Submit Search
Upload
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
•
1 like
•
315 views
Amazon Web Services
Follow
by Eugene Yu, Practice Manager, AWS Professional Services
Read less
Read more
Slideshow view
Report
Share
Slideshow view
Report
Share
1 of 33
Recommended
Toward Full Stack Security
Toward Full Stack Security
Amazon Web Services
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Amazon Web Services
Best Practices for SecOps on AWS
Best Practices for SecOps on AWS
Amazon Web Services
Infrastructure Security: Your Minimum Security Baseline.pdf
Infrastructure Security: Your Minimum Security Baseline.pdf
Amazon Web Services
Application Resiliency
Application Resiliency
Amazon Web Services
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Amazon Web Services
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
Amazon Web Services
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
Recommended
Toward Full Stack Security
Toward Full Stack Security
Amazon Web Services
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Amazon Web Services
Best Practices for SecOps on AWS
Best Practices for SecOps on AWS
Amazon Web Services
Infrastructure Security: Your Minimum Security Baseline.pdf
Infrastructure Security: Your Minimum Security Baseline.pdf
Amazon Web Services
Application Resiliency
Application Resiliency
Amazon Web Services
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Cloud Adoption Framework: Security Perspective - CAF Data Protection in Trans...
Amazon Web Services
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
Amazon Web Services
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
AWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
Amazon Web Services
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack Mitigation
Amazon Web Services
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Amazon Web Services
How to Use Positive and Negative Security Models and Virtual Patching Techniq...
How to Use Positive and Negative Security Models and Virtual Patching Techniq...
Amazon Web Services
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Amazon Web Services
Becoming an IAM Policy Ninja
Becoming an IAM Policy Ninja
Amazon Web Services
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
Amazon Web Services
Securing Your AWS Infrastructure with Edge Services
Securing Your AWS Infrastructure with Edge Services
Amazon Web Services
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
Amazon Web Services
Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017
Amazon Web Services
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Amazon Web Services
Data Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
AWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
AWS Shared Security Model in Practice
AWS Shared Security Model in Practice
Alert Logic
More Related Content
What's hot
AWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
Amazon Web Services
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack Mitigation
Amazon Web Services
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Amazon Web Services
How to Use Positive and Negative Security Models and Virtual Patching Techniq...
How to Use Positive and Negative Security Models and Virtual Patching Techniq...
Amazon Web Services
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Amazon Web Services
Becoming an IAM Policy Ninja
Becoming an IAM Policy Ninja
Amazon Web Services
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Amazon Web Services
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
Amazon Web Services
Securing Your AWS Infrastructure with Edge Services
Securing Your AWS Infrastructure with Edge Services
Amazon Web Services
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
Amazon Web Services
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
Amazon Web Services
Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017
Amazon Web Services
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Amazon Web Services
Data Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
AWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Amazon Web Services
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
What's hot
(20)
AWS Security Fundamentals
AWS Security Fundamentals
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
Cloud Native DDoS Attack Mitigation
Cloud Native DDoS Attack Mitigation
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
Stop Wasting Your Time: Focus on Security Practices that Actually Matter
How to Use Positive and Negative Security Models and Virtual Patching Techniq...
How to Use Positive and Negative Security Models and Virtual Patching Techniq...
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Hands on Setup and Overview of AWS Console, AWS CLI, AWS SDK, Boto 3
Becoming an IAM Policy Ninja
Becoming an IAM Policy Ninja
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
A Tale of Security & Ops Teamwork for Rapid Security Incident Resolution
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
Securing Your AWS Infrastructure with Edge Services
Securing Your AWS Infrastructure with Edge Services
Cloud-Native DDoS Attack Mitigation
Cloud-Native DDoS Attack Mitigation
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
Best Practices on AWS - IL Webinar August 2017
Best Practices on AWS - IL Webinar August 2017
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
Data Protection in Transit and at Rest
Data Protection in Transit and at Rest
AWS Security Fundamentals
AWS Security Fundamentals
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Similar to Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
AWS Shared Security Model in Practice
AWS Shared Security Model in Practice
Alert Logic
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Introduction: Security & AWS Storage
Introduction: Security & AWS Storage
Amazon Web Services
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
Amazon Web Services
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Amazon Web Services
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
Alert Logic
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
Amazon Web Services
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
Amazon Web Services
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017
Amazon Web Services
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Amazon Web Services
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Amazon Web Services
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
Amazon Web Services
Similar to Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
(20)
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
AWS Shared Security Model in Practice
AWS Shared Security Model in Practice
Introduction to AWS Security
Introduction to AWS Security
Introduction: Security & AWS Storage
Introduction: Security & AWS Storage
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
Detective Controls: Gain Visibility and Record Change
Detective Controls: Gain Visibility and Record Change
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Introduction to AWS Security
Introduction to AWS Security
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
More from Amazon Web Services
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
Open banking as a service
Open banking as a service
Amazon Web Services
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
Computer Vision con AWS
Computer Vision con AWS
Amazon Web Services
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
Tools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
Building a web application without servers
Building a web application without servers
Amazon Web Services
Fundraising Essentials
Fundraising Essentials
Amazon Web Services
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
More from Amazon Web Services
(20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Open banking as a service
Open banking as a service
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Computer Vision con AWS
Computer Vision con AWS
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Tools for building your MVP on AWS
Tools for building your MVP on AWS
How to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Building a web application without servers
Building a web application without servers
Fundraising Essentials
Fundraising Essentials
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Introduction to the Security Perspectives of the Cloud Adoption Framework (CAF)
1.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Pop-up Loft © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Introduction to
the Security Perspectives of the Cloud Adoption Framework (CAF) Eugene Yu Practice Manager, Global Security Practice, AWS ProServ
2.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Security Perspective of
the CAF Every company is concerned with protecting information and assets as they grow the business. They also want to ensure they are operating within the legal boundaries and standards set by and on the behalf of governmental agencies and industry associations. Security Perspective components provide guidance that enables a comprehensive and rigorous method of describing a structure and behavior for an organization’s security and compliance processes, systems and personnel. Security Perspective Directive Preventative Detective Responsive
3.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Security Epics Workflow Sprint 1
Sprint 2 Sprint 3 Sprint 4 Sprint 5 Sprint 6 Sprint 7 Sprint 8Inputs/Pre-work SECURITY & COMPLIANCE Security RACI Security Cartography 3rd Party Oversight Customer Outcomes Security and Compliance Workshop Security Incident Response Simulation
4.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Key security enablers Milestones
that help you stay on track
5.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved Measuring Your Progress
6.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity and Access
Management AWS Organizations IAM AWS Security Token Service
7.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls AWS CloudTrail Amazon CloudWatch AWS Config Amazon Inspector VPC Flow Logs Account Resources
Network
8.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls -
VPC Flow Logs
9.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls -
VPC Flow Logs
10.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security AWS OpsWorks AWS Shield AWS WAF Resources Network AWS Trusted Advisor AWS Config Rules
11.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security –
AWS Config Rules • Amazon CloudTrail should be enabled… – Is it? • All EBS volumes encrypted… – Are they? • All security groups in attached state should not have unrestricted access to port 22. – Do they?
12.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security –
AWS Config Rules • Codify and automate your own practices • Get started with samples in AWS Lambda • Implement guidelines for security best practices and compliance • Use rules from various AWS Partners • View compliance in one dashboard
13.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security –
AWS Config Rules
14.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security –
AWS Config Rules
15.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection AWS CloudHSM AWS Key Management Service AWS Certificate Manager
16.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection -
Encryption Encryption In-Transit SSL/TLS VPN / IPSEC SSH Encryption At-Rest Object Database Filesystem Disk
17.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection –
AWS Certificate Manager • AWS Certificate Manager (ACM) is a service that lets you easily provision, manage, and deploy TLS certificates for use with Elastic Load Balancing or Amazon CloudFront distribution. – No additional charge for provisioning TLS certificates – Manages the renewal process of TLS certificates – Certificates are verified by Amazon’s certificate authority (CA), Amazon Trust Services (ATS)
18.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection –
AWS Certificate Manager
19.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection –
AWS KMS Data key 1 S3 object EBS volume Amazon Redshift cluster Data key 2 Data key 3 Data key 4 Custom application Customer Master Keys
20.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response Amazon CloudWatch Amazon Lambda
21.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
22.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
23.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
24.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
25.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
26.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
27.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
Lambda Log from __future__ import print_function import json def lambda_handler(event, context): print(json.dumps(event, indent=2))
28.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
AWS CloudWatch Events
29.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
Lambda Respond cloudtrail = boto3.client('cloudtrail') trail_arn = event["detail"]["requestParameters"]["name"] ct_response = cloudtrail.start_logging( Name = trail_arn )
30.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
Lambda Notify sns_topic = "arn:aws:sns:us-east-1:123459227412:reporter-topic" subject = 'EVENT: ' + event["detail"]["eventName"] message = "What happened? " + event["detail"]["eventName"] + "n" "What service? " + event["detail"]["eventSource"] + "n" "Where? " + event["detail"]["awsRegion"] + "n" "When? " + event["detail"]["eventTime"] + "n" "Who? " + str(json.dumps(event["detail"]["userIdentity"], indent=2)) sns = boto3.client('sns') sns_response = sns.publish( TopicArn = sns_topic, Message = message, Subject = subject, MessageStructure = 'string' )
31.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
Amazon SNS Notification
32.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response –
Complete
33.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary • AWS security
benefits: • Integrated security & compliance • Global resilience, visibility, & control • Maintain your privacy and data ownership • Agility through security automation • Security innovation at scale • Broad security partner & marketplace solutions