SlideShare a Scribd company logo

Automating Compliance for Financial Institutions - AWS Summit SG 2017

Amazon Web Services
Amazon Web Services

This session demonstrates how to architect for continuous compliance and security using CloudWatch Events and AWS Config rules. This session focuses on the actual code for the various controls, actions, and remediation features, and how to use various AWS services and features to build them. The demos in this session include CIS Amazon Web Services Foundations validation; examples of custom rules for regulatory compliance and how to automate aspects of incident response.

Technology
1 of 30
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Compliance for Financial Institutions Myles Hosford Security Solutions Architect, Amazon Web Services, APAC
What to expect from this session • How To Enforce Compliance • How To Assess Compliance • How To Remediate Compliance • Services: • AWS Config Rules • AWS CloudFormation • AWS Service Catalog
COMPLIANCE ‘a state of being in accordance with established guidelines, industry regulations and government legislation’
The Compliance Cycle Assess RemediateEnforce AWS Config AWS CloudTrail AWS Lambda AWS CloudFormation AWS Service Catalog Config Rules IAM
How do you enforce compliance?
AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
AWS CloudFormation – Everything as Code Template StackAWS CloudFormation ü Orchestrate changes across AWS Services ü Use as foundation to Service Catalog products ü Use with source code repositories to manage infrastructure changes ü JSON/YAML-based text file describing infrastructure ü Resources created from a template ü Can be updated
Auto Scaling group DMZ Zone security group security group root volume data volume S3 bucket (encrypted AES256) logs Amazon EBS snapshot (encrypted at rest) EC2 instance WEB corporate data center Auto Scaling group App Zone security group root volume data volume S3 bucket (encrypted AES256) logs Amazon EBS snapshot EC2 instance APP DB Zone AWS CloudHSM security group AWS KMS Direct Connect Or VPN Internet HTTP / HTTPS only to the web-tier
• Firewall rules • Network ACLs • Internal and external subnets • Gold OS images • Encryption • Compliance Checks • Logging & Monitoring Everything is Code AWS JSON translation Gold Image, NTP and NAT Network ACLs, Subnets, FW rules
CloudFormation. An example: Firewall rule
Any IP on the Internet Telnet, insecure, clear-text protocol CloudFormation. An example: Firewall rule Mis-configuration detected BEFORE the environment is even built! Fail to MAS TRM 9.1.1: FIs should identify important data and adopt adequate measures to detect and prevent unauthorised access, copying or transmission of confidential information.
Service Catalog Organizations Developers Control Standardization Governance Agility Self-service Time to market AWS Service Catalog allows organizations to create and manage catalogs of IT services. It enables users to quickly deploy the approved IT services they need in a self-service manner.
How do you enforce compliance?
How do you assess compliance?
IT Security Policy & Controls
IT Security Policy & Controls Nobody reads them Difficult to enforce Rarely updated
AWS Config Rules • Set up rules to check configuration changes recorded • Use pre-built rules provided by AWS • Author custom rules using AWS Lambda • Invoked automatically for continuous assessment • Use dashboard for visualizing compliance and identifying offending changes
AWS Config Rules Internal Controls MAS Guidelines Industry best practice Bake these compliance checks into your CloudFormation templates
AWS Config Rules – Managed Rules (30+) Encrypted Volumes Restricted SSH CloudTrail Enabled Root MFA Password Policy Approved OS Image
Custom Rules
MAS TRM Guideline AWS Config Rule 9.1.6 Confidential information stored on IT systems, servers and databases should be encrypted Encryption should be used for EBS Volumes 9.3.2 The FI should conduct regular enforcement checks to ensure that the baseline standards are applied uniformly and non-compliances are detected and raised for investigation. Instances must be from a specific ‘gold’ approved AMI 9.6.2 The FI should implement network surveillance and security monitoring procedures VPC Flow Logs must be enabled MAS TRM Example Managed Rule Managed Rule Custom Rule
How do you assess compliance?
How do you remediate non-compliance?
AWS Config Encryption Gold OS Image VPC Flow Logs Users Compliance Topic Amazon SNS Continuous Remediation Changes AWS Lambda Auto- Remediate Function 1. Terminate 2. Encrypt 3. Alert Ops 4. Do Nothing
AWS Config Encryption Gold OS Image VPC Flow Logs Users Periodic Remediation / Reporting Changes AWS Lambda Periodic Poll Function 1. Terminate 2. Encrypt 3. Alert Ops 4. Do Nothing AWS API Risk Report
Create Periodic Risk & Compliance Reports
How do you remediate non-compliance?
Conclusion Prevent users operating in a non- compliant environment. Perform Continuous Compliance. Annual assessments do not meet the bar. Automate remediation. Improve consistency and response time. Automate Everything. Prevention. Detection. Response.
Thank you! Stay Secure!

Recommended

Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Amazon Web Services
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Amazon Web Services
 
Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Amazon Web Services
 
Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Amazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaAmazon Web Services
 
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...Amazon Web Services
 

Recommended

Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Amazon Web Services
 
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Amazon Web Services
 
Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Microsoft on AWS - AWS Summit SG 2017
Microsoft on AWS - AWS Summit SG 2017Amazon Web Services
 
Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Amazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaAmazon Web Services
 
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...Amazon Web Services
 
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Amazon Web Services
 
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017Amazon Web Services
 
Opening Keynote - AWS Summit SG 2017
Opening Keynote - AWS Summit SG 2017Opening Keynote - AWS Summit SG 2017
Opening Keynote - AWS Summit SG 2017Amazon Web Services
 
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Amazon Web Services
 
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels Amazon Web Services
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Lighting your Big Data Fire with Apache Spark
Lighting your Big Data Fire with Apache SparkLighting your Big Data Fire with Apache Spark
Lighting your Big Data Fire with Apache SparkAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudKeeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
AWS Enterprise Summit London 2013 - Stuart Lynn - Sage
AWS Enterprise Summit London 2013 - Stuart Lynn - SageAWS Enterprise Summit London 2013 - Stuart Lynn - Sage
AWS Enterprise Summit London 2013 - Stuart Lynn - SageAmazon Web Services
 
Accelerate your Cloud Success with Platform Services
Accelerate your Cloud Success with Platform ServicesAccelerate your Cloud Success with Platform Services
Accelerate your Cloud Success with Platform ServicesAmazon Web Services
 
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Amazon Web Services
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...AWS Germany
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliCasi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliAmazon Web Services
 
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...Amazon Web Services
 
Accelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAmazon Web Services
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...Amazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 

More Related Content

What's hot

Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Amazon Web Services
 
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017Amazon Web Services
 
Opening Keynote - AWS Summit SG 2017
Opening Keynote - AWS Summit SG 2017Opening Keynote - AWS Summit SG 2017
Opening Keynote - AWS Summit SG 2017Amazon Web Services
 
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Amazon Web Services
 
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels Amazon Web Services
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Lighting your Big Data Fire with Apache Spark
Lighting your Big Data Fire with Apache SparkLighting your Big Data Fire with Apache Spark
Lighting your Big Data Fire with Apache SparkAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...Amazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudKeeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
AWS Enterprise Summit London 2013 - Stuart Lynn - Sage
AWS Enterprise Summit London 2013 - Stuart Lynn - SageAWS Enterprise Summit London 2013 - Stuart Lynn - Sage
AWS Enterprise Summit London 2013 - Stuart Lynn - SageAmazon Web Services
 
Accelerate your Cloud Success with Platform Services
Accelerate your Cloud Success with Platform ServicesAccelerate your Cloud Success with Platform Services
Accelerate your Cloud Success with Platform ServicesAmazon Web Services
 
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Amazon Web Services
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...AWS Germany
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliCasi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliAmazon Web Services
 
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...Amazon Web Services
 
Accelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAmazon Web Services
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...Amazon Web Services
 

What's hot (20)

Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
 
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
GitHub Enterprise and Automation with Codedeploy - AWS Summit SG 2017
 
Opening Keynote - AWS Summit SG 2017
Opening Keynote - AWS Summit SG 2017Opening Keynote - AWS Summit SG 2017
Opening Keynote - AWS Summit SG 2017
 
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
 
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
Lighting your Big Data Fire with Apache Spark
Lighting your Big Data Fire with Apache SparkLighting your Big Data Fire with Apache Spark
Lighting your Big Data Fire with Apache Spark
 
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
3 Secrets to Becoming a Cloud Security Superhero - Session Sponsored by Trend...
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the CloudKeeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
 
AWS Enterprise Summit London 2013 - Stuart Lynn - Sage
AWS Enterprise Summit London 2013 - Stuart Lynn - SageAWS Enterprise Summit London 2013 - Stuart Lynn - Sage
AWS Enterprise Summit London 2013 - Stuart Lynn - Sage
 
Accelerate your Cloud Success with Platform Services
Accelerate your Cloud Success with Platform ServicesAccelerate your Cloud Success with Platform Services
Accelerate your Cloud Success with Platform Services
 
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliCasi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
 
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
Your Business at the Speed of Cloud. Innovate with Cloud-Native App Delivery,...
 
Accelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurement
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
AWS re:Invent 2016: Open Source at AWS—Contributions, Support, and Engagement...
 

Similar to Automating Compliance for Financial Institutions - AWS Summit SG 2017

Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Amazon Web Services
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...Faiza Mehar
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & Compliance(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & ComplianceAmazon Web Services
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Amazon Web Services
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsAmazon Web Services
 
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 

Similar to Automating Compliance for Financial Institutions - AWS Summit SG 2017 (20)

Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017
 
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
CIS Compliance Automations Eevidence Collection, Security and Compliance Be...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & Compliance(SEC312) Reliable Design & Deployment of Security & Compliance
(SEC312) Reliable Design & Deployment of Security & Compliance
 
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
Using AWS CloudTrail and AWS Config to Enhance Governance and Compliance of A...
 
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management ToolsRaleigh DevDay 2017: Deep Dive on AWS Management Tools
Raleigh DevDay 2017: Deep Dive on AWS Management Tools
 
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...Raleigh DevDay 2017: Are you well architected learn best practices to build r...
Raleigh DevDay 2017: Are you well architected learn best practices to build r...
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Automating Compliance for Financial Institutions - AWS Summit SG 2017

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automating Compliance for Financial Institutions Myles Hosford Security Solutions Architect, Amazon Web Services, APAC
  • 2. What to expect from this session • How To Enforce Compliance • How To Assess Compliance • How To Remediate Compliance • Services: • AWS Config Rules • AWS CloudFormation • AWS Service Catalog
  • 3. COMPLIANCE ‘a state of being in accordance with established guidelines, industry regulations and government legislation’
  • 5. How do you enforce compliance?
  • 6. AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
  • 7. AWS CloudFormation – Everything as Code Template StackAWS CloudFormation ü Orchestrate changes across AWS Services ü Use as foundation to Service Catalog products ü Use with source code repositories to manage infrastructure changes ü JSON/YAML-based text file describing infrastructure ü Resources created from a template ü Can be updated
  • 8. Auto Scaling group DMZ Zone security group security group root volume data volume S3 bucket (encrypted AES256) logs Amazon EBS snapshot (encrypted at rest) EC2 instance WEB corporate data center Auto Scaling group App Zone security group root volume data volume S3 bucket (encrypted AES256) logs Amazon EBS snapshot EC2 instance APP DB Zone AWS CloudHSM security group AWS KMS Direct Connect Or VPN Internet HTTP / HTTPS only to the web-tier
  • 9. • Firewall rules • Network ACLs • Internal and external subnets • Gold OS images • Encryption • Compliance Checks • Logging & Monitoring Everything is Code AWS JSON translation Gold Image, NTP and NAT Network ACLs, Subnets, FW rules
  • 11. Any IP on the Internet Telnet, insecure, clear-text protocol CloudFormation. An example: Firewall rule Mis-configuration detected BEFORE the environment is even built! Fail to MAS TRM 9.1.1: FIs should identify important data and adopt adequate measures to detect and prevent unauthorised access, copying or transmission of confidential information.
  • 12. Service Catalog Organizations Developers Control Standardization Governance Agility Self-service Time to market AWS Service Catalog allows organizations to create and manage catalogs of IT services. It enables users to quickly deploy the approved IT services they need in a self-service manner.
  • 13. How do you enforce compliance?
  • 14. How do you assess compliance?
  • 15. IT Security Policy & Controls
  • 16. IT Security Policy & Controls Nobody reads them Difficult to enforce Rarely updated
  • 17. AWS Config Rules • Set up rules to check configuration changes recorded • Use pre-built rules provided by AWS • Author custom rules using AWS Lambda • Invoked automatically for continuous assessment • Use dashboard for visualizing compliance and identifying offending changes
  • 18. AWS Config Rules Internal Controls MAS Guidelines Industry best practice Bake these compliance checks into your CloudFormation templates
  • 19. AWS Config Rules – Managed Rules (30+) Encrypted Volumes Restricted SSH CloudTrail Enabled Root MFA Password Policy Approved OS Image
  • 21. MAS TRM Guideline AWS Config Rule 9.1.6 Confidential information stored on IT systems, servers and databases should be encrypted Encryption should be used for EBS Volumes 9.3.2 The FI should conduct regular enforcement checks to ensure that the baseline standards are applied uniformly and non-compliances are detected and raised for investigation. Instances must be from a specific ‘gold’ approved AMI 9.6.2 The FI should implement network surveillance and security monitoring procedures VPC Flow Logs must be enabled MAS TRM Example Managed Rule Managed Rule Custom Rule
  • 22. How do you assess compliance?
  • 23. How do you remediate non-compliance?
  • 24. AWS Config Encryption Gold OS Image VPC Flow Logs Users Compliance Topic Amazon SNS Continuous Remediation Changes AWS Lambda Auto- Remediate Function 1. Terminate 2. Encrypt 3. Alert Ops 4. Do Nothing
  • 25. AWS Config Encryption Gold OS Image VPC Flow Logs Users Periodic Remediation / Reporting Changes AWS Lambda Periodic Poll Function 1. Terminate 2. Encrypt 3. Alert Ops 4. Do Nothing AWS API Risk Report
  • 26. Create Periodic Risk & Compliance Reports
  • 27.
  • 28. How do you remediate non-compliance?
  • 29. Conclusion Prevent users operating in a non- compliant environment. Perform Continuous Compliance. Annual assessments do not meet the bar. Automate remediation. Improve consistency and response time. Automate Everything. Prevention. Detection. Response.