This webinar covers cloud security fundamentals across AWS, Azure, and GCP. It begins with introductions and an overview of the course, which includes cloud security 101, best practices for each cloud provider, and a discussion of current threats. The presentation covers topics such as the shared responsibility model, cloud security risks and governance models, identity and access management, data security, and techniques for mitigating risks in the cloud. It emphasizes the importance of a data-centric approach to security and controlling access according to the principles of least privilege and separation of duties.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security - Emerging Facets and FrontiersGokul Alex
My session on Cloud Computing Security prepared for ISC2 Bangalore Chapter MeetUp. It is a walkthrough on the fundamental axioms of cloud security with reference to architecture standards, industry best practices and a coverage of some of the most pertinent attack vectors in the recent times. This presentation delves deeper into Cloud Security Reference Architectures, Cloud Security Operating Models, Cloud Firewalls, Cloud Identity Access Management Models, Cloud Malware Concepts etc.
Nimrod Luria, Head of Information Security department at Hi-tech College and the CTO of Qrity.
* Private clouds arcitechture, with focusing
on Microsoft technologies
* Description of threats on cloud systems
* Secure developing & ways to penetrate
and attack systems hosted on cloud
environment
Remote Access and Dual Authentication for Cloud StorageIJMER
Cloud computing is an emerging technology, which provides services over internet such as
software, hardware, network and storage. The key role for cloud computing is virtualization which
reduces the total cost and gives reliable, flexible and secured services. However compute service are
chosen between the providers located in multiple data centres. One of the major security concerns
related to the virtualization and the Storage where the outside attackers can use the files in the storage
and the data owners are not capable of knowing attacks. In this paper we proposed a high level
authentication for the cloud user and remote monitor controlled of your cloud storage. Here our model
provides the dual authentication for the cloud and to get the runtime record of the logs and the secured
application controls, the logs are remotely accessed and controlled by the owner of the data.
The document provides an overview of Oracle Platform Security Services (OPSS) and how it can be used to provide security for Java applications. OPSS provides standards-based security services and abstracts security implementation details away from developers. It supports features like authentication, authorization, role-based access control, and integration with identity management systems. The document also describes several use cases where OPSS can be leveraged for applications developed using Java EE, Java SE, Oracle ADF, and other Oracle products.
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
The document discusses applying a security kernel framework to smart meter gateways. It notes privacy and security are critical issues for smart metering given data from homes is communicated over the internet. The EU has directives requiring smart meters be installed in most homes by 2020 and specifying security and privacy protections. The talk describes security requirements for smart meter gateways set by German standards, and issues with existing approaches not meeting them. It then introduces the TURAYA security kernel framework as a way to address these issues and simplify developing secure smart meter gateways.
This webinar covers cloud security fundamentals across AWS, Azure, and GCP. It begins with introductions and an overview of the course, which includes cloud security 101, best practices for each cloud provider, and a discussion of current threats. The presentation covers topics such as the shared responsibility model, cloud security risks and governance models, identity and access management, data security, and techniques for mitigating risks in the cloud. It emphasizes the importance of a data-centric approach to security and controlling access according to the principles of least privilege and separation of duties.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security - Emerging Facets and FrontiersGokul Alex
My session on Cloud Computing Security prepared for ISC2 Bangalore Chapter MeetUp. It is a walkthrough on the fundamental axioms of cloud security with reference to architecture standards, industry best practices and a coverage of some of the most pertinent attack vectors in the recent times. This presentation delves deeper into Cloud Security Reference Architectures, Cloud Security Operating Models, Cloud Firewalls, Cloud Identity Access Management Models, Cloud Malware Concepts etc.
Nimrod Luria, Head of Information Security department at Hi-tech College and the CTO of Qrity.
* Private clouds arcitechture, with focusing
on Microsoft technologies
* Description of threats on cloud systems
* Secure developing & ways to penetrate
and attack systems hosted on cloud
environment
Remote Access and Dual Authentication for Cloud StorageIJMER
Cloud computing is an emerging technology, which provides services over internet such as
software, hardware, network and storage. The key role for cloud computing is virtualization which
reduces the total cost and gives reliable, flexible and secured services. However compute service are
chosen between the providers located in multiple data centres. One of the major security concerns
related to the virtualization and the Storage where the outside attackers can use the files in the storage
and the data owners are not capable of knowing attacks. In this paper we proposed a high level
authentication for the cloud user and remote monitor controlled of your cloud storage. Here our model
provides the dual authentication for the cloud and to get the runtime record of the logs and the secured
application controls, the logs are remotely accessed and controlled by the owner of the data.
The document provides an overview of Oracle Platform Security Services (OPSS) and how it can be used to provide security for Java applications. OPSS provides standards-based security services and abstracts security implementation details away from developers. It supports features like authentication, authorization, role-based access control, and integration with identity management systems. The document also describes several use cases where OPSS can be leveraged for applications developed using Java EE, Java SE, Oracle ADF, and other Oracle products.
Applying a Security Kernel Framework to Smart Meter GatewaysMarcel Winandy
The document discusses applying a security kernel framework to smart meter gateways. It notes privacy and security are critical issues for smart metering given data from homes is communicated over the internet. The EU has directives requiring smart meters be installed in most homes by 2020 and specifying security and privacy protections. The talk describes security requirements for smart meter gateways set by German standards, and issues with existing approaches not meeting them. It then introduces the TURAYA security kernel framework as a way to address these issues and simplify developing secure smart meter gateways.
This document discusses security architecture in cloud computing. It provides an overview of cloud risk assessments and how they differ from traditional assessments. It also compares cloud security architectures to traditional security architectures. Finally, it outlines the key domains covered by the Cloud Security Alliance, including governance, operations, and others.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
Cloud computing delivers computing resources over a network and includes three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Security threats to cloud computing include hackers abusing cloud resources to conduct denial of service attacks and brute force attacks at low cost. Data breaches are also a risk as sensitive data stored in the cloud has been targeted by online theft. Malware injection attacks and wrapping attacks that change the execution of web applications are additional security risks. Countermeasures include access management, data protection techniques, and implementing security policies and technologies.
Microsoft 365 Defender provides integrated security across endpoints, identities, email and applications to help defenders connect alerts and get ahead of attackers. It utilizes solutions like Microsoft Defender for Endpoint, Defender for Identity, and Cloud App Security for detection, prevention, investigation and response. Conditional access rules, multi-factor authentication, and device compliance policies can also block access from risky locations or non-compliant devices to further secure access to cloud resources and services. Comprehensive data protection measures including encryption, data loss prevention policies, and device-level policies help prevent data from being removed from the environment by attackers or malicious insiders.
Cloud computing provides opportunities for scalability, availability, and performance but also poses risks if not implemented securely. Key risks include vendor lock-in, lack of governance and control, non-compliance, and various technical risks around isolation faults, data leaks, network attacks, and provider compromises. Migrating to the cloud requires carefully analyzing requirements, evaluating cloud models and providers, defining security controls, and having business continuity plans to mitigate risks. With proper planning and risk mitigation, cloud computing can be implemented securely.
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
The document discusses several topics related to private cloud security including key principles, challenges, reference models, and threats and countermeasures. It addresses concerns that tenants and architects might have regarding access control, monitoring usage, and reconciling perceptions of infinite resources. The document also examines security domains in a reference model, different security functionality, and private cloud security models involving virtualization stacks, hypervisors, and isolating partitions at different privilege rings.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
Cloud Security is essentially a shared responsibility model. (Provider and Subcriber)
Cloud Computing security is generally viewed as a complex area but does not have to be.
However, your essentially performing same functionalities as traditional IT security.
This includes protecting critical information from theft, data leakage and deletion.
Compromise of Platforms
Compromise of Credentials
Privilege Escalation
Denial of Service Attacks (DDoS)
Lack of Compliance Implementations
Inadequate Training for Personnel
SafeNet Enterprise Key and Crypto ManagementSectricity
With SafeNet, organizations can centrally, efficiently, and securely manage cryptographic keys and policies—across the key management lifecycle and throughout the enterprise. SafeNet's data center protection solutions are designed to secure all of the sensitive information that is stored in and accessed from enterprise data centers, including patient records, credit card information, social security numbers, and more.
Security is high on the list of concerns for many organizations as they evaluate their cloud computing options. This session will examine security in the context of the various forms of cloud computing. We'll consider technical and non-technical aspects of security, and discuss several strategies for cloud computing, from both the consumer and producer perspectives.
You are attending a workshop on security threats and how to address them, not a training. The presenters introduce themselves and their backgrounds. They discuss how security threats have evolved from viruses in the early internet era to today's more sophisticated targeted attacks. Microsoft's approach to security focuses on technology, processes, and people to manage complexity, protect information, and advance the business with IT solutions. Specific solutions discussed include Windows Firewall, BitLocker, and Network Access Protection.
In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realizing that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. This paper discusses security issues, requirements and challenges that cloud service providers (CSP) face during cloud engineering. Recommended security standards and management models to address these are suggested for technical and business community.
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
Slides from my presentation at the CCISDA (California Counties) information technology conference this week. NOTE: hacking video I narrated has been removed for file size considerations.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Choosing the Right Data Storage - Carlos Conde - AWS Summit ParisAmazon Web Services
This document discusses different data storage solutions including static storage like Amazon S3, file systems using Amazon EBS, sync volumes with AWS Storage Gateway, relational databases with Amazon RDS, and NoSQL databases like Amazon DynamoDB. It provides an overview of each solution and when they would be applicable, focusing on characteristics like scalability, durability, ease of administration and cost. The overall message is that the right choice depends on your specific needs and priorities around performance, manageability and budget.
Keynote address and AWS overview by Dr. Werner Vogels, Amazon.com CTO, at the AWS Cloud for the Enterprise Event in LA on October 15, 2009 and in NY on October 19, 2009
This document discusses rules for building scalable and available marketing campaigns in the cloud. It outlines six rules: 1) service all web requests, 2) service requests as fast as possible, 3) handle requests at any scale, 4) simplify architecture with services, 5) automate operational management, and 6) leverage unique cloud properties. The first rule focuses on using DNS, load balancers, and data replication to ensure requests can access the application and data. The second rule emphasizes choosing the fastest route using latency-based routing and offloading servers using a content delivery network.
This document discusses security architecture in cloud computing. It provides an overview of cloud risk assessments and how they differ from traditional assessments. It also compares cloud security architectures to traditional security architectures. Finally, it outlines the key domains covered by the Cloud Security Alliance, including governance, operations, and others.
Global Cyber Attacks Stats
What is Computing Security?
Cloud Computing, Models and Security Demystified
New Security Challenges of Cloud Computing
Security Dimensions – The CIA Triad
Scope of Cloud Computing Security
Security Challenge Eco-system
Vulnerabilities, Threats and Exposure Points
Attacks – Modes and Types
The Notorious Nine – Cloud Security Threats
Methods of Defence
Tenets of Security Control
Security Life Cycle
Cloud Security Components and Governance
Tiered Cloud Security Handling Framework
Bottom-line
Take-aways
Cloud computing delivers computing resources over a network and includes three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Security threats to cloud computing include hackers abusing cloud resources to conduct denial of service attacks and brute force attacks at low cost. Data breaches are also a risk as sensitive data stored in the cloud has been targeted by online theft. Malware injection attacks and wrapping attacks that change the execution of web applications are additional security risks. Countermeasures include access management, data protection techniques, and implementing security policies and technologies.
Microsoft 365 Defender provides integrated security across endpoints, identities, email and applications to help defenders connect alerts and get ahead of attackers. It utilizes solutions like Microsoft Defender for Endpoint, Defender for Identity, and Cloud App Security for detection, prevention, investigation and response. Conditional access rules, multi-factor authentication, and device compliance policies can also block access from risky locations or non-compliant devices to further secure access to cloud resources and services. Comprehensive data protection measures including encryption, data loss prevention policies, and device-level policies help prevent data from being removed from the environment by attackers or malicious insiders.
Cloud computing provides opportunities for scalability, availability, and performance but also poses risks if not implemented securely. Key risks include vendor lock-in, lack of governance and control, non-compliance, and various technical risks around isolation faults, data leaks, network attacks, and provider compromises. Migrating to the cloud requires carefully analyzing requirements, evaluating cloud models and providers, defining security controls, and having business continuity plans to mitigate risks. With proper planning and risk mitigation, cloud computing can be implemented securely.
Managing Cloud Security Risks in Your OrganizationCharles Lim
Any Organization in the World need to prepare themselves before they move to the cloud, i.e. cloud security risk assessment. It is all about managing your risks if you accept to move to the cloud and understanding the risks and benefits should be essential part of any organization thinking to move to cloud infrastructure.
The document discusses several topics related to private cloud security including key principles, challenges, reference models, and threats and countermeasures. It addresses concerns that tenants and architects might have regarding access control, monitoring usage, and reconciling perceptions of infinite resources. The document also examines security domains in a reference model, different security functionality, and private cloud security models involving virtualization stacks, hypervisors, and isolating partitions at different privilege rings.
Infrastructure Security by Sivamurthy HiremathClubHack
With the development of technology, the interdependence of various infrastructures has increased, which also enhanced their vulnerabilities. The National Information Infrastructure security concerns the nation’s stability and economic security. So far, the research in Internet security primarily focused on securing the information rather than securing the infrastructure itself.
The pervasive and ubiquitous nature of the Internet coupled with growing concerns about cyber attacks we need immediate solutions for securing the Internet infrastructure. Given the prevailing threat situation, there is a compelling need to develop Hardware redesign architectures, Algorithms, and Protocols to realize a dependable Internet infrastructure. In order to achieve this goal, the first and foremost step is to develop a comprehensive understanding of the security threats and existing solutions. These attempts to fulfil this important step by providing classification of Security attacks are classified into four main categories: DNS hacking, Routing table poisoning, Packet mistreatment, and Denial-of-Service attacks. We are generally discussing on the existing Infrastructure solutions for each of these categories, and also outline a methodology for developing secured Nation.
In deze sessie geeft Martin Vliem een overzicht van uitdagingen en trends rondom informatiebeveiliging [security] [ cybersecurity] in relatie tot de digitale transformatie onderliggend aan Het Nieuwe Werken. Hij licht de belangrijkste bedreigingen toe, gaat in op de risico’s en illustreert hoe organisaties een betere balans kunnen vinden tussen productiviteit en beveiliging.
Cloud Security is essentially a shared responsibility model. (Provider and Subcriber)
Cloud Computing security is generally viewed as a complex area but does not have to be.
However, your essentially performing same functionalities as traditional IT security.
This includes protecting critical information from theft, data leakage and deletion.
Compromise of Platforms
Compromise of Credentials
Privilege Escalation
Denial of Service Attacks (DDoS)
Lack of Compliance Implementations
Inadequate Training for Personnel
SafeNet Enterprise Key and Crypto ManagementSectricity
With SafeNet, organizations can centrally, efficiently, and securely manage cryptographic keys and policies—across the key management lifecycle and throughout the enterprise. SafeNet's data center protection solutions are designed to secure all of the sensitive information that is stored in and accessed from enterprise data centers, including patient records, credit card information, social security numbers, and more.
Security is high on the list of concerns for many organizations as they evaluate their cloud computing options. This session will examine security in the context of the various forms of cloud computing. We'll consider technical and non-technical aspects of security, and discuss several strategies for cloud computing, from both the consumer and producer perspectives.
You are attending a workshop on security threats and how to address them, not a training. The presenters introduce themselves and their backgrounds. They discuss how security threats have evolved from viruses in the early internet era to today's more sophisticated targeted attacks. Microsoft's approach to security focuses on technology, processes, and people to manage complexity, protect information, and advance the business with IT solutions. Specific solutions discussed include Windows Firewall, BitLocker, and Network Access Protection.
In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realizing that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. This paper discusses security issues, requirements and challenges that cloud service providers (CSP) face during cloud engineering. Recommended security standards and management models to address these are suggested for technical and business community.
Turning the tables talk delivered at CCISDA conferenceDean Iacovelli
Slides from my presentation at the CCISDA (California Counties) information technology conference this week. NOTE: hacking video I narrated has been removed for file size considerations.
Webinar topic: Cloud Security Introduction
Presenter: Achmad Mardiansyah
In this webinar series, We are discussing Cloud Security Introduction
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram
Choosing the Right Data Storage - Carlos Conde - AWS Summit ParisAmazon Web Services
This document discusses different data storage solutions including static storage like Amazon S3, file systems using Amazon EBS, sync volumes with AWS Storage Gateway, relational databases with Amazon RDS, and NoSQL databases like Amazon DynamoDB. It provides an overview of each solution and when they would be applicable, focusing on characteristics like scalability, durability, ease of administration and cost. The overall message is that the right choice depends on your specific needs and priorities around performance, manageability and budget.
Keynote address and AWS overview by Dr. Werner Vogels, Amazon.com CTO, at the AWS Cloud for the Enterprise Event in LA on October 15, 2009 and in NY on October 19, 2009
This document discusses rules for building scalable and available marketing campaigns in the cloud. It outlines six rules: 1) service all web requests, 2) service requests as fast as possible, 3) handle requests at any scale, 4) simplify architecture with services, 5) automate operational management, and 6) leverage unique cloud properties. The first rule focuses on using DNS, load balancers, and data replication to ensure requests can access the application and data. The second rule emphasizes choosing the fastest route using latency-based routing and offloading servers using a content delivery network.
This document summarizes the key principles of architecting applications on Amazon Web Services (AWS). It discusses the concepts of elasticity, designing for failure, loose coupling between components, security best practices, and optimizing for performance. Specific AWS services are highlighted for each principle such as Amazon EC2 for elasticity, Route 53 for redundancy, SQS for loose coupling, IAM for security, and ElastiCache for performance. The presentation emphasizes that AWS allows applications to scale up and down automatically in response to traffic and failures through these architectural patterns and services.
TLS306 Develop Deploy Debug with Eclipse - AWS re: Invent 2012Amazon Web Services
The AWS SDK for Java and the AWS Toolkit for Eclipse enable developers to easily manage AWS resources, quickly build web scale Java applications that interact with AWS services, and deploy those applications to the AWS platform. In this session, learn what functionality the AWS SDK for Java and the AWS Toolkit provide, see common usage scenarios with the AWS SDK for Java, and discover how to use the management, deployment, and debugging capabilities in the AWS Toolkit for Eclipse.
We are excited to announce Amazon Glacier, a fully-managed archive service in the cloud that allows customers to store data in 'cold storage' at an extremely competitive price point. Built to support the same 11 9s durability as S3, we'll take you through Glacier, how it works, where it sits with the storage spectrum and our planned integration with S3.
Manage for Peak Performance with AWS discusses how RightScale helps companies optimize their use of AWS. RightScale provides cloud management tools that allow companies to forecast costs, operate efficiently at scale, and outage-proof their applications on AWS. The document also describes how RightScale helped photo sharing company PhotoMerchant scale reliably on AWS to handle thousands of high-resolution images per hour and millions of user requests.
TLS304 Getting Productive with the AWS SDK for Ruby - AWS re: Invent 2012Amazon Web Services
Learn best practices for using the AWS SDK for Ruby, including configuration, logging, debugging, consuming high and low level interfaces, collections, memoization, Rails integrations, AWS::Record and more.
MBL101 Distributing through Appstore and Kindle Fire - AWS re: Invent 2012Amazon Web Services
Interested in offering your apps and games to Amazon customers? Learn how to grow your mobile app or gaming business by offering your app to millions of Amazon and Kindle Fire customers. This talk will provide an overview of selling your app on Amazon and resources to help you engage customers and monetize, including an overview of the GameCircle and In-App Purchasing APIs. Plus, hear tips for building relationships with Amazon customers and creating the killer app for Kindle Fire by optimizing your mobile apps and games for Kindle Fire tablets.
This document provides an overview and agenda for an AWS technical workshop on Amazon Web Services. The workshop will provide a basic understanding of cloud computing and AWS through theory, demonstrations, and hands-on lab exercises focused on Amazon S3, EC2, EBS, CloudFront, and RDS. Attendees will learn about setting up accounts, installing tools, and the objectives and structure of the workshop. The agenda includes introductions to cloud computing and specific AWS services as well as conclusions. Questions are welcomed throughout the event.
You've had a chance to hear from AWS Solutions Architects about how you might architect a solution which would run in the AWS cloud and learned how you might better scale your operations. Come to this session if you'd like to hear some real-world stories from customers such as Autodesk and Pronia and partners such as Control Group and Stratalux. You'll learn how Autodesk has used the AWS cloud to revolutionize the architecture of their solutions to meet their customers' needs and from Stratalux you'll see some pragmatic real world examples for increasing operational efficiency. You'll also hear how Pronia worked with Control Group to deploy a HIPAA compliant application on AWS.
MED201 Media Ingest and Storage Solutions with AWS - AWS re: Invent 2012Amazon Web Services
In this session we will discuss the numerous ways to ingest data into AWS including options such as physical media import & direct connect. We also talk about policy-based Hierarchical Storage Management (HSM) in the cloud, total cost of ownership, the importance of storage durability, and the infinite scalability of Amazon S3. Also, the founder of photo-share sensation IMGUR, Alan Schaaf, speaks about their migration to AWS.
AWS Support offers different support plans to match customers' needs, including 24/7 phone and chat support with 1-hour response times for web cases. They provide operational support for AWS applications as well as support for third-party software. The higher-tier plans include access to AWS Trusted Advisor and routing to senior engineers. Enterprise support adds a 15-minute response time for critical issues, application architecture guidance, and a dedicated Technical Account Manager.
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Cloud computing is a model that provides convenient access to configurable computing resources over a network. It allows users to access shared pools of configurable systems like storage, networks, servers and applications. Some key aspects of cloud security include data breaches, insecure interfaces, account hijacking, insider threats and data loss. Physical security of data centers is also important with access control, environmental controls and backup power. Network security focuses on denial of service attacks, port scanning, man-in-the-middle attacks and IP spoofing. Middleware and EC2 security use techniques like security groups, firewalls, access keys and digital certificates. Privacy can be improved through policies that give users more control over personal data collection and use.
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaAmazon Web Services
Stephen Schmidt, Vice President and Chief Information Security Officer at AWS, discussed security and privacy in the cloud. He provided an overview of AWS's security model including certifications, physical security of data centers, network security controls, and the shared responsibility model between AWS and customers. Schmidt also discussed virtual private clouds and deployment models that provide logical and physical isolation of customer workloads and data.
Application security meetup - cloud security best practices 24062021lior mazor
"Cloud Security Best Practices" meetup, is about Secrets Management in the Cloud, Secure Cloud Architecture, Events Tracking in Microservices and How to Manage Secrets in K8S.
- Enterprises are using AWS as a secure extension of their existing datacenters by leveraging AWS networking features like VPC, Direct Connect, and Storage Gateway.
- The flexibility of AWS enables enterprises to deploy enterprise applications like Microsoft Exchange, Oracle databases, and SAP solutions in the AWS cloud.
- One company deployed their mission-critical SharePoint 2010 intranet to AWS, reducing infrastructure costs by 22% and freeing up engineering time previously spent on hardware procurement and maintenance.
AWS April Webianr Series - How Willbros Builds Securely in AWS with Trend MicroAmazon Web Services
1) Willbros Group is a global contractor that provides engineering, construction, and other services to the oil, gas, and power industries.
2) Willbros uses AWS to build secure and flexible solutions like pipeline routing and collaboration tools to improve productivity in the field.
3) Trend Micro's security solutions help Willbros defend workloads running on AWS against network attacks and malware while simplifying security management across accounts and environments.
Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.
This document provides an overview of best practices for running Microsoft workloads on AWS. It discusses:
- Using AWS to deploy fully supported and licensed Windows Server virtual machines quickly
- Using familiar Windows services like Active Directory, SQL Server, and SharePoint on the AWS platform
- New AWS services that simplify deploying and managing Windows workloads at scale, like Elastic Beanstalk and Relational Database Service
- Networking and security features like VPC, security groups, and IAM policies that help secure Windows workloads on AWS
- Licensing options for Windows and SQL Server on AWS like SPLA licensing and license mobility
The document discusses some of the challenges with moving to public cloud computing. It outlines key questions around security, scalability, and segregation. Specifically, it notes that public clouds can scale instantly on demand but lack strong security controls and segregation between customers. The document provides recommendations around endpoint security, secure communications, service level agreements, and capacity planning to help address customer concerns with moving to the public cloud.
This document discusses IBM DataPower PCI solutions. It provides an overview of the Payment Card Industry Data Security Standard (PCI DSS) and its requirements. It then describes how IBM DataPower appliances can help organizations meet many of the PCI DSS requirements by providing functions like firewalling, encryption, access control, logging, and security policy management. The document also highlights some of DataPower's key products and capabilities for PCI compliance, and provides contact information for the IBM sales representative.
Cloud and Virtualization gives you agility and efficiency to instantly roll out new services and expand your infrastructure. But the lack of physical control, or defined entrance and egress points, bring a whole host of cloud security issues – data co-mingling, privileged user abuse, snapshots and backups, data deletion, data leakage, geographic regulatory requirements, cloud super-admins, and many more. Fortunately, experts agree that encryption is the unifying cloud security control, allowing you protect, control and maintain the trust. Gemalto’s proven encryption and enterprise key management solutions turn any cloud environment into a trusted and compliant environment by solving the critical challenges of data governance, control, and ownership - no matter where you store your data.
Andrew Watts-Curnow, Solutions Architect, Amazon Web Services, ASEAN
Sheung Chi Ng, Senior Security Consulting Manager, Identity and Data Protection (IDP), APAC, Gemalto (Formerly SafeNet)
The document discusses Citrix CloudGateway and its role in enabling enterprise mobility management. Some key points:
1. CloudGateway provides a common architecture for managing and securing mobile devices and apps across iOS and Android using a technique called MDX.
2. It allows for user and device enrollment, single sign-on with Active Directory, app delivery and management, app-specific VPNs, and information containment on mobile devices.
3. The MDX framework intercepts APIs to apply security policies and encrypt data storage, restricting data transfer and access to managed apps only. This allows enterprises to securely enable BYOD while maintaining control over corporate data and access.
This document provides an overview of AWS Cloud Governance. It discusses that governance implies control and oversight over policies, procedures, and standards for application development. Governance in the cloud is a shared responsibility between cloud providers and consumers. AWS investments establish a trusted foundation through certifications like SOC 1 Type 2, ISO 27001, and PCI DSS. AWS technologies that can help with governance include IAM, VPC, CloudWatch, and storage/database services. The document outlines how these services can help with roles and access controls, network security, monitoring, disaster recovery and more. It provides references for further reading on cloud governance best practices.
Cloud Breach - Forensics Audit Planning
The goal of this presentation is to assist IT Risk and Security professionals with adding Cloud computing forensics to their Incident Response team.
It should assist them with understanding the technical ways of capturing forensic data from cloud service providers using security controls that incorporate and integrate logging, chain of evidence, virtualization and cloud security architecture
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Germany
The document discusses cloud security features offered by AWS, including universal access to security capabilities for all customers, visibility into infrastructure, auditing capabilities, transparency through certifications, and a shared responsibility model between AWS and customers. It provides details on several security and compliance control objectives focused on areas like security organization, user access, logical security, data handling, physical security, change management, and incident handling. Finally, it discusses specific AWS security services and features like CloudHSM for key management and different deployment models.
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAmazon Web Services
Learn how AWS has delivered a compliant, secure infrastructure available on-demand; how our shared security model protects mission-critical data every day; and how you can meet your own security standards using sophisticated tools and controls on AWS.
Watch a recording of this presentation here: http://youtu.be/vgRpkcepAYI
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
Organizations that are transitioning from a traditional data center to an on-demand IT environment, such as AWS, are quickly finding that automating and scaling legacy security services for comprehensive workload security can be challenging. In light of these challenges, it is necessary to deploy a security solution that employs the same versatility and elasticity as the cloud workloads it is meant to protect. CloudPassage® Halo® provides virtually instant visibility and continuous protection for servers in any combination of data centers, private clouds and public clouds like AWS. Join Xero and CloudPassage to learn about best practices for migrating your security workloads to the cloud.
Join us to learn:
- Best practices for maintaining workload security
- How you can align cloud security deployment methods with on-premises deployment methods
- Key considerations for architecting your infrastructure to scale quickly and securely
Who should attend: CTOs, CIOs, CISOs, Directors and Managers of Security, IT Administers, IT Architects and IT Security Engineers
Cloud security what to expect (introduction to cloud security)Moshe Ferber
This document provides an overview of cloud security presented by Moshe Ferber, a certified cloud security professional. It introduces cloud computing models including SaaS, PaaS, and IaaS. For IaaS, the document discusses that while the underlying infrastructure is managed by the cloud provider, customers are responsible for the security of guest operating systems, applications, and data. It also covers key IaaS security considerations like virtual machine access control, network visibility limitations, and the division of security responsibilities between customers and providers.
Similar to Security and Privacy in the AWS Cloud - AWS India Summit 2012 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Monitoring and Managing Anomaly Detection on OpenShift.pdfTosin Akinosho
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Programming Foundation Models with DSPy - Meetup SlidesZilliz
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Generating privacy-protected synthetic data using Secludy and MilvusZilliz
During this demo, the founders of Secludy will demonstrate how their system utilizes Milvus to store and manipulate embeddings for generating privacy-protected synthetic data. Their approach not only maintains the confidentiality of the original data but also enhances the utility and scalability of LLMs under privacy constraints. Attendees, including machine learning engineers, data scientists, and data managers, will witness first-hand how Secludy's integration with Milvus empowers organizations to harness the power of LLMs securely and efficiently.
Digital Marketing Trends in 2024 | Guide for Staying AheadWask
https://www.wask.co/ebooks/digital-marketing-trends-in-2024
Feeling lost in the digital marketing whirlwind of 2024? Technology is changing, consumer habits are evolving, and staying ahead of the curve feels like a never-ending pursuit. This e-book is your compass. Dive into actionable insights to handle the complexities of modern marketing. From hyper-personalization to the power of user-generated content, learn how to build long-term relationships with your audience and unlock the secrets to success in the ever-shifting digital landscape.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/how-axelera-ai-uses-digital-compute-in-memory-to-deliver-fast-and-energy-efficient-computer-vision-a-presentation-from-axelera-ai/
Bram Verhoef, Head of Machine Learning at Axelera AI, presents the “How Axelera AI Uses Digital Compute-in-memory to Deliver Fast and Energy-efficient Computer Vision” tutorial at the May 2024 Embedded Vision Summit.
As artificial intelligence inference transitions from cloud environments to edge locations, computer vision applications achieve heightened responsiveness, reliability and privacy. This migration, however, introduces the challenge of operating within the stringent confines of resource constraints typical at the edge, including small form factors, low energy budgets and diminished memory and computational capacities. Axelera AI addresses these challenges through an innovative approach of performing digital computations within memory itself. This technique facilitates the realization of high-performance, energy-efficient and cost-effective computer vision capabilities at the thin and thick edge, extending the frontier of what is achievable with current technologies.
In this presentation, Verhoef unveils his company’s pioneering chip technology and demonstrates its capacity to deliver exceptional frames-per-second performance across a range of standard computer vision networks typical of applications in security, surveillance and the industrial sector. This shows that advanced computer vision can be accessible and efficient, even at the very edge of our technological ecosystem.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
4. AWS Certifications
• Based on the Shared Responsibility model
• AWS Environment
– SSAE 16 / SAS70 Type II Audit
– ISO 27001 Certification
– Payment Card Industry Data Security Standard (PCI DSS) Level 1 Service
Provider
– FedRAMP (FISMA)
• Customers have deployed various compliant applications:
– Sarbanes-Oxley (SOX)
– HIPAA (healthcare)
– FISMA (US Federal Government)
– DIACAP MAC III Sensitive IATO
6. Physical Security of Data
Centers
• Amazon has been building large-scale data centers for many years
• Important attributes:
– Non-descript facilities
– Robust perimeter controls
– Strictly controlled physical access
– 2 or more levels of two-factor auth
• Controlled, need-based access
• All access is logged and reviewed
• Separation of Duties
– employees with physical access don’t have logical privileges
7. Amazon EC2 Instance Isolation
Customer 1 Customer 2 … Customer n
Hypervisor
Virtual Interfaces
Customer 1
Security Groups
Customer 2
Security Groups … Customer n
Security Groups
Firewall
Physical Interfaces
8. Storage Device
Decommissioning
• All storage devices go through process
• Uses techniques from
– DoD 5220.22-M (“National Industrial Security
Program Operating Manual “)
– NIST 800-88 (“Guidelines for Media Sanitization”)
• Ultimately
– degaussed
– physically destroyed
9. Network Security Considerations
• Distributed Denial of Service (DDoS):
– Standard mitigation techniques in effect
• Man in the Middle (MITM):
– All endpoints protected by SSL
– Fresh EC2 host keys generated at boot
• IP Spoofing:
– Prohibited at host OS level
• Unauthorized Port Scanning:
– Violation of AWS TOS
– Detected, stopped, and blocked
– Inbound ports blocked by default
• Packet Sniffing:
– Promiscuous mode is ineffective
– Protection at hypervisor level
11. AWS Identity and Access
Management (IAM)
• Users and Groups within Accounts
• Unique security credentials
• Access keys
• Login/Password
• optional MFA device
• Policies control access to AWS APIs
• API calls must be signed by either:
• X.509 certificate
• secret key
• Deep integration into some Services
• S3: policies on objects and buckets
• Simple DB: domains
• AWS Management Console supports User log on
• Not for Operating Systems or Applications
• use LDAP, Active Directory/ADFS, etc...
12. Multi-tier Security Approach
Example
Web Tier
Application Tier
Database Tier
Ports 80 and 443 only
open to the Internet
Engineering staff have ssh
access to the App Tier,
which acts as Bastion
Sync with on-premises Amazon EC2
database Security Group
Firewall
All other Internet ports
blocked by default
14. AWS Security and Compliance
Center
(http://aws.amazon.com/security/)
• Answers to many security & privacy questions
• Security whitepaper
• Risk and Compliance whitepaper
• Security bulletins
• Customer penetration testing
• Security best practices
• More information on:
• AWS Identity & Access Management (AWS IAM)
• AWS Multi-Factor Authentication (AWS MFA)
15. Addressing Cloud
Requirements
Requires a combination of
technologies and is a shared
responsibility between CSP
and customer
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
16. How Are You Securing the Cloud?
Encrypt Any Data
Stored in the Cloud
Keep a 1:1 Copy of All Data
Synched to Public Cloud
Source: Trend Micro survey, May 2011
But traditional encryption solutions leave you
vulnerable in the cloud. You need:
• Policy-based key management
• Server validation
• Business key ownership
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
17. What is the Solution?
Data Protection in the Cloud
Encryption
Credit Card Payment
SensitiveMedicalNumbers
Social Security Records
Patient Policy-based
with Research Results
Information
Key Management
AES Encryption Policy-based Auditing, Reporting,
128, 192, & 256 bit Key Management & Mobility
• Unreadable to outsiders • Trusted server access • Compliance support
• Obscured data on • Control for when and • Custody of keys
recycled devices where data is accessed
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
18. SecureCloud
Encryption & Key Mgmt for
private, public, & hybrid clouds
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
19. What is the Solution?
Trend Micro Secure Cloud
The Basics: What Does Secure Cloud Do?
• Encrypts data in public or private cloud environments
– Military grade, FIPS 140-2 compliant encryption to 256-bits
• Manages encryption keys
– Typically a very tedious, detailed and expensive process
– Application upkeep offloaded to trusted partner
• Authenticates servers requesting access to data
– Policy-based system gives wide range of factors on which key
deployment decisions are made
– Delivers keys securely over encrypted SSL channels
• Audits, alerts, and reports on key delivery activities
– Multiple reports and alerting mechanisms available
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
20. Trend Micro SecureCloud
How It Works
Policy
Random
session key
over SSL
?:
information
return
• XYZ
• 123G
• 78HJ
• etc
Policy
information
request:
• Rule 1
• Rule 2
• Rule 3
• etc
Internal Process
Policy Policy
information information
requested: return:
Rule 1 XYZ My
Rule 2 123G Data
Rule 3 78HJ
21. Trend Micro SecureCloud
How It Works
Unique Server Validation
Identity Integrity
“Is it mine?” “Is it okay?”
• Embedded keys • Firewall
• Location • Antivirus
• Start-up time • Self integrity check
• Etc. • Etc.
• Automated authorization and key release
for rapid operations
• Or manual approval for increased security
22. Trend Micro SecureCloud
Summary of Features and Benefits
• Apply industry standard encryption
Security • Employ full-volume protection
• Get real-time encryption and decryption
Choice • Encrypt your virtual and cloud infrastructures
• Deploy as a software application or SaaS
• Determine when and where data is accessed
Control
• Ensure only authorized VMs access data
• Support internal governance and compliance
Compliance • Address audits with reports and alerts
Safely Deploy Your Own Journey to the Cloud
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
23. Deep Security
Self Defending Hosts
10/7/2012 Confidential | Copyright 2012 TrendMicro Inc.
24. Trend Micro Deep Security
Server & application protection
5 protection modules
Deep Packet Inspection Detects and blocks known and
IDS / IPS zero-day attacks that target
vulnerabilities
Shields web application
Web Application Protection
vulnerabilities Provides increased visibility into,
Application Control or control over, applications
accessing the network
Reduces attack surface. Integrity Detects malicious and
Prevents DoS & detects Firewall unauthorized changes to
Monitoring
reconnaissance scans directories, files, registry keys…
Optimizes the Log Detects and blocks malware
identification of important Anti-Virus (web threats, viruses &
Inspection
security events buried in worms, Trojans)
log entries
Protection is delivered via Agent and/or Virtual Appliance
25. Cloud Security
Cloud Security Encryption
Credit Card Payment
Sensitive Research
Modular Protection Patient Medical Records
Social Security Numbers
with Policy-based
Information
Results
Key Management
• Unreadable for
unauthorized users
• Self-defending VM security • Control of when and
where data is accessed
• Agentless and agent-based
• Server validation
• One management portal for
all modules, all deployments • Custody of keys
Integration ensures servers have up-to-date
security before encryption keys are released
Editor's Notes
SAS 70 Type IIAmazon Web Services publishes a Statement on Auditing Standards No. 70 (SAS 70) Type II Audit report every six months and maintains a favorable opinion from its independent auditors. AWS identifies those controls relating to the operational performance and security of its services. Through the SAS 70 Type II report, an auditor evaluates the design of the stated control objectives and control activities and attests to the effectiveness of their design. The auditors also verify the operation of those controls, attesting that the controls are operating as designed. Provided a customer has signed a non-disclosure agreement with AWS, this report is available to customers who require a SAS 70 to meet their own audit and compliance needs. The AWS SAS 70 control objectives are provided here. The report itself identifies the control activities that support each of these objectives. Security Organization Controls provide reasonable assurance that information security policies have been implemented and communicated throughout the organization.Amazon User Access Controls provide reasonable assurance that procedures have been established so that Amazon user accounts are added, modified and deleted in a timely manner and are reviewed on a periodic basis.Logical Security Controls provide reasonable assurance that unauthorized internal and external access to data is appropriately restricted and access to customer data is appropriately segregated from other customers.Secure Data Handling Controls provide reasonable assurance that data handling between the customer’s point of initiation to an AWS storage location is secured and mapped accurately.Physical Security Controls provide reasonable assurance that physical access to Amazon’s operations building and the data centers is restricted to authorized personnel.Environmental Safeguards Controls provide reasonable assurance that procedures exist to minimize the effect of a malfunction or physical disaster to the computer and data center facilities.Change Management Controls provide reasonable assurance that changes (including emergency / non-routine and configuration) to existing IT resources are logged, authorized, tested, approved and documented.Data Integrity, Availability and RedundancyControls provide reasonable assurance that data integrity is maintained through all phases including transmission, storage and processing.Incident Handling Controls provide reasonable assurance that system incidents are recorded, analyzed, and resolved. AWS’ commitment to SAS 70 is on-going, and AWS will continue the process of periodic audits. In addition, in 2011 AWS plans to convert the SAS 70 to the new Statement on Standards for Attestation Engagements (SSAE) 16 format (equivalent to the International Standard on Assurance Engagements [ISAE] 3402). The SSAE 16 standard replaces the existing SAS 70 standard, and implementation is currently expected to be required by all SAS 70 publishers in 2011. This new report will be similar to the SAS 70 Type II report, but with additional required disclosures and a modified format.
ISO 27001AWS has achieved ISO 27001 certification of our Information Security Management System (ISMS) covering AWS infrastructure, data centers, and services including Amazon EC2, Amazon S3 and Amazon VPC. ISO 27001/27002 is a widely-adopted global security standard that sets out requirements and best practices for a systematic approach to managing company and customer information that’s based on periodic risk assessments appropriate to ever-changing threat scenarios. In order to achieve the certification, a company must show it has a systematic and ongoing approach to managing information security risks that affect the confidentiality, integrity, and availability of company and customer information. This certification reinforces Amazon’s commitment to providing significant information regarding our security controls and practices. AWS’s ISO 27001 certification includes all AWS data centers in all regions worldwide and AWS has established a formal program to maintain the certification. AWS provides additional information and frequently asked questions about its ISO 27001 certification on their web site.
PCI DSS Level 1AWS satisfies the requirements under PCI DSS for shared hosting providers. AWS also has been successfully validated against standards applicable to a Level 1 service provider under PCI DSS Version 2.0. Merchants and other PCI service providers can use the AWS PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud, as long as those customers create PCI compliance for their part of the shared environment. Amazon Elastic Compute Cloud (EC2), Amazon Simple Storage Service (S3), Amazon Elastic Block Storage (EBS) and Amazon Virtual Private Cloud (VPC) were included as part of this validation. Under the same circumstances, other enterprises can also benefit by running their applications on other PCI-compliant technology infrastructure. AWS provides additional information and frequently asked questions about its PCI compliance on its web site.
Customer instances have no access to raw disk devices, but instead are presented with virtualized disks. The AWS proprietary disk virtualization layer automatically resets every block of storage used by the customer, so that one customer’s data are never unintentionally exposed to another. AWS recommends customers further protect their data using appropriate means. One common solution is to run an encrypted file system on top of the virtualized disk device.
Amazon Simple Data Base (SimpleDB) SecurityAmazon SimpleDB APIs provide domain-level controls that only permit authenticated access by the domain creator, therefore the customer maintains full control over who has access to their data. Amazon SimpleDB access can be granted based on an AWS Account ID. Once authenticated, an AWS Account has full access to all operations. Access to each individual domain is controlled by an independent Access Control List that maps authenticated users to the domains they own. A user created with AWS IAM only has access to the operations and domains for which they have been granted permission via policy. Amazon SimpleDB is accessible via SSL-encrypted endpoints. The encrypted endpoints are accessible from both the Internet and from within Amazon EC2. Data stored within Amazon SimpleDB is not encrypted by AWS; however the customer can encrypt data before it is uploaded to Amazon SimpleDB. These encrypted attributes would be retrievable as part of a Get operation only. They could not be used as part of a query filtering condition. Encrypting before sending data to Amazon SimpleDB helps protect against access to sensitive customer data by anyone, including AWS.Amazon SimpleDB Data Management When a domain is deleted from Amazon SimpleDB, removal of the domain mapping starts immediately, and is generally processed across the distributed system within seconds. Once the mapping is removed, there is no remote access to the deleted domain. When item and attribute data are deleted within a domain, removal of the mapping within the domain starts immediately, and is also generally complete within seconds. Once the mapping is removed, there is no remote access to the deleted data. That storage area is then made available only for write operations and the data are overwritten by newly stored data.
Amazon Simple Data Base (SimpleDB) SecurityAmazon SimpleDB APIs provide domain-level controls that only permit authenticated access by the domain creator, therefore the customer maintains full control over who has access to their data. Amazon SimpleDB access can be granted based on an AWS Account ID. Once authenticated, an AWS Account has full access to all operations. Access to each individual domain is controlled by an independent Access Control List that maps authenticated users to the domains they own. A user created with AWS IAM only has access to the operations and domains for which they have been granted permission via policy. Amazon SimpleDB is accessible via SSL-encrypted endpoints. The encrypted endpoints are accessible from both the Internet and from within Amazon EC2. Data stored within Amazon SimpleDB is not encrypted by AWS; however the customer can encrypt data before it is uploaded to Amazon SimpleDB. These encrypted attributes would be retrievable as part of a Get operation only. They could not be used as part of a query filtering condition. Encrypting before sending data to Amazon SimpleDB helps protect against access to sensitive customer data by anyone, including AWS.Amazon SimpleDB Data Management When a domain is deleted from Amazon SimpleDB, removal of the domain mapping starts immediately, and is generally processed across the distributed system within seconds. Once the mapping is removed, there is no remote access to the deleted domain. When item and attribute data are deleted within a domain, removal of the mapping within the domain starts immediately, and is also generally complete within seconds. Once the mapping is removed, there is no remote access to the deleted data. That storage area is then made available only for write operations and the data are overwritten by newly stored data.
Amazon Simple Queue Service (Amazon SQS) SecurityAmazon SQS is a highly reliable, scalable message queuing service that enables asynchronous message-based communication between distributed components of an application. The components can be computers or Amazon EC2 instances or a combination of both. With Amazon SQS you can send any number of messages to an Amazon SQS queue at any time from any component. The messages can be retrieved from the same component or a different one right away or at a later time (within 4 days). Messages are highly durable; each message is persistently stored in highly available, highly reliable queues. Multiple processes can read/write from/to an Amazon SQS queue at the same time without interfering with each other. Amazon SQS access is granted based on an AWS Account or a user created with AWS IAM. Once authenticated, the AWS Account has full access to all user operations. An AWS IAM user however only has access to the operations and queues which they have been granted access to via policy. By default, access to each individual queue is restricted to the AWS Account that created it. However, a customer can allow other access to a queue, using either an SQS-generated policy or a policy written by the user. Amazon SQS is accessible via SSL-encrypted endpoints. The encrypted endpoints are accessible from both the Internet and from within Amazon EC2. Data stored within Amazon SQS are not encrypted by AWS; however the user can encrypt data before it is uploaded to Amazon SQS, provided that the application utilizing the queue has a means to decrypt the message when retrieved. Encrypting messages before sending them to Amazon SQS helps protect against access to sensitive customer data by unauthorized persons, including AWS.
Amazon CloudFront SecurityAmazon CloudFront requires every request made to its control API be authenticated so only authenticated users can create, modify or delete their own Amazon CloudFront distributions. Requests are signed with an HMAC-SHA1 signature calculated from the request and the user’s private key. Additionally, the Amazon CloudFront control API is only accessible via SSL-encrypted endpoints. There is no guarantee of durability of data held in Amazon CloudFront edge locations. The service may from time to time remove objects from edge locations if those objects are not requested frequently. Durability is provided by Amazon S3, which works as the origin server for Amazon CloudFront holding the original, definitive copies of objects delivered by Amazon CloudFront. If you want control over who is able to download content from Amazon CloudFront, you can enable the service’s private content feature. This feature has two components: the first controls how the Amazon CloudFront edge locations access your objects in Amazon S3. The second controls how content is delivered from the Amazon CloudFront edge location to viewers on the internet. To control access to the original copies of your objects in Amazon S3, Amazon CloudFront allows you to create one or more “Origin Access Identities” and associate these with your distributions. When an Origin Access Identity is associated with an Amazon CloudFront distribution, the distribution will use that identity to retrieve objects from Amazon S3. You can then use Amazon S3’s ACL feature, which limits access to that Origin Access Identity so the original copy of the object is not public readable. To control who is able to download your objects from Amazon CloudFront edge locations, the service uses a signed-URL verification system. To use this system, you first create a private-key public-key pair, and upload the public key to your account via the Amazon Web Services website. Second, you configure your Amazon CloudFront distribution to indicate which accounts you would authorize to sign requests – you can indicate up to five AWS Accounts you trust to sign requests. Third, as you receive requests you will create policy documents indicating the conditions under which you want Amazon CloudFront to serve your content. These policy documents can specify the name of the object that is requested, the date and time of the request, and the source IP (or CIDR range) of the client making the request. You then calculate the RSA-SHA1 encoding of your policy document and sign this using your private key. Fourth, you include both the encoded policy document and the signature as query string parameters when you reference your objects. When Amazon CloudFront receives a request, it will decode the signature using your public key. Amazon CloudFront will only serve requests that have valid policy document and matching signature. Note that private content is an optional feature that must be enabled when you set up your CloudFront distribution. Content delivered without this feature enabled will be publicly readable by anyone. Amazon Cloudfront also provides the ability to transfer content over an encrypted connection (HTTPS) to authenticate the content delivered to your users. By default Amazon Cloudfront will accept requests over both HTTP and HTTPS protocols. If you prefer, you can also configure Amazon Cloudfront to require HTTPS for all requests and disallow all HTTP requests.For HTTPS requests, Amazon Cloudfront will also utilize HTTPS to retrieve your object from Amazon S3, so that your object is encrypted whenever it is transmitted. Amazon CloudFront Access logs contain a comprehensive set of information about requests for content, including the object requested, the date and time of the request, the edge location serving the request, the client IP address, the referrer, and the user agent. To enable access logs just specify the name of the Amazon S3 bucket to store the logs in when you configure your Amazon CloudFront distribution.
Amazon Elastic MapReduce SecurityAmazon Elastic MapReduce requires every request made to its API be authenticated. This ensures that only authenticated users can create, lookup, or terminate their job flows. Requests are signed with an HMAC-SHA1 signature calculated from the request and the user’s private key. Amazon Elastic MapReduce provides SSL endpoints for access to its web service APIs and the console. When launching job flows on behalf of a customer, Amazon Elastic MapReduce sets up an Amazon EC2 security group of the master node to only allow external access via SSH. The service creates a separate security group of the slaves which does not allow any external access. To protect customer input and output datasets, Amazon Elastic MapReduce transfers data to and from S3 using SSL.
Fault Separation AWS provides customers the flexibility to place instances and store data within multiple geographic Regions. Each Region is an independent collection of AWS resources in a defined geography. AWS currently supports five Regions: US East (Northern Virginia), US West (Northern California), EU (Ireland), Asia Pacific (Singapore) and Asia Pacific (Tokyo). The Amazon S3 US Standard Region includes the US East facilities in Northern Virginia and facilities in Western Washington State. The selection of a Region within an acceptable geographic jurisdiction to the customer provides a solid foundation to meeting location-dependent privacy and compliance requirements, such as the EU Data Privacy Directive. Data is not replicated between Regions unless proactively done so by the customer, thus allowing customers with these types of data placement and privacy requirements the ability to establish compliant environments. It should be noted that all communications between Regions is across public Internet infrastructure. Appropriate encryption methods should be used to protect sensitive data. Within a given Region, Amazon EC2, Amazon EBS and Amazon Relational Database Service (RDS) allow customers to place instances and store data across multiple Availability Zones. See the “Business Continuity Management” section for more information on availability. Amazon S3, Amazon SimpleDB, Amazon Simple Notification Service (SNS), and Amazon Simple Queue Service (SQS) do not expose the concept of Availability Zones to customers. With these services, data is automatically stored on multiple devices across multiple facilities within a Region. The diagram below demonstrates the Regions and Availability Zones within each Region for Amazon EC2, Amazon EBS and Amazon RDS.
Amazon Account Security FeaturesAWS provides a number of ways for customers to identify themselves and securely access their AWS Account. A complete list of credentials supported by AWS can be found on the Security Credentials page under Your Account. AWS also provides additional security options that enable customers to further protect their AWS Account and control access: AWS Identity and Access Management (AWS IAM), Multi-Factor Authentication (MFA) and Key Rotation.AWS Multi-Factor Authentication (AWS MFA)AWS Multi-Factor Authentication (AWS MFA) is an additional layer of security that offers enhanced control over AWS Account settings and the management of the AWS Services and resources for which the account is subscribed. When customers enable this opt-in feature, they will need to provide a six-digit single-use code in addition to their standard username and password credentials before access is granted to their AWS Account settings or AWS Services and resources. Customers get this single use code from an authentication device that they keep in their physical possession. This is called Multi-Factor Authentication because two factors are checked before access is granted: customers need to provide both their username (Amazon e-mail in the case of the AWS Account) and password (the first “factor”: something you know) and the precise code from their authentication device (the second “factor”: something you have). Customers can enable MFA devices for their AWS Account as well as for the users they have created under their AWS Account with AWS IAM. It is easy to obtain an authentication device from a participating third party provider and to set it up for use via the AWS website. More information about Multi-Factor Authentication is available on the AWS website: http://aws.amazon.com/mfa/ Key RotationFor the same reasons as it is important to change passwords frequently, AWS recommends that customers rotate their access keys and certificates on a regular basis. To let customers do this without potential impact to their applications’ availability, AWS supports multiple concurrent access keys and certificates. With this feature, customers can rotate keys and certificates into and out of operation on a regular basis without any downtime to their application. This can help to mitigate risk from lost or compromised access keys or certificates. The AWS IAM APIs enables a customer to rotate the access keys of their AWS Account as well as for users created under their AWS Account using AWS IAM.
Enables four models instead of just 1.Public facing only for network control and web access (potentially host-based VPN)Public facing plus private for tighter access control to the back-end tier (but no hardware VPN)Public facing plus private subnets with hardware VPN hookupFully private using only hardware VPN.
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering the flexibility to enable customers to build a wide range of applications. Helping to protect the confidentiality, integrity, and availability of our customers’ systems and data is of the utmost importance to AWS, as is maintaining customer trust and confidence. This document is intended to answer questions such as, “How does AWS help me protect my data?” Specifically, AWS physical and operational security processes are described for network and server infrastructure under AWS’ management, as well as service-specific security implementations. This document provides an overview of security as it pertains to the following areas relevant to AWS: Shared Responsibility EnvironmentControl Environment SummarySecure Design PrinciplesBackupMonitoringInformation and CommunicationEmployee LifecyclePhysical SecurityEnvironmental SafeguardsConfiguration Management Business Continuity ManagementBackupsFault Separation Amazon Account Security FeaturesNetwork SecurityAWS Service Specific Security Amazon Elastic Compute Cloud (Amazon EC2) SecurityAmazon Virtual Private Cloud (Amazon VPC)Amazon Simple Storage Service (Amazon S3) SecurityAmazon SimpleDB SecurityAmazon Relational Database Service (Amazon RDS) SecurityAmazon Simple Queue Service (Amazon SQS) SecurityAmazon Simple Notification Service (SNS) SecurityAmazon CloudWatch SecurityAuto Scaling SecurityAmazon CloudFront SecurityAmazon Elastic MapReduce Security
Multiple Levels of SecurityVirtual Private Cloud: Each VPC is a distinct, isolated network within the cloud. At creation time, an IP address range for each VPC is selected by the customer. Network traffic within each VPC is isolated from all other VPCs; therefore, multiple VPCs may use overlapping (even identical) IP address ranges without loss of this isolation. By default, VPCs have no external connectivity. Customers may create and attach an Internet Gateway, VPN Gateway, or both to establish external connectivity, subject to the controls below. API: Calls to create and delete VPCs, change routing, security group, and network ACL parameters, and perform other functions are all signed by the customer’s Amazon Secret Access Key, which could be either the AWS Accounts Secret Access Key or the Secret Access key of a user created with AWS IAM. Without access to the customer’s Secret Access Key, Amazon VPC API calls cannot be made on the customer’s behalf. In addition, API calls can be encrypted with SSL to maintain confidentiality. Amazon recommends always using SSL-protected API endpoints. AWS IAM also enables a customer to further control what APIs a newly created user has permissions to call. Subnets: Customers create one or more subnets within each VPC; each instance launched in the VPC is connected to one subnet. Traditional Layer 2 security attacks, including MAC spoofing and ARP spoofing, are blocked. Route Tables and Routes: Each Subnet in a VPC is associated with a routing table, and all network traffic leaving a subnet is processed by the routing table to determine the destination. VPN Gateway: A VPN Gateway enables private connectivity between the VPC and another network. Network traffic within each VPN Gateway is isolated from network traffic within all other VPN Gateways. Customers may establish VPN Connections to the VPN Gateway from gateway devices at the customer premise. Each connection is secured by a pre-shared key in conjunction with the IP address of the customer gateway device. Internet Gateway: An Internet Gateway may be attached to a VPC to enable direct connectivity to Amazon S3, other AWS services, and the Internet. Each instance desiring this access must either have an Elastic IP associated with it or route traffic through a NAT instance. Additionally, network routes are configured (see above) to direct traffic to the Internet Gateway. AWS provides reference NAT AMIs that can be extended by customers to perform network logging, deep packet inspection, application-layer filtering, or other security controls. This access can only be modified through the invocation of Amazon VPC APIs. AWS supports the ability to grant granular access to different administrative functions on the instances and the Internet Gateway, therefore enabling the customer to implement additional security through separation of duties. Amazon EC2 Instances: Amazon EC2 instances running with an Amazon VPC contain all of the benefits described above related to the Host Operating System, Guest Operating System, Hypervisor, Instance Isolation, and protection against packet sniffing. Tenancy: VPC allows customers to launch Amazon EC2 instances that are physically isolated at the host hardware level; they will run on single tenant hardware. A VPC can be created with ‘dedicated’ tenancy, in which case all instances launched into the VPC will utilize this feature. Alternatively, a VPC may be created with ‘default’ tenancy, but customers may specify ‘dedicated’ tenancy for particular instances launched into the VPC. Firewall (Security Groups): Like Amazon EC2, Amazon VPC supports a complete firewall solution enabling filtering on both ingress and egress traffic from an instance. The default group enables inbound communication from other members of the same group and outbound communication to any destination. Traffic can be restricted by any IP protocol, by service port, as well as source/destination IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). The firewall isn’t controlled through the Guest OS; rather it can be modified only through the invocation of Amazon VPC APIs. AWS supports the ability to grant granular access to different administrative functions on the instances and the firewall, therefore enabling the customer to implement additional security through separation of duties. The level of security afforded by the firewall is a function of which ports are opened by the customer, and for what duration and purpose. Well-informed traffic management and security design are still required on a per-instance basis. AWS further encourages customers to apply additional per-instance filters with host-based firewalls such as IPtables or the Windows Firewall. Network Access Control Lists: To add a further layer of security within Amazon VPC, customers can configure Network ACLs. These are stateless traffic filters that apply to all traffic inbound or outbound from a subnet within VPC. These ACLs can contain ordered rules to allow or deny traffic based upon IP protocol, by service port, as well as source/destination IP address. Like security groups, network ACLs are managed through Amazon VPC APIs, adding an additional layer of protection and enabling additional security through separation of duties.
OK, for the next few slides, I’ll be talking about Federation to access AWS APIsWith IAM, you can now SYNC identities between your system and our system.However, this isn’t truly Federation:Identities are maintained in 2 placesIf you terminate an employee, must also do so in our systemSo question comes down to how are we going to enable federation to our APIs?
Thanks Miles. We would like to enhance the security already available in CSP environment. Like Miles just mentioned security is a joint responsibility between the CSP and customer.
In our survey, we asked businesses how they are securing their clouds today. We found that 85% are using encryption on their cloud data. We also found that 85% are keeping a 1 to 1 copy of all data synched to a public cloud.[click]Although it’s good to encrypt cloud data as a security best practice, most traditional encryption solutions leave business vulnerable when applied to cloud data. To provide the flexibility needed in a cloud encryption solution, you need:[click]Policy-based key management to indicate when and where data can be accessed. This is important to support compliance.[click]Server validation. This is critical to ensure that only authorized servers get access to decryption keys. [click]And business key ownership to provide a strict separation of duties between the business and the service provider.
Let’s look at what’s needed in a cloud encryption solution in more detail… [click]The solution should start with industry-standard encryption.[click]This encryption renders your data unreadable to outsiders. [click]Even if your data is moved and residual data is left behind, the data in the recycled devices is obscured. [click]It is critical to have this encryption accessed through policy-based key management. [click]Through policies, identity- and integrity-based validation rules specify which servers have access to decryption keys.[click]Also these policies can specify when and where the data can be accessed. This granular control not only prevents rogue servers from accessing your information but also supports data privacy regulations which require that data only be accessed in particular geographic regions. [click]An encryption solution can also provide reporting and auditing to show who has accessed your data.[click]This supports internal governance and external compliance requirements. [click]The keys should not be held by the cloud vendor to support a clear separation of duties between the business and service provider. An encryption solution with policy-based key management allows even heavily regulated companies to leverage the flexibility and cost savings of the public cloud while ensuring their data stays secure.