Achieving Real-time Compliance using AWS Native Services

•

1 like•316 views

• Compliance on AWS • Compliance in AWS • Compliance Automation • Getting Started Speaker: Jonathan Rault, Security Consultant, AWS

Achieving
real-time compliance
using AWS native services
Jonathan Rault
Security Lead, APJC, Professional Services
Amazon Web Services

Summary
• Compliance on AWS
• Compliance in AWS
• Compliance Automation
• Getting Started

Compliance on AWS
1. Shared responsibility
2. Due Diligence with AWS Artifact

Compliance on AWS
FSI
• Principles
Guidelines
• APRA
• HKMA
• MAS
Certifications
• SOC1/2
• ISO
• PCI

Compliance on AWS
1. Shared responsibility
2. Due Diligence with AWS Artifact
– On-boarding of AWS
– On-boarding of AWS Services
3. Product Feature Request (PFR)

In AWS, you are inherently more secure.
AWS
Lambda
VPN
gateway
VPC
endpoints
flow logs
AWS
Config
CloudFormation
template
Amazon
Inspector
AWS
CloudHSM
AWS Directory
Service
AWS IAM
AWS KMS
ACM
Amazon
CloudWatch
AWS
CloudTrail
AWS WAF
Amazon
Macie
AWS
Organizations
AWS Shield

Requirements
Evidence
SecurityCompliance

Evidence
SecurityCompliance
Requirements*

Requirements*
Evidence
SecurityCompliance
AWS
Config
AWS
CloudTrail

Meet Joe Sec
AWS Config is available in all AWS regions
• Continuously monitor configurations
• Record configuration changes
• Trigger compliance-as-code Rules
• Handle multi-Accounts and multi-Regions (NEW)
AWS Config: https://aws.amazon.com/config/
AWS
Config

Checklist Codified Checklist
Audit Continuous Visibility

Set of Compliance-as-code Rules
=
RuleSet

Compliance-as-code 1-Dimension
Security Baseline Controls
Controls Specific to Scenarios
AWS Services Controls
Layersofcontrols
RuleSets on Scenarios
RuleSets on Services
RuleSet on Baseline

Compliance-as-code 2-Dimension
Security Baseline Controls
Controls Specific to Scenarios
AWS Services Controls
Layersofcontrols
RuleSets on Scenarios
RuleSet on Baseline
Depth of controls
RuleSets on Services

AWS Services Controls
Compliance-as-code 2-Dimension
Security Baseline Controls
Controls Specific to Scenarios
Layersofcontrols
RuleSets on Scenarios
RuleSet on Baseline
Depth of controls
RuleSets on Services

Compliance-as-code n-Dimension
• Data / BIA Classification
• Prod vs. Non-Prod
• Operating Model : DevOps vs. Dev & Ops

“Le mieux est l'ennemi du bien.”
- Voltaire

Playbooks
CodificationEngine
Evolve
Standards
and AWS
configuration
requirements
Create
compliance-
as-code
controls
Integrate into
mechanisms
to handle
deviations
Measure
Security
effectiveness
Compliance-as-code – Flywheel

Playbooks
CodificationEngine
Metrics
Evolve
Standards
and AWS
configuration
requirements
Create
compliance-
as-code
controls
Integrate into
mechanisms
to handle
deviations
Measure
Security
effectiveness
Compliance-as-code – Flywheel

Compliance-as-code Engine
Collaborative AWS project:
built from experience with FinServe AWS Customers
and contribution from AWS Services teams.
• Provide a catalog of RuleSets
• Integrate with existing/new operations
• Empower application owners with feedback
• Provide visibility on history and analytics on
compliance data
Github: https://github.com/awslabs/aws-config-engine-for-compliance-as-code

5 Key Learnings
• Start your Flywheel now.
• Be good enough, not perfect.
• Be lean: Go from Dev to Prod.
• Demonstrate value by measuring impact.
• Others & AWS have done it, ask and share.

Thank You
Jonathan Rault
jrault@amazon.com

For many securities organisations, post-trade processing is expensive, cumbersome, and time-consuming. This is in part due to the massive volumes of data required for processing a trade and the limited agility of the technology many organizations rely on today. In order to create efficiencies and move faster, many Financial Services organizations are working with AWS to implement post-trade solutions built with AWS’ storage services (S3 and Glacier) and big data capabilities (Athena, EMR, Redshift, and QuickSight ). In this session, AWS will walk through a trade capture and regulatory reporting solution that utilizes the aforementioned AWS services. Speaker: Osemeke Isibor, Solutions Architect, AWS

Using Security to Build with Confidence in AWS

Amazon Web Services

You don’t need to be a security expert to protect your organizations data in the cloud. You don’t need to be a security expert to protect your workloads on AWS. You just need to be informed of the many security tools available in AWS, and learn how to use them. Taking a highly automated approach to security, you can use key features of the AWS Cloud to transform security in your organization. As with infrastructure as an API, security as an API allows you to move rapidly & stay secure. From AWS security groups, to virtual private networks, to security tools, you need to learn how to automate and accelerate. In this talk, you’ll see how various AWS features and cloud-aware security controls can work together to protect your deployments. Using real-world examples, you’ll come away with an understanding of steps you can take to ensure that you maximize the security of your deployment while minimizing the work it takes to keep it secure. You will learn a logical approach to modern security that you can immediately apply to your own AWS deployments. You will learn how to use security tools and techniques to help you build with confidence.

Meeting DFARS Requirements in AWS GovCloud (US) | AWS Public Sector Summit 2017

Amazon Web Services

The Defense Federal Acquisition Regulation Supplement (DFARS) is a supplement to the FAR that provides Department of Defense-specific acquisition regulations that DoD government acquisition officials and contractors doing business with DoD must follow in the procurement process for goods and services. This session will discuss the implications for meeting DFARS in the cloud and provide practical guidance on how DoD and defense contracting organizations can meet DFARS requirements using AWS GovCloud (US). The session will also feature a customer use case on addressing DFARS in AWS GovCloud (US). Learn More: https://aws.amazon.com/government-education/

AWS Shared Responsibility Model & Compliance Program Overview

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Iolaire Mckinnon, Senior Consultant - Security, Risk & Compliance, Professional Services, AWS

Secure Applications and FedRAMP in the AWS GovCloud (US) Region (SEC204) | AW...

Amazon Web Services

This session covers the shared responsibility model for security and compliance specific to the AWS GovCloud (US) region. This presentation highlights the enhanced security offerings of AWS GovCloud (US), such as FIPS-140 Level 2 encryption, as well as the supported compliance regimes. It also reviews how our customers can build secure applications in GovCloud using the various security features such as IAM and VPC. This presentation also offers a brief overview of FedRAMP, explains the shared responsibility model through customer use cases, and covers how customers can obtain an Authority to Operate.

Enabling Compliance with EU Privacy Laws

Amazon Web Services

Deliver Your Agency Mission Faster With cloud.gov | AWS Public Sector Summit...

Amazon Web Services

Learn how cloud.gov can help you deliver on federal government agency missions. cloud.gov is a shared service, built by and for the federal government, designed to help you deploy modern web applications in the cloud with substantially reduced infrastructure and security compliance work. cloud.gov is a self-service, Platform as a Service solution that helps you: (1) easily move existing prototypes to a production-ready environment, with reduced “time to ATO”; (2) transfer existing applications from data centers to make them more scalable and reduce costs; and (3) advance your agency’s use of the cloud by providing a place to prototype in a FedRAMP-authorized environment. cloud.gov developers, 18F, will explain its capabilities, what applications are best suited for cloud.gov, pricing, and more practical details that you need. cloud.gov has a FedRAMP Joint Authorization Board (JAB) P-ATO at the Moderate level, and it leverages the AWS GovCloud FedRAMP JAB P-ATO. This session is for both government agency teams and commercial companies that support the federal government. No technical experience is necessary. Learn More: https://aws.amazon.com/government-education/

AWS customers from the U.S. federal government showcase their experiences with the advanced features of Xacta 360 to illustrate streamlined compliance processes. The new Xacta 360 from Telos Corporation operationalizes the NIST RMF, using such cutting-edge features as Adaptive Controls Mapping and Advanced Inheritance to smooth the path to compliance and leverages AWS APIs to continuously monitor for changes in risk posture. Learn More: https://aws.amazon.com/government-education/

Shared Security in AWS

PolarSeven Pty Ltd

AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security

Amazon Web Services

Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...

Amazon Web Services

AWS customers benefit from more than 1,800 security and compliance controls. Learn how these features offer visibility, agility, and control, raising the bar on cloud security over legacy environments. AWS Config can help you achieve compliance in real-time. You will have the opportunity to see how AWS Config empowers users to achieve continuous compliance through its AWS Config rules, and when used alongside AWS Lambda.

AWS Summit Singapore - Next Generation Security

Amazon Web Services

Myles Hosford, Security Solution Architect, APAC, AWS James Wilkins, Lead of the Cloud Task Force, Association of Banks Singapore (ABS) In this session we will explore the current financial regulatory landscape and future compliance trends. We will dive deep on to how to leverage AWS services to implement next generation security and compliance at scale. The session will be delivered by Myles Hosford, APAC Security Solution Architect, and James Wilkins, Lead of the Cloud Task Force for the Association of Banks Singapore (ABS).

Understanding AWS security

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability and control. You have to know what you have and where it is before you can assess the environment against best practices and internal or compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says: "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish.

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017

Amazon Web Services

Aws certified-security

kartikaryan4

T4 – Understanding aws security

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, the tools and services AWS makes available to customers to secure and manage their resources and best practices on how to use them. This session is recommended for anyone with questions about how AWS can meet the compliance requirements of their applications.

(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014

Amazon Web Services

This session brings together the interests of engineering, compliance, and security experts, and shows you how to align your AWS workload to the controls in the HIPAA Security Rule. You hear from customers who process and store Protected Health Information (PHI) on AWS, and you learn how they satisfied their compliance requirements while maintaining agility. This session helps security and compliance experts find out what is technically possible on AWS and learn how implementing the Technical Safeguards in the HIPAA Security Rule can be simple and familiar. We walk through the Technical Safeguards of the Security Rule and map them to AWS features and design choices to help developers, operations teams, and engineers speak the language of their security and compliance peers.

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

James Strong

Is that requirement from NIST 800-53 Controls or NIST 800-190? If you've ever wondered where those pesky cloud security controls come from, this meetup is for you. In this Meetup, Jame Strong and Jason Lutz from Contino (an AWS Premier Consulting Partner) will discuss how Contino views DevSecOps. They will review the Benefits of DevSecOps: - Cost Reduction - Speed of Delivery - Speed of Recovery - Security is Federated - DevSecOps Fosters a Culture of Openness and Transparency During this Meetup, James and Jason will show you how to harden and secure a container pipeline and AWS network. Briefly, they will demonstrate how to deploy accounts with a Cloud Security Posture and review security best practices from AWS, CIS, and NIST. They will also touch on how to integrate changes in your infrastructure pipelines to adhere to your Enterprise's Security Compliance Guidelines. If you're interested in integrating security and compliance into your Application and Infrastructure pipelines to realize the benefits of DevSecOps, join us in this virtual meetup.

HIPAA Compliance in the AWS Cloud

Noah Jaehnert

Presentation recording available here: https://www.youtube.com/watch?v=_oDGZdp62ZU At the 3/21/2017 IndyAWS Meetup, Justin Kittle, IT Manager at OurHealth, and Noah Jaehnert, Director of Information Security at OurHealth, discussed HIPAA Compliance in the AWS cloud. This presentation includes topics such as healthcare and HIPAA definitions, HIPAA requirements, HIPAA eligible AWS services, the AWS Shared Responsibility Model, meeting AWS' compliance model, and more.

Introduction to AWS Organizations

Amazon Web Services

Security, Risk, Compliance & Controls

Amazon Web Services

Compliance In The Cloud Using Security By Design

Amazon Web Services

Understanding AWS Security

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...

Amazon Web Services

(Presented by Trend Micro) In this session, you learn about the AWS shared security model, including considerations and best practices for deploying a secure and compliant application on AWS, and how to leverage the features and APIs provided by AWS. You also learn how to use best-in-class security and compliance solutions that have been optimized for enterprises deploying in AWS. Key topics covered are Amazon EC2 and Amazon EBS encryption, including several key management methodologies as well as intrusion detection and prevention, anti-malware, anti-virus, integrity monitoring, firewall, and web reputation in the cloud.

F5 on AWS: How MailControl Improved their Application Visbility and Security

Amazon Web Services

Organizations like MailControl often discover they need to gain additional visibility into encrypted incoming and outgoing application traffic to detect potential threats or anomalies. F5 BIG-IP Virtual Edition (VE) on Amazon Web Services (AWS) delivers an advanced application delivery controller (ADC) that goes beyond balancing application loads, enabling inspection of inbound and outbound application traffic. Join our webinar with AWS to discover how F5 was able to help MailControl boost their visibility into the email traffic flowing through their application. By using virtualized F5 services on Amazon Web Services (AWS), the organization increased its application monitoring capabilities and improved security for its customers, while simultaneously automating processes to support its agile DevOps process.

AWS Security

armincoralic

Security is such a big subject which means that when you say security depending on the person you talk to they will have one or more of the following topics in their mind: AWS access, Access to your AWS infra, Audit Trails of ho did what in AWS, Securing access to your application, of your application, and OS security. And the list goes on and on. Without pretending I have "THE solution" and "to know it all" let me show you what I did regarding security in the cloud. I will show you how I tried to take security measures on all for me relevant aspects mentioned above and more.

#ALSummit: Alert Logic & AWS - AWS Security Services

Alert Logic

Build on AWS: Delivering and Modernizing.

Amazon Web Services

What's hot

AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...

Amazon Web Services

Advanced Security Compliance and Risk Management with Xacta 360: Customer Sho...

Amazon Web Services

Shared Security in AWS

PolarSeven Pty Ltd

AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security

Amazon Web Services

Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...

Amazon Web Services

AWS Summit Singapore - Next Generation Security

Amazon Web Services

Understanding AWS security

Amazon Web Services

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017

Amazon Web Services

Aws certified-security

kartikaryan4

T4 – Understanding aws security

Amazon Web Services

(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014

Amazon Web Services

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

James Strong

HIPAA Compliance in the AWS Cloud

Noah Jaehnert

Introduction to AWS Organizations

Amazon Web Services

Security, Risk, Compliance & Controls

Amazon Web Services

Compliance In The Cloud Using Security By Design

Amazon Web Services

Understanding AWS Security

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...

Amazon Web Services

F5 on AWS: How MailControl Improved their Application Visbility and Security

Amazon Web Services

AWS Security

armincoralic

What's hot (20)

AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...

Advanced Security Compliance and Risk Management with Xacta 360: Customer Sho...

Shared Security in AWS

AWS Enterprise Summit London 2015 | Sophos - Using AWS to Transform Security

Achieving Continuous Compliance using AWS Config - AWS Public Sector Summit S...

AWS Summit Singapore - Next Generation Security

Understanding AWS security

AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017

Aws certified-security

T4 – Understanding aws security

(HLS401) Architecting for HIPAA Compliance on AWS | AWS re:Invent 2014

AWS Cloud Governance & Security through Automation - Atlanta AWS Builders

HIPAA Compliance in the AWS Cloud

Introduction to AWS Organizations

Security, Risk, Compliance & Controls

Compliance In The Cloud Using Security By Design

Understanding AWS Security

How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...

F5 on AWS: How MailControl Improved their Application Visbility and Security

AWS Security

Similar to Achieving Real-time Compliance using AWS Native Services

#ALSummit: Alert Logic & AWS - AWS Security Services

Alert Logic

Build on AWS: Delivering and Modernizing.

Amazon Web Services

Build on AWS: Building & Modernizing

Amazon Web Services

AWS Security for Financial Services

Amazon Web Services

Getting Started with AWS Security

Amazon Web Services

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Security on AWS

Amazon Web Services

Secure your AWS Account and your Organization's Accounts

Amazon Web Services

The cloud enables users to run workloads more securely than they could in a traditional data center. However, customers are still not sure how to harden their AWS accounts and resources in order to enforce compliance. Consistency around governance can also be a concern when large customers have multiple accounts. In this session, we show you how to use automation, tools, and techniques to harden and audit your AWS account as well as how to leverage AWS Organizations to ensure compliance in your enterprise.

Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...

Amazon Web Services

Getting Started With AWS Security

Amazon Web Services

Automating Compliance for Financial Institutions - AWS Summit SG 2017

Amazon Web Services

This session demonstrates how to architect for continuous compliance and security using CloudWatch Events and AWS Config rules. This session focuses on the actual code for the various controls, actions, and remediation features, and how to use various AWS services and features to build them. The demos in this session include CIS Amazon Web Services Foundations validation; examples of custom rules for regulatory compliance and how to automate aspects of incident response.

Network Security and Access Control within AWS

Amazon Web Services

AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도

Amazon Web Services Korea

2014년 10월 29일에 열린 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다. 강연 요약: 보안은 AWS와 고객 모두에게 매우 중요한 사항입니다. 많은 엔터프라이즈 고객들이 AWS를 신뢰해 금융정보나 개인정보 등의 민감한 정보들을 AWS에 저장하고 있습니다. 이 세션에서는 이러한 엔터프라이즈 고객들이 보안성 있는 애플리케이션을 구축하고 중요 정보를 암호화하는 등 보안을 유지하는 데 사용하는 AWS의 주요 보안 기능에 대해 알아보고, 기존의 보안 정책에 맞게 AWS를 사용할 수 있는 방법에 대해서도 알아보겠습니다. 또한 귀사의 현재 보안 태세를 한층 강화할 수 있도록 보안 프로그램과 절차, 모범 사례 등을 소개할 예정입니다.

Getting Started with AWS Security

Amazon Web Services

Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services. Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN

Segurança de Ponta a Ponta na AWS

Alexandre Santos

Modern Security and Compliance Through Automation

Amazon Web Services

Because the entire AWS cloud platform is programmable, it turns out that you can program security and compliance in advance of actually instantiating any actual workloads. In this session, we show how you can design a secure and compliant workload and even have it audited by a third-party auditor before creating it for the first time! Once it's created, other facilities provide mechanisms for detecting and alerting a drift from your baseline, and even automatically remediating the drift. Learn how the comprehensive automation available in AWS provides security and compliance professionals an entire new, more efficient, and more effective way to work. Speaker: John Hildebrand, Solutions Architect, Amazon Web Services

Getting started with aws security toronto rs

Amazon Web Services

AWS APAC Webinar Week - Securing Your Business on AWS

Amazon Web Services

AWS Enterprise Summit Netherlands - Infosec by Design

Amazon Web Services

Infrastructure Security: Your Minimum Security Baseline

Amazon Web Services

After IAM and Detective Controls you’ll turn to Infrastructure Security, which means tuning AWS Service configurations, AMI composition, and hardening other digital assets that will be deployed. We will cover how to define networking architecture (e.g. VPC, subnets, security groups); how to develop hardened AMIs based on your requirements; the importance of defining Internet ingress and egress flows, and how to determine Vulnerability Management and operational maintenance cadence.

Information Security in AWS - Dave Walker

East Midlands Cyber Security Forum

Similar to Achieving Real-time Compliance using AWS Native Services (20)

#ALSummit: Alert Logic & AWS - AWS Security Services

Build on AWS: Delivering and Modernizing.

Build on AWS: Building & Modernizing

AWS Security for Financial Services

Getting Started with AWS Security

Security on AWS

Secure your AWS Account and your Organization's Accounts

Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...

Getting Started With AWS Security

Automating Compliance for Financial Institutions - AWS Summit SG 2017

Network Security and Access Control within AWS

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도

Getting Started with AWS Security

Segurança de Ponta a Ponta na AWS

Modern Security and Compliance Through Automation

Getting started with aws security toronto rs

AWS APAC Webinar Week - Securing Your Business on AWS

AWS Enterprise Summit Netherlands - Infosec by Design

Infrastructure Security: Your Minimum Security Baseline

Information Security in AWS - Dave Walker

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWSAmazon Web Services

How to Build a Winning Pitch DeckAmazon Web Services

Building a web application without serversAmazon Web Services

Fundraising EssentialsAmazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Achieving Real-time Compliance using AWS Native Services

1. Achieving real-time compliance using AWS native services Jonathan Rault Security Lead, APJC, Professional Services Amazon Web Services

2. Summary • Compliance on AWS • Compliance in AWS • Compliance Automation • Getting Started

3. COMPLIANCE ON AWS

4. Compliance on AWS 1. Shared responsibility 2. Due Diligence with AWS Artifact

5. Compliance on AWS FSI • Principles Guidelines • APRA • HKMA • MAS Certifications • SOC1/2 • ISO • PCI

6. Compliance on AWS 1. Shared responsibility 2. Due Diligence with AWS Artifact – On-boarding of AWS – On-boarding of AWS Services 3. Product Feature Request (PFR)

7. COMPLIANCE IN AWS

8. In AWS, you are inherently more secure. AWS Lambda VPN gateway VPC endpoints flow logs AWS Config CloudFormation template Amazon Inspector AWS CloudHSM AWS Directory Service AWS IAM AWS KMS ACM Amazon CloudWatch AWS CloudTrail AWS WAF Amazon Macie AWS Organizations AWS Shield

9. ≠Compliance Security

10. Requirements Evidence SecurityCompliance

11. Evidence SecurityCompliance Requirements*

12. Requirements* Evidence SecurityCompliance AWS Config AWS CloudTrail

13. Meet Joe Sec AWS Config is available in all AWS regions • Continuously monitor configurations • Record configuration changes • Trigger compliance-as-code Rules • Handle multi-Accounts and multi-Regions (NEW) AWS Config: https://aws.amazon.com/config/ AWS Config

14. AWS Config Rules – Overview

15. AWS Config Rules – Overview

16. AWS Config Rules – Rule details

17. AWS Config Rules – Rule details

18. AWS Config Rules – Rule details

19. AWS Config – Resource details

20. AWS Config – Resource details

21. AWS Config – Resource details

22. COMPLIANCE AUTOMATION

23. Checklist Audit

24. Checklist Codified Checklist Audit

25. Checklist Codified Checklist Audit Continuous Visibility

26. Set of Compliance-as-code Rules = RuleSet

27. Compliance-as-code 1-Dimension Security Baseline Controls Controls Specific to Scenarios AWS Services Controls Layersofcontrols RuleSets on Scenarios RuleSets on Services RuleSet on Baseline

28. Compliance-as-code 2-Dimension Security Baseline Controls Controls Specific to Scenarios AWS Services Controls Layersofcontrols RuleSets on Scenarios RuleSet on Baseline Depth of controls RuleSets on Services

29. Compliance-as-code 2-Dimension Security Baseline Controls Controls Specific to Scenarios AWS Services Controls Layersofcontrols RuleSets on Scenarios RuleSet on Baseline Depth of controls RuleSets on Services

30. AWS Services Controls Compliance-as-code 2-Dimension Security Baseline Controls Controls Specific to Scenarios Layersofcontrols RuleSets on Scenarios RuleSet on Baseline Depth of controls RuleSets on Services

31. AWS Services Controls Compliance-as-code 2-Dimension Security Baseline Controls Controls Specific to Scenarios Layersofcontrols RuleSets on Scenarios RuleSet on Baseline Depth of controls RuleSets on Services

32. Compliance-as-code n-Dimension • Data / BIA Classification • Prod vs. Non-Prod • Operating Model : DevOps vs. Dev & Ops

33. GETTING STARTED

34. “Le mieux est l'ennemi du bien.” - Voltaire

35. Playbooks CodificationEngine Evolve Standards and AWS configuration requirements Create compliance- as-code controls Integrate into mechanisms to handle deviations Measure Security effectiveness Compliance-as-code – Flywheel

36. Playbooks CodificationEngine Metrics Evolve Standards and AWS configuration requirements Create compliance- as-code controls Integrate into mechanisms to handle deviations Measure Security effectiveness Compliance-as-code – Flywheel

37. Compliance-as-code Engine Collaborative AWS project: built from experience with FinServe AWS Customers and contribution from AWS Services teams. • Provide a catalog of RuleSets • Integrate with existing/new operations • Empower application owners with feedback • Provide visibility on history and analytics on compliance data Github: https://github.com/awslabs/aws-config-engine-for-compliance-as-code

38. IN CONCLUSION

39. 5 Key Learnings • Start your Flywheel now. • Be good enough, not perfect. • Be lean: Go from Dev to Prod. • Demonstrate value by measuring impact. • Others & AWS have done it, ask and share.

40. Thank You Jonathan Rault jrault@amazon.com

Achieving Real-time Compliance using AWS Native Services

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Achieving Real-time Compliance using AWS Native Services

Similar to Achieving Real-time Compliance using AWS Native Services (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Achieving Real-time Compliance using AWS Native Services