The era of racks filled with hardware is over. The cloud offers numerous benefits, but perhaps the most profound improvement is to security and compliance. When security and compliance is codified, it transforms from an “after-the-fact” struggle, to a proactive, foundational component of the enterprise.However, you cannot merely forklift on-premise security into the cloud. That never works. Security must be written into the deployment and configuration code. Security must adopt DevOps practices. In this presentation, Ignacio Martinez, VP of Compliance at Smartsheet will discuss how his company achieved FedRAMP compliance in record time, with the help of Anitian and Trend Micro. Anitian CEO, Andrew Plato will then describe how using the power and scale of cloud automation can dramatically accelerate security and compliance.
A brief overview of IBM Cloud security in three slides – SaaS, IaaS and PaaS, and the others providing a snapshot of IBM's current set of SaaS, IaaS and PaaS offerings.
Is your database environment growing rapidly? Is your organization at greater risk from outside hacks and compromised user accounts? An organization needs to know how to effectively monitor databases in order to prevent data loss, and significantly reduce the time to discover security risks and minimize potential damage.
View this presentation and learn how to:
- Detect and block cyber security events in real-time
- Protect large and diverse database environments
- Extend data monitoring to your Big Data and AWS environments
- Simplify compliance enforcements and reporting
Protect Your Data and Apps in the Public CloudImperva
Organizations continue to move their data and apps to the cloud and cybercriminals see this move as a huge opportunity. Both Amazon Web Services and Microsoft Azure provide basic security measures to protect infrastructure resources. But, did you know it’s the customer’s responsibility to secure their assets hosted in both environments? View this presentation and learn what security measures you should take to protect your data and apps hosted in AWS and Azure.
A brief overview of IBM Cloud security in three slides – SaaS, IaaS and PaaS, and the others providing a snapshot of IBM's current set of SaaS, IaaS and PaaS offerings.
Is your database environment growing rapidly? Is your organization at greater risk from outside hacks and compromised user accounts? An organization needs to know how to effectively monitor databases in order to prevent data loss, and significantly reduce the time to discover security risks and minimize potential damage.
View this presentation and learn how to:
- Detect and block cyber security events in real-time
- Protect large and diverse database environments
- Extend data monitoring to your Big Data and AWS environments
- Simplify compliance enforcements and reporting
Protect Your Data and Apps in the Public CloudImperva
Organizations continue to move their data and apps to the cloud and cybercriminals see this move as a huge opportunity. Both Amazon Web Services and Microsoft Azure provide basic security measures to protect infrastructure resources. But, did you know it’s the customer’s responsibility to secure their assets hosted in both environments? View this presentation and learn what security measures you should take to protect your data and apps hosted in AWS and Azure.
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec IT Management Suite - Introduction
- Symantec IT Management Suite - Features
- Symantec IT Management Suite - Architecture & Design
- Symantec IT Management Suite - System Requirements
- Symantec IT Management Suite - Use Cases
- Symantec IT Management Suite - Licensing & Packaging
This provides a brief overview of Symantec - Symantec IT Management Suite (ITMS). Please note all the information is based prior to February 2016 and the full integration of Blue Coat Systems's set of solutions.
he vast majority of security breaches take place when attackers gain access to an environment by stealing a user’s identity. Over the years, attackers have become increasingly effective in leveraging third party breaches and using sophisticated phishing attacks. As soon as an attacker gains access to even low privileged user accounts, it is relatively easy for them to gain access to important company resources through lateral movement.
In this demo heavy session, you will learn how Azure Identity Protection, Azure Multi-Factor Authentication (Azure MFA) and the Microsoft Enterprise Mobility + Security (EMS) suite can help you to protect and secure corporate data and identities in the cloud.
Dimensionnement et Gestion des réseaux
Bonnes Pratiques Microsoft
Optimisation du Wifi avec ARUBA
Maitrisez votre WAN avec IPANEMA
Animée par Eric Sherlinger de Microsoft France, Béatrice Piquer et Julien Sachot d'Ipanema et Jean Michel Courtot d'Aruba
Une présentation à retrouver en vidéo : http://www.youtube.com/watch?v=YzqLBxXlo5s&feature=youtu.be
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
Are you overwhelmed by the plethora of cloud security vendors and not sure how to get started with security monitoring in a cloud environment?
Find out how we at RightScale use security monitoring in the cloud to achieve compliance, send critical alerts, and collect forensic data.
In this webinar, we will:
- Guide you through the framework we used to define our goals for security monitoring, decide how we wanted to do it, and then select which tools to use.
- Share practical insights on how to successfully do security monitoring in a cloud environment.
- Realign the focus to be on delivering results instead of implementing technology for technology's sake.
Join RightScale's Director of Security & Compliance Phil Cox and Senior Security Engineer Tony Spataro to learn directly from the team responsible for the security architecture and regulatory compliance for one of the most complex cloud-based deployments on the planet.
Threats have never been more relevant than they are today. Nation states, adversaries, corporate and government espionage, hackers, etc. are all on the hunt for valuable information. The information they seek includes enterprise and individual details. Networks are only as secure as their weakest components. With the hyper-growth in connected devices including smart phones, tablets, wearables and Internet of Things (IoT) devices, networks are very vulnerable.
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
Identity-driven Security
Protect at the front door. Safeguard customers’ resources at the front door with innovative and advanced risk-based conditional access and multi-factor authentication.
Protect data against user mistakes. Gain deep visibility into user, device, and data activity on-premises and in the cloud—including high-risk usage of cloud apps and abnormal behavior.
Detect attacks before they cause damage. Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
Enabling Technologies
Azure AD Identity Protection
Azure AD Privileged Identity Management
Azure Active Directory Premium P1/P2
Cloud App Security
Advanced Threat Protection
Advanced Threat Analytics
Security that works with, not against, your SaaS businessCloudPassage
Enterprises that offer Software-as-a-service (SaaS) solutions are able to provide their customers with clear benefits over on-premise software - lower upfront costs, simplified IT infrastructure and painless updates.
However, security and compliance are the #1 inhibitors to enterprises building SaaS applications. Unlike the old days of selling boxed software, where securing the on-premise environment was your customer’s problem, as a SaaS provider, you now need to be responsible for the security of your entire SaaS infrastructure stack. At the same time, the vast majority of security tools at your disposal were never designed for this new agile, elastic model and are therefore inflexible and unable to cope. Ultimately, poor security choices can impact your SaaS business, slowing down sales opportunities, and hurting customer trust and company brand.
But a new breed of security architecture has now emerged. Born in the cloud and purpose-built to secure SaaS environments, these security-as-a-service solutions automate security and compliance monitoring, and are built to support the scalability, portability and depth of protection you need to secure these elastic environments.
What You Will Learn:
Why static security architectures break Software-as-a-Service business models
What a SaaS business needs to secure its infrastructure
Security-as-a-Service: A new security architecture for SaaS
How CloudPassage Halo has helped secure SaaS business
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
A presentation at NetField Day 11 that covered how Skyport Systems builds Secure Enclaves that are designed to host and secure critical workloads. This includes building micro-segmentation capabilities, trusted computing, secure boot, and preventing malware and rootkits from affecting IT systems.
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
On April 8 Syncsort announced Assure Security, a new product that brings together Syncsort’s best-in-class IBM i security capabilities. Assure Security enables organizations like yours to comply with cybersecurity regulations and strengthen IBM i security through features that assess security vulnerabilities, control access to systems and data, enforce data privacy, and monitor for security incidents and compliance deviations.
View this webcast on-demand to learn all about Assure Security, including:
• How Syncsort’s security brands have come together in Assure Security
• How Assure Security automates security best practices and satisfies regulatory requirements
• How Syncsort can help you control access to IBM i systems and prevent data breaches
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?Kenny Buntinx
Enterprise Mobility (EM) is high on the agenda of the market, that’s crystal clear by now.Let’s explore during this session the unique offering that Microsoft has to deliver you the ultimate end-to-end EM experience.
Enterprise Mobility is much more than Mobile Device Management, discover how you can take the extra mile with Microsoft’s EMS. In this session I will explain and demonstrate you all the pieces of the EM(S) puzzle. It’s all about the experience, that’s what it’s all about.
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
If you are looking for complete instructions on how to build your own Cloud governance process and control then view our recorded webinar on our youtube channel. We take you step by step on what is governance for the cloud and a focus area for security governance.
Enterprise DevOps is different then DevOps in startups and smaller companies. This session how AWS/CSC address this. How AWS IaaS level automation via CloudFormation, UserData, Console, APIS and some PaaS OpsWorks/Beanstalk is complimented by CSC Agility Platform. CSC Agility adds application compliance and security to the AWS infrastructure compliance and security. CSC Agility allows for the creation of architecture blueprints for predefined application offerings.
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. We'll walk through how Netflix moved its PCI and SOX environments to the cloud and how we were able to leverage the benefits of the cloud and agile development to satisfy both auditors and developers. Topics covered will include shared responsibility, using compartmentalization and microservices for scope control, immutable infrastructure, and continuous security testing.
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
The presentation provides the following:
- Symantec Corporate Overview
- Solution Portfolio of Symantec
- Symantec IT Management Suite - Introduction
- Symantec IT Management Suite - Features
- Symantec IT Management Suite - Architecture & Design
- Symantec IT Management Suite - System Requirements
- Symantec IT Management Suite - Use Cases
- Symantec IT Management Suite - Licensing & Packaging
This provides a brief overview of Symantec - Symantec IT Management Suite (ITMS). Please note all the information is based prior to February 2016 and the full integration of Blue Coat Systems's set of solutions.
he vast majority of security breaches take place when attackers gain access to an environment by stealing a user’s identity. Over the years, attackers have become increasingly effective in leveraging third party breaches and using sophisticated phishing attacks. As soon as an attacker gains access to even low privileged user accounts, it is relatively easy for them to gain access to important company resources through lateral movement.
In this demo heavy session, you will learn how Azure Identity Protection, Azure Multi-Factor Authentication (Azure MFA) and the Microsoft Enterprise Mobility + Security (EMS) suite can help you to protect and secure corporate data and identities in the cloud.
Dimensionnement et Gestion des réseaux
Bonnes Pratiques Microsoft
Optimisation du Wifi avec ARUBA
Maitrisez votre WAN avec IPANEMA
Animée par Eric Sherlinger de Microsoft France, Béatrice Piquer et Julien Sachot d'Ipanema et Jean Michel Courtot d'Aruba
Une présentation à retrouver en vidéo : http://www.youtube.com/watch?v=YzqLBxXlo5s&feature=youtu.be
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
Are you overwhelmed by the plethora of cloud security vendors and not sure how to get started with security monitoring in a cloud environment?
Find out how we at RightScale use security monitoring in the cloud to achieve compliance, send critical alerts, and collect forensic data.
In this webinar, we will:
- Guide you through the framework we used to define our goals for security monitoring, decide how we wanted to do it, and then select which tools to use.
- Share practical insights on how to successfully do security monitoring in a cloud environment.
- Realign the focus to be on delivering results instead of implementing technology for technology's sake.
Join RightScale's Director of Security & Compliance Phil Cox and Senior Security Engineer Tony Spataro to learn directly from the team responsible for the security architecture and regulatory compliance for one of the most complex cloud-based deployments on the planet.
Threats have never been more relevant than they are today. Nation states, adversaries, corporate and government espionage, hackers, etc. are all on the hunt for valuable information. The information they seek includes enterprise and individual details. Networks are only as secure as their weakest components. With the hyper-growth in connected devices including smart phones, tablets, wearables and Internet of Things (IoT) devices, networks are very vulnerable.
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
Identity-driven Security
Protect at the front door. Safeguard customers’ resources at the front door with innovative and advanced risk-based conditional access and multi-factor authentication.
Protect data against user mistakes. Gain deep visibility into user, device, and data activity on-premises and in the cloud—including high-risk usage of cloud apps and abnormal behavior.
Detect attacks before they cause damage. Uncover suspicious activity and pinpoint threats with deep visibility and ongoing behavioral analytics.
Enabling Technologies
Azure AD Identity Protection
Azure AD Privileged Identity Management
Azure Active Directory Premium P1/P2
Cloud App Security
Advanced Threat Protection
Advanced Threat Analytics
Security that works with, not against, your SaaS businessCloudPassage
Enterprises that offer Software-as-a-service (SaaS) solutions are able to provide their customers with clear benefits over on-premise software - lower upfront costs, simplified IT infrastructure and painless updates.
However, security and compliance are the #1 inhibitors to enterprises building SaaS applications. Unlike the old days of selling boxed software, where securing the on-premise environment was your customer’s problem, as a SaaS provider, you now need to be responsible for the security of your entire SaaS infrastructure stack. At the same time, the vast majority of security tools at your disposal were never designed for this new agile, elastic model and are therefore inflexible and unable to cope. Ultimately, poor security choices can impact your SaaS business, slowing down sales opportunities, and hurting customer trust and company brand.
But a new breed of security architecture has now emerged. Born in the cloud and purpose-built to secure SaaS environments, these security-as-a-service solutions automate security and compliance monitoring, and are built to support the scalability, portability and depth of protection you need to secure these elastic environments.
What You Will Learn:
Why static security architectures break Software-as-a-Service business models
What a SaaS business needs to secure its infrastructure
Security-as-a-Service: A new security architecture for SaaS
How CloudPassage Halo has helped secure SaaS business
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
A presentation at NetField Day 11 that covered how Skyport Systems builds Secure Enclaves that are designed to host and secure critical workloads. This includes building micro-segmentation capabilities, trusted computing, secure boot, and preventing malware and rootkits from affecting IT systems.
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
On April 8 Syncsort announced Assure Security, a new product that brings together Syncsort’s best-in-class IBM i security capabilities. Assure Security enables organizations like yours to comply with cybersecurity regulations and strengthen IBM i security through features that assess security vulnerabilities, control access to systems and data, enforce data privacy, and monitor for security incidents and compliance deviations.
View this webcast on-demand to learn all about Assure Security, including:
• How Syncsort’s security brands have come together in Assure Security
• How Assure Security automates security best practices and satisfies regulatory requirements
• How Syncsort can help you control access to IBM i systems and prevent data breaches
Securing DevOps through Privileged Access ManagementBeyondTrust
In this presentation from the webinar of Security MVP and Microsoft Security Trusted Advisor, Paula Januszkiewicz,get an overview of how privileged access management can help balance DevOps’ need for agility and speed with IT security’s need for visibility, access management, and compliance.
Key use cases covered include:
• Network Segmentation: Grouping assets, including application and resource servers, into logical units that do not trust one another
• Enforcing Appropriate Use of Credentials: IT organizations can leverage these controls to limit lateral movement in the case of a compromise and to provide a secure audit trail
• Elimination of Hard-Coded Passwords: Removing hardcoded passwords in DevOps tool configurations, build scripts, code files, test builds, production builds, etc.
You can watch the full, on-demand webinar here: https://www.beyondtrust.com/resources/webinar/securing-devops-privileged-access-management/
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
In this presentation from his highly popular webinar, Windows security expert, Russell Smith, explains how to effectively administer Windows systems without using privileged domain accounts, enabling you to drastically reduce your organization’s threat surface.
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?Kenny Buntinx
Enterprise Mobility (EM) is high on the agenda of the market, that’s crystal clear by now.Let’s explore during this session the unique offering that Microsoft has to deliver you the ultimate end-to-end EM experience.
Enterprise Mobility is much more than Mobile Device Management, discover how you can take the extra mile with Microsoft’s EMS. In this session I will explain and demonstrate you all the pieces of the EM(S) puzzle. It’s all about the experience, that’s what it’s all about.
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
If you are looking for complete instructions on how to build your own Cloud governance process and control then view our recorded webinar on our youtube channel. We take you step by step on what is governance for the cloud and a focus area for security governance.
Enterprise DevOps is different then DevOps in startups and smaller companies. This session how AWS/CSC address this. How AWS IaaS level automation via CloudFormation, UserData, Console, APIS and some PaaS OpsWorks/Beanstalk is complimented by CSC Agility Platform. CSC Agility adds application compliance and security to the AWS infrastructure compliance and security. CSC Agility allows for the creation of architecture blueprints for predefined application offerings.
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. We'll walk through how Netflix moved its PCI and SOX environments to the cloud and how we were able to leverage the benefits of the cloud and agile development to satisfy both auditors and developers. Topics covered will include shared responsibility, using compartmentalization and microservices for scope control, immutable infrastructure, and continuous security testing.
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
We’ve entered a new connectivity oriented world where we can access information any time, any place, on any device, 24 hours a day, and cloud computing is a major enabler of this flexibility. Like you, more and more businesses are looking to the cloud for better, faster, more powerful and affordable communications and while many would think that security in the cloud is much different, the reality is less dramatic. Moving to the cloud still requires using proven security techniques, but sometimes in new and dynamic ways that adapt to the elastic nature of cloud architecture. Join us as we discuss the latest cloud security solutions, including real world examples of how organizations like yours are succeeding against new and evolving threats. We will examine security considerations beyond what is provided by security-conscious cloud providers like Amazon Web Services and what additional factors you might want to think about when deploying to the cloud.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
With Amazon EC2, Amazon EBS, Amazon S3, AWS KMS, and more, Intuit’s data platform was able meet the requirements of high availability and rapid infrastructure scaling for 100 percent of the tax year’s seasonal demands. In this session, Intuit answers questions such as: Which portions of a complex system can be forklifted directly? Which need to be reengineered? How can highly sensitive data be migrated and stored securely in AWS? Are operational best practices in AWS different than those on premises? Intuit shares its strategy for establishing sufficient confidence in your business partners and delivering 100 percent product uptime.
As public and private cloud adoption skyrockets, the number of attacks against cloud infrastructure is also increasing dramatically. Now more than ever, it is crucial to secure your cloud assets and data against advanced threats.
We’ll dig into what it means to be successful in the cloud and what successful organizations do more of (and less of) than their less successful peers. We’ll look across technologies adopted, organizational and operational practices, and vendors embraced.
Recorded webinar: https://youtu.be/Og1-xcc7JNs
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
In this session, we discuss the challenges that regulated industries, such as government, finance, and healthcare, face in demonstrating compliance with security requirements. Through customer use cases, you learn which AWS Marketplace services enable appropriate threat mitigation in cloud computing, which can help you understand how to minimize your burden. Finally, we demonstrate methods to reduce business impact while increasing security effectiveness and reducing risk in your environment.
Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.
SecureKloud offering Digital Transformtion involving Infrastructure modernisation, Application modernisation, Infrastructure modernisation through Identity first platform with security baked in ground up.
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014Amazon Web Services
The US government has built hundreds of applications that must be refactored to task advantage of modern distributed systems. This session discusses EzBake, an open-source, secure big data platform deployed on top of Amazon EC2 and using Amazon S3 and Amazon RDS. This solution has helped speed the US government to the cloud and make big data easy. Furthermore this session discusses critical architecture design decisions through the creation of the platform in order to add additional security, leverage future AWS offerings, and cut total operations and maintenance costs.
Sponsored by CSC
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsAmazon Web Services
Come and see first-hand how AWS Systems Manager can help you manage your servers at scale with the agility and security you need in today's dynamic cloud-enabled world.Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
Speaker: Andra Christie, Solutions Architect, AWS
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
"You’ve made the move to AWS and are now reaping the benefits of decreased costs and increased business agility. How can you reap those same benefits for your cloud security and compliance operations? As building cloud-native applications requires different skill sets, architectures, integrations, and processes, implementing effective, scalable, and robust security for the cloud requires rethinking everything from your security tools to your team culture.
Attend this session to learn how to start down the path toward security and compliance automation and hear how DevSecOps leaders such as Intuit and Capital One are using AWS, DevOps, and automation to transform their security operations.
Session sponsored by evident.io"
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. We empower everyone to
improve how they work
Smartsheet is a registered trademark of Smartsheet Inc. The names and logos of actual companies and products used in this presentation
are the trademarks of their respective owners and no endorsement or affiliation is implied by their use.
4. Plan
& Manage
Grids
Projects
Cards
Calendars
Provide your organization with a powerful work platform that
offers exceptional speed to business value — so you say yes
to more ideas, more customers, and more revenue.
Automate
Workflows
Converse.ai
API
Accelerators
Report
Dashboards
Portals
Dynamic
Reports
Scale
Control Center
Security
Auditability
Compliance
Accelerators
Capture
Forms
Connectors
Integrations
The Smartsheet Platform for Work Execution
6. Keeping your
data secure
is our most
important job
Data Center Security
Smartsheet Gov is built on AWS GovCloud
infrastructure, which was designed and managed
in alignment with regulations, standards, and
best-practices for US Federal Government
agencies.
Data Security
We build security into our product to ensure that
your most valuable asset—your data—is
protected. We also contract with third-party
security professionals to conduct annual security
assessments.
Encryption
Encryption serves as the last and strongest
line of defense in a multilayered data security
strategy. Smartsheet uses encryption to
safeguard your data and help you maintain
control over it.
7. Federal Government Ready
FedRAMP In-Process April 2019
FedRAMP Joint Authorization
Board P-ATO (planned June 2019)
Initial ATO at “Moderate”
Multi-factor authentication,
CAC PIV & SSO
Event Reporting*
Directory Integration*
Administration Center*
Built on the AWS GovCloud (US)
Based off NIST Standards
Compliant Secure Enterprise Grade
*features on product roadmap
8. Amazon Web Services (AWS)
Smartsheet Gov partner
• Smartsheet Gov is built on the Amazon Web Services (AWS) GovCloud (US-
East) and AWS GovCloud (US-West) Regions, Amazon’s isolated cloud
infrastructure and services
• Designed to meet U.S. Government and other highly regulated industry security
and compliance requirements
• Smartsheet available via the Amazon Marketplace
• Smartsheet achieved Amazon Partner Network Advanced Tier
9. Smartsheet is a registered trademark of Smartsheet Inc. The names and logos of actual companies and products used in this presentation are the trademarks of their respective
owners and no endorsement or affiliation is implied by their use.
13. …AND NOW WITH THE MISSING PART
• Most organizations need 12-18 months to build out a compliant environment at a cost of $2M or
more
• Guess work and product integration slow down the process
AGENCYPROCESS
12-18 months
0
Build a FedRAMP control environment and onboard apps
14. …AND NOW WITH COMPLIANCE AUTOMATION
ANITIAN COMPLIANCE AUTOMATION CAN REDUCE THE
TIME TO COMPLIANCE BY 75% AND THE COST BY 50%
AGENCYPROCESS
60 days
0
Build a FedRAMP control environment and onboard apps
15. PROBLEM 1: COMPLEXITY
• Frameworks (like FedRAMP) are onerous, arcane, and difficult
to learn
• For internal teams, compliance is (at best) guesswork
• GRC tools do not solve anything, and create more work
• Professional services firms build one-off environments and are
motivated to work slowly to maximize billable hours
• You are at the mercy of auditor’s interpretations (who may not
understand the cloud)
• Compliance efforts seldom lead to good security
16. PROBLEM 2: MISERY
• Nobody really wants to do compliance
work, it is distracting, unrewarding,
and frustrating
• Internal compliance talent is difficult to
obtain, train, and retain
• Compliance slows down
development, and therefore time to
market (and time to money!)
18. WHAT IS COMPLIANCE AUTOMATION?
• Automated: Deploys and configures an infrastructure to
compliance requirements automatically
• Turnkey: Includes all the required security controls
(SIEM, IDS/IPS, etc.), policy templates, and
configurations
• Proven: Uses known-good reference architectures,
generates audit artifacts
• Guardrails: Continuous monitoring to maintain
compliant, secure state
• Isolated: Does not co-mingle data, controls, or access
with any external party
• Flexible: Suitable for a broad range of organizational
types
21. RESPONSIBILITY MATRIX
User Access Data management User entitlements
Application Configuration
Reference
Architectures
Secure Configurations Security Controls
Documentation Templates 24x7 SecOps
Storage and databases Physical security Regions and AZs
Virtualization security
Customer
Responsibility
Application Systems
23. 1. DEPLOY CLOUD REFERENCE ARCHITECTURE
• Pre-configured architecture that
includes:
• Compliance Automation VPC ---
->
• One or more application VPCs
• Subnets, routes
• NAT Gateways
• Zero-trust access rights (no
discretionary access)
• Application load balancers (with
FIPS-140 compliant encryption)
• All access logged to Cloudtrail
• Encrypted S3 buckets
• IAM, KMS, etc. auto-configured
24. 2. USE PRE-HARDENED OS IMAGES
Center for Internet Security provides
an excellent suite of hardened images
• RedHat
• Windows 2016
• CentOS
• …and more
• Images are pre-hardened to compliance requirements
• Anitian CA adjusts configurations to suit the specific compliance needs
• Documentation included with each AMI
25. 3. DEPLOY AUTHENTICATION STACK
• Deploy and configure AD cluster on
hardened Windows Servers
• Install and configure certificate
authority
• Generate internal certificates
• Deploy group policies (for other
Windows hosts)
• Push certificates, trust rules, and
configurations to hosts
• Populate AD with required service
accounts and generated passwords
• Integrate multi-factor authentication
(Yubikey, Okta, etc.)
26. 4. CODE AND CONFIGURATION MANAGEMENT
Code Repository
• Local, secured repository for automation code
• Version controlled copies of everything
• Integrates into automation stack
Configuration Management
• Manages configurations and updates for CA stack
• Performs some guardrail functions
• Can be extended to app environment
• Autodeploy: console, database
• Autoconfigure: policies
• Push configurations to endpoints
28. 6. BUILD OUT SIEM STACK
• Either Anitian or Splunk SIEM
• Autodeploy and scale:
– Management console
– Forwarders
– Indexers
• Auto-configure:
– Host logging
– AWS Cloudtrail, Cloudwatch logging
– Alerts, reports, dashboards, correlations
– Storage
– Certificate trusts
– Encryption of data at rest
• Application event logging is configured in post deployment
engagement
29. 7. VULNERABILITY MANAGEMENT
• Autodeploy console and scan agents
• Autoconfigure scan profiles, targets, scanning schedules
• Provides required risk-based vulnerability management:
– Reporting for auditors
– Ticketing for internal staff
– Audit trail for audits
– Automated scans
30. 8. PERIMETER DEFENSES
WAF
• Web application firewall for environments that have a
web front-end
• Configured to meet FedRamp (OWASP Top Ten)
• Autoconfigure: policies, logging
NGFW
• For environments with heavy outbound traffic we
deploy a NGFW
• Autodeploy: appliance into transit VPC
• Autoconfigure: policies, logging to SIEM, alerts,
IDS/IPS, webfiltering, etc.
31. 9. IMPLEMENT GUARD RAILS
• Keeps the environment configured
within FedRamp access control
requirements
• Use multiple techniques to monitor:
AWS Config, Lambda functions, SIEM
alerts, Trend Micro, Puppet, and more
• All changes are monitored and logged
to SIEM
• Provides alerts to contacts when a
change will result in a non-compliant
state
• Greatly assists with audit process
32. 10. POST DEPLOYMENT
ENGAGEMENT
Once the Compliance architecture is
deployed, Anitian works with you to:
• Customize policy and procedure
templates
• Setup the application hosting
environment
• Integrate your app(s) and data into
environment
• Help integrate automations
• Fine-tune security controls
• Handle exceptions and remediations
• Knowledge transfer
• Audit stewardship
35. CUSTOMER SUCCESS – SMARTSHEET
This is the fastest FedRAMP ATO – EVER
Compliance environment built and
ready in 60 days
Task Date Completed
Kick-off Call 9.19.2018
Compliance Automation started 9.28.2018, 10:20 AM
FedRAMP Architecture running 9.28.2018, 1:40 PM
Application onboarding begins 10.1.2018
Documentation effort begins 10.1.2018
Gap Assessment complete 10.31.2018
Environment is audit-ready 11.16.2018
3PAO Assessment complete 11.30.2018
Package submitted to FedRAMP PMO 12.19.2018
Government shutdown 12.22.2018
ATO issued March 2019