Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014

4,899 views

Published on

If you're trying to figure out how to run enterprise applications and services on AWS securely, come join Intuit and the AWS Professional Services team to learn how to embrace a new discipline called DevSecOps. You'll learn more about software-defined security and why we think that DevSecOps helps organizations large and small adopt cloud services at a rapid pace. We'll provide you with links and information to help you get started with creating your own DevSecOps team.

Published in: Technology
  • Be the first to comment

(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014

  1. 1. Spoiler Alert:
  2. 2. Secure Enterprise Workloads in the Cloud… •Pain •Trial & Error •Blood, sweat & tears •Ouch, my head hurts! It would have been great to hear this speech a couple years ago…. Bang Head Here
  3. 3. Intuit Cloud Security AWS Professional Services
  4. 4. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science? Start Here?
  5. 5. Embedding into DevOpswas a disaster… –Compliance checklists didn’t take us far before we stopped scaling… –We couldn’t keep up with deployments without automation… –Standard Security Operations did not work… –And we needed far more data than we expected to help the business make decisions…
  6. 6. DevSecOps Security Engineering Experiment, Automate, Test Security Operations Hunt, Detect, Contain Compliance Operations Respond, Manage, Train Security Science Learn, Measure, Forecast
  7. 7. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  8. 8. Page 3 of 267 Security Configuration Procedures V 3.6.0.1.1, January 2011 Frozen in Time
  9. 9. AWS provides a programmable infrastructure
  10. 10. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  11. 11. Central Account (Trusted) Admin IAM IAM IAM IAM IAM IAM BU Accounts (Trusting) SecRole SecRole SecRole SecRole SecRole SecRole IAM
  12. 12. Role Name Access Policies Trust Policy Short Description
  13. 13. Pull Push Source Code Repository Baseline IAM Catalog Trusting BU Accounts SecRole IAM Role Develop Review Test Approve Commit Ruby AKID/SAK 1 2 Admin 3 5 STS Creds 4
  14. 14. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  15. 15. applying these principles…
  16. 16. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  17. 17. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  18. 18. experimenting with these principles…
  19. 19. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  20. 20. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  21. 21. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science?
  22. 22. Security as Code? Experiment: Automate Policy Governance Security Operations? Experiment: Detection via Security Operations Experiment: Compliance via DevSecOpstoolkit Experiment: Science via Profiling DevOps+ Security DevOps+ DevSecOps Compliance Operations? Science? AWSome!
  23. 23. Please give us your feedback on this session. Complete session evaluations and earn re:Invent swag. http://bit.ly/awsevals

×