AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit

•

6 likes•727 views

Zero Trust Security is quickly rising as a preferred alternative to traditional security approaches. The key enabling technology underlying the Zero Trust Security approach is Next-Gen Access, which combines the critical capabilities of such technologies as Identity as a Service (IDaaS), enterprise mobility management (EMM), and privileged access management (PAM). In this session, we highlight AWS security best practices in a Zero Trust Security model. Specifically, we explore securing the AWS root account, controlling access to the AWS Management Console and AWS CLI, and managing developer access to Amazon EC2 instances and the containerized applications that run on them. This session is brought to you by AWS partner, Centrify.

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
David McNeely
VP of Product Strategy, Centrify
AWS Security Best Practices
in a Zero Trust Security Model
DEM06

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
• Security and your part of Shared Responsibility Model
• Zero Trust Security overview
• Centrify best practices for AWS security

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Shared Responsibility Model
YOU:
AWS:

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
VERIFY
THE USER
VALIDATE
THEIR DEVICE
LIMIT ACCESS
& PRIVILEGE
LEARN & ADAPT
Centrify Zero Trust Security

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
MATURITY
MORE
SECURE
DANGER
Too Many Passwords
Too Much Privilege
Zero Trust Security Maturity Model
Analyze Risk
Monitor Sessions
Integrate with SIEM
AUDIT
EVERYTHING
Just-in-Time Privilege
Just Enough Privilege
Don’t Break Glass
Lifecycle Management
ENFORCE
LEAST PRIVILEGE
Establish Access Zones
Trusted Endpoints
Conditional Access
Minimize VPN Access
No DevOps Passwords
LIMIT
LATERAL MOVEMENT
Consolidate Identities
MFA Everywhere
Risk-based Access
SSO Everywhere
ESTABLISH
IDENTITY ASSURANCE

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Centrify Best Practices for Securing AWS workloads
Common Security
Model
Eliminate Shared
Amazon EC2 Key Pairs
Ensure
Accountability
Least Privilege
Access
MFA Everywhere Audit Everything

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Additional security for AWS Management Console access
Lock down the “root” or billing account
Establish Federated login
Enforce Role-based temporary privileges

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Enforce IAM Role-based Temporary Privileges
Delegate AWS privileges by AWS Role Mapping
Enable Request-based Access to enable temporary access rights
Centrify User Portal provides SSO access to the AWS Console
AWS CLI tools and PowerShell Access

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Control Access to Amazon EC2 Instances
Extend Enterprise IAM to Amazon EC2
Enforce Least Privilege
Require Multi-Factor Authentication
Site to Site
VPN
Active Directory
ENTERPRISE
Active Directory
VPC
AD 1-way
Trust

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Centrify Privilege Service for Amazon EC2 Instances
Secure Remote Access
Access Request Workflow
Lock down root accounts
Application Password Management
Active Directory

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Enterprise IAM and MFA for Hosted Applications
Extend Enterprise IAM for Apps
Require Multi-Factor Authentication
Single Sign-on for Users

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure Docker Hosts
IAM and PAM for Linux Docker Host or CoreOS
Container Linux
Docker Group Management
PAM for Docker
IT Ops
Containers
Container Host
Docker
AD

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure Apps in Containers
IAM and PAM for DevOps login access to Containers
• Developers login to container via SSH independent of the host
• Ops will most likely need break-glass access
AAPM and Service Accounts for Apps Containers
Container
Host
Docker
Developers
AD
Containers
Container
Host
Docker
Centrify
Infrastructure
Services

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Secure Your Container Management Platforms
IAM Services for Container Management
Active Directory Integration for on-premises
deployments
Containers
Container
Host
Docker
DevOps
Staff
Container
Orchestration
AD
Linux
Host with
Centrify
LDAP
Proxy
DevOps
Staff
Centrify
Service

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Additional Resources
Centrify Solutions for AWS
• www.centrify.com/aws
TechCenter for AWS
• community.centrify.com/aws
Script Repository
• github.com/centrify
White Papers:
• Centrify’s Six Best Practices for Securing AWS Environments
• http://www.centrify.com/resources/six-best-practices-for-securing-amazon-web-services/
• AWS IAM Best Practices and Use Cases
• http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html
• Gartner “How to Make Cloud IaaS Workloads More Secure Than Your Own Data Center”
• https://www.gartner.com/doc/3352444/make-cloud-iaas-workloads-secure

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Please complete the session survey in
the summit mobile app!

© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Thank You!
Please stop by Centrify booth #201
David.McNeely@Centrify.com

What's hot

AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Amazon Web Services

Security Architectures on AWS

Amazon Web Services

Cloud Security

AWS User Group Bengaluru

CASB: Securing your cloud applications

Forcepoint LLC

AWS Security By Design

Amazon Web Services

In this session, we discuss architectural principles that helps simplify big data analytics. We'll apply principles to various stages of big data processing: collect, store, process, analyze, and visualize. We'll disucss how to choose the right technology in each stage based on criteria such as data structure, query latency, cost, request rate, item size, data volume, durability, and so on. Finally, we provide reference architectures, design patterns, and best practices for assembling these technologies to solve your big data problems at the right cost.

Big Data Analytics Architectural Patterns and Best Practices (ANT201-R1) - AW...

Amazon Web Services

With the emergence of the Secure Access Service Edge (SASE), network and security professionals are struggling to build a migration plan for this new platform that adapts to the distributed nature of users and data. SASE promises to reduce complexity and cost, improve performance, increase accessibility and enhance security. The question is: How do you gain these benefits as you work towards implementing a SASE architecture? View to learn: -Why SASE should be less complicated than many vendors are making it -What to look for when evaluating a migration to a SASE platform -A 3 month, 6 month, and 12 month roadmap for implementation -How Cloudflare One, a purpose-built SASE platform, delivers on these promised benefits

Succeeding with Secure Access Service Edge (SASE)

Cloudflare

Zero Trust Framework for Network Security

AlgoSec

Cloud app security is a top priority for many enterprises. Whether securing data in the Office 365 suite, ensuring compliance in Salesforce, or getting control over shadow IT, information security leaders are exploring how Cloud Access Security Brokers can make an impact in their organizations. This presentation covers the top five CASB use cases that have the highest impact on cloud-consuming enterprises.

5 Highest-Impact CASB Use Cases

Netskope

Cloud Migration Strategy Framework

PT Datacomm Diangraha

Forcepoint Dynamic Data Protection

MarketingArrowECS_CZ

Implementing a Cloud Center of Excellence (CCoE) promotes a seamless transition to the cloud for any organization. Cloud adoption includes communicating a new strategic direction, involving stakeholders from across the organization, identifying skill gaps, identifying key team members, and establishing a realistic roadmap. JHC Technology presents how organizations can manage, evaluate, automate, and continuously spur cloud adoption through repeatability, allowing the organization to deploy innovation today and be ready for whatever comes tomorrow. As part of this discussion we will review the framework necessary to identify AWS Partners that can provide the best value to your organization. Elizabeth Boudreau, Cloud Executive Advisor, Amazon Web Services Matt Jordan, Vice President, Corporate Strategy & Development, JHC Technology

A Roadmap to Cloud Center of Excellence Adoption

Amazon Web Services

The Cloud Controls Matrix (CCM) is an industry accepted set of principles and guidelines that can be leveraged to assess services, products, and your own security posture in the cloud. The framework is based on security requirements and criteria from research conducted by the Cloud Security Alliance (CSA). Learn about the architectural elements of the framework, its impact on international standards, and how it maps to over 30 other industry regulations.

Introduction to the CSA Cloud Controls Matrix

John Yeoh

Disaster recovery and business continuity solutions have been historically expensive and time consuming. Microsoft Azure Site Recovery (ASR) makes Disaster Recovery (DR) planning and implementation simpler and affordable for all types of organizations. Join our team of cloud experts for a walk through of DR and ASR basics. We'll highlight best practices for ASR deployments and help you get a sense of the costs for implementing a solution.

Disaster Recovery Planning using Azure Site Recovery

Nitin Agarwal

In the event of a disaster, you need to be able to recover lost data quickly to ensure business continuity. For critical applications, keeping your time to recover and data loss to a minimum and optimizing your overall capital expense can be challenging. This session presents AWS features and services along with disaster recovery architectures that you can leverage when building highly available and disaster-resilient strategies.

Disaster Recovery Options with AWS

Amazon Web Services

AWS Security Week: Security, Identity, & Compliance

Amazon Web Services

Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS. Matt Johnson, Solutions Architect, AWS

Managing Security on AWS

Amazon Web Services

Introduction to AWS Security

Amazon Web Services

FireEye Solutions

Prime Infoserv

Iam presentation

AWS UG PK

What's hot (20)

Using AWS Control Tower to govern multi-account AWS environments at scale - G...

Security Architectures on AWS

Cloud Security

CASB: Securing your cloud applications

AWS Security By Design

Big Data Analytics Architectural Patterns and Best Practices (ANT201-R1) - AW...

Succeeding with Secure Access Service Edge (SASE)

Zero Trust Framework for Network Security

5 Highest-Impact CASB Use Cases

Cloud Migration Strategy Framework

Forcepoint Dynamic Data Protection

A Roadmap to Cloud Center of Excellence Adoption

Introduction to the CSA Cloud Controls Matrix

Disaster Recovery Planning using Azure Site Recovery

Disaster Recovery Options with AWS

AWS Security Week: Security, Identity, & Compliance

Managing Security on AWS

Introduction to AWS Security

FireEye Solutions

Iam presentation

Similar to AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit

When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices. Products & Services: Amazon CloudWatch, AWS CloudTrail, AWS Config, AWS CloudFormation, AWS IAM and AWS Direct Connect

Landing zones: Creating a Foundation for Your AWS Migrations

Ali Asgar Juzer

Landing Zones: Creating a Foundation for Your AWS Migrations When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices. Ali Juzer, Cloud Architect, Professional Services, Amazon Web Services

Landing Zones Creating a Foundation - AWS Summit Sydney 2018

Amazon Web Services

AWS Governance at Scale_AWSPSSummit_Singapore

Amazon Web Services

Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...

Amazon Web Services

As companies employ DevOps practices to push applications faster into production through better collaboration and automated testing, security is often seen as an inhibitor to speed. The challenge for many organizations is getting applications delivered at a fast pace while embedding security at the speed of DevOps. In this session, learn how AWS Marketplace products and customers help make DevSecOps a well-orchestrated methodology to ensure the speed, stability, and security of your applications.

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

Amazon Web Services

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

Amazon Web Services

How to Implement a Well-Architected Security Solution.pdf

Amazon Web Services

AWSome Day Online Conference 2018 Module 1.pdf

Amazon Web Services

This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.

Security@Scale

Amazon Web Services

Serverless architecture and a microservices approach has changed the way we develop applications. Increased composability doesn't have to mean decreased auditability or security. In this talk, we discuss the security model for applications based on AWS Lambda functions and Amazon API Gateway. Learn about the security and compliance that comes with Lambda right out of the box and with no extra charge or management. We also cover services like AWS Config, AWS Identity and Access Management (IAM), Amazon Cognito, and AWS Secrets Manager available on the platform to help manage application security.

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...

Amazon Web Services

The area of identity, authentication, and authorization has significantly evolved in recent years, and this often leaves customers unsure of how to solve for user authentication with .NET applications hosted on AWS. In this workshop, we attempt to baseline the most common technology choices for .NET authentication (Windows Integrated Authentication, SAML, OpenID Connect, OAuth, etc.) and discuss the most common architectures and configurations that customers can leverage when running .NET applications on AWS. Attendees also have a chance to run through hands-on lab exercises for each of the architectures discussed.

Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...

Amazon Web Services

As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days. There will be code giveaways and more!

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...

Amazon Web Services

Are you interested in becoming a IAM policy master and learning about powerful techniques for controlling access to AWS resources? If your answer is “yes,” this session is for you. Join us as we cover the different types of policies and describe how they work together to control access to resources in your account and across your AWS organization. We walk through use cases that help you delegate permission management to developers by demonstrating IAM permission boundaries. We take an in-depth look at controlling access to specific AWS regions using condition keys. Finally, we explain how to use tags to scale permissions management in your account. This session requires you to know the basics of IAM policies.

Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...

Amazon Web Services

The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

Amazon Web Services

A Case Study on Insider Threat Detection

Amazon Web Services

Not having to worry about servers can save you time and effort. Today with a serverless platform, you can globally distribute your web-application to run on dozens of data centers across the planet, with your customers being served from the one nearest to them. In this session to learn how you can combine forces -- with Drupal as a powerful Headless CMS, AWS Lambda@Edge providing serverless compute functionality, and Amazon CloudFront accelerating content through its global network. In this presentation, we look at architecture, integration examples, and best practices for some of the most popular use-cases from across different channels such as web, mobile, and social media. Learn more: https://aws.amazon.com/cloudfront/

Making Headless Drupal Serverless

Amazon Web Services

Governança em escala é um conceito cada vez mais importante para os clientes à medida que eles adotam a nuvem AWS. A governança baseia-se na distribuição de cargas de trabalho em contas separadas e no uso de boas práticas de segurança de acordo com as necessidades dos clientes. Esta sessão abordará como usar dezenas ou até centenas de contas para criar um isolamento entre as cargas de trabalho, com base em padrões de implementação e considerando controle de custos. Palestrante: MV Ferreira

Governance@scale [Portuguese]

Amazon Web Services

Getting Started with AWS Security

Amazon Web Services

Cloud Migration Insights Forum, Sydney

Amazon Web Services

This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too. Level: 100 Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS

Introduction to AWS Security

Amazon Web Services

Similar to AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit (20)

Landing zones: Creating a Foundation for Your AWS Migrations

Landing Zones Creating a Foundation - AWS Summit Sydney 2018

AWS Governance at Scale_AWSPSSummit_Singapore

Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...

Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...

How to Implement a Well-Architected Security Solution.pdf

AWSome Day Online Conference 2018 Module 1.pdf

Security@Scale

Security & Compliance for Modern Serverless Applications (SRV319-R1) - AWS re...

Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...

Become an IAM Policy Master in 60 Minutes or Less (SEC316-R1) - AWS reInvent ...

The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks

A Case Study on Insider Threat Detection

Making Headless Drupal Serverless

Governance@scale [Portuguese]

Getting Started with AWS Security

Cloud Migration Insights Forum, Sydney

Introduction to AWS Security

More from Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Costruire Applicazioni Moderne con AWS

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Open banking as a service

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Computer Vision con AWS

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Tools for building your MVP on AWS

Amazon Web Services

How to Build a Winning Pitch Deck

Amazon Web Services

Building a web application without servers

Amazon Web Services

Fundraising Essentials

Amazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

Introduzione a Amazon Elastic Container Service

Amazon Web Services

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda • Security and your part of Shared Responsibility Model • Zero Trust Security overview • Centrify best practices for AWS security

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. MATURITY MORE SECURE DANGER Too Many Passwords Too Much Privilege Zero Trust Security Maturity Model Analyze Risk Monitor Sessions Integrate with SIEM AUDIT EVERYTHING Just-in-Time Privilege Just Enough Privilege Don’t Break Glass Lifecycle Management ENFORCE LEAST PRIVILEGE Establish Access Zones Trusted Endpoints Conditional Access Minimize VPN Access No DevOps Passwords LIMIT LATERAL MOVEMENT Consolidate Identities MFA Everywhere Risk-based Access SSO Everywhere ESTABLISH IDENTITY ASSURANCE

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centrify Best Practices for Securing AWS workloads Common Security Model Eliminate Shared Amazon EC2 Key Pairs Ensure Accountability Least Privilege Access MFA Everywhere Audit Everything

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional security for AWS Management Console access Lock down the “root” or billing account Establish Federated login Enforce Role-based temporary privileges

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enforce IAM Role-based Temporary Privileges Delegate AWS privileges by AWS Role Mapping Enable Request-based Access to enable temporary access rights Centrify User Portal provides SSO access to the AWS Console AWS CLI tools and PowerShell Access

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Control Access to Amazon EC2 Instances Extend Enterprise IAM to Amazon EC2 Enforce Least Privilege Require Multi-Factor Authentication Site to Site VPN Active Directory ENTERPRISE Active Directory VPC AD 1-way Trust

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Centrify Privilege Service for Amazon EC2 Instances Secure Remote Access Access Request Workflow Lock down root accounts Application Password Management Active Directory

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise IAM and MFA for Hosted Applications Extend Enterprise IAM for Apps Require Multi-Factor Authentication Single Sign-on for Users

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure Docker Hosts IAM and PAM for Linux Docker Host or CoreOS Container Linux Docker Group Management PAM for Docker IT Ops Containers Container Host Docker AD

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure Apps in Containers IAM and PAM for DevOps login access to Containers • Developers login to container via SSH independent of the host • Ops will most likely need break-glass access AAPM and Service Accounts for Apps Containers Container Host Docker Developers AD Containers Container Host Docker Centrify Infrastructure Services

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure Your Container Management Platforms IAM Services for Container Management Active Directory Integration for on-premises deployments Containers Container Host Docker DevOps Staff Container Orchestration AD Linux Host with Centrify LDAP Proxy DevOps Staff Centrify Service

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional Resources Centrify Solutions for AWS • www.centrify.com/aws TechCenter for AWS • community.centrify.com/aws Script Repository • github.com/centrify White Papers: • Centrify’s Six Best Practices for Securing AWS Environments • http://www.centrify.com/resources/six-best-practices-for-securing-amazon-web-services/ • AWS IAM Best Practices and Use Cases • http://docs.aws.amazon.com/IAM/latest/UserGuide/best-practices.html • Gartner “How to Make Cloud IaaS Workloads More Secure Than Your Own Data Center” • https://www.gartner.com/doc/3352444/make-cloud-iaas-workloads-secure

AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit

Similar to AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit (20)

More from Amazon Web Services

More from Amazon Web Services (20)

AWS Security Best Practices in a Zero Trust Security Model - DEM06 - Atlanta AWS Summit