SlideShare a Scribd company logo

AWS Security Best Practices Roadmap

Amazon Web Services
Amazon Web Services

As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days.

1 of 49
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Framework Shakedown Chart Your Journey with AWS Best Practices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objectives • Define a security strategy, deliver a security program and develop robust security operations on AWS • Implement Explain AWS security best practices • AWS security services at an accelerated pace • Get some code!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • NAB Cloud security journey • Cloud adoption framework security perspective • AWS well-architected framework security pillar
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. National Australia Bank Our vision: To be Australia's leading bank, trusted by customers for exceptional service • One of Australia’s four major banks and largest business bank • More than 30,000 employees and 9 million customers across 900 locations
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance Insights • We had to change our approach • Scale with automation and decentralization • Security compliments agile
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Foundations of continuous compliance Baseline Compliance Portfolio AWS Service Compliance Portfolio Application Compliance Portfolio Service A Service B API Gateway Amazon RDS Amazon EBS Prod Account Non-Prod Account Application Security Assessment AWS Service Control Review Security Posture
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS cloud adoption framework
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF security perspective Security Perspective Directive Preventative Detective Responsive
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Core five epics
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS shared responsibility model
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define a strategy Identify your workloads moving to AWSIdentify stakeholders
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deliver a security program Rationalize security requirements Define data protections and controls Document security architecture
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security cartography
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF best practices Inventory current security requirements Adopt a security framework Identify workload security controls Map current security controls cloud controls Create a security RACI Create a risk register
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Robust security operations Deploy architecture Automation Continuous monitoring Testing and Gamedays
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity & Access Mgmt Detective Control Infrastructure Security Data Protection Incident Response Week 1 Week 2 Week 5Week 3 Week 4 Sample security Epics journey
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the AWS Well-Architected Framework? Pillars Design Principles Questions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pillars of AWS Well-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A mechanism for your cloud journey Learn Measure Improve
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security design principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Root account should never be used Consider AWS Organizations Set account security questions & contacts Centralize identities Audit periodically
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Never store credentials or secrets in code Enforce MFA on everything Use IAM roles for users and services Establish least privileged policies Use temporary credentials
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enforce MFA User can only assume a role with MFA MFA token Permissions RoleUser AWS CloudPermissions http://bit.ly/AWSWALabs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Enable traceability Consider Amazon GuardDuty Configure application & infrastructure logging Centralize using a SIEM Proactively monitor Regular reviews of news & best practices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enable traceability Use AWS CloudFormation!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Network protection Amazon CloudFront + AWS WAF Amazon VPC and security groups Private connectivity - VPC peering, VPN, AWS Direct Connect Service endpoints Enforce service level permission
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Network protection Bucket Instances Region VPC Users https://amzn.to/2PbHOpz WAF Automation www.example.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Apply security at all layers Harden operating systems & defaults Use anti-malware + intrusion detection Scan infrastructure Scan code Patch vulnerabilities
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: compute protection
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Scan vulnerabilities Scan instances with Amazon Inspector https://amzn.to/2DT9jyg Scan code in the pipeline Dependency Check: http://bit.ly/2SPzUAp Testing OWASP Zap: http://bit.ly/2yWwzqN
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Serverless • Authorization and authentication - API • Enforce boundaries - AWS services & network • Input validation • Protect sensitive data
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Automate security best practices Template infra: AWS CloudFormation / AWS SAM Automate build and test AWS Config rules for verification Automate response to non-compliance Automate response to events
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate management Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate checks Config Rules
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Protect data Encryption mechanisms are enforced Verify accessibility of data, e.g. Amazon S3 & EBS Consider AWS Certificate Manager Consider tokenization to substitute sensitive data Data segmentation and isolation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Classify your data • Start classifying data based on sensitivity • Use resource tags to help define the policy Amazon Macie discover, classify, and protect sensitive data in AWS IAM control: http://bit.ly/IAMctrlTAG
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Keep people away from data Dashboards for users Tools for administrators
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Incident response Prepare for different scenarios Pre-deploy tools using automation Pre-provision access for response teams Practice responding through game days Continuously improve your processes
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Run incident response game day 1. Schedule a four to eight hour block 2. Find a prize (bribery) 3. Supply junk food & beverages 4. Pick relevant scenarios from: https://amzn.to/2PetNro 5. Create a runbook 6. Practice 7. Have fun!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Simple run book Event description [Attack Type] [Attack Description] Data to gather for troubleshooting [Evaluation of current data] Steps to troubleshoot and fix [Contain / impact / recovery / forensics] Urgency category [Critical, Important, moderate, informational] Communications & escalation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action! CAF: aws.amazon.com/professional-services/CAF/ W-A: aws.amazon.com/well-architected W-A Labs: http://bit.ly/AWSWALabs AWS sec twitter: @AWSSecurityInfo AWS sec blog: https://aws.amazon.com/blogs/security/
Thank you!

Recommended

Keynote: Introduction to AWS
Keynote: Introduction to AWS Keynote: Introduction to AWS
Keynote: Introduction to AWS Amazon Web Services
 
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon WayAWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon WayAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAmazon Web Services
 
AWS Initiate Day Dublin 2019 - Plenary
AWS Initiate Day Dublin 2019 - PlenaryAWS Initiate Day Dublin 2019 - Plenary
AWS Initiate Day Dublin 2019 - PlenaryAmazon Web Services
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework ShakedownAmazon Web Services
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon WayAmazon Web Services
 

Recommended

Keynote: Introduction to AWS
Keynote: Introduction to AWS Keynote: Introduction to AWS
Keynote: Introduction to AWS Amazon Web Services
 
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon WayAWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon Way
AWS Initiate Day Dublin 2019 – Moving to DevOps the Amazon WayAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAWS Initiate Day Dublin 2019 – Migrating Data to the Cloud
AWS Initiate Day Dublin 2019 – Migrating Data to the CloudAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAmazon Web Services
 
AWS Initiate Day Dublin 2019 - Plenary
AWS Initiate Day Dublin 2019 - PlenaryAWS Initiate Day Dublin 2019 - Plenary
AWS Initiate Day Dublin 2019 - PlenaryAmazon Web Services
 
Becoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseBecoming A High Frequency Enterprise
Becoming A High Frequency EnterpriseAmazon Web Services
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework ShakedownAmazon Web Services
 
Moving to DevOps the Amazon Way
Moving to DevOps the Amazon WayMoving to DevOps the Amazon Way
Moving to DevOps the Amazon WayAmazon Web Services
 
AWS Loves Startups
AWS Loves StartupsAWS Loves Startups
AWS Loves StartupsAmazon Web Services
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOpsAmazon Web Services
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAmazon Web Services
 
AWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAmazon Web Services LATAM
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAmazon Web Services LATAM
 
Keynote_AWS_BecomingAHighFrequencyEnterprise
Keynote_AWS_BecomingAHighFrequencyEnterpriseKeynote_AWS_BecomingAHighFrequencyEnterprise
Keynote_AWS_BecomingAHighFrequencyEnterpriseAmazon Web Services
 
AWS AI and Machine Learning Journey
AWS AI and Machine Learning JourneyAWS AI and Machine Learning Journey
AWS AI and Machine Learning JourneyAmazon Web Services
 
Tendências na Transformação Digital
Tendências na Transformação DigitalTendências na Transformação Digital
Tendências na Transformação DigitalAmazon Web Services LATAM
 
AWS Initiate Day Dublin 2019 – AWS Foundations
AWS Initiate Day Dublin 2019 – AWS FoundationsAWS Initiate Day Dublin 2019 – AWS Foundations
AWS Initiate Day Dublin 2019 – AWS FoundationsAmazon Web Services
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveAmazon Web Services
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAmazon Web Services LATAM
 
Migrate and Modernize Your Database
Migrate and Modernize Your DatabaseMigrate and Modernize Your Database
Migrate and Modernize Your DatabaseAmazon Web Services
 
AWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAmazon Web Services LATAM
 
Welcome To Day One
Welcome To Day OneWelcome To Day One
Welcome To Day OneAmazon Web Services
 
Unblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationUnblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationAmazon Web Services
 
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Amazon Web Services
 
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloudKeynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloudAmazon Web Services
 
Open Data on AWS
Open Data on AWSOpen Data on AWS
Open Data on AWSAmazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Amazon Web Services LATAM
 

More Related Content

What's hot

AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAmazon Web Services
 
AWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAmazon Web Services LATAM
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAmazon Web Services LATAM
 
Keynote_AWS_BecomingAHighFrequencyEnterprise
Keynote_AWS_BecomingAHighFrequencyEnterpriseKeynote_AWS_BecomingAHighFrequencyEnterprise
Keynote_AWS_BecomingAHighFrequencyEnterpriseAmazon Web Services
 
AWS AI and Machine Learning Journey
AWS AI and Machine Learning JourneyAWS AI and Machine Learning Journey
AWS AI and Machine Learning JourneyAmazon Web Services
 
AWS Initiate Day Dublin 2019 – AWS Foundations
AWS Initiate Day Dublin 2019 – AWS FoundationsAWS Initiate Day Dublin 2019 – AWS Foundations
AWS Initiate Day Dublin 2019 – AWS FoundationsAmazon Web Services
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveAmazon Web Services
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAmazon Web Services LATAM
 
Migrate and Modernize Your Database
Migrate and Modernize Your DatabaseMigrate and Modernize Your Database
Migrate and Modernize Your DatabaseAmazon Web Services
 
Unblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationUnblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationAmazon Web Services
 
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019Amazon Web Services Korea
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Amazon Web Services
 
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloudKeynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloudAmazon Web Services
 

What's hot (20)

AWS Loves Startups
AWS Loves StartupsAWS Loves Startups
AWS Loves Startups
 
Moving to DevOps
Moving to DevOpsMoving to DevOps
Moving to DevOps
 
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security MythsAWS Initiate Day Dublin 2019 – Top Cloud Security Myths
AWS Initiate Day Dublin 2019 – Top Cloud Security Myths
 
AWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión PlenariaAWS Initiate Day Mexico City | Sesión Plenaria
AWS Initiate Day Mexico City | Sesión Plenaria
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
AWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWSAWS Initiate - Otimização de Custos com AWS
AWS Initiate - Otimização de Custos com AWS
 
Keynote_AWS_BecomingAHighFrequencyEnterprise
Keynote_AWS_BecomingAHighFrequencyEnterpriseKeynote_AWS_BecomingAHighFrequencyEnterprise
Keynote_AWS_BecomingAHighFrequencyEnterprise
 
AWS AI and Machine Learning Journey
AWS AI and Machine Learning JourneyAWS AI and Machine Learning Journey
AWS AI and Machine Learning Journey
 
Tendências na Transformação Digital
Tendências na Transformação DigitalTendências na Transformação Digital
Tendências na Transformação Digital
 
AWS Initiate Day Dublin 2019 – AWS Foundations
AWS Initiate Day Dublin 2019 – AWS FoundationsAWS Initiate Day Dublin 2019 – AWS Foundations
AWS Initiate Day Dublin 2019 – AWS Foundations
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparada
 
Migrate and Modernize Your Database
Migrate and Modernize Your DatabaseMigrate and Modernize Your Database
Migrate and Modernize Your Database
 
AWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito Amazon
 
Welcome To Day One
Welcome To Day OneWelcome To Day One
Welcome To Day One
 
Unblocking Innovation for Digital Transformation
Unblocking Innovation for Digital TransformationUnblocking Innovation for Digital Transformation
Unblocking Innovation for Digital Transformation
 
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
아마존 혁신 문화의 비밀: Working Backward-임진식 교육 사업부 본부장, AWS :: AWS Summit Seoul 2019
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
 
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloudKeynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
Keynote_Disney_UnleashthePossibilitiesAvoidthePitfallswithCloud
 
Open Data on AWS
Open Data on AWSOpen Data on AWS
Open Data on AWS
 

Similar to AWS Security Best Practices Roadmap

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Amazon Web Services LATAM
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSAmazon Web Services LATAM
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...Amazon Web Services LATAM
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?Amazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsAli Asgar Juzer
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayAmazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...Amazon Web Services
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Amazon Web Services
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3Amazon Web Services
 

Similar to AWS Security Best Practices Roadmap (20)

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
 
AWS Initiate: Security framework shakedown
AWS Initiate: Security framework shakedownAWS Initiate: Security framework shakedown
AWS Initiate: Security framework shakedown
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Landing zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS MigrationsLanding zones: Creating a Foundation for Your AWS Migrations
Landing zones: Creating a Foundation for Your AWS Migrations
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
How Verizon is Accelerating Cloud Adoption and Migration with the AWS Service...
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Security Best Practices Roadmap

  • 1.
  • 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Framework Shakedown Chart Your Journey with AWS Best Practices
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Objectives • Define a security strategy, deliver a security program and develop robust security operations on AWS • Implement Explain AWS security best practices • AWS security services at an accelerated pace • Get some code!
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • NAB Cloud security journey • Cloud adoption framework security perspective • AWS well-architected framework security pillar
  • 5.
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. National Australia Bank Our vision: To be Australia's leading bank, trusted by customers for exceptional service • One of Australia’s four major banks and largest business bank • More than 30,000 employees and 9 million customers across 900 locations
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our cloud security strategy Objectives • Extend our existing Security Services to the Cloud • Integrated and Secure by Default • Continuous Security Governance Insights • We had to change our approach • Scale with automation and decentralization • Security compliments agile
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Foundations of continuous compliance Baseline Compliance Portfolio AWS Service Compliance Portfolio Application Compliance Portfolio Service A Service B API Gateway Amazon RDS Amazon EBS Prod Account Non-Prod Account Application Security Assessment AWS Service Control Review Security Posture
  • 10.
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS cloud adoption framework
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF security perspective Security Perspective Directive Preventative Detective Responsive
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Core five epics
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS shared responsibility model
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Define a strategy Identify your workloads moving to AWSIdentify stakeholders
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deliver a security program Rationalize security requirements Define data protections and controls Document security architecture
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security cartography
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. CAF best practices Inventory current security requirements Adopt a security framework Identify workload security controls Map current security controls cloud controls Create a security RACI Create a risk register
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Robust security operations Deploy architecture Automation Continuous monitoring Testing and Gamedays
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity & Access Mgmt Detective Control Infrastructure Security Data Protection Incident Response Week 1 Week 2 Week 5Week 3 Week 4 Sample security Epics journey
  • 21.
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the AWS Well-Architected Framework? Pillars Design Principles Questions
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Pillars of AWS Well-Architected Security Reliability Performance Efficiency Cost Optimization Operational Excellence
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. A mechanism for your cloud journey Learn Measure Improve
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security design principles • Implement a strong identity foundation • Enable traceability • Apply security at all layers • Automate security best practices • Protect data in transit and at rest • Keep people away from data • Prepare for security events
  • 26.
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Root account should never be used Consider AWS Organizations Set account security questions & contacts Centralize identities Audit periodically
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Strong identity foundation Never store credentials or secrets in code Enforce MFA on everything Use IAM roles for users and services Establish least privileged policies Use temporary credentials
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enforce MFA User can only assume a role with MFA MFA token Permissions RoleUser AWS CloudPermissions http://bit.ly/AWSWALabs
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Enable traceability Consider Amazon GuardDuty Configure application & infrastructure logging Centralize using a SIEM Proactively monitor Regular reviews of news & best practices
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Enable traceability Use AWS CloudFormation!
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Network protection Amazon CloudFront + AWS WAF Amazon VPC and security groups Private connectivity - VPC peering, VPN, AWS Direct Connect Service endpoints Enforce service level permission
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Network protection Bucket Instances Region VPC Users https://amzn.to/2PbHOpz WAF Automation www.example.com
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Apply security at all layers Harden operating systems & defaults Use anti-malware + intrusion detection Scan infrastructure Scan code Patch vulnerabilities
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: compute protection
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Scan vulnerabilities Scan instances with Amazon Inspector https://amzn.to/2DT9jyg Scan code in the pipeline Dependency Check: http://bit.ly/2SPzUAp Testing OWASP Zap: http://bit.ly/2yWwzqN
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Serverless • Authorization and authentication - API • Enforce boundaries - AWS services & network • Input validation • Protect sensitive data
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Automate security best practices Template infra: AWS CloudFormation / AWS SAM Automate build and test AWS Config rules for verification Automate response to non-compliance Automate response to events
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate management Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Automate checks Config Rules
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Protect data Encryption mechanisms are enforced Verify accessibility of data, e.g. Amazon S3 & EBS Consider AWS Certificate Manager Consider tokenization to substitute sensitive data Data segmentation and isolation
  • 42. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Classify your data • Start classifying data based on sensitivity • Use resource tags to help define the policy Amazon Macie discover, classify, and protect sensitive data in AWS IAM control: http://bit.ly/IAMctrlTAG
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Keep people away from data Dashboards for users Tools for administrators
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Top best practices: Incident response Prepare for different scenarios Pre-deploy tools using automation Pre-provision access for response teams Practice responding through game days Continuously improve your processes
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Run incident response game day 1. Schedule a four to eight hour block 2. Find a prize (bribery) 3. Supply junk food & beverages 4. Pick relevant scenarios from: https://amzn.to/2PetNro 5. Create a runbook 6. Practice 7. Have fun!
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to: Simple run book Event description [Attack Type] [Attack Description] Data to gather for troubleshooting [Evaluation of current data] Steps to troubleshoot and fix [Contain / impact / recovery / forensics] Urgency category [Critical, Important, moderate, informational] Communications & escalation
  • 47.
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Take action! CAF: aws.amazon.com/professional-services/CAF/ W-A: aws.amazon.com/well-architected W-A Labs: http://bit.ly/AWSWALabs AWS sec twitter: @AWSSecurityInfo AWS sec blog: https://aws.amazon.com/blogs/security/