Security in the Cloud - AWS Symposium 2014 - Washington D.C.

1,841 views

Published on

Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,841
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
128
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Security in the Cloud - AWS Symposium 2014 - Washington D.C.

  1. 1. Security in the Cloud Stephen E. Schmidt, Vice President, Security Engineering & Chief Information Security Officer AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014
  2. 2. 8th Birthday Launched on March 14th, 2006
  3. 3. Startups on AWS
  4. 4. Enterprises on AWS
  5. 5. Public Sector on AWS
  6. 6. System Integrators on AWS
  7. 7. ISVs on AWS
  8. 8. Why are enterprises & government adopting cloud computing and AWS so quickly?
  9. 9. The primary reason enterprises & governments are moving so quickly to AWS and the cloud #1: Agility
  10. 10. Why does agility matter?
  11. 11. Old World: Infrastructure in weeks Enterprises & Government Can’t Afford to Be Slow
  12. 12. A Culture of Innovation: Experiment Often & Fail Without Risk
  13. 13. Regions Availability Zones Content Delivery POPs #2: Platform Breadth and Depth
  14. 14. 10 regions 26 availability zones 51 edge locations It’s Not Just Having Services in a Couple of Regions…
  15. 15. Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RD S MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  16. 16. Direct Connect Route 53VPC Networking Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  17. 17. Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  18. 18. Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  19. 19. Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53 VP C Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  20. 20. Technology Partners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  21. 21. Support CertificationTrainingProfessional Services Technology Partners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling #2: Platform Breadth and Depth
  22. 22. Security is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload PEOPLE & PROCEDURES NETWORK SECURITY PHYSICAL SECURITY PLATFORM SECURITY
  23. 23. “[Enterprise customers are] skipping the years of early getting-their-feet-wet, and immediately jumping in with more significant projects, with more ambitious goals…”
  24. 24. “Increasingly, organizations are asking what can’t go to the cloud, rather than what can…”
  25. 25. “As 2014 dawns, we’re moving into an era of truly mainstream adoption of cloud…”
  26. 26. • SECURITY IS SHARED
  27. 27. WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
  28. 28. WHAT WE DO FOR YOU WHAT YOU DO YOURSELF
  29. 29. • EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES • CHOOSE WHAT’S RIGHT FOR YOUR WORKLOAD
  30. 30. • CLOUD SECURITY OFFERS MORE • VISIBILITY • AUDITABILITY • CONTROL
  31. 31. • MORE VISIBILITY
  32. 32. • CAN YOU MAP YOUR NETWORK? • WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?
  33. 33. • MORE AUDITABILITY
  34. 34. • SECURITY CONTROL OBJECTIVES • 1. SECURITY ORGANIZATION • 2. AMAZON USER ACCESS • 3. LOGICAL SECURITY • 4. SECURE DATA HANDLING • 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS • 6. CHANGE MANAGEMENT • 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY • 8. INCIDENT HANDLING
  35. 35. • MORE CONTROL
  36. 36. Defense in Depth Multi level security • Physical security of the data centers • Network security • System security • Data security
  37. 37. • LEAST PRIVILEGE PRINCIPLE • AT AWS
  38. 38. • LEAST PRIVILEGE PRINCIPLE CONFINE ROLES ONLY TO THE MATERIAL REQUIRED TO DO SPECIFIC WORK
  39. 39. • LEAST PRIVILEGE PRINCIPLE SEPARATE NETWORKS FOR CORPORATE WORK VS. ACCESSING CUSTOMER DATA
  40. 40. • LEAST PRIVILEGE PRINCIPLE MUST HAVE A BUSINESS NEED-TO-KNOW ABOUT SENSITIVE INFORMATION LIKE DATACENTER LOCATIONS
  41. 41. • LEAST PRIVILEGE PRINCIPLE MUST HAVE A BUSINESS NEED-TO-KNOW IN ORDER TO ACCESS DATACENTERS
  42. 42. • SIMPLE SECURITY CONTROLS ARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT, AND EASIEST TO ENFORCE
  43. 43. • IDC Survey • Attitudes and Perceptions Around Security and Cloud Services • Nearly 60% of organizations agreed that CSPs [Cloud Service Providers] provide better security than their own IT organization • Source: IDC 2013 U.S. Cloud Security Survey • Doc #242836, September 2013
  44. 44. • “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom – CTO – NASA JPL
  45. 45. AWS Security Stephen E. Schmidt, Chief Information Security Officer Thank You!

×