Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How policymakers can fulfill promises of security for cloud services - SEP205 - AWS re:Inforce 2019

429 views

Published on

This session is an opportunity for regulators and policymakers to share their knowledge about addressing cultural, organizational, policy, and regulatory hurdles with the security of cloud services for organizations in regulated industries (e.g., Healthcare, Financial Services, and Telecommunications). Presenters walk you through their experiences with adopting cloud services and the ways that they establish the environment in relation to policy to ensure that their specific criteria and requirements for security are addressed.

  • Be the first to comment

  • Be the first to like this

How policymakers can fulfill promises of security for cloud services - SEP205 - AWS re:Inforce 2019

  1. 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. How policymakers can fulfill promises of security for cloud services John Brady CISO FINRA S E P 2 0 5 Mark Wetjen Global Head of Public Policy DTCC Charlotte Newman Financial Services Public Policy Lead AWS
  2. 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Our mission Up to 135 Billion events per day Monitor 100% Equities & 70% Options in the US Run Hundreds of surveillance patterns Reconstruct Trillions of market nodes & edges Investor Protection Market Integrity
  3. 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions for John Brady, FINRA FINRA has publicly stated that cybersecurity is better in the cloud than in privately managed data centers. When you first started on your cloud journey, that would have been a bold conclusion. How did you get there?
  4. 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. ▪ Micro-segmentation with security groups ▪ Federated identities + granular entitlements ▪ Visibility: AWS CloudTrail / Amazon CloudWatch Logs ▪ Pervasive encryption: AWS KMS ▪ Containers/serverless: Less to maintain or attack ▪ Automate everything: DevSecOps & compliance ▪ Resiliency: AZs, out-of-region data replication… ▪ Security services: AWS WAF / AWS Shield / AWS Config /Amazon Macie Amazon GuardDuty, etc. More secure in the cloud Nearly everything else is better in the cloud, so it should be no surprise that security is too. The strongest cloud providers have bigger security budgets and deeper talent pools, and must be secure to survive. How?
  5. 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions for John Brady, FINRA FINRA migrated its most critical system, market surveillance, first. How did you prepare organizationally to migrate “the crown jewels”? What cultural shift was necessary to move a critical system to the cloud? What were the benefits of migrating 90% of FINRA’s data volumes to the cloud? What have you learned along the way in your migration journey?
  6. 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions for Mark Wetjen, DTCC DTCC is a market utility and membership organization. How has that shaped DTCC’s cloud journey? How has ensuring that there’s open dialogue with your regulators informed DTCC’s cloud migration roadmap? What are some key outcomes and benefits that your organization has realized since moving to the cloud?
  7. 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions for John Brady, FINRA At FINRA, you’ve built cybersecurity protections into your use of AWS. Why was that so important, and how did you accomplish it? As cyber incidents increase in number and complexity, how do you see FINRA and other regulated organizations being even more proactive going forward? Will automation be the key?
  8. 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Questions for Mark Wetjen, DTCC As a former regulator, you well understand how regulatory agencies think about digital transformation and cybersecurity. What advice would you give to other regulated organizations as they plan their cloud strategy and plan for deep engagement with their cloud services provider and regulatory agencies?
  9. 9. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

×