SlideShare a Scribd company logo

How AI is disrupting the world

Amazon Web Services
Amazon Web Services

Artificial Intelligence (AI) is transforming the world around us. At Amazon.com, we use Artificial Intelligence to improve customer experience, grow its business and optimize its operations. In this session, two local startups will share about their journey on building an AI company and their vision on how their technology is going to disrupt the world.

1 of 44
Download to read offline
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securing Your Customers Data From Day One Sebastien Linsolas| 2018
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security by design principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data (in transit and at rest) • Prepare for security events https://aws.amazon.com/architecture/well-architected/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implement a strong identity foundation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting AWS credentials • Establish Less-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective controls Identifying a potential security threat is essential for legal compliance assurance, key areas in this are: • Capture and analyze logs • Integrate auditing controls with notifications and workflow / Use your logs
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Capture and analyze logs Asset management • Describe assets and instance programmatically • No dependency on instance based agent API driven log analysis • Collect, filter and analyze with ease • Automatically collect API calls with CloudTrail • Use CloudWatch Logs or ElasticSearch with instances
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use your logs Don’t just collect and store logs, analyze logs easily with CloudWatch Events: • Trigger notifications • Automate responses with Lambda • Integrate events with ticketing systems
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detect change • Use native tools such as AWS Config to detect change in your environment and trigger CloudWatch Events • Collect output from Amazon Inspector to ensure compliance • Use Amazon GuardDuty to constantly monitor and intelligently detect threats and take action
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Change management
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS Config – https://aws.amazon.com/config/ AWS Config Rules – https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws- config.html Amazon Inspector - https://aws.amazon.com/inspector/ Amazon ElasticSearch Service - https://aws.amazon.com/elasticsearch-service/ Amazon CloudWatch Logs - https://aws.amazon.com/cloudwatch/ Amazon Athena – https://aws.amazon.com/athena/ Amazon Glacier – https://aws.amazon.com/glacier/ AWS Lambda – https://aws.amazon.com/lambda/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Apply security at all layers
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Defense-in-depth
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure protection Protect network and host level boundaries System security config and management Enforce service-level protection
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect network and host level boundaries VPC considerations: • Subnets to separate workloads • Use NACL’s to prevent access between subnets • Use route tables to deny internet access from protected subnets • Use Security groups to grant access to and from other security groups Limit what you run in public subnets: • ELB/ALB and NLB’s • Bastion hosts • Try and avoid where possible having a system directly accessible from the internet External connectivity for management: • Use VPN gateways to your on premise systems • Direct Connect
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. System security config and management OS based firewalls CVE vulnerability scanners Virus scanners Remove unnecessary tools from OS Remove direct access to machines – use EC2 system manager Amazon Inspector to scan OS and applications
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce service-level protection • Use least privilege IAM policies • Use fined grained controls within policies • Look at service level permission (such as S3 bucket policies) • Use KMS and define admin and user access policies
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources Amazon VPC – https://aws.amazon.com/vpc/ AWS Direct Connect – https://aws.amazon.com/directconnect/ Amazon Inspector - https://aws.amazon.com/inspector/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate security best practices
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ensure best practice • Template everything (CloudFormation, Terraform, etc etc) • Utilise CI/CD pipelines • Set custom AWS Config rules • Amazon Inspector to detect vulnerabilities • Automate response to non compliant infrastructure
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Immutable infrastructure
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security as code
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources Amazon VPC – https://aws.amazon.com/ AWS Systems Manager – https://aws.amazon.com/systems-manager/Amazon/ Inspector - https://aws.amazon.com/inspector/ AWS CloudFormation - https://aws.amazon.com/cloudformation/ AWS SAM - https://github.com/awslabs/serverless-application-model AWS Pipeline - https://aws.amazon.com/codepipeline/ AWS KMS - https://aws.amazon.com/kms/ Terraform - https://www.terraform.io/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect data (in transit and at rest)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data classification Start of by classifying data based on sensitivity: • Public data = unencrypted, non-sensitive, available to everyone • Critical data = encrypted, not directly accessible from the internet, requires authorization and authentication Use resource tags to help define the policy: • “DataClassification=CRITICAL” • Integrate access with IAM policies Amazon Macie: Macie can automatically discover, classify and protect sensitive data through machine learning
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypt your data
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data in transit AWS endpoints are HTTPS, but what can you do? • VPN connectivity to VPC • TLS application communication • ELB or CloudFront with ACM
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data at rest Inbuilt encryption • S3: select KMS key on upload • EBS and RDS snapshots: automatically encrypt data at rest • DynamoDB: encrypt backups Bring your own Key Encrypt data locally before uploading SSE-C (server side encryption with customer key)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption and tokenization Tokens allow you to represent data (credit card number) as a token. Generate and Retrieve encrypted data from a toke store such as cloudHSM or encrypt and store data in DynamoDB. cloudHSM is PCI-DSS and FIPS compliant
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS KMS - https://aws.amazon.com/kms/ Amazon Macie – https://aws.amazon.com/macie/ AWS Cloud HSM – https://aws.amazon.com/cloudhsm/ Amazon EBS – https://aws.amazon.com/ebs/ S2n - https://github.com/awslabs/s2n
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prepare for security events
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident response “Even with a mature preventative and detective solution in place, you should consider a mitigation plan”
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Clean room • Use Tags to quickly determine impact and escalate • Get the right people access and on the call • Use Cloud API’s to automate and isolate instances • CloudFormation – recreate clean / update environments easily for production or investigation purposes
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS Well-Architected - https://aws.amazon.com/architecture/well-architected/ Security Pillar - https://d1.awsstatic.com/whitepapers/architecture/AWS-Security- Pillar.pdf
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank You Sebastien Linsolas, slinsola@amazon.com
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q&A
How AI is disrupting the world
How AI is disrupting the world
How AI is disrupting the world
How AI is disrupting the world
How AI is disrupting the world

Recommended

Launching applications the Amazon Way
Launching applications the Amazon WayLaunching applications the Amazon Way
Launching applications the Amazon WayAmazon Web Services
 
Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Amazon Web Services
 
Innovation and Startups Today
Innovation and Startups TodayInnovation and Startups Today
Innovation and Startups TodayAmazon Web Services
 
From Startup to Recognized IoT Leader
From Startup to Recognized IoT Leader From Startup to Recognized IoT Leader
From Startup to Recognized IoT Leader Amazon Web Services
 
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...Amazon Web Services
 
Keynote
KeynoteKeynote
KeynoteAmazon Web Services
 
Engage your audience through mobile
Engage your audience through mobileEngage your audience through mobile
Engage your audience through mobileAmazon Web Services
 
Cheat your Way into the Cloud
Cheat your Way into the CloudCheat your Way into the Cloud
Cheat your Way into the CloudAmazon Web Services
 

Recommended

Launching applications the Amazon Way
Launching applications the Amazon WayLaunching applications the Amazon Way
Launching applications the Amazon WayAmazon Web Services
 
Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Amazon Web Services
 
Innovation and Startups Today
Innovation and Startups TodayInnovation and Startups Today
Innovation and Startups TodayAmazon Web Services
 
From Startup to Recognized IoT Leader
From Startup to Recognized IoT Leader From Startup to Recognized IoT Leader
From Startup to Recognized IoT Leader Amazon Web Services
 
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...
What does it mean to be Well-Architected - Maria Sokolova - AWS TechShift ANZ...Amazon Web Services
 
Keynote
KeynoteKeynote
KeynoteAmazon Web Services
 
Engage your audience through mobile
Engage your audience through mobileEngage your audience through mobile
Engage your audience through mobileAmazon Web Services
 
Cheat your Way into the Cloud
Cheat your Way into the CloudCheat your Way into the Cloud
Cheat your Way into the CloudAmazon Web Services
 
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018Amazon Web Services
 
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Amazon Web Services
 
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...Amazon Web Services
 
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Amazon Web Services
 
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018Amazon Web Services
 
Culture Eats Strategy for Breakfast
Culture Eats Strategy for BreakfastCulture Eats Strategy for Breakfast
Culture Eats Strategy for BreakfastAmazon Web Services
 
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
 
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid SolutionAmazon Web Services
 
Evolving Security in AWS
Evolving Security in AWSEvolving Security in AWS
Evolving Security in AWSAmazon Web Services
 
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Amazon Web Services
 
DevOps: The Amazon Story
DevOps: The Amazon StoryDevOps: The Amazon Story
DevOps: The Amazon StoryAmazon Web Services
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOpsAmazon Web Services
 
AI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAmazon Web Services
 
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Amazon Web Services
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBoaz Ziniman
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
 

More Related Content

What's hot

Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018Amazon Web Services
 
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Amazon Web Services
 
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...Amazon Web Services
 
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Amazon Web Services
 
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018Amazon Web Services
 
Culture Eats Strategy for Breakfast
Culture Eats Strategy for BreakfastCulture Eats Strategy for Breakfast
Culture Eats Strategy for BreakfastAmazon Web Services
 
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your SolutionsAmazon Web Services
 
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid SolutionAmazon Web Services
 
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Amazon Web Services
 
AI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAmazon Web Services
 
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Amazon Web Services
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBoaz Ziniman
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 

What's hot (20)

Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
Go to Market with AWS - Kevin Park - AWS TechShift ANZ 2018
 
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
 
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
Database Freedom. Database migration approaches to get to the Cloud - Marcus ...
 
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
Introduction to Amazon Route 53 Resolver for Hybrid Cloud (NET215) - AWS re:I...
 
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
Leveraging Experts for Scale - Ralf Capel - AWS TechShift ANZ 2018
 
Culture Eats Strategy for Breakfast
Culture Eats Strategy for BreakfastCulture Eats Strategy for Breakfast
Culture Eats Strategy for Breakfast
 
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
Big Data Meets AI - Driving Insights and Adding Intelligence to Your Solutions
 
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
Transform Government IT with VMware Cloud on AWS, an Integrated Hybrid Solution
 
Evolving Security in AWS
Evolving Security in AWSEvolving Security in AWS
Evolving Security in AWS
 
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
Mastering the Secret Sauce to SaaS - Adrian De Luca - AWS TechShift ANZ 2018
 
DevOps: The Amazon Story
DevOps: The Amazon StoryDevOps: The Amazon Story
DevOps: The Amazon Story
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOps
 
AI and IoT innovation - an industry focus
AI and IoT innovation - an industry focusAI and IoT innovation - an industry focus
AI and IoT innovation - an industry focus
 
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
AWS Marketplace Enabling Digital Innovation - David Wright - AWS TechShift 2018
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
 
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019 Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
Leadership session: Foundational security - FND313-L - AWS re:Inforce 2019
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
 

Similar to How AI is disrupting the world

AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAmazon Web Services
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS Germany
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfAmazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignAmazon Web Services
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Amazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineAmazon Web Services
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAmazon Web Services
 
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Amazon Web Services
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Amazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Amazon Web Services
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 

Similar to How AI is disrupting the world (20)

AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation Techniques
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniques
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security BaselineAWS Security Week: Infrastructure Security- Your Minimum Security Baseline
AWS Security Week: Infrastructure Security- Your Minimum Security Baseline
 
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
Best Practices to Secure Data Lake on AWS (ANT327) - AWS re:Invent 2018
 
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
Security in Amazon Elasticsearch Service (ANT392) - AWS re:Invent 2018
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

How AI is disrupting the world

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Securing Your Customers Data From Day One Sebastien Linsolas| 2018
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security by design principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data (in transit and at rest) • Prepare for security events https://aws.amazon.com/architecture/well-architected/
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implement a strong identity foundation
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity Access Management (IAM) Ensure only authorized and authenticated users are able to access resources: • Define users, groups, services and roles • Protect AWS credentials • Use fine grained authorization/access control
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define access Users Groups Services Roles • Think carefully • SAML 2.0 (ADFS) • Define a management policy • Logically group users • Apply group policies • Least privilege access • Be granular • Use roles for instances and functions • Avoid using API keys in code
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protecting AWS credentials • Establish Less-privileged Users • Enable MFA on the root account • Consider federation • Set a password policy • MFA for users and/or certain operations (s3 delete) • Avoid storing API Keys in source control • Use temporary credentials via STS
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fine grained access control • Establish least privilege principle • Define clear roles for users and roles • Use AWS organizations to centrally manage access
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS IAM - https://aws.amazon.com/iam/ AWS STS - https://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html AWS Organizations - https://aws.amazon.com/organizations/
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective controls Identifying a potential security threat is essential for legal compliance assurance, key areas in this are: • Capture and analyze logs • Integrate auditing controls with notifications and workflow / Use your logs
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Capture and analyze logs Asset management • Describe assets and instance programmatically • No dependency on instance based agent API driven log analysis • Collect, filter and analyze with ease • Automatically collect API calls with CloudTrail • Use CloudWatch Logs or ElasticSearch with instances
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use your logs Don’t just collect and store logs, analyze logs easily with CloudWatch Events: • Trigger notifications • Automate responses with Lambda • Integrate events with ticketing systems
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detect change • Use native tools such as AWS Config to detect change in your environment and trigger CloudWatch Events • Collect output from Amazon Inspector to ensure compliance • Use Amazon GuardDuty to constantly monitor and intelligently detect threats and take action
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Change management
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS Config – https://aws.amazon.com/config/ AWS Config Rules – https://docs.aws.amazon.com/config/latest/developerguide/managed-rules-by-aws- config.html Amazon Inspector - https://aws.amazon.com/inspector/ Amazon ElasticSearch Service - https://aws.amazon.com/elasticsearch-service/ Amazon CloudWatch Logs - https://aws.amazon.com/cloudwatch/ Amazon Athena – https://aws.amazon.com/athena/ Amazon Glacier – https://aws.amazon.com/glacier/ AWS Lambda – https://aws.amazon.com/lambda/
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Apply security at all layers
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Defense-in-depth
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure protection Protect network and host level boundaries System security config and management Enforce service-level protection
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect network and host level boundaries VPC considerations: • Subnets to separate workloads • Use NACL’s to prevent access between subnets • Use route tables to deny internet access from protected subnets • Use Security groups to grant access to and from other security groups Limit what you run in public subnets: • ELB/ALB and NLB’s • Bastion hosts • Try and avoid where possible having a system directly accessible from the internet External connectivity for management: • Use VPN gateways to your on premise systems • Direct Connect
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. System security config and management OS based firewalls CVE vulnerability scanners Virus scanners Remove unnecessary tools from OS Remove direct access to machines – use EC2 system manager Amazon Inspector to scan OS and applications
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Enforce service-level protection • Use least privilege IAM policies • Use fined grained controls within policies • Look at service level permission (such as S3 bucket policies) • Use KMS and define admin and user access policies
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources Amazon VPC – https://aws.amazon.com/vpc/ AWS Direct Connect – https://aws.amazon.com/directconnect/ Amazon Inspector - https://aws.amazon.com/inspector/
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate security best practices
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ensure best practice • Template everything (CloudFormation, Terraform, etc etc) • Utilise CI/CD pipelines • Set custom AWS Config rules • Amazon Inspector to detect vulnerabilities • Automate response to non compliant infrastructure
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Immutable infrastructure
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security as code
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources Amazon VPC – https://aws.amazon.com/ AWS Systems Manager – https://aws.amazon.com/systems-manager/Amazon/ Inspector - https://aws.amazon.com/inspector/ AWS CloudFormation - https://aws.amazon.com/cloudformation/ AWS SAM - https://github.com/awslabs/serverless-application-model AWS Pipeline - https://aws.amazon.com/codepipeline/ AWS KMS - https://aws.amazon.com/kms/ Terraform - https://www.terraform.io/
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Protect data (in transit and at rest)
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data classification Start of by classifying data based on sensitivity: • Public data = unencrypted, non-sensitive, available to everyone • Critical data = encrypted, not directly accessible from the internet, requires authorization and authentication Use resource tags to help define the policy: • “DataClassification=CRITICAL” • Integrate access with IAM policies Amazon Macie: Macie can automatically discover, classify and protect sensitive data through machine learning
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encrypt your data
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data in transit AWS endpoints are HTTPS, but what can you do? • VPN connectivity to VPC • TLS application communication • ELB or CloudFront with ACM
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data at rest Inbuilt encryption • S3: select KMS key on upload • EBS and RDS snapshots: automatically encrypt data at rest • DynamoDB: encrypt backups Bring your own Key Encrypt data locally before uploading SSE-C (server side encryption with customer key)
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption and tokenization Tokens allow you to represent data (credit card number) as a token. Generate and Retrieve encrypted data from a toke store such as cloudHSM or encrypt and store data in DynamoDB. cloudHSM is PCI-DSS and FIPS compliant
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS KMS - https://aws.amazon.com/kms/ Amazon Macie – https://aws.amazon.com/macie/ AWS Cloud HSM – https://aws.amazon.com/cloudhsm/ Amazon EBS – https://aws.amazon.com/ebs/ S2n - https://github.com/awslabs/s2n
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Prepare for security events
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident response “Even with a mature preventative and detective solution in place, you should consider a mitigation plan”
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Clean room • Use Tags to quickly determine impact and escalate • Get the right people access and on the call • Use Cloud API’s to automate and isolate instances • CloudFormation – recreate clean / update environments easily for production or investigation purposes
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Resources AWS Well-Architected - https://aws.amazon.com/architecture/well-architected/ Security Pillar - https://d1.awsstatic.com/whitepapers/architecture/AWS-Security- Pillar.pdf
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank You Sebastien Linsolas, slinsola@amazon.com
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q&A