Ultra secure cloud data center on aws

1,308 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,308
On SlideShare
0
From Embeds
0
Number of Embeds
525
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Ultra secure cloud data center on aws

  1. 1. Ultra Secure Data Center on Amazon Cloud Lahav Savir, Architect & CEO Emind systems Ltd. lahavs@emind.co
  2. 2. AboutLahav Savir• 15+ years’ experience in on-line industry• Architect and CEO @ Emind SystemsEmind Systems (est. 2006)• Boutique system integrator• 100+ AWS customers• AWS solution provider
  3. 3. Amazon (AWS) Certification Amazon Solution Provider & Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd
  4. 4. What is secure data center ?• Isolated • User management• Controlled – One time password• Firewalled • Data encryption• Secure access • Frequent updates – VPN • Configuration analysis – SSL • Regulatory compliance• IDS & IPS • One spot for monitoring• Antivirus – Centralized alerts• Audited
  5. 5. Emind’s best practices
  6. 6. Access Management• Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic• Firewall – Security groups• Identity access management – One-time-password – AWS IAM with MFA
  7. 7. ACL & Routing in the VPC
  8. 8. Emind’s best practices
  9. 9. Traffic Control• Log in / out traffic• Terminate encrypted connection• Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting
  10. 10. Emind’s best practices
  11. 11. Anomalies detection• Host-based IDS – Detect configuration changes – Track running processes – Track file access – Resource access – Detect abnormal behavior !• OS hardening• App cleanup
  12. 12. Emind’s best practices
  13. 13. Data Protection• In-flight – SSL encryption – IPSec• In-rest – Storage level encryption – Data base encryption
  14. 14. Emind’s best practices
  15. 15. Centralize the info• Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs• Detect patterns
  16. 16. Security lifecycle management• Ongoing discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys• Act on analysis results• Reveal and solve settings• Make them all orchestrate together !
  17. 17. Emind’s best practices
  18. 18. • goCloud – Emind’s optimal road to the cloud – Secure cloud architecture – Scalable & high-availability design – Customized system deployment – Orchestrating cloud and software – Cloud operation team – Monitoring and alerting – 24x7 SLA
  19. 19. Contact melahavs@emind.co @lahavsavir 054-4321688

×