SlideShare a Scribd company logo

Getting started with AWS security

Amazon Web Services
Amazon Web Services

This document provides an overview of security best practices on AWS. It recommends taking a prescriptive approach to understand AWS security practices, build strong compliance foundations, integrate identity and access management, enable detective controls, establish network security, implement data protection, optimize change management, and automate security functions. The document highlights several native AWS security services and how they can help strengthen a customer's security posture.

Software
1 of 39
Stephen Quigg Principal Security Solutions Architect May 2017 Getting started with AWS security
Why is Enterprise Security Traditionally Hard? Lack of visibility Low degree of automation
AND Move Fast Stay Secure
Making life easier Choosing security does not mean giving up on convenience or introducing complexity
Take A Prescriptive Approach Understand AWS Security Practice Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
Understand how AWS practices security
Security is job zero
Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication • Automate functions to reduce human access to near-zero Distributed Embedded
Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7 Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
Build On Strong Compliance Foundations
GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations AWS is responsible for the security OF the Cloud Get assurance from independent sources
AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management EC2 Operating System, Network, & Firewall Configuration Customer applications & contentCustomers Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud Customers control their own security policy
Integrate Identity and Access Management
AWS Identity and Access Management IAM Users IAM Groups IAM Roles IAM Policies • Granular access control for least privileges • Manage hierarchies of AWS Accounts with AWS Organizations • Federate with your existing directory services • Role-based access and segregation of duties • Achieve just-in-time access using automation • Create rich mobile applications without giving end-users long-term access keys
Enable Detective Controls
AWS CloudTrail and Amazon CloudWatch AWS CloudTrail Amazon CloudWatch • Enable Globally for All AWS Regions • Encryption and Integrity Validation of Log Files • Archive and Forward • Read by every industry-standard logging and SIEM platform • Amazon CloudWatch Logs • Metrics and Filters • Alarms and Notifications • Trigger automated actions • Integrate with your existing ticketing systems
Establish Data Locality and Network Security
AWS Global Infrastructure 16 Regions – 42 Availability Zones – 74 Edge Locations Region & Number of Availability Zones AWS GovCloud (2) EU Ireland (3) US West Frankfurt (2) Oregon (3) London (2) Northern California (3) Asia Pacific US East Singapore (2) N. Virginia (5), Ohio (3) Sydney (3), Tokyo (3), Seoul (2), Mumbai (2) Canada Central (2) China Beijing (2) South America São Paulo (3) Announced Regions Paris, Ningxia, Stockholm Availability Zone A Availability Zone B Availability Zone C Each region has at least two Availability Zones
AWS Regions in Europe EU (Ireland) Region EU (Frankfurt) Region EC2 Availability Zones: 3 EC2 Availability Zones: 2 EU (London) Region EU (Paris) Region EC2 Availability Zones: 2 Announced – launching 2017 EU (Stockholm) Region Announced – launching 2018 AWS Edge Locations for CloudFront CDN and Route53 DNS Amsterdam, The Netherlands (2); Berlin, Germany; Dublin, Ireland; Frankfurt, Germany (5); London, England (4); Madrid, Spain; Marseille, France; Milan, Italy; Munich, Germany; Paris, France (2); Prague, Czech Republic; Stockholm, Sweden; Vienna, Austria; Warsaw, Poland; Zurich, Switzerland
Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content, it’s lifecycle and disposal We publish GDPR resources on our website to help you meet your own compliance Customers retain full ownership and control of their content You are in full control of privacy
Your own isolated infrastructure with Amazon VPC 10.10.1.0/24 10.20.0.0/16 10.20.1.0/24 10.20.30.0/24 Amazon Virtual Private Cloud comes with granular security controls Customer Premises VPC fully supports IPv6
Internet access is always optional 10.10.1.0/24 10.10.2.0/24 0.0.0.0/0 0.0.0.0/0 Public IP: 54.2.0.12 NAT Gateway Destination Target Status 10.10.0.0/16 local Active 0.0.0.0/0 NAT-Gateway ID012471 Active Everything not destined for my VPC goes to the Internet via the NAT Gateway
VPC Flow Logs give you network insight • Agentless • From full VPC logging to a single NIC • Logged to Amazon CloudWatch Logs so you can create alarms when metrics are breached • Create your own network dashboards AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
Block layer 7 attacks with AWS WAF Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning
AWS Shield detects and blocks DDoS Advanced mitigation techniques Deterministic filtering Traffic prioritization based on scoring Advanced routing policies
Implement Data Protection
Use AWS Cryptographic Services Amazon CloudHSM • Deep integration with AWS Services • CloudTrail • AWS SDK for application encryption • Dedicated HSM • Integrate with on-premises HSMs • Hybrid Architectures AWS KMS … or you can always use your own
Optimize Change Management
AWS Config and Config Rules AWS Config Config Rules • Record configuration changes continuously • Time-series view of resource changes • Archive and compare • Assess changes against your security policy • Enforce best practices • Automatically roll back unwanted changes • Trigger additional workflow
Access a rich AWS Config partner network
Automate Security Functions
AWS CloudFormation – Infrastructure as Code Template StackAWS CloudFormation • Orchestrate changes across AWS Services • Use as foundation to Service Catalog products • Use with source code repositories to manage infrastructure changes • JSON-based text file describing infrastructure • Resources created from a template can be updated • Updates can be restricted
Evolving the Practice of Security Architecture Static position papers, architecture diagrams, and documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes Current Security Architecture Practice Security architecture should not be a separate function!
Evolving the Practice of Security Architecture Security becomes a core part of the ’maker’ team Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Jenkins
Trusted Advisor automates governance AWS Trusted Advisor
Prescriptive Approach – Get Started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
Easy Access To AWS Security Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
Lets hear from one of our AWSome customers!
Stephen Quigg – Principal Security Solutions Architect

Recommended

Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
 
DDoS Resiliency
DDoS ResiliencyDDoS Resiliency
DDoS ResiliencyAmazon Web Services
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Amazon Web Services
 
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceAmazon Web Services
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAmazon Web Services
 

Recommended

Best Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSBest Practices for Deploying Microsoft Workloads on AWS
Best Practices for Deploying Microsoft Workloads on AWSAmazon Web Services
 
Expanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureExpanding your Data Center with Hybrid Cloud Infrastructure
Expanding your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
 
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
 
DDoS Resiliency
DDoS ResiliencyDDoS Resiliency
DDoS ResiliencyAmazon Web Services
 
Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Creating your Hybrid Cloud with AWS -Technical 201
Creating your Hybrid Cloud with AWS -Technical 201Amazon Web Services
 
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceAmazon Web Services
 
Accelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAccelerating YourBusiness with Security
Accelerating YourBusiness with SecurityAmazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
Keeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveKeeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveAmazon Web Services
 
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
 
Accelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAmazon Web Services
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeAmazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
 
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
 
Application Migrations at Scale
Application Migrations at ScaleApplication Migrations at Scale
Application Migrations at ScaleAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAmazon Web Services
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...Amazon Web Services
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Amazon Web Services
 
New Achitectures
New AchitecturesNew Achitectures
New AchitecturesAmazon Web Services
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 
Microsoft licensing on AWS
Microsoft licensing on AWSMicrosoft licensing on AWS
Microsoft licensing on AWSAmazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAmazon Web Services Korea
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSShiva Narayanaswamy
 
Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

More Related Content

What's hot

AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
Keeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveKeeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveAmazon Web Services
 
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
 
Accelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAmazon Web Services
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeAmazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
 
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAmazon Web Services
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...Amazon Web Services
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Amazon Web Services
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAmazon Web Services Korea
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSShiva Narayanaswamy
 
Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
 

What's hot (20)

AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
 
Keeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand CurveKeeping Security In-Step with your Application Demand Curve
Keeping Security In-Step with your Application Demand Curve
 
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...
 
Accelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurement
 
NEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the EdgeNEW LAUNCH! Bringing AWS Lambda to the Edge
NEW LAUNCH! Bringing AWS Lambda to the Edge
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
 
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
 
Application Migrations at Scale
Application Migrations at ScaleApplication Migrations at Scale
Application Migrations at Scale
 
Automate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resourcesAutomate Best Practices and Operational Health for your AWS resources
Automate Best Practices and Operational Health for your AWS resources
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
 
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017Inside the IC Marketplace | AWS Public Sector Summit 2017
Inside the IC Marketplace | AWS Public Sector Summit 2017
 
New Achitectures
New AchitecturesNew Achitectures
New Achitectures
 
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Network security, Anti-DDoS and other Internet-side protections: Encryption i...
Network security, Anti-DDoS and other Internet-side protections: Encryption i...
 
Microsoft licensing on AWS
Microsoft licensing on AWSMicrosoft licensing on AWS
Microsoft licensing on AWS
 
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv SinghalAWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
AWS Innovate: Best of Both Worlds: Leveraging Hybrid IT with AWS- Dhruv Singhal
 
Running Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWSRunning Hybrid Cloud Patterns on AWS
Running Hybrid Cloud Patterns on AWS
 
Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016Getting Started with Managed Services | AWS Public Sector Summit 2016
Getting Started with Managed Services | AWS Public Sector Summit 2016
 

Similar to Getting started with AWS security

Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Amazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 

Similar to Getting started with AWS security (20)

Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsChristian Birchler
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...confluent
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptrcbcrtm
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfAlina Yurenko
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Andreas Granig
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 

Recently uploaded (20)

SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving CarsSensoDat: Simulation-based Sensor Dataset of Self-driving Cars
SensoDat: Simulation-based Sensor Dataset of Self-driving Cars
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
Catch the Wave: SAP Event-Driven and Data Streaming for the Intelligence Ente...
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
cpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.pptcpct NetworkING BASICS AND NETWORK TOOL.ppt
cpct NetworkING BASICS AND NETWORK TOOL.ppt
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdfGOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
GOING AOT WITH GRAALVM – DEVOXX GREECE.pdf
 
Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024Automate your Kamailio Test Calls - Kamailio World 2024
Automate your Kamailio Test Calls - Kamailio World 2024
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 

Getting started with AWS security

  • 1. Stephen Quigg Principal Security Solutions Architect May 2017 Getting started with AWS security
  • 2. Why is Enterprise Security Traditionally Hard? Lack of visibility Low degree of automation
  • 4. Making life easier Choosing security does not mean giving up on convenience or introducing complexity
  • 5. Take A Prescriptive Approach Understand AWS Security Practice Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
  • 8. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication • Automate functions to reduce human access to near-zero Distributed Embedded
  • 9. Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7 Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
  • 10. Build On Strong Compliance Foundations
  • 11. GxP ISO 13485 AS9100 ISO/TS 16949 AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations AWS is responsible for the security OF the Cloud Get assurance from independent sources
  • 12. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management EC2 Operating System, Network, & Firewall Configuration Customer applications & contentCustomers Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud Customers control their own security policy
  • 13. Integrate Identity and Access Management
  • 14. AWS Identity and Access Management IAM Users IAM Groups IAM Roles IAM Policies • Granular access control for least privileges • Manage hierarchies of AWS Accounts with AWS Organizations • Federate with your existing directory services • Role-based access and segregation of duties • Achieve just-in-time access using automation • Create rich mobile applications without giving end-users long-term access keys
  • 16. AWS CloudTrail and Amazon CloudWatch AWS CloudTrail Amazon CloudWatch • Enable Globally for All AWS Regions • Encryption and Integrity Validation of Log Files • Archive and Forward • Read by every industry-standard logging and SIEM platform • Amazon CloudWatch Logs • Metrics and Filters • Alarms and Notifications • Trigger automated actions • Integrate with your existing ticketing systems
  • 17. Establish Data Locality and Network Security
  • 18. AWS Global Infrastructure 16 Regions – 42 Availability Zones – 74 Edge Locations Region & Number of Availability Zones AWS GovCloud (2) EU Ireland (3) US West Frankfurt (2) Oregon (3) London (2) Northern California (3) Asia Pacific US East Singapore (2) N. Virginia (5), Ohio (3) Sydney (3), Tokyo (3), Seoul (2), Mumbai (2) Canada Central (2) China Beijing (2) South America São Paulo (3) Announced Regions Paris, Ningxia, Stockholm Availability Zone A Availability Zone B Availability Zone C Each region has at least two Availability Zones
  • 19. AWS Regions in Europe EU (Ireland) Region EU (Frankfurt) Region EC2 Availability Zones: 3 EC2 Availability Zones: 2 EU (London) Region EU (Paris) Region EC2 Availability Zones: 2 Announced – launching 2017 EU (Stockholm) Region Announced – launching 2018 AWS Edge Locations for CloudFront CDN and Route53 DNS Amsterdam, The Netherlands (2); Berlin, Germany; Dublin, Ireland; Frankfurt, Germany (5); London, England (4); Madrid, Spain; Marseille, France; Milan, Italy; Munich, Germany; Paris, France (2); Prague, Czech Republic; Stockholm, Sweden; Vienna, Austria; Warsaw, Poland; Zurich, Switzerland
  • 20. Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content, it’s lifecycle and disposal We publish GDPR resources on our website to help you meet your own compliance Customers retain full ownership and control of their content You are in full control of privacy
  • 21. Your own isolated infrastructure with Amazon VPC 10.10.1.0/24 10.20.0.0/16 10.20.1.0/24 10.20.30.0/24 Amazon Virtual Private Cloud comes with granular security controls Customer Premises VPC fully supports IPv6
  • 22. Internet access is always optional 10.10.1.0/24 10.10.2.0/24 0.0.0.0/0 0.0.0.0/0 Public IP: 54.2.0.12 NAT Gateway Destination Target Status 10.10.0.0/16 local Active 0.0.0.0/0 NAT-Gateway ID012471 Active Everything not destined for my VPC goes to the Internet via the NAT Gateway
  • 23. VPC Flow Logs give you network insight • Agentless • From full VPC logging to a single NIC • Logged to Amazon CloudWatch Logs so you can create alarms when metrics are breached • Create your own network dashboards AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 24. Block layer 7 attacks with AWS WAF Web traffic filtering with custom rules Malicious request blocking Active monitoring and tuning
  • 25. AWS Shield detects and blocks DDoS Advanced mitigation techniques Deterministic filtering Traffic prioritization based on scoring Advanced routing policies
  • 27. Use AWS Cryptographic Services Amazon CloudHSM • Deep integration with AWS Services • CloudTrail • AWS SDK for application encryption • Dedicated HSM • Integrate with on-premises HSMs • Hybrid Architectures AWS KMS … or you can always use your own
  • 29. AWS Config and Config Rules AWS Config Config Rules • Record configuration changes continuously • Time-series view of resource changes • Archive and compare • Assess changes against your security policy • Enforce best practices • Automatically roll back unwanted changes • Trigger additional workflow
  • 30. Access a rich AWS Config partner network
  • 32. AWS CloudFormation – Infrastructure as Code Template StackAWS CloudFormation • Orchestrate changes across AWS Services • Use as foundation to Service Catalog products • Use with source code repositories to manage infrastructure changes • JSON-based text file describing infrastructure • Resources created from a template can be updated • Updates can be restricted
  • 33. Evolving the Practice of Security Architecture Static position papers, architecture diagrams, and documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes Current Security Architecture Practice Security architecture should not be a separate function!
  • 34. Evolving the Practice of Security Architecture Security becomes a core part of the ’maker’ team Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Jenkins
  • 35. Trusted Advisor automates governance AWS Trusted Advisor
  • 36. Prescriptive Approach – Get Started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity and Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
  • 37. Easy Access To AWS Security Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
  • 38. Lets hear from one of our AWSome customers!
  • 39. Stephen Quigg – Principal Security Solutions Architect