Evident.io helps modern IT and DevOps teams implement and maintain security within the AWS shared responsibility model by enabling IT, Security, Engineering, and Operations with a continuous global view of security risk and actionable intelligence to rapidly remediate and secure AWS deployments.
Hear how one of their customers combined the detection and analysis of misconfigurations, vulnerabilities, and risk with guided remediation and audit capabilities to gain visibility of their security environment, automate processes and meet compliance requirements.
Eddie Borrero, Chief Information Security Officer, Robert Half International
Phil Rodrigues, Security Solution Architect, AWS
Craig Dent, Solutions Architect, Evident.io
Automating Cloud Security and Compliance with Continuous Monitoring
1. Best Practices for Automating the
Cloud Security Process
Phil Rodrigues, Solutions Architect, AWS
Craig Dent, Solutions Architect, Evident.io
Eddie Borrero, CISO, Robert Half International
2. $6.53M 56% 70%
https://www.csid.com/resources/stats/data-breaches/
Increase in theft of hard
intellectual property
http://www.pwc.com/gx/en/issues/cyber-
security/information-security-survey.html
Of consumers indicated
they’d avoid businesses
following a security breach
https://www.csid.com/resources/stats/data-breaches/
Average cost of a
data breach
Your Data and IP Are Your Most Valuable Assets
3. In June 2015, IDC released a report which found that most customers
can be more secure in AWS than their on-premises environment. How?
Automating logging
and monitoring
Simplifying
resource access
Making it easy to
encrypt properly
Enforcing strong
authentication
AWS Can Be More Secure than
Your Existing Environment
5. Constantly Monitored
The AWS infrastructure is protected by extensive
network and security monitoring systems:
▪ Network access is monitored by AWS
security managers daily
▪ AWS CloudTrail lets you monitor
and record all API calls
▪ Amazon Inspector automatically assesses
applications for vulnerabilities
6. Highly Available
The AWS infrastructure footprint helps protect your data from costly
downtime
▪ 44 Availability Zones in 16 regions for
multi-synchronous geographic redundancy
▪ Retain control of where your data resides
for compliance with regulatory requirements
▪ Mitigate the risk of DDoS attacks using
services like Route 53 & AWS Shield
▪ Dynamically grow to meet unforeseen demand using
Auto Scaling
7. Integrated with Your Existing Resources
AWS enables you to improve your security using many
of your existing tools and practices
▪ Integrate your existing Active Directory
▪ Use dedicated connections as a secure,
low-latency extension of your data center
▪ Provide and manage your own encryption
keys if you choose
11. Approach 1: Lock it Down
SECOPS
reviews code for
adherence to
security policies
DEVOPS
sends to
Security for
approval to
deploy
SECOPS
quickly gets buried
under the volume of
requests
DEVOPS
is at a standstill,
unable to innovate
12. Approach 2: Open the Flood Gates
SECOPS
spot checks
for risks
DEVOPS
deploys as
needed
SECOPS
often has no access
and no visibility
DEVOPS
deals with attacks
that result from
vulnerabilities
13. Approach 3: Automate & Share Responsibility
DEVOPS & SECOPS
collaborate on security;
leverage automation for monitoring, alerting
and reporting
DEVOPS & SECOPS
gain enhanced visibility into your current security
and compliance stance, do more faster and
achieve organizational goals
23. Robert Half International (RHI) is the world’s first and
largest specialized staffing firm, providing skilled
professionals in the fields of accounting and finance,
technology, legal, creative, marketing, and
administration. RHI have more than 400 consulting
and staffing locations worldwide, and has appeared
on FORTUNE® magazine's "Most Admired
Companies" list every year since 1998. It is also is
the parent company of Protiviti®, a global consulting
and internal audit firm composed of experts in risk,
advisory, and transaction services.
About Robert Half
24. Robert Half’s mission is to help people find fulfilling jobs and to
assist companies in building happy, productive teams. However,
their own global security team lacked visibility into their AWS
infrastructure, slowing productivity. With security as the top
DevOps obstacle, their challenge was to integrate key practices
and technology to produce more secure software and support
faster fixes to security problems while increasing visibility for the
Global Security team.
Security for DevOps Agility
“The more you can do through automation
using ESP, the more time you have to focus on
the hard stuff.”
Eddie Borrero, CISO
34. Continuous
Monitoring
Easy Reporting Real-time Alerting &
Integrations for
Streamlined
Communication
Automated Policy
Enforcement for
Faster Resolutions
Using Automation to Unify your Teams
36. Q & A
Moderator
Phil Rodrigues, philrod@amazon.com
Speakers
Craig Dent, cdent@evident.io
Eddie Borrero, eddie.borrero@roberthalf.com
37. Resources
14 Day Free Trial via AWS Marketplace
eBook: Top 10 Best Practices for AWS Security
http://info.evident.io/top-10-best-practices-for-aws-security-ebook.html
Case Study: Evident.io AWS Customer Case Study
http://info.evident.io/global-staffing-solutions-company-case-study-download.html
@evidentdotio
/company/evident-io
/evident.io/