This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
Security must be the number one priority for any cloud provider and that's no different for AWS. Stephen Schmidt, vice president and chief information officer for AWS, will share his insights into cloud security and how AWS meets the needs of today's IT security challenges. Stephen, with his background with the FBI and his work with AWS customers in the government and space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
This document provides an overview of AWS security best practices. It recommends taking a prescriptive approach to: understand the AWS security model, build strong compliance foundations through programs like SOC and PCI certifications, integrate identity and access management using IAM, enable detective controls with services like CloudTrail and CloudWatch, establish network security using VPC and security groups, implement data protection with encryption services, optimize change management with Config and CloudFormation, and automate security functions using partners from the AWS Marketplace. The document emphasizes that security is a shared responsibility between AWS and customers and provides resources for security training.
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
AWS Organizations allows you to centrally manage multiple AWS accounts. It provides features like consolidated billing, account creation APIs, and service control policies to control access to AWS services across accounts. Service control policies can be used to whitelist or blacklist access to specific AWS APIs on a per-account basis. Organizations helps structure accounts for better security, compliance, and management of access controls and resources.
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)Amazon Web Services
Security of big data workloads in a hybrid IT environment often comes as an afterthought. This session discusses how enterprises can architect secure, big-data workloads on AWS. We cover the application of authentication, authorization, encryption, and additional security principles and mechanisms to workloads leveraging Amazon Elastic MapReduce and Amazon Redshift.
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Amazon Web Services
The document provides best practices for managing security operations in AWS. It discusses key aspects of the AWS shared responsibility model including that AWS manages security of the cloud while customers are responsible for security in the cloud. It also covers identity and access management best practices such as creating individual users, granting least privilege, using groups to manage permissions, restricting privileged access with conditions, enabling auditing with CloudTrail, configuring strong password policies and rotating credentials regularly. The document provides an overview of key certification programs and compliance offerings from AWS.
Security must be the number one priority for any cloud provider and that's no different for AWS. Stephen Schmidt, vice president and chief information officer for AWS, will share his insights into cloud security and how AWS meets the needs of today's IT security challenges. Stephen, with his background with the FBI and his work with AWS customers in the government and space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
This document provides an overview of AWS security best practices. It recommends taking a prescriptive approach to: understand the AWS security model, build strong compliance foundations through programs like SOC and PCI certifications, integrate identity and access management using IAM, enable detective controls with services like CloudTrail and CloudWatch, establish network security using VPC and security groups, implement data protection with encryption services, optimize change management with Config and CloudFormation, and automate security functions using partners from the AWS Marketplace. The document emphasizes that security is a shared responsibility between AWS and customers and provides resources for security training.
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
AWS Organizations allows you to centrally manage multiple AWS accounts. It provides features like consolidated billing, account creation APIs, and service control policies to control access to AWS services across accounts. Service control policies can be used to whitelist or blacklist access to specific AWS APIs on a per-account basis. Organizations helps structure accounts for better security, compliance, and management of access controls and resources.
AWS re:Invent 2016: Securing Enterprise Big Data Workloads on AWS (SEC308)Amazon Web Services
Security of big data workloads in a hybrid IT environment often comes as an afterthought. This session discusses how enterprises can architect secure, big-data workloads on AWS. We cover the application of authentication, authorization, encryption, and additional security principles and mechanisms to workloads leveraging Amazon Elastic MapReduce and Amazon Redshift.
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Amazon Web Services
The document provides best practices for managing security operations in AWS. It discusses key aspects of the AWS shared responsibility model including that AWS manages security of the cloud while customers are responsible for security in the cloud. It also covers identity and access management best practices such as creating individual users, granting least privilege, using groups to manage permissions, restricting privileged access with conditions, enabling auditing with CloudTrail, configuring strong password policies and rotating credentials regularly. The document provides an overview of key certification programs and compliance offerings from AWS.
Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, vice president and chief information officer for AWS, shares his insights into cloud security and how AWS meets our customers' demanding security and compliance requirements, and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
Cloud computing offers many advantages, such as the ability to scale your web applications or website on demand. But how do you scale your security and compliance infrastructure along with the business? Join this session to understand best practices for scaling your security resources as you grow from zero to millions of users. Specifically, you learn the following:
How to scale your security and compliance infrastructure to keep up with a rapidly expanding threat base.
The security implications of scaling for numbers of users and numbers of applications, and how to satisfy both needs.
How agile development with integrated security testing and validation leads to a secure environment.
Best practices and design patterns of a continuous delivery pipeline and the appropriate security-focused testing for each.
The necessity of treating your security as code, just as you would do with infrastructure.
The services covered in this session include AWS IAM, Auto Scaling, Amazon Inspector, AWS WAF, and Amazon Cognito.
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering flexibility for customers to build a wide range of applications. Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Topics covered include:
• The AWS approach to security and how responsibilities are shared between AWS and our customers
• How to build your own secure virtual private cloud and integrate it with your existing solutions
• How to use AWS Identity and Access Management to securely manage and operate your applications
• Best practices for securing your AWS account, your content and your applications
View a recording of this webinar here: http://youtu.be/Ihe_8o00-WI
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
This session is for IT pros working with compliance managers to deliver solutions that lower costs and still meet compliance demands. You will learn how to move large scale data stores to the cloud, while remaining compliant with existing regulations. Services mentioned: S3, Glacier and the Vault Lock feature, Snowball, ingestion services.
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
(Presented by Identity Automation) Identity Automation has worked with the North Carolina Department of Public Instruction since April 2013 to provide a cloud-based identity management service for all employees, students, parents and guests of the State’s K12 organizations. In this session, Identity Automation will discuss how the service was used to synchronize identities with target systems, provide federation services as well as end-user self-service and to delegate administration functionality.
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help security professionals thwart cyber security incidents. Within this list of strategies, eight have been identified as essential for government agencies to implement as a security baseline starting point. This session offers customers practical guidance for meeting the ASD Essential Eight using AWS services to help them achieve compliance goals faster and more cost effectively.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
"You’ve made the move to AWS and are now reaping the benefits of decreased costs and increased business agility. How can you reap those same benefits for your cloud security and compliance operations? As building cloud-native applications requires different skill sets, architectures, integrations, and processes, implementing effective, scalable, and robust security for the cloud requires rethinking everything from your security tools to your team culture.
Attend this session to learn how to start down the path toward security and compliance automation and hear how DevSecOps leaders such as Intuit and Capital One are using AWS, DevOps, and automation to transform their security operations.
Session sponsored by evident.io"
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
This document discusses security best practices when using AWS. It covers the shared responsibility model between AWS and customers, leveraging AWS security features, understanding customer needs to form a security stance, and engaging security assessors early. It provides an overview of identity and access management tools like IAM, security groups, VPCs and direct connects. The document emphasizes applying a "security by design" approach when building on AWS.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, vice president and chief information officer for AWS, shares his insights into cloud security and how AWS meets our customers' demanding security and compliance requirements, and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
Cloud computing offers many advantages, such as the ability to scale your web applications or website on demand. But how do you scale your security and compliance infrastructure along with the business? Join this session to understand best practices for scaling your security resources as you grow from zero to millions of users. Specifically, you learn the following:
How to scale your security and compliance infrastructure to keep up with a rapidly expanding threat base.
The security implications of scaling for numbers of users and numbers of applications, and how to satisfy both needs.
How agile development with integrated security testing and validation leads to a secure environment.
Best practices and design patterns of a continuous delivery pipeline and the appropriate security-focused testing for each.
The necessity of treating your security as code, just as you would do with infrastructure.
The services covered in this session include AWS IAM, Auto Scaling, Amazon Inspector, AWS WAF, and Amazon Cognito.
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering flexibility for customers to build a wide range of applications. Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Topics covered include:
• The AWS approach to security and how responsibilities are shared between AWS and our customers
• How to build your own secure virtual private cloud and integrate it with your existing solutions
• How to use AWS Identity and Access Management to securely manage and operate your applications
• Best practices for securing your AWS account, your content and your applications
View a recording of this webinar here: http://youtu.be/Ihe_8o00-WI
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
This session is for IT pros working with compliance managers to deliver solutions that lower costs and still meet compliance demands. You will learn how to move large scale data stores to the cloud, while remaining compliant with existing regulations. Services mentioned: S3, Glacier and the Vault Lock feature, Snowball, ingestion services.
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
(Presented by Identity Automation) Identity Automation has worked with the North Carolina Department of Public Instruction since April 2013 to provide a cloud-based identity management service for all employees, students, parents and guests of the State’s K12 organizations. In this session, Identity Automation will discuss how the service was used to synchronize identities with target systems, provide federation services as well as end-user self-service and to delegate administration functionality.
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help security professionals thwart cyber security incidents. Within this list of strategies, eight have been identified as essential for government agencies to implement as a security baseline starting point. This session offers customers practical guidance for meeting the ASD Essential Eight using AWS services to help them achieve compliance goals faster and more cost effectively.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
"You’ve made the move to AWS and are now reaping the benefits of decreased costs and increased business agility. How can you reap those same benefits for your cloud security and compliance operations? As building cloud-native applications requires different skill sets, architectures, integrations, and processes, implementing effective, scalable, and robust security for the cloud requires rethinking everything from your security tools to your team culture.
Attend this session to learn how to start down the path toward security and compliance automation and hear how DevSecOps leaders such as Intuit and Capital One are using AWS, DevOps, and automation to transform their security operations.
Session sponsored by evident.io"
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
Creating Your Virtual Data Center: Amazon VPC Fundamentals and Connectivity O...Amazon Web Services
In this session, we will walk through the fundamentals of Amazon Virtual Private Cloud (VPC). First, we will cover build-out and design fundamentals for VPC, including picking your IP space, subnetting, routing, security, NAT, and much more. We will then transition into different approaches and use cases for optionally connecting your VPC to your physical data center with VPN or AWS Direct Connect. This mid-level architecture discussion is aimed at architects, network administrators, and technology decision-makers interested in understanding the building blocks AWS makes available with VPC and how you can connect this with your offices and current data center footprint.
This document discusses security best practices when using AWS. It covers the shared responsibility model between AWS and customers, leveraging AWS security features, understanding customer needs to form a security stance, and engaging security assessors early. It provides an overview of identity and access management tools like IAM, security groups, VPCs and direct connects. The document emphasizes applying a "security by design" approach when building on AWS.
High Availability Application Architectures in Amazon VPC (ARC202) | AWS re:I...Amazon Web Services
Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the Amazon Web Services (AWS) cloud where you can launch AWS resources in a virtual data center that you define. In this session you learn how to leverage the VPC networking constructs to configure a highly available and secure virtual data center on AWS for your application. We cover best practices around choosing an IP range for your VPC, creating subnets, configuring routing, securing your VPC, establishing VPN connectivity, and much more. The session culminates in creating a highly available web application stack inside of VPC and testing its availability with Chaos Monkey.
The document provides guidance on cloud architecture best practices for architects. It discusses 7 key lessons: 1) design for failure and nothing fails, 2) loose coupling sets you free, 3) implement elasticity, 4) build security in every layer, 5) don't fear constraints, 6) think parallel, and 7) leverage many storage options. The document uses examples of moving a web architecture to AWS to illustrate applying these lessons around scalability, availability and resilience.
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...Amazon Web Services
It is critical to maintain strong identity and access policy to prevent unexpected access to your resources for whatever applications you are running on AWS. It is equally important to track and alert on changes being made to your AWS resources.
In this webinar, you will learn about the different ways you can use AWS Identity and Access Management (IAM) to control access to your AWS services and integrate your existing authentication system with AWS IAM. We will cover how you can deploy and control your AWS infrastructure using code templates, including change management policies with AWS CloudFormation.
In addition, we will explore different options for managing both your AWS access logs and your Amazon Elastic Compute Cloud (EC2) system logs using Amazon CloudWatch Logs. We will also cover how to use these logs to implement an audit and compliance validation process using services such as AWS Config, AWS CloudTrail, and Amazon Inspector.
Learning Objectives:
• Understand the AWS Shared Responsibility Model.
• Understand AWS account and identity management options and configuration.
• Learn the concept of infrastructure as code and change management using CloudFormation.
• Learn how to audit and log your AWS service usage.
• Learn about AWS services to add automatic compliance checks to your AWS infrastructure.
Who Should Attend:
• IT administrators, architects, and security engineers, or anyone interested in controlling access to AWS resources, deploying infrastructure on AWS, or performing compliance checks on their infrastructure
(SEC403) Building AWS Partner Applications Using IAM Roles | AWS re:Invent 2014Amazon Web Services
This document summarizes a talk on building AWS partner applications using IAM roles. It discusses using the AssumeRole API to access AWS resources across accounts with temporary credentials instead of long-term access keys. It also covers using an external ID parameter to prevent confused deputy attacks by verifying the account being accessed belongs to the user. The document provides code samples and recommends architectures that use least privilege and isolate privileged instances.
Delegating Access to your AWS Environment (SEC303) | AWS re:Invent 2013Amazon Web Services
At times you may have a need to provide external entities access to resources within your AWS account. You may have users within your enterprise that want to access AWS resources without having to remember a new username and password. Alternatively, you may be creating a cloud-backed application that is used by millions of mobile users. Or you have multiple AWS accounts that you want to share resources across. Regardless of the scenario, AWS Identity and Access Management (IAM) provides a number of ways you can securely and flexibly provide delegated access to your AWS resources. Come learn how to best take advantage of these options in your AWS environment.
IDC Analysts predict that the market for public cloud consulting services will grow 10x faster than overall IT professional services. This session will cover how AWS consulting partners have built successful AWS practices by investing in sales, delivery, training, and building AWS specific methodologies. We will cover best practices in each functional area, and provide a 6-12 month roadmap for building your AWS practice.
Application Optimized Performance: Choosing the Right Instance (CPN212) | AWS...Amazon Web Services
(Presented by Intel)
Each application places a different set of requirements on the underlying infrastructure.
Whether it is web, big data analytics, technical computing, or general enterprise applications, applications are run more efficiently when performance, IO bandwidth, and memory capacity have been custom-tailored for that specific application.
Jason Waxman, GM and VP of Intel’s Cloud Platform Group, looks under the hood at the different types of processors that comprise Amazon Web Services instances and shares insights from Intel IT and industry best practices for right-sizing infrastructure for different application characteristics and capabilities. By leveraging the underlying performance, security capabilities, and flexibility of various instance types, developers can more easily migrate applications into the cloud and drive down TCO for cloud-based services.
"Running enterprise workloads with sensitive data in AWS is hard and requires an in-depth understanding about software-defined security risks. At re:Invent 2014, Intuit and AWS presented ""Enterprise Cloud Security via DevSecOps"" to help the community understand how to embrace AWS features and a software-defined security model. Since then, we've learned quite a bit more about running sensitive workloads in AWS.
We've evaluated new security features, worked with vendors, and generally explored how to develop security-as-code skills. Come join Intuit and AWS to learn about second-year lessons and see how DevSecOps is evolving. We've built skills in security engineering, compliance operations, security science, and security operations to secure AWS-hosted applications. We will share stories and insights about DevSecOps experiments, and show you how to crawl, walk, and then run into the world of DevSecOps."
Java For The Cloud Presentation @ AlphaCSP's JavaEdge 2008Baruch Sadogursky
This document discusses the evolution of applications from single machines to large distributed systems across multiple machines and data centers. It notes that building and maintaining such large infrastructures can be costly and inefficient if the capacity is not fully utilized. The document then introduces cloud computing as a more efficient alternative that allows applications to dynamically scale across remote data centers and only pay for the resources that are actually used. Several examples of cloud platforms like Amazon Web Services, Google App Engine, and Microsoft Azure are provided. Both advantages and potential drawbacks of cloud computing are discussed.
Java Update - Bristol JUG. Part 2 - Java EE / Java in the Cloud.Steve Elliott
This document provides an overview and update on Java technologies. It discusses the Java SE and Java EE roadmaps, including updates on Java EE 7 and 8. It also discusses how Java is evolving for cloud computing, including how Java EE applications can be developed as microservices. The document contains information on Oracle's Java cloud platform and how it supports both Java EE and other JVM languages like Java SE and Node.js in a container-based environment.
Synapse India is an IT solutions provider that offers software development and marketing services. It is CMMI level-3 certified and works with over 2000 clients worldwide. Single sign-on (SSO) allows a user to log in once and gain access to multiple independent systems without re-authenticating, saving time. SAML is a protocol that implements SSO in enterprises by defining identity providers, service providers, and the transfer of authentication data between the two using XML messages. Implementing SSO involves configuring servers as identity providers or service providers and exchanging metadata between the two to enable single sign-on access across systems.
Amazon Web Services provides cloud computing services to customers in 190 countries, focusing on security, operational excellence, flexibility and choice, innovation, and lowering costs. AWS has a global infrastructure with regions in the US, Europe, Asia Pacific, and South America. It offers a variety of computing, storage, database, application services and has over 30 services available. AWS aims to rapidly innovate based on customer feedback by continuously adding new services and features weekly/monthly while also lowering prices over time to help customers compete globally.
This document discusses using cloud computing for bioinformatics. It begins by defining cloud computing and describing its key characteristics like on-demand access to computing resources and rapid elasticity. It then discusses different cloud delivery models like Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). The document provides examples of public cloud providers for each delivery model. It also introduces tools like CloudBridge that help make applications cloud-independent and CloudLaunch, a portal for deploying cloud-enabled bioinformatics applications. Finally, it briefly discusses how these tools and cloud resources can help improve bioinformatics workflows by providing scalable infrastructure for processing large genomic datasets.
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012Arun Gupta
The document discusses Java EE 7 and its focus on cloud computing. Key points include:
- Java EE 7 aims to define the Java EE platform as a service (PaaS) to make it easier for developers to leverage public, private and hybrid clouds.
- This includes adding metadata for service provisioning and configuration, and APIs to support features like elastic scaling and multi-tenancy.
- A demo is described showing how a Java EE application can be deployed to the cloud by including service metadata that allows for automatic provisioning of resources.
This document discusses using Active Directory Federation Services (ADFS) with AWS Identity and Access Management (IAM) for single sign-on. It provides reasons for using ADFS like low cost, controlling AWS access through existing business processes, and audit trails. Technically, ADFS allows SAML integration with IAM and maps existing Active Directory users and groups to manage permissions without recreating accounts. The document walks through setting up a test ADFS environment, configuring an IAM identity provider, defining IAM roles, and enabling single sign-on access to AWS services using AD groups. Resources for the original configuration guide and IAM policy generation are also provided.
This document provides an overview of application security best practices on AWS. It discusses how security is a shared responsibility between AWS and the customer. AWS is responsible for security of the cloud infrastructure, while customers are responsible for security in their own systems like operating systems, applications, network configurations, and identity management. The document then provides recommendations for securing applications deployed on AWS, such as using security groups, encryption, monitoring tools, and log management strategies.
Stephen Quigg discusses security at AWS. He notes that security is the top priority and that AWS provides comprehensive security capabilities to support any workload. Security is shared responsibility between AWS and customers, with AWS providing visibility, auditability and control through services like CloudTrail and IAM. Customers have control over their data through encryption options and can choose the right level of security for their needs and business.
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Amazon Web Services
Yelp is evolving from a purely hosted infrastructure environment to running many systems in AWS—paving the way for their growth to 108 million monthly visitors (source: Google Analytics). Embracing a cloud culture reduced reliability issues, sped up the pace of innovation, and helped them support dozens of data-intensive Yelp features, including search relevance, usage graphs, review highlights, spam filtering, and advertising optimizations. Today, Yelp runs 7+ TB hosted databases, 250+ GB compressed logs per day in Amazon S3, and hundreds of Amazon Elastic MapReduce jobs per day. In this session, Yelp engineers share the secrets of their success and show how they achieved big wins with Amazon EMR and open source libraries, policies around development, privacy, and testing.
Tom Jones, a Solution Architect at Amazon Web Services, gave a presentation on developing and deploying secure, scalable applications on AWS. He discussed AWS's broad range of services including compute, storage, databases, and networking. He also covered security features, development tools, and best practices for building applications on AWS including using services like Elastic Beanstalk, CloudFormation, and CodePipeline. The presentation provided an overview of how to leverage AWS services at different stages of the development lifecycle.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
by Brad Dispensa, Sr.SA–Security and Compliance
At AWS, security is job zero and we have architected our infrastructure for the most data-sensitive organizations in the world. In this session, we will cover our Shared Responsibility Model in relation to Security and our Compliance Program, and what that means for our customers when using our suite of storage services.
There are four common challenges that CISOs and their security teams struggle with, even in the most secure and mature organizational datacenters – visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits of using the AWS Cloud and why Cybersecurity is becoming a driving force behind commercial cloud adoption. This is an executive level presentation that covers key technical concepts and capabilities to meet business security and compliance objectives. Intended audience includes CIOs, CISOs, Technical Managers, senior architects and engineers new to AWS, and Technically-savvy Business Managers.
Cloud Migration, Application Modernization, and Security Tom Laszewski
As AWS continues to expand, enterprise customers are looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud
- The document provides guidance on implementing security best practices on AWS using a prescriptive approach, beginning with understanding AWS's shared security responsibility model and then covering topics like building compliance foundations, integrating identity and access management, enabling detective controls, establishing network security, implementing data protection, optimizing change management, and automating security functions.
- It highlights AWS services and features for each topic and includes case studies showing how organizations have improved security and saved money by leveraging AWS security tools and services.
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud.
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Amazon Web Services
- AWS provides built-in security controls that customers don't need to manage themselves, like security groups and IAM.
- The Cloud Adoption Framework helps customers adapt existing practices or introduce new practices for cloud computing across five core security capabilities: identity and access management, detective controls, infrastructure security, data protection, and incident response.
- AWS services like CloudTrail, Config, Inspector, and Flow Logs provide detective controls to monitor activity and configuration changes. Services like OpsWorks, Shield, and WAF help secure infrastructure. Key Management Service, CloudHSM, and Certificate Manager help protect data. CloudWatch Events and Lambda can automate incident response.
This document provides a summary of security best practices when using AWS. It recommends taking a prescriptive approach that involves understanding AWS's security approach, building strong compliance foundations, integrating identity and access management, enabling detective controls, establishing network security, implementing data protection, optimizing change management, and automating security functions. It describes specific AWS services that can be used for each, such as IAM, VPC, CloudTrail, CloudWatch, Config, and CloudFormation. The overall message is that security responsibilities are shared between AWS and customers, and adopting AWS security best practices allows moving fast while staying secure.
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAmazon Web Services
The document discusses security on AWS and how AWS provides more visibility, auditability and control over security compared to traditional data centers. It highlights AWS security capabilities like IAM, encryption, monitoring with CloudTrail and provides customer examples like NASA and Axway who say AWS improves their security posture. The document emphasizes that security is a shared responsibility with AWS providing secure infrastructure and customers choosing security best practices for their workloads.
This document discusses AWS security services for financial services institutions. It covers the AWS shared security responsibility model, AWS compliance with standards like PCI and ISO, and key security services like IAM, VPC, encryption, WAF, and security monitoring tools. It also discusses the AWS security assessment methodology using the AWS Cloud Adoption Framework.
Security practitioners are challenged by Amazon S3 to maintain a balance between the advantages of cloud storage and the necessary caution.
Unfortunately, S3 access control is nice to set and hard to maintain:
The access permissions schema via “policies”, is very flexible. During implementation time the developer knows the rather technical JSON syntax.
When permissions have to be reviewed the auditor needs know-how of specific details of policies written in JSON syntax, and their respective locations in the AWS console.
Adding to the complexity is access control with ACLs.
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
This document provides an overview of security on AWS. It discusses AWS regions and availability zones, the shared responsibility model for security between AWS and customers, and security features available on AWS like network security, access control, monitoring and logging, encryption, IAM, and securing data at rest. It also provides best practices for IAM configuration and using features like roles, MFA, and monitoring for security events.
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned, and best practices for large-scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of the unique benefits of AWS. We will also dive into how to use an array of AWS services and features to improve customers' security posture as they migrate and once they are up and running in the cloud.
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
In this session we will explore the current financial regulatory landscape and future compliance trends. We will dive deep on to how to leverage AWS services to implement next generation security and compliance at scale.
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
This document summarizes a presentation on reinventing the security landscape in AWS. The presentation covers how cloud computing is gaining traction for allowing companies to focus more on innovation by reducing time spent on infrastructure. It discusses how security responsibilities are shared between AWS and customers. It also provides examples of security best practices and services in AWS like encryption, identity and access management, logging, and monitoring that can help customers strengthen their security posture while moving fast.
Similar to Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Invent 2013 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfMalak Abu Hammad
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
4. Security Economies of Scale
• AWS control objectives idempotent across the
entire cloud
• Reduced compliance scope
• Defense in depth layers are variable cost
• Security benefits from automation
5. Why Update Your Security Strategy for
AWS?
• Communicate the CISO’s intent & Concept of
Operations (CONOPS)
• Articulate a vision for the desired end-state
32. Network Protection
App Tier
Web Tier
Protect
Tier
Internet
Gateway
Route Table
NACL
Internet
IAM
DB Tier
VPN
VPN
AWS
DX
Existing
CGW Perimeter
Security
Stack
Corporate
Data Center
33. Instance Protection
Instance
Protect
Tier
Internet
Gateway
SSH Keys
Auto Scaling
Managed
Encryption
Host Security
Software
Bootstrapping
CloudFront
Load Distro
Penetration
Testing
App Tier
Web Tier
Bastion Host
AMIs
Internet
IAM
DB Tier
VPN
VPN
AWS
DX
Existing
CGW Perimeter
Security
Stack
Corporate
Data Center
34. Database Protection
Protect Tier
Internet
Gateway
Internet
DB Tier
App Tier
Web Tier
VPN
AWS
DX
Existing
CGW Perimeter
Security
Stack
Corporate
Data Center
IAM
Database
Oracle TDE
VP
N
Oracle NNE
MySQL, MSSQL SSL
Redshfit
Cluster
Encryption
EMR Job Flow
Roles
SQL SSL
Clients
DynamoDB,
SimpleDB SSL
RDS Auto
Minor Patching
36. In-line Threat Management:
EIP
2
EIP
4
IPS NAT Layer
App
IPS NAT Layer
EIP
3
Web
EIP
1
Protect
IPS/IDS NAT HA
App Layer
Availability Zone A
Availability Zone B
DB
App Layer
37. CloudFront
Protect Tier
Route Table
Web Tier
Internet
Gateway
NACL
App Tier
Internet
IAM
DB Tier
VPN
S3
VPN
AWS
DX
Existing
CGW Perimeter
Security
Stack
Corporate
Data Center
39. Why Build a Security Operations
Playbook?
• Empower CISO organization to operate their
cloud enterprise securely
• Enable CISO business partners to secure
deployments and manage mission risk
40. Typical Components
• Overview of the AWS service or enterprise
process
• Requirements/Dependencies
• Workflow
• Exceptions
41. Requirements/De
pendencies
Workflow
Sample Entry: Amazon S3
Overview of the
AWS service or
enterprise
process
Exceptions
Description
• Amazon S3 provides a simple web services interface that can
be used to store and retrieve any amount of data, at any
time, from anywhere on the web.
Secure Configuration
• Data stored in Amazon S3 is secure by default; only bucket
and object owners have access to the Amazon S3 resources
they create. For customers who must comply with regulatory
standards such as PCI and HIPAA, Amazon S3’s data
protection features can be used as part of an overall strategy
to achieve compliance.
42. Granularity
Purpose
Application
IAM Access Policy
Fine grained
Role-based access control
(RBAC)
Apply to IAM groups, roles,
users
Bucket Policy
Fine grained
Grant permissions without IAM and
provide cross-account access
Apply to S3 buckets
Requirements/De
pendencies
Workflow
Choosing Controls
Overview of the
AWS service or
enterprise
process
Exceptions
ACLs
Coarse grained
Grant simple, broad
permissions
Apply to buckets and objects
48. Requirements/De
pendencies
Workflow
Keys, Delimiters, and Tags
Overview of the
AWS service or
enterprise
process
Exceptions
Using Keys and Delimiters
• S3 tags should not be used to configure
permissions to resources
• Instead, use keys and delimiters as described in
the previous section to emulate “folder-level
permissions”
49. Operations
Privilege Isolation & Roles
Refresher
Strategy
IAM Role – Bastion Host
Playbook
IAM Role – Auditing Role
Operations
Architecture
Enterprise Security
Planning
Enterprise Security
Operations
49
50. Overview of the
AWS service or
enterprise
process
Workflow
Privilege Isolation
AWS Account
IAM User/Group/Role
Region
Amazon VPC
Security Group
API Call
Resource
Requirements/De
pendencies
Exceptions
51. •
STS AssumeRole
•
Valid token for one hour
•
Returns access key ID, secret access key, and security token
Requirements/De
pendencies
Workflow
IAM / Security Token Service
Overview of the
AWS service or
enterprise
process
Exceptions
52. Resource Permissions by Service (by API call)
http://docs.aws.amazon.com/IAM/latest/UserGuide/Using_SpecificProducts.html
•
•
•
•
•
•
•
•
•
•
•
Amazon DynamoDB (tables and indexes)
AWS Elastic Beanstalk (application, applicationversion, solutionstack)
Amazon EC2 (instance, security group, dhcp options, nacl, route table, gateways, volumes)
Amazon Glacier (vault)
AWS IAM (signing credentials, group, …)
Amazon Redshift (cluster, parameter group, security group, snapshot, subnet group)
Amazon RDS
Amazon Route53 (hosted zone)
Amazon S3 (bucket)
Amazon SNS (topic)
Amazon SQS (queue)
Requirements/De
pendencies
Workflow
Privilege Isolation / Resources
Overview of the
AWS service or
enterprise
process
Exceptions
53. IAM Roles / EC2
•
Role
•
Instance Profile
•
Identity for the instance itself
•
Available to all application and users on host
Overview of the
AWS service or
enterprise
process
Requirements/De
pendencies
Workflow
Exceptions
54. IAM Roles / Instance Metadata
Service
•
Entitlements of credentials => IAM role
•
Short-life & expiration of credentials provided by STS
•
Managed rotation
•
No stored credentials!
Overview of the
AWS service or
enterprise
process
Requirements/De
pendencies
Workflow
Exceptions
55. •
Eliminates need for individual IAM credentials
•
Reduces or eliminates need for federation
•
Combine with auditing of shell commands
•
Control access by host / purpose
Requirements/De
pendencies
Workflow
Bastion Host Configuration
Overview of the
AWS service or
enterprise
process
Exceptions
56. •
Read-only access to AWS assets
•
Census picture of all assets (feed scanning & SIEM reconciliation)
•
RDS & Redshift query and connection auditing
•
Change detection of vital objects
Requirements/De
pendencies
Workflow
Security Auditing Configuration
Overview of the
AWS service or
enterprise
process
Exceptions
57. Security Auditing / EC2 Read-only Policy
Overview of the
AWS service or
enterprise
process
Requirements/De
pendencies
Workflow
Exceptions
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:DescribeAddresses",
"ec2:DescribeImageAttribute",
"ec2:DescribeImages",
"ec2:DescribeInstanceAttribute",
"ec2:DescribeInstanceStatus",
"ec2:DescribeInstances",
"ec2:DescribeNetworkInterfaceAttribute",
"ec2:DescribeNetworkInterfaces",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
],
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
59. What to do after re:Invent
•
Update security strategy and vision
•
Map AWS features to strategic initiatives
•
Integrate AWS into your security operations
•
Document privilege isolation architecture
•
Begin transition to IAM roles for EC2
•
Enable IAM auditing role
60. References
• Updated Security Best Practices Whitepaper
http://media.amazonwebservices.com/AWS_Security_Best_Practices.pdf
• AWS Compliance Center
https://aws.amazon.com/compliance
• AWS Security Center
https://aws.amazon.com/security
• AWS Security Blog
http://blogs.aws.amazon.com/security/
61. Re:Invent Related Sessions
•
Come talk security with AWS - Thursday, 4-6pm in the Toscana 3605
room
•
SEC308 Auto-Scaling Web Application Security and AWS Thursday, 4:15pm
•
SEC402 Intrusion Detection in the Cloud -Thursday, 5:30pm
•
SEC304 Encryption and Key Management in AWS - Friday 9:00am
•
SEC306 Implementing Bulletproof HIPAA Solutions on AWS Friday, 11:30am
62. Please give us your feedback on this
presentation
ARC308
As a thank you, we will select prize
winners daily for completed surveys!