SlideShare a Scribd company logo

AWS: Mit Sicherheit!

Andrej Maya
Andrej Maya

What are the security solutions in the AWS cloud? From account security and auditing to patch management and encryption: keeping data secure in the cloud.

Technology
1 of 19
Download to read offline
Managed Services for Cloud AWS: Mit Sicherheit! Managed Cloud Services for AWS
Managed Cloud Services for AWS September 17, 2019 2 WHO AM I Andrej Maya Cloud Solutions Architect andrej.maya@t-systems.com + 49 151 54237130 PU Public Cloud – Chapter AWS @andrejmaya linkedin.com/in/andrejmaya/
Managed Cloud Services for AWS September 17, 2019 3 T-Systems manages Security in the Cloud Managed portion of T-Systems depending on services booked and agreements made.
Managed Cloud Services for AWS September 17, 2019 4 Security and compliance monitoring Detail view Cloud use Reports Customers Compliance monitoring – policy as code (based on configuration/inventory scan) Security – intelligent threat detection (event-driven) Near real-time alerts Prequalified recommendation for mitigation Threat & compliance analytics Pre-Assessment & Security Incident Management (Containment, Forensics, Recovery) Telekom Operations 24x7 Network (VPC flow logs) Firewall (WAF logs) Threat detection (Guard Duty logs) Content Distribution (CloudFront logs) Load Balancer (ELB access logs) API calls (CloudTrail) Patch level EC2 Public accessibility of services Service Port Configuration Security Group Configuration Encryption Settings Customer Compliance Rules …
Security and compliance monitoring Example – compliance analytics The screenshot shows the dashboard available to Telekom operations team as part of the managed service
Security and compliance monitoring Example – threats and logins overview Threats- Found Logins The screenshot shows the dashboard available to Telekom operations team as part of the managed service
Security and compliance monitoring Example – unusual network traffic Detect and report suspicious actions Detect anomalies in VPC traffic per regions The screenshot shows the dashboard available to Telekom operations team as part of the managed service
Managed Cloud Services for AWS September 17, 2019 8 Security as a central pillar for good architecture in the “AWS Well- Architected Framework” Source: https://wa.aws.amazon.com/wat.design_principles.wa-dp.en.html Operational Excellence Security Reliability Performance efficiency Cost Optimization ✓ Implement a strong identity foundation ✓ Enable traceability ✓ Apply security at all layers ✓ Automate security best practices ✓ Protect data in transit and at rest ✓ Keep people away from data ✓ Prepare for security events
SECURITY: BEST PRACTICES AND RELEVANT AWS SERVICES 9 Identity and Access Management Detective Controls AWS Config Infrastructure Protection Data Protection Incident Response IAM AWS Organizations MFA tokenTemporary security credential AWS CloudWatch AWS CloudTrail AWS VPC AWS WAFAWS Shield AWS Inspector AWS Macie AWS KMS AWS EBS AWS S3 IAM AWS CloudFormation AWS GuardDuty
Managed Cloud Services for AWS September 17, 2019 10 Don‘t be the company from the news CapitalOne:https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/index.html Public EBS: : https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/
Managed Cloud Services for AWS September 17, 2019 11 Demo – public snapshots
Managed Cloud Services for AWS September 17, 2019 12 Encryption - Concepts/terminology • Data encryption in transit → IPSec/VPN, TLS (AWS Certificate Manager) • Data encryption at rest • Client-side → encrypt before submitting data to AWS, AWS encryption SDK in different programming languages, service clients etc. • Server-side → AWS encrypts the data after it is received by the service
Managed Cloud Services for AWS September 17, 2019 13 Enterprise data encryption requirements example • Different data classes (internal, confidential) • Key rotation on regular basis • Least privileges principal • A dedicated role group for key admins • MFA must be implemented for critical KMS API calls • KMS key activities must be logged • The deletion of keys must be alarmed
Managed Cloud Services for AWS September 17, 2019 14 AWS CloudHSM • Dedicated HSM in VPC → CloudHSM service (FIPS 140-2 L 3) • Custom key store provides more flexibility with CloudHSM but is more complex to manage
Managed Cloud Services for AWS September 17, 2019 15 Demo - S3 bucket auto-tag
Managed Cloud Services for AWS September 17, 2019 16 S3 bucket auto-tag
Managed Cloud Services for AWS September 17, 2019 17 Landing Zone
Managed Cloud Services for AWS September 17, 2019 18 AWS Control Tower
Managed Services for Cloud Thank you.

Recommended

AWS Control Tower Next Steps
AWS Control Tower Next StepsAWS Control Tower Next Steps
AWS Control Tower Next StepsAndrej Maya
 
Aws meetup control_tower
Aws meetup control_towerAws meetup control_tower
Aws meetup control_towerAdam Book
 
AWS Well-Architected Review
AWS Well-Architected ReviewAWS Well-Architected Review
AWS Well-Architected ReviewAndrej Maya
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAmazon Web Services
 
AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security
AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform SecurityAWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security
AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform SecurityAmazon Web Services
 
Securityhub
SecurityhubSecurityhub
SecurityhubRichard Harvey
 
Closing
Closing Closing
Closing Amazon Web Services
 
AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...
AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...
AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...Edureka!
 

Recommended

AWS Control Tower Next Steps
AWS Control Tower Next StepsAWS Control Tower Next Steps
AWS Control Tower Next StepsAndrej Maya
 
Aws meetup control_tower
Aws meetup control_towerAws meetup control_tower
Aws meetup control_towerAdam Book
 
AWS Well-Architected Review
AWS Well-Architected ReviewAWS Well-Architected Review
AWS Well-Architected ReviewAndrej Maya
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAmazon Web Services
 
AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security
AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform SecurityAWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security
AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform SecurityAmazon Web Services
 
Securityhub
SecurityhubSecurityhub
SecurityhubRichard Harvey
 
Closing
Closing Closing
Closing Amazon Web Services
 
AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...
AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...
AWS Config Tutorial | AWS Certification Training | Amazon Web Services Tutori...Edureka!
 
Opening
OpeningOpening
OpeningAmazon Web Services
 
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...Edureka!
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesAmazon Web Services
 
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...Edureka!
 
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...Edureka!
 
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...Edureka!
 
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...Edureka!
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day IntroAmazon Web Services
 
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Amazon Web Services
 
Core services
Core servicesCore services
Core servicesRichard Harvey
 
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...Amazon Web Services
 
Introduction To Amazon QuickSight | AWS Certification Training | Edureka
Introduction To Amazon QuickSight | AWS Certification Training | EdurekaIntroduction To Amazon QuickSight | AWS Certification Training | Edureka
Introduction To Amazon QuickSight | AWS Certification Training | EdurekaEdureka!
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Introduction to AWS - AWSome Day Zurich November 2016
Introduction to AWS - AWSome Day Zurich November 2016Introduction to AWS - AWSome Day Zurich November 2016
Introduction to AWS - AWSome Day Zurich November 2016Amazon Web Services
 
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...Edureka!
 
AWSome Day - 2018
AWSome Day - 2018AWSome Day - 2018
AWSome Day - 2018Amazon Web Services
 
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?What is Cloud Computing with AWS?
What is Cloud Computing with AWS?Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 
How Western Union Implemented Security Measures at Scale on AWS with Dome9
How Western Union Implemented Security Measures at Scale on AWS with Dome9 How Western Union Implemented Security Measures at Scale on AWS with Dome9
How Western Union Implemented Security Measures at Scale on AWS with Dome9 Amazon Web Services
 

More Related Content

What's hot

AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...Edureka!
 
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...Edureka!
 
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...Edureka!
 
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon Web Services
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Amazon Web Services
 
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...Edureka!
 
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...Edureka!
 
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Amazon Web Services
 
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...Amazon Web Services
 
Introduction To Amazon QuickSight | AWS Certification Training | Edureka
Introduction To Amazon QuickSight | AWS Certification Training | EdurekaIntroduction To Amazon QuickSight | AWS Certification Training | Edureka
Introduction To Amazon QuickSight | AWS Certification Training | EdurekaEdureka!
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
 
Introduction to AWS - AWSome Day Zurich November 2016
Introduction to AWS - AWSome Day Zurich November 2016Introduction to AWS - AWSome Day Zurich November 2016
Introduction to AWS - AWSome Day Zurich November 2016Amazon Web Services
 
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...Edureka!
 
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?What is Cloud Computing with AWS?
What is Cloud Computing with AWS?Amazon Web Services
 

What's hot (20)

Opening
OpeningOpening
Opening
 
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
AWS CLI Tutorial | Introduction To AWS Command Line Interface | AWS Training ...
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
Introduction To Amazon Web Services | AWS Tutorial for Beginners | AWS Traini...
 
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
AWS CloudFront | Creating Amazon CloudFront Distribution | AWS Training | Edu...
 
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 BarcelonaAmazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
Amazon CloudWatch (Container Insights)- AWS Container Day 2019 Barcelona
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
AWS Cloud Computing Tutorial | Migrating on Premise VM to AWS Cloud | AWS Tra...
 
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
AWS Fargate Tutorial | AWS Tutorial For Beginners | AWS Certification Trainin...
 
AWSome Day Intro
AWSome Day IntroAWSome Day Intro
AWSome Day Intro
 
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
Module 5: AWS Elasticity and Management Tools - AWSome Day Online Conference
 
Core services
Core servicesCore services
Core services
 
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
Streamline Your Desktop Operations and Improve Security with Amazon WorkSpace...
 
Introduction To Amazon QuickSight | AWS Certification Training | Edureka
Introduction To Amazon QuickSight | AWS Certification Training | EdurekaIntroduction To Amazon QuickSight | AWS Certification Training | Edureka
Introduction To Amazon QuickSight | AWS Certification Training | Edureka
 
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitData protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
Data protection using encryption in AWS - SEC201 - Santa Clara AWS Summit
 
Introduction to AWS - AWSome Day Zurich November 2016
Introduction to AWS - AWSome Day Zurich November 2016Introduction to AWS - AWSome Day Zurich November 2016
Introduction to AWS - AWSome Day Zurich November 2016
 
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
Amazon Lightsail Tutorial | What is Amazon Lightsail? | AWS Certification Tra...
 
AWSome Day - 2018
AWSome Day - 2018AWSome Day - 2018
AWSome Day - 2018
 
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?What is Cloud Computing with AWS?
What is Cloud Computing with AWS?
 

Similar to AWS: Mit Sicherheit!

3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 
How Western Union Implemented Security Measures at Scale on AWS with Dome9
How Western Union Implemented Security Measures at Scale on AWS with Dome9 How Western Union Implemented Security Measures at Scale on AWS with Dome9
How Western Union Implemented Security Measures at Scale on AWS with Dome9 Amazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero Amazon Web Services
 
Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesAmazon Web Services
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & LearnAmazon Web Services
 
Serverless Security Automation on AWS - Hamburg AWS User Group
Serverless Security Automation on AWS - Hamburg AWS User GroupServerless Security Automation on AWS - Hamburg AWS User Group
Serverless Security Automation on AWS - Hamburg AWS User GroupDennis Traub
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Amazon Web Services
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWSNathan Case
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAmazon Web Services
 
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitDetecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitAmazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Riyadh User Group
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
 

Similar to AWS: Mit Sicherheit! (20)

3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
How Western Union Implemented Security Measures at Scale on AWS with Dome9
How Western Union Implemented Security Measures at Scale on AWS with Dome9 How Western Union Implemented Security Measures at Scale on AWS with Dome9
How Western Union Implemented Security Measures at Scale on AWS with Dome9
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web Services
 
AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn AWS PROTECTED Certification - Lunch & Learn
AWS PROTECTED Certification - Lunch & Learn
 
Serverless Security Automation on AWS - Hamburg AWS User Group
Serverless Security Automation on AWS - Hamburg AWS User GroupServerless Security Automation on AWS - Hamburg AWS User Group
Serverless Security Automation on AWS - Hamburg AWS User Group
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts Secure your AWS Account and your Organization's Accounts
Secure your AWS Account and your Organization's Accounts
 
Threat detection and mitigation at AWS
Threat detection and mitigation at AWSThreat detection and mitigation at AWS
Threat detection and mitigation at AWS
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS SummitDetecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
Detecting and mitigating threats with AWS - SEC301 - Chicago AWS Summit
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
[AWS LA Media & Entertainment Event 2015]: Security of Digital Media Content ...
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
AWS in FSI 2019
AWS in FSI 2019AWS in FSI 2019
AWS in FSI 2019
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

AWS: Mit Sicherheit!

  • 1. Managed Services for Cloud AWS: Mit Sicherheit! Managed Cloud Services for AWS
  • 2. Managed Cloud Services for AWS September 17, 2019 2 WHO AM I Andrej Maya Cloud Solutions Architect andrej.maya@t-systems.com + 49 151 54237130 PU Public Cloud – Chapter AWS @andrejmaya linkedin.com/in/andrejmaya/
  • 3. Managed Cloud Services for AWS September 17, 2019 3 T-Systems manages Security in the Cloud Managed portion of T-Systems depending on services booked and agreements made.
  • 4. Managed Cloud Services for AWS September 17, 2019 4 Security and compliance monitoring Detail view Cloud use Reports Customers Compliance monitoring – policy as code (based on configuration/inventory scan) Security – intelligent threat detection (event-driven) Near real-time alerts Prequalified recommendation for mitigation Threat & compliance analytics Pre-Assessment & Security Incident Management (Containment, Forensics, Recovery) Telekom Operations 24x7 Network (VPC flow logs) Firewall (WAF logs) Threat detection (Guard Duty logs) Content Distribution (CloudFront logs) Load Balancer (ELB access logs) API calls (CloudTrail) Patch level EC2 Public accessibility of services Service Port Configuration Security Group Configuration Encryption Settings Customer Compliance Rules …
  • 5. Security and compliance monitoring Example – compliance analytics The screenshot shows the dashboard available to Telekom operations team as part of the managed service
  • 6. Security and compliance monitoring Example – threats and logins overview Threats- Found Logins The screenshot shows the dashboard available to Telekom operations team as part of the managed service
  • 7. Security and compliance monitoring Example – unusual network traffic Detect and report suspicious actions Detect anomalies in VPC traffic per regions The screenshot shows the dashboard available to Telekom operations team as part of the managed service
  • 8. Managed Cloud Services for AWS September 17, 2019 8 Security as a central pillar for good architecture in the “AWS Well- Architected Framework” Source: https://wa.aws.amazon.com/wat.design_principles.wa-dp.en.html Operational Excellence Security Reliability Performance efficiency Cost Optimization ✓ Implement a strong identity foundation ✓ Enable traceability ✓ Apply security at all layers ✓ Automate security best practices ✓ Protect data in transit and at rest ✓ Keep people away from data ✓ Prepare for security events
  • 9. SECURITY: BEST PRACTICES AND RELEVANT AWS SERVICES 9 Identity and Access Management Detective Controls AWS Config Infrastructure Protection Data Protection Incident Response IAM AWS Organizations MFA tokenTemporary security credential AWS CloudWatch AWS CloudTrail AWS VPC AWS WAFAWS Shield AWS Inspector AWS Macie AWS KMS AWS EBS AWS S3 IAM AWS CloudFormation AWS GuardDuty
  • 10. Managed Cloud Services for AWS September 17, 2019 10 Don‘t be the company from the news CapitalOne:https://edition.cnn.com/2019/07/29/business/capital-one-data-breach/index.html Public EBS: : https://techcrunch.com/2019/08/09/aws-ebs-cloud-backups-leak/
  • 11. Managed Cloud Services for AWS September 17, 2019 11 Demo – public snapshots
  • 12. Managed Cloud Services for AWS September 17, 2019 12 Encryption - Concepts/terminology • Data encryption in transit → IPSec/VPN, TLS (AWS Certificate Manager) • Data encryption at rest • Client-side → encrypt before submitting data to AWS, AWS encryption SDK in different programming languages, service clients etc. • Server-side → AWS encrypts the data after it is received by the service
  • 13. Managed Cloud Services for AWS September 17, 2019 13 Enterprise data encryption requirements example • Different data classes (internal, confidential) • Key rotation on regular basis • Least privileges principal • A dedicated role group for key admins • MFA must be implemented for critical KMS API calls • KMS key activities must be logged • The deletion of keys must be alarmed
  • 14. Managed Cloud Services for AWS September 17, 2019 14 AWS CloudHSM • Dedicated HSM in VPC → CloudHSM service (FIPS 140-2 L 3) • Custom key store provides more flexibility with CloudHSM but is more complex to manage
  • 15. Managed Cloud Services for AWS September 17, 2019 15 Demo - S3 bucket auto-tag
  • 16. Managed Cloud Services for AWS September 17, 2019 16 S3 bucket auto-tag
  • 17. Managed Cloud Services for AWS September 17, 2019 17 Landing Zone
  • 18. Managed Cloud Services for AWS September 17, 2019 18 AWS Control Tower
  • 19. Managed Services for Cloud Thank you.