This document discusses AWS security services for financial services institutions. It covers the AWS shared security responsibility model, AWS compliance with standards like PCI and ISO, and key security services like IAM, VPC, encryption, WAF, and security monitoring tools. It also discusses the AWS security assessment methodology using the AWS Cloud Adoption Framework.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Amazon Web Services
by Daniele Stroppa, Technical Account Manager, AWS
As organizations move their workloads to the cloud, companies must take steps to protect and audit their private and confidential information. This session will focus on Amazon S3 best practices and using AWS Config rules and AWS CloudTrail Data Events to help better protect data residing within S3. The session will include a demonstration of how AWS Config and CloudTrail, in combination with other AWS services, can help with S3 governance and compliance requirements.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
Using AWS CloudTrail and AWS Config to Enhance the Governance and Compliance ...Amazon Web Services
by Daniele Stroppa, Technical Account Manager, AWS
As organizations move their workloads to the cloud, companies must take steps to protect and audit their private and confidential information. This session will focus on Amazon S3 best practices and using AWS Config rules and AWS CloudTrail Data Events to help better protect data residing within S3. The session will include a demonstration of how AWS Config and CloudTrail, in combination with other AWS services, can help with S3 governance and compliance requirements.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
In this session, AWS will present an overview of the AWS Landing Zone – an automated solution for setting up a robust and flexible AWS environment. Customers can expect to learn how AWS works with customers to accelerate their journey to AWS confidently and securely and how the AWS Landing Zone can be customized to meet each organization’s specific needs.
Presenter: Sadegh Nadimi, Senior Consultant, Global Migrations, AWS
Landing Zones - Creating a Foundation for Your AWS MigrationsAmazon Web Services
Dean Samuels, Head of Solutions Architecture, Hong Kong & Taiwan, AWS
When migrating lots of applications to the cloud, it's important to architect cloud environments that are efficient, secure and compliant. AWS Landing Zones are a prescriptive set of instructions for deploying an AWS-recommended foundation of interrelated AWS accounts, networks, and core services for your initial AWS application environments. This session will review the benefits and best practices.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
Iolaire Mckinnon, Senior Consultant, Security, Risk & Compliance, AWS
A Deep Dive into the best practice guidelines for securing your workloads in AWS cloud.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
"Amazon Inspector is a new service from AWS that identifies security issues in your application deployments. Use Inspector with your applications to assess your security posture and identify areas that can be improved. Inspector works with your Amazon EC2 instances to monitor activity in your applications and system.
This session will cover getting started with Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Inspector."
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Join this session to understand what drives Global and Asia Pacific Financial Services Institutions (FSI) of all sizes to adopt the cloud and how they get started on their journey. This presentation will also include how they leverage the cloud to address specific industry challenges and create business value.
On the 22nd of September, CIO’s and Chief Architects of Digital Channels and other divisions of Financial Services Institutions converged at the African Pride Hotel, Melrose Arch for an executive Synthesis and AWS cloud discussion.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Organizations offers policy-based management for multiple AWS Accounts. Learn how Organizations helps you more easily manage policies for groups of accounts and automate account creation.
Iolaire Mckinnon, Senior Consultant, Security, Risk & Compliance, AWS
A Deep Dive into the best practice guidelines for securing your workloads in AWS cloud.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
"Amazon Inspector is a new service from AWS that identifies security issues in your application deployments. Use Inspector with your applications to assess your security posture and identify areas that can be improved. Inspector works with your Amazon EC2 instances to monitor activity in your applications and system.
This session will cover getting started with Inspector, how to automate the process, how to manage and act on findings, and additional ways you can enhance your development and release lifecycle using Inspector."
by Michael St. Onge, Global Cloud Security Architect, AWS
Join us for this hands-on lab where you will learn about the new service Amazon GuardDuty by walking through its capabilities and some real-world attack scenarios. You will need an AWS account to do the lab. This should be your own personal account and not an account through your company given the activity in the lab. AWS Credits will be provided to help cover any costs incurred in the lab. Level 300
AWS Landing Zone Deep Dive (ENT350-R2) - AWS re:Invent 2018Amazon Web Services
In this session, we discuss how to deploy a scalable environment that considers the AWS account structure, security services, network architecture, and user access. We present an overview of the AWS Landing Zone solution, an automated solution for setting up a robust and flexible AWS environment designed from the collective experience of AWS and our customers. The AWS Landing Zone helps automate the setup of a flexible account structure, security baseline, network structure, and user access based on best practices. Future growth is facilitated by an account vending machine component that simplifies the creation of additional accounts. Learn how the AWS Landing Zone can ensure that you start your AWS journey with the right foundation. We encourage you to attend the full AWS Landing Zone track, including SEC303. Search for #awslandingzone in the session catalog.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
by Fritz Kunstler, Sr. AWS Security Consultant AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Join this session to understand what drives Global and Asia Pacific Financial Services Institutions (FSI) of all sizes to adopt the cloud and how they get started on their journey. This presentation will also include how they leverage the cloud to address specific industry challenges and create business value.
On the 22nd of September, CIO’s and Chief Architects of Digital Channels and other divisions of Financial Services Institutions converged at the African Pride Hotel, Melrose Arch for an executive Synthesis and AWS cloud discussion.
With the upswell of cloud adoption, many traditional infrastructure paradigms are shifting. Security is no different. The cloud service provider industry is discovering new ways to tackle security, including automation, bottomless logging, scalable analysis clusters, and pluggable security tools. This session presents a case study in extending a traditional infrastructure operation into AWS. We provide a practical look into the technical challenges and benefits of operating in this new paradigm, explore incident response automation (Alexa integration), and provide various examples of shifting an on-premises security operation to a scalable, hybrid model. Through lessons learned and analysis, we show why your data is safer in the cloud than in that rack you can touch in your data center.
Speaker: Alastair Cousins, Solutions Architect, Amazon Web Services
Cloud Migration for Financial Services - Toronto - October 2016Amazon Web Services
Presented by Cloud Technology Partners. Robert Christiansen presents us best practices for cloud adoption, taking us on the journey from a single application on the cloud, through hybrid cloud, culminating with a Cloud First Approach.
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
Jodi Scrofani
Global Financial Services Compliance Strategist for AWS takes us on a journey of Security and Compliance mechanisms, that are mandatory in the Financial Services Industry, and explains how they are addressed by customers today on the AWS Cloud. She explains the AWS Shared Security Model, gives a detailed overview of audit and certifications achieved by AWS, and shows best practices and steps that FSI customers should take to ensure compliance and security.
AWS Partner Webcast - Data Center Migration to the AWS CloudAmazon Web Services
Migrating your data center to the cloud can reduce operating costs, and improve the service you deliver to your clients. However, preparing for migration takes thoughtful planning, and awareness of proven solutions.
Review this webinar to learn how RISO Inc. used Apps Associates services to move their data center to the AWS cloud. In so doing, RISO Inc. avoided capital intensive hardware purchases and redeployed IT staff to projects that directly supported their business goals. We'll also describe how you can integrate your existing environment with the cloud to create a hybrid architecture.
What you’ll learn:
• Considerations for moving workloads to the AWS Cloud
• An approach to design and implementation of infrastructure, and application migration
• Customer case study, RISO Inc., on successful data center migration with Apps Associates
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Strategic Approaches to AWS Enterprise Application MigrationAmazon Web Services
This session profiles a number of approaches Australian Enterprises are taking to move their most critical applications to the Cloud. We all examine a number of short and long-term approaches to effectively move, optimise, and support their enterprise applications.
We will then deep dive with an examination of the development of the Qantas Cloud Platform (QCP) and migration of key Qantas applications.
What Makes Migrating to the Cloud Different Than On-PremisesChristian Buckley
My second presentation from #SPTechCon Boston 2014, focusing on the limitations and performance concerns of migration to SharePoint Online (part of Office 365).
Running Mission Critical Workload for Financial Services Institutions on AWSAmazon Web Services
In this session we will walk through practical examples of how Financial Services Institutions (FSI) operate both common workloads and mission critical applications on AWS. Through real customer examples, we will show you how to leverage the AWS cloud platform to make your application more resilient, reliable and cost effective while increasing your visibility. You will also learn how FSI’s deploy, architect and secure their workloads on AWS and how to leverage platform features to extend and integrate your existing infrastructure with AWS.
In this session, AWS technology evangelist Jinesh Varia discusses common best practices for adopting cloud computing in your business. Tap into the shared learning of hundreds of thousands of customers, as we talk about how to create the right technical and business policies for adopting the cloud, migration hints and tips, and how to develop employees skills around the cloud computing ecosystem. This session includes customer examples from McGraw Hill and Nokia Siemens on how they successfully grew their usage of cloud computing while staying agile and keeping costs low.
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
This session will review how AWS allows FinTech’s across APAC to innovate at pace while maintaining the high level of security expected by the financial services community. We will review security domains including Infrastructure Security, Data Protection, Logging & Monitoring, Identity & Access Management and Intrusion Detection.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and understand how to benefit from controls from the rich compliance and accreditation programs maintained by AWS. Speaker: Stephen Quigg, Solutions Architect, Amazon Web Services
This AWS Security Checklist webinar will help you and your auditors assess the security of your AWS environment in accordance with industry or regulatory standards. This security focused checklist builds on recently revised Operational Checklists for AWS, which helps you evaluate your applications against a list of best practices before deployment.
Learning Objectives:
* Evaluate the ability of AWS services to meet information security objectives and ensure future deployments within the AWS cloud are done in a secure and compliant way
* Assess your existing organisational use of AWS and to ensure it meets security best practices
* Develop AWS usage policies or validate that existing policies are being followed
2014년 10월 29일에 열린 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다.
강연 요약: 보안은 AWS와 고객 모두에게 매우 중요한 사항입니다. 많은 엔터프라이즈 고객들이 AWS를 신뢰해 금융정보나 개인정보 등의 민감한 정보들을 AWS에 저장하고 있습니다. 이 세션에서는 이러한 엔터프라이즈 고객들이 보안성 있는 애플리케이션을 구축하고 중요 정보를 암호화하는 등 보안을 유지하는 데 사용하는 AWS의 주요 보안 기능에 대해 알아보고, 기존의 보안 정책에 맞게 AWS를 사용할 수 있는 방법에 대해서도 알아보겠습니다. 또한 귀사의 현재 보안 태세를 한층 강화할 수 있도록 보안 프로그램과 절차, 모범 사례 등을 소개할 예정입니다.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services.
Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
Vortrag "Datensicherheit mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag bietet Ihnen eine Übersicht über mögliche Leistungsmerkmale und Optionen von Amazon Web Services, mit denen Ihre Daten gesichert werden können. Die AWS Dienste folgen spezifischen Bauplänen auf Basis von Regionen und Verfügbarkeitszonen. Das Verstehen dieser Baupläne ermöglicht es Ihnen, die richtige Wahl zu treffen, um erfolgreich Anwendungen auf AWS laufen zu lassen. Auch existieren verschiedenste Optionen welche von AWS zur Sicherung der Anwendungen empfohlen werden. Der Vortrag wird einen Überblick über diese Optionen geben und einige bewährte Verfahren im Bereich Verschlüsselung und AWS-Konto-Verwaltung beschreiben.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Techniques for securely storing your digital content and running media workloads. Efficient uses of Access Control, Approval Flows, Encryption, Log Analysis and Virtual Private Clouds.
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Amazon Web Services
How can you architect your applications for regulatory and organisational compliance? How can you automate security, auditability, and governance controls using best practice? In this session, Accenture draws from real-world examples to showcase how the cloud can strengthen your security and compliance posture, while ensuring maximum agility – articulated through the lifecycle of an application moving to the cloud.
Speaker: Chris Fleischmann, Managing Director, Journey To Cloud, Accenture
Level: 200
Because the entire AWS cloud platform is programmable, it turns out that you can program security and compliance in advance of actually instantiating any actual workloads. In this session, we show how you can design a secure and compliant workload and even have it audited by a third-party auditor before creating it for the first time! Once it's created, other facilities provide mechanisms for detecting and alerting a drift from your baseline, and even automatically remediating the drift. Learn how the comprehensive automation available in AWS provides security and compliance professionals an entire new, more efficient, and more effective way to work.
Speaker: John Hildebrand, Solutions Architect, Amazon Web Services
Similar to AWS Security for Financial Services (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Durante i laboratori pratici, gli esperti AWS ti mostrano quali strumenti aiutano a sviluppare le applicazioni Serverless in locale e nel cloud AWS e ti aiuteranno a programmare i prossimi passi per iniziare ad utilizzare questa tecnologia nella tua azienda.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
10. Leverage security
enhancements from 1M+
customer experiences
Benefit from AWS
industry leading
security teams 24/7,
365 days a year
Security infrastructure
built to satisfy military, global
banks, and other high-
sensitivity organizations
Over 50 global
compliance
certifications and
accreditations
Security is Job Zero
15. AWS is Level 1 compliant under the Payment Card Industry (PCI) Data
Security Standard (DSS). Customers can run applications on our PCI-
compliant technology infrastructure for storing, processing, and transmitting
credit card information in the cloud.
AWS is ISO 27001 certified under the International Organization for
Standardization (ISO) 27001 standard. ISO 27001 is a widely-adopted global
security standard that outlines the requirements for information security
management systems.
AWS Service Organization Control (SOC) Reports are independent third-party
examination reports that demonstrate how AWS achieves key compliance controls and
objectives.
AWS Compliance
17. Deep set of cloud security tools
Encryption
Key
Management
Service
CloudHSM Server-side
Encryption
Networking
Virtual
Private
Cloud
Web
Application
Firewall
Compliance
ConfigCloudTrailService
Catalog
Identity
IAM Active
Directory
Integration
SAML
Federation
19. User Access (IAM)
• With AWS IAM you get to control who can do
what in your AWS environment and from
where
• Fine-grained control of your AWS cloud with
two-factor authentication
• Integrated with your existing corporate
directory using SAML 2.0 and single sign-on
AWS account
owner
Network
management
Security
management
Server
management
Storage
management
21. VPC: Private, isolated network on the AWS cloud
AvailabilityZoneA
AvailabilityZoneB
AWS Virtual Private
Cloud
• Provision a logically isolated
section of the AWS cloud
• You choose a private IP range for
your VPC
• Segment this into subnets to
deploy your compute instances
AWS network security
• AWS network will prevent spoofing
and other common layer 2 attacks
• You cannot sniff anything but your
own EC2 host network interface
• Control all external routing and
connectivity
22. VPC: Control which subnets access the Internet
App
DB
Web
Web
PUBLIC
PRIVATE PRIVATE
PRIVATE
23. VPC: Firewall using Network Access Control Lists
App
DBWeb
Web
Deny all traffic
Allow
28. First class security and compliance
starts (but doesn’t end!) with encryption
Automatic encryption with managed keys
Bring your own keys
Dedicated hardware security modules
Encryption
29. • One-click Encryption of server and database
storage
• Centralized key management
(create, delete, view, set policies)
• Import your own keys
• Enforced, automatic key rotation
• Visibility into any changes via CloudTrail
Encryption with AWS KMS
Read more on: https://aws.amazon.com/kms/details/#secured
31. • You receive dedicated access to HSM
appliances
• Managed and monitored by AWS
• HSMs located in AWS data centers
• SafeNet Luna SA HSM appliances
• Only you have access to your keys and
operations on the keys
• HSMs are inside your Amazon VPC —
isolated from the rest of the network
• HA with your on-prem HSM
CloudHSM
AWS administrator—
Manages the appliance
You—Control keys and
crypto operations
Amazon VPC
Encryption with AWS CloudHSM
33. Amazon Inspector
• Vulnerability Assessment Service
• Built from the ground up to support Dev/Ops Model
• Automatable via API’s
• AWS Context Aware
• Static & Dynamic Telemetry
• Integrated with CI/CD tools
• On-Demand Pricing model
• CVE & CIS Rules Packages
• AWS AppSec Best Practices
37. Who? When? What? Where to? Where from?
Bill 3:27pm Launch Instance us-west-2 72.21.198.64
Alice 8:19am Added Bob to
admin group
us-east-1 127.0.0.1
Steve 2:22pm Deleted security
group
eu-west-1 205.251.233.176
AWS CloudTrail
38. Monitor and Store Logs
Set Alarms (react to changes)
View Graphs and Statistics
Collect and Track Metrics
What does it do?
How can you use it?
React to application log events and availability
Automatically scale EC2 instance fleet
View Operational Status and Identify Issues
Monitor CPU, Memory, Disk I/O, Network, etc.
CloudWatch Logs / CloudWatch Events
CloudWatch Alarms
CloudWatch Dashboards
CloudWatch Metrics
Amazon CloudWatch
39. Logs list sample
Logs Aggregation Freq. Store Term Use cases
AWS log CloudTrail min. S3 X years • Alert for a specific operation
• Long-term storage for auditing purposes
Network log VPC Flow Log min. CloudWatch Logs X years • Visualization for security purposes
OS log Zabbix 5 min. Zabbix/S3 1 year • Keep recent days for simple troubleshooting
• Long term storage for past event investigations
Middleware log Zabbix 5 min. Zabbix/S3 1 year • Keep recent days for simple troubleshooting
• Long term storage for past event investigations
Application access log Zabbix 5 min. Zabbix/S3 X years • Fault correlation and alerts on particular requests
• Long term storage for past event investigations
Application log Zabbix 5 min. Zabbix/S3 1 year • Keep recent days for simple troubleshooting
• Long term storage for past event investigations
ELB access log ELB log min. S3 X years • Security investigations
• Long term storage for past event investigations
S3 access log S3 log min. S3 X years • Security investigations
• Long term storage for past event investigations
RDS log AWS CLI 60 min. S3 1 year • Keep recent days for simple troubleshooting
• Long term storage for past event investigations
Other AWS services log xx log
40. VPC subnet
Availability Zone
Security group
VPC subnet
Availability Zone
Security group
Virtual
Gateway
Corporate
data center
Users
Data center router
Update
Servers
Connectivity
CloudTrail
CloudWatch
SIEM
Aggregator
SIEM
45. Golden Code: Security Translation to AWS
What you do in any IT Environment
• Firewall rules
• Network ACLs
• Network time pointers
• Internal and external subnets
• NAT rules
• Gold OS images
• Encryption algorithms for data in
transit and at rest
AWS JSON translation
Gold Image, NTP
and NAT
Network ACLs,
Subnets, FW rules
46. • Free, self-paced, available online
• Covers access control and management, governance,
logging, and encryption methods.
• It also covers security-related compliance protocols and risk
management strategies, as well as procedures related to
auditing your AWS security infrastructure.
https://aws.amazon.com/training/course-descriptions/security-
fundamentals/
AWS Security Fundamentals
48. Strategy and Value Domain
Why to invest?
Why change?
How to measure success?
Process Domain
How to structure cloud programs?
How to ensure quality of delivery?
People Domain
What skills and capabilities are
required?
How to compose migration team?
Maturity Domain
What are the priorities?
When to deliver solutions?
Platform Domain
How to design foundations?
How to migrate workloads?
Operating Domain
What are key ops capabilities?
What is the new ITSM cycle?
Security Domain
Will risk increase?
Can we run cloud secure and
compliant?
AWS Cloud Adoption Framework
49. AWS Security Perspective
Directive controls establish the
governance, risk, and
compliance models the
environment will operate within.
Preventive controls protect your
workloads and mitigate threats
and vulnerabilities.
Detective controls provide full
visibility and transparency over
the operation of your
deployments in AWS.
Responsive controls drive
remediation of potential
deviations from your security
baselines.
AWS Security Portal > Resources
https://d0.awsstatic.com/whitepapers/AWS_CAF_Se
curity_Perspective.pdf
50. Automated
Operations
Iterative
Development
Value-based Planning
Security
Health Check
10 Days
Security
Operations
Runbook
10 Days
Enterprise
Security
Strategy
10 Days
Security
Operations
Playbook
35 Days
Security
Discovery
Workshop
5 Days
Cloud
Business Case
Using
AWS?
Yes
No
Security Health Check Lite
Test & Optimize
Security
Incident
Response
15 Days
Analytics &
Continuous
Compliance
60 Days
Security Epics
Program
65 Days
Professional Services – Security Journey
52. AWS Marketplace Network/Security Partner Ecosystem
Infrastructure
Security
Logging and
Monitoring
Identity and
Access Control
Configuration and
Vulnerability
Analysis
Data
Protection
SaaS
SaaS
SaaS
53. “We work closely with AWS to develop
a security model, which we believe enables us
to operate more securely in the public cloud
than we can in our own data centers.”
Rob Alexander - CIO, Capital One
More secure in the cloud