SlideShare a Scribd company logo

Cloud-Based Innovation and Information Security - Choose Both

Amazon Web Services
Amazon Web Services
1 of 35
S U M M I T B a h ra i n
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud-based Innovation and Information Security: Choose Both Mark Ryland Director, Office of the CISO Amazon Web Services
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Charles Darwin
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda Situation, approaches, and challenges An accreditation framework toward secure cloud adoption Shared responsibility model
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud first, cloud by default, and cloud native
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why public cloud? “A move to cloud computing—away from on-premises owned and operated infrastructure—can generate a faster pace of delivery, continuous improvement cycles, and broad access to services.” Australian Government Digital Transformation (DTA) Secure Cloud Strategy, 2017 “When we start with the assumption that all our services should run in the public cloud with no more locally managed servers . . . we get the resilience and backups of some of the most cyber-aware and heavily invested companies in the world . . .” UK National Health Service (NHS) Policy Paper, 2018 “Public ICT facilities and services can be tested and deployed quicker, and maintained more cost effectively, than if government agencies own and run unique computing facilities themselves.” Philippine Cloud-First Policy, 2017 “Using public cloud services means agencies can better manage their risks, reducing the impact of any single event.” New Zealand Cloud-First Policy “The use of cloud technology could lead to advantages such as a reduction in operating and maintenance costs, and the ability to run systems around the clock without having to provide for expensive dedicated backups and standbys.” Prime Minister Lee Hsien Loong, Singapore
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud benefits Cited benefits • Cost saving/better way to manage cost • Agility, speed, continuous improvement • Elasticity, scalability • Improve resiliency • Technology capability • Operational efficiency • SecurityAWS Customer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Legacy systems Budget Skill/expertis e Security Top concerns in cloud adoption © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud security accreditations
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A snapshot of current accreditation schemes Security Requirements Auditing Process Authorization Maintenance US/FedRAMP NIST 800-53, 199 3rd Party Auditor/NIST SP 800-37 JAB Provisional ATO, Agency ATO Continuous monitoring, ongoing assessment AU/IRAP & IRAP Protected Information Security Manual 3rd Party Auditor (IRAP accredited) ACSC Annual assessment China/MLPS GB/T 28448/Cybersecurity Law GB/T 28449/36627 Gov’t Auditors (MPS accredited) MPS Review Panel Annual assessment Germany/C5 BSI IT-Grundschutz Catalogues 3rd Party Auditor N/A Annual assessment India/CSP Empanelment RFP (ISO 27001/17/18, 20000-1, TIA) Gov’t Auditor (STQC) Meity Annual assessment Korea/KISA Cloud Assurance Program KISA-defined standards; Cloud Computing Act KISA Auditor Authorizing Committee Continuous monitoring, annual assessment Korea/K-ISMS Korean ISMS standard KISA Auditor K-ISMS Committee Annual surveillance audit, 3-year re-cert SG/MTCS L3/GovTech Authorization MTCSS (SS 584) / ISO 27001 /GovTech Reqmt 3rd Party Auditor (IMDA accredited)/GovTech IMDA/ESG/GovTech Annual surveillance audit; 3-year re-cert Japan METI/MIC CSP Certification Registration New control criteria based on existing common standards in development 3rd Party Auditor (METI/MIC accredited) METI/MIC to-be- determined agency Annual surveillance audit, 3-year re-cert
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Challenges Develop & maintain Types of data/workloads , how to decide Skill/expertise Authorization policy Time to authorization Keeping up with pace of cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A journey to authorization
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Innovation almost always is not successful the first time out. You try something and it doesn’t work and it takes confidence to say we haven’t failed yet. . . . Ultimately, you become commercially successful.” Clayton Christensen Author, The Innovator’s Dilemma Professor, Harvard Business School
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Design criteria Efficient to operate and maintain Timeliness Resources (skills/expertise) Cost Effective Addressing the dynamic nature of cloud technology Maximize reuse (inherit, leverage) Existing certification and attestation schemes International and industry-recognized standards Practical Keep risk / benefit in focus No perfect system for security or assurance “We must continually strike the right balance between security and usability.” Prime Minister Lee Hsien Loong, Singapore, GovTech Conference, 2018
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T International accreditations Security Requirements Auditing Process Authorization Maintenance ISO Certification ISO/IEC 27001/17/18 ISO Accredited Auditor ISO-Accredited Certification Bodies Annual surveillance audit; 3-year re-cert AICPA SOC 1 & 2 Organizational Policy; SSAE-18; Trust Service Criteria SSAE-18/CPA Firm’s Auditor Auditing Firm (CPA and Partners) Six-month cycle of continuous assessment ISO/IEC 27001, based on ISO/IEC 27000 family of standards, in operation since 1997 (starting with BS 7799-2) SOC 1, 2 & 3 auditor to auditor standards in operation since 1992, starting with SAS 70 Reporting
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Point-in-time versus continuous assurance
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T German BSI C5 Leverage existing standards • 17 thematic sections • Uses recognized security standards Self- disclosure • Surrounding parameters for transparency • Enable customer decision beyond control compliance Verificatio n process • Minor addition to cloud provider’s existing assurance • Recognizes SOC 2 Report • ISO/IEC 27001:2013 • CSA Cloud Controls Matrix 3.01 • AICPA Trust Service Principles Criteria 2014 • ANSSI Référentiel Secure Cloud 2.0 (Draft) • IDW ERS FAIT 5 04.11.201 [Generally accepted accounting principles for the outsourcing of accounting-related services including cloud computing], November 2014 version) • BSI IT-Grundschutz Catalogues, v14, 2014 • BSI SaaS Sicherheitsprofile [BSI SaaS security profiles] • Data location, place of jurisdiction, certifications and duties of investigation and disclosure toward government agencies, and system description. • “A[n] SOC 2 report proves that a cloud provider complies with the requirements of the catalogue and that the statements made on transparency are correct. This report is based on the internationally recognised attestation system of the ISAE 3000, which is used by public auditors. When auditing the annual financial statements, the auditors are already on site, and auditing according to the Cloud Computing Compliance Controls Catalogue (C5) can be performed with not too great additional effort.” - BSI Ref: https://www.bsi.bund.de/EN/Topics/ CloudComputing/Compliance_Contro ls_Catalogue/Compliance_Controls_C atalogue_node.html
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Inherit global security and compliance controls
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Cloud service providers offer robust security features and internationally recognized certifications that would be a challenge for any one organization to deliver on its own.” Government of Canada Cloud Adoption Strategy, 2018 update
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Data classification with cloud deployment models Cloud Deployment Models Examples Data Examples Legal Scope Tier 1: Non- sensitive or public data (unclassified); low impact Level 1: Basic Security—Cloud infrastructures in conformance with security best practices standards and guidelines Open data, public data, non- sensitive administrative information, website hosting public information Public and private businesses Tier 2: Restricted or administrative; medium impact Level 2: Strong Security—Level 1 plus additional security controls, e.g., strong identity authentication (MFA), mandated data encryption, and high-availability architecture requirements Restricted matters, business or administrative data, emails, client support and CRM systems, financial records, and medical records; citizens’ identity and social security data Public and private businesses Tier 3: High impact; government highly confidential or above Level 3: In-Depth Protection—Level 2 plus additional security controls, e.g., encrypted private network link to the CSP’s data center or network access points, virtual network separation between departments, use of dedicated instances Government documents and applications dealing with matters of international negotiations; technical matter of military nature or requiring higher protection National defense; foreign mission and trade of the state national intelligence
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud Deployment Models Examples Data Examples Legal Scope Tier 1: Non- sensitive or public data (unclassified); low impact Level 1: Basic Security—Cloud infrastructures in conformance with security best practices standards and guidelines Open data, public data, non- sensitive administrative information, website hosting public information Public and private businesses Tier 2: Restricted or administrative; medium impact Level 2: Strong Security—Level 1 plus additional security controls, e.g., strong identity authentication (MFA), mandated data encryption, and high-availability architecture requirements Restricted matters, business or administrative data, emails, client support and CRM systems, financial records, and medical records; citizens’ identity and social security data Public and private businesses Tier 3: High impact; government highly confidential or above Level 3: In-Depth Protection—Level 2 plus additional security controls, e.g., encrypted private network link to the CSP’s data center or network access points, virtual network separation between departments, use of dedicated instances Government documents and applications dealing with matters of international negotiations; technical matter of military nature or requiring higher protection National defense; foreign mission and trade of the state national intelligence Data classification with cloud deployment models Apply FedRAMP or custom approach Tier-3: 3rd Party audit of additional & enhanced security controls to ensure compliance Continuous monitoring and configuration management; ongoing assessment. Apply C5 or MTCS approach Tier-1: Verification of ISO 27001/17/18 certifications and SOC 1 & 2 Reports + Self-Disclosure Tier-2: 3rd Party audit of additional security controls to ensure compliance Annual re-verification
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility for proper configuration and operation of cloud services Customer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Dynamic over time AWS Security OF the Cloud AWS constantly raising the bar in service capabilities and security ease of use Security IN the Cloud Customers using higher level services plus security services get more and more “for free” Customer
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What the shared responsibility model means to you Establish a government-wide cloud security policy and/or internal security guidelines • Reinforce government’s commitment to the customer side of the shared responsibility model • Ensure adequate execution of this responsibility at every level within the cloud environment Re-engineer IT operation and support processes • Ensure proper accountability of security and operational responsibilities in the cloud environment • Execute with adequate security and risk governance oversights Far more likely to have real-world security impact than CSP issues! “Fundamental 're-engineering' of Government to provide better and faster public services: PM Lee”, Oct. 2, 2018, The Straits Times, Singapore Ref: https://www.straitstimes.com/singapore/government-e-services- to-be-created-faster-and-more-cost-efficiently-with-rollout-of
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Streamline accreditation to attain cloud benefits Efficient to operate and maintain Timeliness Resources (skills/expertise) Cost Effective Addressing the dynamic nature of cloud technology Maximize reuse (inherit, leverage) Existing certification and attestation schemes International and industry-recognized standards Practical Keep risk/ benefit in focus No perfect system for security or assurance Develop & maintain Types of workloads, how to decide Skill/expertis e Authorizatio n policy Time to authorization Addition of new services
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Government stories and case studies (a snapshot) Ref: https://aws.amazon.com/solutions/case-studies/government-education/all-government-education-nonprofit/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T In closing … • Gaining security assurance of CSP is an important step toward cloud adoption but not the only step that ensures security • Security accreditation must not become a barrier to cloud benefits • Learn from early cloud adopters in both public and commercial sectors • Adopt international standards and industry best practices • Use the 80/20 principle • Low/medium impact workloads: move fast • Focus resources on high-impact/critical workloads • Both aspects of the shared responsibility model need attention and actions—internal re-engineering/changes • Cloud security is also a journey
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s next Learn more about AWS Compliance https://aws.amazon.com/compliance/ Read the whitepapers/blogs AWS Smart Cloud Native Policy whitepaper https://pages.awscloud.com/public_sector_aws-smart-cloud-native-policy- whitepaper.html Data Classification - Secure cloud adoption https://d1.awsstatic.com/whitepapers/compliance/AWS_Data_Classification.pdf Logical Separation – An evaluation of US DoD security requirements for sensitive workloads https://aws.amazon.com/blogs/security/how-aws-meets-a-physical-separation- requirement-with-a-logical-separation-approach/ The Five Ways Organizations Initially Get Compromised and Tools to Protect Yourself https://aws.amazon.com/blogs/publicsector/the-five-ways-organizations-initially- get-compromised-and-tools-to-protect-yourself/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TS U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mark Ryland Director, Office of the CISO Amazon Web Services
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TS U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Outcomes Realize benefits of Cloud First Policy earlier with faster cloud adoption Workload tiering allows for up to 90% to migrate faster with internationally certified and validated CSPs—realizing the benefits of the Cloud First Policy Better risk management, better returns of security investment Learn from migration of non-sensitive, lower-impact workloads to apply on higher- impact, more critical systems to ensure overall better protection Increase focus on implementing user-side of Shared Responsibility Model.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security is a shared responsibility DatabaseStorageCompute Networking Edge Locations Regions Avail. Zones AWS Global Infrastructure Customers are responsible for security in the cloud AWS is responsible for security of the Cloud Customer Data Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-Side Data Encryption & Data Integrity Authen Server-Side Encryption (File System and/or Data) Network Traffic Protection (Encryption /Integrity/Identity)

Recommended

AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
AWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAmazon Web Services
 
AWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & Risk
AWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & RiskAWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & Risk
AWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & RiskAmazon Web Services
 
A simple approach to a successful cloud implementation
A simple approach to a successful cloud implementationA simple approach to a successful cloud implementation
A simple approach to a successful cloud implementationAlaa Eldin Aly
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Amazon Web Services
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT EnvironmentFlexera
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it securityEast Midlands Cyber Security Forum
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavisCSA Argentina
 

Recommended

AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
AWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAmazon Web Services
 
AWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & Risk
AWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & RiskAWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & Risk
AWS re:Invent Comes to London 2019 - Cashflow, Customer Experience & RiskAmazon Web Services
 
A simple approach to a successful cloud implementation
A simple approach to a successful cloud implementationA simple approach to a successful cloud implementation
A simple approach to a successful cloud implementationAlaa Eldin Aly
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Amazon Web Services
 
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment10 Tips to Optimize, Automate, and Govern your Hybrid IT Environment
10 Tips to Optimize, Automate, and Govern your Hybrid IT EnvironmentFlexera
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it securityEast Midlands Cyber Security Forum
 
Csa summit argentina-reavis
Csa summit argentina-reavisCsa summit argentina-reavis
Csa summit argentina-reavisCSA Argentina
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First Strategy7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First StrategyFlexera
 
EUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEric Jeffery
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - AgcaoiliPhil Agcaoili
 
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterRSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterPhil Agcaoili
 
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Amazon Web Services
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
Importance of APIs and their Management in Digitalisation Initiatives
Importance of APIs and their Management in Digitalisation InitiativesImportance of APIs and their Management in Digitalisation Initiatives
Importance of APIs and their Management in Digitalisation InitiativesSEEBURGER
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilienceaccenture
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Flexera
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilienceaccenture
 
Make Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyMake Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyFlexera
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelAkamai Technologies
 
Using Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceUsing Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceFlexera
 
AWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAmazon Web Services
 
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Amazon Web Services
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
 

More Related Content

What's hot

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First Strategy7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First StrategyFlexera
 
EUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEric Jeffery
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - AgcaoiliPhil Agcaoili
 
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterRSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterPhil Agcaoili
 
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Amazon Web Services
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...LaRel Rogers
 
Importance of APIs and their Management in Digitalisation Initiatives
Importance of APIs and their Management in Digitalisation InitiativesImportance of APIs and their Management in Digitalisation Initiatives
Importance of APIs and their Management in Digitalisation InitiativesSEEBURGER
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilienceaccenture
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Flexera
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilienceaccenture
 
Make Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyMake Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyFlexera
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesControlCase
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyControlCase
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelAkamai Technologies
 
Using Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceUsing Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceFlexera
 
AWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAmazon Web Services
 
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Amazon Web Services
 

What's hot (20)

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 
7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First Strategy7 Things You Need to Know for Your Cloud-First Strategy
7 Things You Need to Know for Your Cloud-First Strategy
 
EUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery FinalEUCI O&G Cloud Security - Eric Jeffery Final
EUCI O&G Cloud Security - Eric Jeffery Final
 
2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili2011 Digital Summit - Not So Cloudy - Agcaoili
2011 Digital Summit - Not So Cloudy - Agcaoili
 
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta ChapterRSA: CSA GRC Stack Update for the CSA Atlanta Chapter
RSA: CSA GRC Stack Update for the CSA Atlanta Chapter
 
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
 
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
ServiceNow Webinar 12/1: Simplify Security Operations - Detect, Prioritize an...
 
Importance of APIs and their Management in Digitalisation Initiatives
Importance of APIs and their Management in Digitalisation InitiativesImportance of APIs and their Management in Digitalisation Initiatives
Importance of APIs and their Management in Digitalisation Initiatives
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
 
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
Get a Complete View of Your Business Services and IT Estate in ServiceNow wit...
 
Innovate for Cyber Resilience
Innovate for Cyber ResilienceInnovate for Cyber Resilience
Innovate for Cyber Resilience
 
Make Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your JourneyMake Smarter Cloud Decisions at Every Step of Your Journey
Make Smarter Cloud Decisions at Every Step of Your Journey
 
Performing One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust PrinciplesPerforming One Audit Using Zero Trust Principles
Performing One Audit Using Zero Trust Principles
 
Integrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to ManyIntegrated Compliance – Collect Evidence Once, Certify to Many
Integrated Compliance – Collect Evidence Once, Certify to Many
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - PanelFocus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
Focus on Federal Risk and Authorization Management Program (FedRAMP) - Panel
 
Using Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and ComplianceUsing Automated Policies for SaaS Governance and Compliance
Using Automated Policies for SaaS Governance and Compliance
 
AWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management ToolsAWS re:Invent Comes to London 2019 - Management Tools
AWS re:Invent Comes to London 2019 - Management Tools
 
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019 Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
Continuous compliance with AWS management tools - GRC316 - AWS re:Inforce 2019
 

Similar to Cloud-Based Innovation and Information Security - Choose Both

Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Amazon Web Services
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
 
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summits
 
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summits
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 Amazon Web Services
 
Pensi di essere pronto per i microservizi?
Pensi di essere pronto per i microservizi?Pensi di essere pronto per i microservizi?
Pensi di essere pronto per i microservizi?Amazon Web Services
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summits
 
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Amazon Web Services
 
Migration to AWS: The foundation for enterprise transformation - SVC210 - New...
Migration to AWS: The foundation for enterprise transformation - SVC210 - New...Migration to AWS: The foundation for enterprise transformation - SVC210 - New...
Migration to AWS: The foundation for enterprise transformation - SVC210 - New...Amazon Web Services
 
Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...
Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...
Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...Amazon Web Services
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...
Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...
Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...Amazon Web Services
 
HigherEducation-Cloud Operating Model and Approach Forward.pdf
HigherEducation-Cloud Operating Model and Approach Forward.pdfHigherEducation-Cloud Operating Model and Approach Forward.pdf
HigherEducation-Cloud Operating Model and Approach Forward.pdfAmazon Web Services
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...Amazon Web Services
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...Martin Klie
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...Amazon Web Services
 
Why Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooWhy Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooAmazon Web Services
 
Migration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudMigration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudAmazon Web Services
 

Similar to Cloud-Based Innovation and Information Security - Choose Both (20)

Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To Insure
 
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the Enterprise
 
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the Enterprise
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
Pensi di essere pronto per i microservizi?
Pensi di essere pronto per i microservizi?Pensi di essere pronto per i microservizi?
Pensi di essere pronto per i microservizi?
 
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey RoadmapAWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
AWS Summit Singapore 2019 | Enterprise Migration Journey Roadmap
 
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
Developing Your Cloud Center of Excellence Using CloudHealth - DEM04-S - Anah...
 
Migration to AWS: The foundation for enterprise transformation - SVC210 - New...
Migration to AWS: The foundation for enterprise transformation - SVC210 - New...Migration to AWS: The foundation for enterprise transformation - SVC210 - New...
Migration to AWS: The foundation for enterprise transformation - SVC210 - New...
 
Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...
Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...
Developing your Cloud Center of Excellence using CloudHealth - DEM05-S - Chic...
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...
Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...
Developing your Cloud Center of Excellence using CloudHealth - DEM04-S - New ...
 
HigherEducation-Cloud Operating Model and Approach Forward.pdf
HigherEducation-Cloud Operating Model and Approach Forward.pdfHigherEducation-Cloud Operating Model and Approach Forward.pdf
HigherEducation-Cloud Operating Model and Approach Forward.pdf
 
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
The evolution of continuous cloud security and compliance - DEM05-S - New Yor...
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
 
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...
Developing your Cloud Center of Excellence using CloudHealth - DEM03 - Santa ...
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Why Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooWhy Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should Too
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Migration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the CloudMigration Disaster Recovery and Business Continuity in the Cloud
Migration Disaster Recovery and Business Continuity in the Cloud
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Cloud-Based Innovation and Information Security - Choose Both

  • 1. S U M M I T B a h ra i n
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud-based Innovation and Information Security: Choose Both Mark Ryland Director, Office of the CISO Amazon Web Services
  • 3. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Charles Darwin
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda Situation, approaches, and challenges An accreditation framework toward secure cloud adoption Shared responsibility model
  • 5. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud first, cloud by default, and cloud native
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why public cloud? “A move to cloud computing—away from on-premises owned and operated infrastructure—can generate a faster pace of delivery, continuous improvement cycles, and broad access to services.” Australian Government Digital Transformation (DTA) Secure Cloud Strategy, 2017 “When we start with the assumption that all our services should run in the public cloud with no more locally managed servers . . . we get the resilience and backups of some of the most cyber-aware and heavily invested companies in the world . . .” UK National Health Service (NHS) Policy Paper, 2018 “Public ICT facilities and services can be tested and deployed quicker, and maintained more cost effectively, than if government agencies own and run unique computing facilities themselves.” Philippine Cloud-First Policy, 2017 “Using public cloud services means agencies can better manage their risks, reducing the impact of any single event.” New Zealand Cloud-First Policy “The use of cloud technology could lead to advantages such as a reduction in operating and maintenance costs, and the ability to run systems around the clock without having to provide for expensive dedicated backups and standbys.” Prime Minister Lee Hsien Loong, Singapore
  • 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud benefits Cited benefits • Cost saving/better way to manage cost • Agility, speed, continuous improvement • Elasticity, scalability • Improve resiliency • Technology capability • Operational efficiency • SecurityAWS Customer
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Legacy systems Budget Skill/expertis e Security Top concerns in cloud adoption © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud security accreditations
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A snapshot of current accreditation schemes Security Requirements Auditing Process Authorization Maintenance US/FedRAMP NIST 800-53, 199 3rd Party Auditor/NIST SP 800-37 JAB Provisional ATO, Agency ATO Continuous monitoring, ongoing assessment AU/IRAP & IRAP Protected Information Security Manual 3rd Party Auditor (IRAP accredited) ACSC Annual assessment China/MLPS GB/T 28448/Cybersecurity Law GB/T 28449/36627 Gov’t Auditors (MPS accredited) MPS Review Panel Annual assessment Germany/C5 BSI IT-Grundschutz Catalogues 3rd Party Auditor N/A Annual assessment India/CSP Empanelment RFP (ISO 27001/17/18, 20000-1, TIA) Gov’t Auditor (STQC) Meity Annual assessment Korea/KISA Cloud Assurance Program KISA-defined standards; Cloud Computing Act KISA Auditor Authorizing Committee Continuous monitoring, annual assessment Korea/K-ISMS Korean ISMS standard KISA Auditor K-ISMS Committee Annual surveillance audit, 3-year re-cert SG/MTCS L3/GovTech Authorization MTCSS (SS 584) / ISO 27001 /GovTech Reqmt 3rd Party Auditor (IMDA accredited)/GovTech IMDA/ESG/GovTech Annual surveillance audit; 3-year re-cert Japan METI/MIC CSP Certification Registration New control criteria based on existing common standards in development 3rd Party Auditor (METI/MIC accredited) METI/MIC to-be- determined agency Annual surveillance audit, 3-year re-cert
  • 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Challenges Develop & maintain Types of data/workloads , how to decide Skill/expertise Authorization policy Time to authorization Keeping up with pace of cloud
  • 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T A journey to authorization
  • 14. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Innovation almost always is not successful the first time out. You try something and it doesn’t work and it takes confidence to say we haven’t failed yet. . . . Ultimately, you become commercially successful.” Clayton Christensen Author, The Innovator’s Dilemma Professor, Harvard Business School
  • 15. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Design criteria Efficient to operate and maintain Timeliness Resources (skills/expertise) Cost Effective Addressing the dynamic nature of cloud technology Maximize reuse (inherit, leverage) Existing certification and attestation schemes International and industry-recognized standards Practical Keep risk / benefit in focus No perfect system for security or assurance “We must continually strike the right balance between security and usability.” Prime Minister Lee Hsien Loong, Singapore, GovTech Conference, 2018
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T International accreditations Security Requirements Auditing Process Authorization Maintenance ISO Certification ISO/IEC 27001/17/18 ISO Accredited Auditor ISO-Accredited Certification Bodies Annual surveillance audit; 3-year re-cert AICPA SOC 1 & 2 Organizational Policy; SSAE-18; Trust Service Criteria SSAE-18/CPA Firm’s Auditor Auditing Firm (CPA and Partners) Six-month cycle of continuous assessment ISO/IEC 27001, based on ISO/IEC 27000 family of standards, in operation since 1997 (starting with BS 7799-2) SOC 1, 2 & 3 auditor to auditor standards in operation since 1992, starting with SAS 70 Reporting
  • 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Point-in-time versus continuous assurance
  • 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T German BSI C5 Leverage existing standards • 17 thematic sections • Uses recognized security standards Self- disclosure • Surrounding parameters for transparency • Enable customer decision beyond control compliance Verificatio n process • Minor addition to cloud provider’s existing assurance • Recognizes SOC 2 Report • ISO/IEC 27001:2013 • CSA Cloud Controls Matrix 3.01 • AICPA Trust Service Principles Criteria 2014 • ANSSI Référentiel Secure Cloud 2.0 (Draft) • IDW ERS FAIT 5 04.11.201 [Generally accepted accounting principles for the outsourcing of accounting-related services including cloud computing], November 2014 version) • BSI IT-Grundschutz Catalogues, v14, 2014 • BSI SaaS Sicherheitsprofile [BSI SaaS security profiles] • Data location, place of jurisdiction, certifications and duties of investigation and disclosure toward government agencies, and system description. • “A[n] SOC 2 report proves that a cloud provider complies with the requirements of the catalogue and that the statements made on transparency are correct. This report is based on the internationally recognised attestation system of the ISAE 3000, which is used by public auditors. When auditing the annual financial statements, the auditors are already on site, and auditing according to the Cloud Computing Compliance Controls Catalogue (C5) can be performed with not too great additional effort.” - BSI Ref: https://www.bsi.bund.de/EN/Topics/ CloudComputing/Compliance_Contro ls_Catalogue/Compliance_Controls_C atalogue_node.html
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Inherit global security and compliance controls
  • 21. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. “Cloud service providers offer robust security features and internationally recognized certifications that would be a challenge for any one organization to deliver on its own.” Government of Canada Cloud Adoption Strategy, 2018 update
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Data classification with cloud deployment models Cloud Deployment Models Examples Data Examples Legal Scope Tier 1: Non- sensitive or public data (unclassified); low impact Level 1: Basic Security—Cloud infrastructures in conformance with security best practices standards and guidelines Open data, public data, non- sensitive administrative information, website hosting public information Public and private businesses Tier 2: Restricted or administrative; medium impact Level 2: Strong Security—Level 1 plus additional security controls, e.g., strong identity authentication (MFA), mandated data encryption, and high-availability architecture requirements Restricted matters, business or administrative data, emails, client support and CRM systems, financial records, and medical records; citizens’ identity and social security data Public and private businesses Tier 3: High impact; government highly confidential or above Level 3: In-Depth Protection—Level 2 plus additional security controls, e.g., encrypted private network link to the CSP’s data center or network access points, virtual network separation between departments, use of dedicated instances Government documents and applications dealing with matters of international negotiations; technical matter of military nature or requiring higher protection National defense; foreign mission and trade of the state national intelligence
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Cloud Deployment Models Examples Data Examples Legal Scope Tier 1: Non- sensitive or public data (unclassified); low impact Level 1: Basic Security—Cloud infrastructures in conformance with security best practices standards and guidelines Open data, public data, non- sensitive administrative information, website hosting public information Public and private businesses Tier 2: Restricted or administrative; medium impact Level 2: Strong Security—Level 1 plus additional security controls, e.g., strong identity authentication (MFA), mandated data encryption, and high-availability architecture requirements Restricted matters, business or administrative data, emails, client support and CRM systems, financial records, and medical records; citizens’ identity and social security data Public and private businesses Tier 3: High impact; government highly confidential or above Level 3: In-Depth Protection—Level 2 plus additional security controls, e.g., encrypted private network link to the CSP’s data center or network access points, virtual network separation between departments, use of dedicated instances Government documents and applications dealing with matters of international negotiations; technical matter of military nature or requiring higher protection National defense; foreign mission and trade of the state national intelligence Data classification with cloud deployment models Apply FedRAMP or custom approach Tier-3: 3rd Party audit of additional & enhanced security controls to ensure compliance Continuous monitoring and configuration management; ongoing assessment. Apply C5 or MTCS approach Tier-1: Verification of ISO 27001/17/18 certifications and SOC 1 & 2 Reports + Self-Disclosure Tier-2: 3rd Party audit of additional security controls to ensure compliance Annual re-verification
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility for proper configuration and operation of cloud services Customer
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Dynamic over time AWS Security OF the Cloud AWS constantly raising the bar in service capabilities and security ease of use Security IN the Cloud Customers using higher level services plus security services get more and more “for free” Customer
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What the shared responsibility model means to you Establish a government-wide cloud security policy and/or internal security guidelines • Reinforce government’s commitment to the customer side of the shared responsibility model • Ensure adequate execution of this responsibility at every level within the cloud environment Re-engineer IT operation and support processes • Ensure proper accountability of security and operational responsibilities in the cloud environment • Execute with adequate security and risk governance oversights Far more likely to have real-world security impact than CSP issues! “Fundamental 're-engineering' of Government to provide better and faster public services: PM Lee”, Oct. 2, 2018, The Straits Times, Singapore Ref: https://www.straitstimes.com/singapore/government-e-services- to-be-created-faster-and-more-cost-efficiently-with-rollout-of
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Streamline accreditation to attain cloud benefits Efficient to operate and maintain Timeliness Resources (skills/expertise) Cost Effective Addressing the dynamic nature of cloud technology Maximize reuse (inherit, leverage) Existing certification and attestation schemes International and industry-recognized standards Practical Keep risk/ benefit in focus No perfect system for security or assurance Develop & maintain Types of workloads, how to decide Skill/expertis e Authorizatio n policy Time to authorization Addition of new services
  • 28. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Government stories and case studies (a snapshot) Ref: https://aws.amazon.com/solutions/case-studies/government-education/all-government-education-nonprofit/
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T In closing … • Gaining security assurance of CSP is an important step toward cloud adoption but not the only step that ensures security • Security accreditation must not become a barrier to cloud benefits • Learn from early cloud adopters in both public and commercial sectors • Adopt international standards and industry best practices • Use the 80/20 principle • Low/medium impact workloads: move fast • Focus resources on high-impact/critical workloads • Both aspects of the shared responsibility model need attention and actions—internal re-engineering/changes • Cloud security is also a journey
  • 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T What’s next Learn more about AWS Compliance https://aws.amazon.com/compliance/ Read the whitepapers/blogs AWS Smart Cloud Native Policy whitepaper https://pages.awscloud.com/public_sector_aws-smart-cloud-native-policy- whitepaper.html Data Classification - Secure cloud adoption https://d1.awsstatic.com/whitepapers/compliance/AWS_Data_Classification.pdf Logical Separation – An evaluation of US DoD security requirements for sensitive workloads https://aws.amazon.com/blogs/security/how-aws-meets-a-physical-separation- requirement-with-a-logical-separation-approach/ The Five Ways Organizations Initially Get Compromised and Tools to Protect Yourself https://aws.amazon.com/blogs/publicsector/the-five-ways-organizations-initially- get-compromised-and-tools-to-protect-yourself/
  • 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TS U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mark Ryland Director, Office of the CISO Amazon Web Services
  • 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I TS U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Outcomes Realize benefits of Cloud First Policy earlier with faster cloud adoption Workload tiering allows for up to 90% to migrate faster with internationally certified and validated CSPs—realizing the benefits of the Cloud First Policy Better risk management, better returns of security investment Learn from migration of non-sensitive, lower-impact workloads to apply on higher- impact, more critical systems to ensure overall better protection Increase focus on implementing user-side of Shared Responsibility Model.
  • 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security is a shared responsibility DatabaseStorageCompute Networking Edge Locations Regions Avail. Zones AWS Global Infrastructure Customers are responsible for security in the cloud AWS is responsible for security of the Cloud Customer Data Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Client-Side Data Encryption & Data Integrity Authen Server-Side Encryption (File System and/or Data) Network Traffic Protection (Encryption /Integrity/Identity)