Organizations are facing a paradigm shift in understanding how to effectively tool their security controls for the unique challenges the cloud presents. For organizations to optimize their security posture, they must effectively balance their business needs of utilizing the cloud and the implementation of effective and streamlined security controls. In this session, representatives from Armor discuss how to effectively assess an organization's security posture as it pertains to cloud-centric threats. They also discuss risk mitigation by aligning native cloud services and AWS best practices. Finally, they show how the Armor Anywhere solution addresses the requirements of the shared responsibility of AWS tenants and augments native AWS security controls. This session is brought to you by AWS partner, Armor.
Forging the Pathway to Cloud Security with Armor Anywhere - DEM08 - Chicago AWS Summit
1. CONFIDENTIAL DO NOT DISTRIBUTE
FORGING THE PATHWAY TOCLOUD
SECURITY WITH ARMOR ANYWHERE
ALEX HUMPHREY Solutions Consultant
Alex.Humphrey@Armor.com
Twitter: @entreprelife
LinkedIn: humphreyalex
MONTH 00, 2018
2. CONFIDENTIAL DO NOT DISTRIBUTE
Agenda
1. The Road to theCloud
2. Transitioning your security stack to the cloud
3. Security Pillar Framework
4. Shared responsibilitymodel
5. Filling in thegaps
3
3. CONFIDENTIAL DO NOT DISTRIBUTE
The Road to theCloud
Reasons to transition toAWS:
▪ Operational Excellence
▪ Performance Efficiency
▪ Reliability
▪ Cost Optimization
▪ Security
4
4. CONFIDENTIAL DO NOT DISTRIBUTE
Transitioning Your Traditional Security Stack to the Cloud
Traditional Security Stacks need to be updated to meet the unique security needs of the
Cloud.
▪ How is your security focus changing?
▪ Do you understand your role in the Shared Responsibility Model?
▪ How must your security stack change to fulfill cloud specific needs?
5
5. CONFIDENTIAL DO NOT DISTRIBUTE
Security Perspective – Moving Security to the Cloud
▪ Identity and Access Management(IAM)
▪ Logging &Monitoring
▪ Infrastructure Security
▪ Data Protection
▪ Incident Response
6
6. Shared Responsibility Model
7CONFIDENTIAL. DO NOT DISTRIBUTE.
CUSTOMER
RESPONSIBILTIY FOR
SECURITY ‘IN’ THECLOUD
CUSTOMER DATA
PLATFORM, APPLICATIONS, IDENTITY & ACCESS MANAGEMENT
OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION
CLIENT-SIDE DATA
ENCRYPTION & DATA INTEGRITY
AUTHENTICATION
SERVER-SIDE ENCRYPTION
(FILE SYSTEM AND/OR DATA)
NETWORKING TRAFFIC
PROTECTION (ENCRYPTION,
INTEGRITY, IDENTITY)
AWS
RESPONSIBILTIY FOR
SECURITY ‘OF’ THECLOUD
HARDWARE/AWS GLOBAL INFRASTRUCTURE
REGIONS AVAILABILITY ZONES EDGE LOCATIONS
SOFTWARE
COMPUTE STORAGE DATABASE NETWORKING
7. Tenant Responsibility – Filling in the Gaps
CUSTOMER
RESPONSIBILTIY FOR
SECURITY ‘IN’ THECLOUD
CUSTOMER DATA
PLATFORM, APPLICATIONS, IDENTITY & ACCESS MANAGEMENT
OPERATING SYSTEM, NETWORK & FIREWALL CONFIGURATION
CLIENT-SIDE DATA
ENCRYPTION & DATA INTEGRITY
AUTHENTICATION
SERVER-SIDE ENCRYPTION
(FILE SYSTEM AND/OR DATA)
NETWORKING TRAFFIC
PROTECTION (ENCRYPTION,
INTEGRITY, IDENTITY)
LOG COLLECTION & MANAGEMENT
WAF, FIM, AM, VULNERABILITY SCANS
AM, PATCH MONITORING, IDS, VULNERABILTIY SCANS
AWS KMS-MANAGED CUSTOMER
MASTER KEY
AWS S3-MANAGED KEY,
AWS KMS-MANAGED KEY
ELB, WAF,TLS, & SSL
CONFIDENTIAL. DO NOT DISTRIBUTE.
Incident Response