload. Copyright © 2017 Accenture. All rights reserved. 20 Separation and Network Flow Controls Auditing and Configuration Management Data Protection and Access Management
  • 21. SEPARATION AND NETWORK FLOW CONTROLS Main Components of AWS: • AWS Accounts • Amazon Virtual Private Cloud (VPC), Internet Gateway & Peering • Subnets • Route Tables • Security Groups Copyright © 2017 Accenture. All rights reserved. 21
  • 22. DATA PROTECTION AND ACCESS MANAGEMENT Main Components of AWS: • Role-Based Access Controls • Externalisation of Keys • Authentication and Access Controls • Encryption and Tokenisation • Encrypted Storage Volumes • Encryption in Transit Copyright © 2017 Accenture. All rights reserved. 22
  • 23. AUDITING AND CONFIGURATION MANAGEMENT Main Components of AWS: • Log Capture and Flows • Tamper-Proof Metrics • Alarms and Actions • Configuration and Change Management • Continuous Deployment • Hydration Copyright © 2017 Accenture. All rights reserved. 23
  • 24. STOP…THE ARCHITECTURE CHANGES How to prevent the Architecture from unwelcome change? Copyright © 2017 Accenture. All rights reserved. 24 … ENTER DEMO
  • 25. CLOUD SECURITY OPERATING MODEL Use this Model to translate Cloud Security Strategy to Operating Results Cloud Security Operating Model results are measured by: • Business Risk Reduction • Cost Profile • Flexibility • Performance Metrics • Ability to Scale Cloud Security Strategy defines: • Cloud Security Vision and guiding principles • Service Strategy • Sourcing Strategy • Investments Objectives CLOUD SECURITY OPERATING MODEL How we execute the work Who is accountable for doing the work How we make, sponsor and enforce the right decisions around cloud security How we measure security effectiveness What enabling technology we use to deliver Cloud services How we interact to deliver consistent services How we organise ourselves to deliver services FUNCTIONS GOVERNANCE ORGANISATION, ROLES & SOURCING PERFORMANCE METRICS TOOLS INTERFACES PROCESSES Security Operating Model Copyright © 2017 Accenture. All rights re25
  • 26. ACCENTURE AWS OFFERINGS SUPPORT SCALE JOINTLY DEVELOPED AND DELIVERED SERVICES AND SOLUTIONS Copyright © 2017 Accenture. All rights reserved. 26 Run and operate via AWS managed services provider certified Accenture cloud platform Analytics & big data on AWS Accelerated path to analytics driven business relevant outcomes. The Accenture Insights Platform, AWS Edition leverages AWS’ big data and analytics services An enabler for industries that manage risk and compliance challenges of regulated data in the AWS cloud Iot solutions and services on AWS Comprehensive industry solutions and secure, scalable IoT platform. Industry-specific solutions include Connected Home and Insurance Telematics, with more to follow. Solutions run on Accenture Connected Products as a Service (CPaaS) our broadly deployed and open IoT platform architecture, integrated with and optimised for AWS IoT services. Cloud transformation services optimised for AWS Move existing applications to and develop new applications on AWS. Services include: • Cloud strategy • Organisational and architecture design • Application migration and refactoring • Application development services • Migration ‘factory’ to automate processes SAP migration to AWS Simplify and accelerate the journey of most customers moving their SAP applications to the cloud in the next 2-5 years. Services include: • SAP Implementation • Cloud Infrastructure Architecture and Setup • SAP Run Support for Basis, Functional, and Development • Cloud Infrastructure Project & Run Support Cloud operating model – security solutions Enhanced security solutions focus on defence in depth depth to secure client data and applications emphasising visibility and auditability. Services include: • Security assessment and strategy for full migration or hybrid AWS cloud scenarios • Security architecture and design • Security expertise in cyber defenses: intrusion and anomaly detection, breach protection, vulnerability assessment with Accenture Cyber Defence Platform Strategic solutions • Workplace-as-a-Service • Accenture Digital Video
  • 27. CALL TO ACTION • Do you have compliance concerns that need addressing today? • Do you have cloud auditing set up? Is it automated? • Do you have a cloud security operate model? Copyright © 2017 Accenture. All rights reserved. 27