Steve Schmidt, chief information security officer of AWS, addresses the current state of security in the cloud, with a particular focus on feature updates, the AWS internal "secret sauce," and what's on horizon in terms of security, identity, and compliance tooling.
AWS distinguished engineer Eric Brandwine speaks with hundreds of customers each year, and noticed one question coming up more than any other, "How does AWS operationalize its own security?" In this session, Eric details both strategic and tactical considerations, along with an insider's look at AWS tooling and processes.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
This workshop gives you an opportunity to develop a solution that can continuously monitor for and detect a realistic threat by analyzing AWS CloudTrail log data. Participants are provided with a CloudTrail data source and some clues to get started. Then you have to design a system that can process the logs, detect the threat, and trigger an alarm. You can make use of any AWS services that can assist in this endeavor, such as AWS Lambda for serverless detection logic, Amazon CloudWatch or Amazon SNS for alarming and notification, Amazon S3 for data and configuration storage, and more.
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
Traditional solutions for using Microsoft Active Directory across on-premises and AWS Cloud Windows workloads can require complex networking or synching identities across multiple systems. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed AD, offers you actual Microsoft Active Directory on the AWS Cloud as a managed service. In this session, you learn how Capital One uses AWS Managed AD to provide highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. We detail how Capital One uses Lambda, Python, and PowerShell with cross-account AWS Identity and Access Management (IAM) roles to automate directory deployment across AWS accounts. We also cover best practices for integrating AWS Managed AD with your on-premises domain securely, and show you how to automate the joining of AWS resources to your managed domain.
AWS distinguished engineer Eric Brandwine speaks with hundreds of customers each year, and noticed one question coming up more than any other, "How does AWS operationalize its own security?" In this session, Eric details both strategic and tactical considerations, along with an insider's look at AWS tooling and processes.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
You know you want client-side encryption for your service but you don’t know exactly where to start. Join us for a hands-on workshop where we review some of your client-side encryption options and explore implementing client-side encryption using the AWS Encryption SDK. In this session, we cover the basics of client-side encryption, perform encrypt and decrypt operations using AWS KMS and the AWS Encryption SDK, and discuss security and performance considerations when implementing client-side encryption in your service.
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
When you use the cloud to enable speed and agility, how do you know if you did it right? We are on a mission to help builders follow industry best practices within security guide rails by creating the largest compliance-as-code repo, available to all. Compliance-as-code is the idea to translate those best practices, guide rails, policies, or standards into codified unit testing. Apply this to your AWS environment to provide insights on what can/must be improved. Learn why compliance-as-code matters to gain speed (by getting developers, architects, and security pros on the same page), how it is currently used (demo), and how to start to use it or be part of building it.
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
This talk dives deep on how to build end-to-end security capabilities using AWS. Our goal is orchestrating AWS Security services with other AWS building blocks to deliver enhanced security. We cover working with AWS CloudWatch Events as a queueing mechanism for processing security events, using Amazon DynamoDB to provide a stateful layer to provide tailored response to events and other ancillary functions, using DynamoDB as an attack signature engine, and the use of analytics to derive tailored signatures for detection with AWS Lambda. Log sources include available AWS sources and also more traditional logs, such as syslog. The talk aims to keep slides to a minimum and demo live as much as possible. The demos come together to demonstrate an end-to-end architecture for SecOps. You'll get a toolkit consisting of code and templates so you can hit the ground running.
Using AWS CloudTrail Logs for Scalable, Automated Anomaly Detection - SID341 ...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
This workshop gives you an opportunity to develop a solution that can continuously monitor for and detect a realistic threat by analyzing AWS CloudTrail log data. Participants are provided with a CloudTrail data source and some clues to get started. Then you have to design a system that can process the logs, detect the threat, and trigger an alarm. You can make use of any AWS services that can assist in this endeavor, such as AWS Lambda for serverless detection logic, Amazon CloudWatch or Amazon SNS for alarming and notification, Amazon S3 for data and configuration storage, and more.
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
Traditional solutions for using Microsoft Active Directory across on-premises and AWS Cloud Windows workloads can require complex networking or synching identities across multiple systems. AWS Directory Service for Microsoft Active Directory, also known as AWS Managed AD, offers you actual Microsoft Active Directory on the AWS Cloud as a managed service. In this session, you learn how Capital One uses AWS Managed AD to provide highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. We detail how Capital One uses Lambda, Python, and PowerShell with cross-account AWS Identity and Access Management (IAM) roles to automate directory deployment across AWS accounts. We also cover best practices for integrating AWS Managed AD with your on-premises domain securely, and show you how to automate the joining of AWS resources to your managed domain.
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
AWS provides a killer feature for security operations teams: Access Advisor. In this session, we discuss how Access Advisor shows the services to which an IAM policy grants access and provides a timestamp for the last time that the role authenticated against that service. At Netflix, we use this valuable data to automatically remove permissions that are no longer used. By continually removing excess permissions, we can achieve a balance of empowering developers and maintaining a best-practice, secure environment.
Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
This presentation will include a deep dive into the code behind multiple security automation and remediation functions. This session will consider potential use cases, as well as feature a demonstration of a proposed script, and then walk through the code set to explain the various challenges and solutions of the intended script. All examples of code will be previously unreleased and will feature integration with services such as Trusted Advisor and Macie. All code will be released as OSS after re:Invent.
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
Managed Rules for AWS WAF is a new feature that allows you to purchase Managed Rules from security sellers in the AWS Marketplace. Managed Rules are proactively updated by security sellers as new threats emerge and enable you to easily protect your web applications and APIs from a wide range of Internet threats.
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
For Vanguard, managing the creation of AWS Identity and Access Management (IAM) objects is key to balancing developer velocity and compliance. In this session, you will learn how Vanguard designs IAM roles to control the blast radius of AWS resources and maintain simplicity for developers. Vanguard will also share best practices to help you manage governance and improve your visibility across your AWS resources.
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
Compliance is necessary and a good thing. However, many compliant companies are still getting breached. In this talk, we discuss the importance of using a risk model to figure out the biggest threat to your business and mitigation and monitoring tactics to guard against these high-risk threats. We also dive into a real-world example of achieving Payment Card Industry Data Security Standard (PCI-DSS) compliance in under a year; we share architecture and design patterns; and we discuss what worked and what didn't. Leave this session knowing what the top cloud attack vectors are and how to protect yourself by using AWS services to build a fully automated, highly flexible and secure environment.
This session is part of the re:Invent Developer Community Day, six community-led sessions where AWS enthusiasts share technical insights on trending topics based on first-hand experiences and knowledge shared within local AWS communities.
How does a practice become a "best" practice? How does a pattern become an "anti" pattern? As always, experience is the best teacher. As Partner Solution Architects, we receive a lot of partner feedback on how practices and design patterns work—and occasionally fail to work—in the real world. We use this feedback to inform our recommendations and reference architectures. In this session, we explore a representative set of real-life "failures." We look at what these failures have to teach us about design and how to prioritize remediation of known issues.
by Greg McConnel, Sr. Solutions Architect, AWS
Join us for this hands-on lab where you will learn about the new threat detection and monitoring service, Amazon GuardDuty, by walking through its capabilities and some real-world attack scenarios. You need a personal (not corporate) AWS account to take the lab. We will provide AWS credits to help cover any costs you incur while taking the lab.
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
Macquarie, a global provider of financial services, identified early on that it would require strong partnership between its business, technology and risk teams to enable the rapid adoption of AWS cloud technologies. As a result, Macquarie built a Cloud Governance Platform to enable its risk functions to move as quickly as its development teams. This platform has been the backbone of Macquarie’s adoption of AWS over the past two years and has enabled Macquarie to accelerate its use of cloud technologies for the benefit of clients across multiple global markets. This talk will outline the strategy that Macquarie embarked on, describe the platform they built, and provide examples for other organizations who are on a similar journey.
Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session, learn how your security team can leverage AWS Lambda as a tool to monitor, audit, and enforce your security policies within an AWS environment.
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
In this session, we will discuss how the AWS Serverless Application Repository makes it easy to discover and deploy serverless applications published by fellow developers and companies like Datadog, Here, Splunk, and many others. We will cover how you can use the repository to find applications for a variety of use cases and then deploy them to your AWS account. In addition, we will discuss how you can publish your own applications to the repository. You will also hear from two contributors, Datadog and Here, who will describe their approach to building the serverless applications that they have published to the Serverless Application Repository.
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated, having an effective web request filtering solution becomes key to keeping your users’ data safe. In this workshop, discover how the OWASP Top 10 list of application security risks can help you secure your web applications. Learn how to use AWS services, such as AWS WAF, to mitigate vulnerabilities. This session includes hands-on labs to help you build a solution. Key learning goals include understanding the breadth and complexity of vulnerabilities customers need to protect from, understanding the AWS tools and capabilities that can help mitigate vulnerabilities, and learning how to configure effective HTTP request filtering rules using AWS WAF.
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
In this session, we will provide an overview of Amazon Neptune, AWS’s newest database service. Amazon Neptune is a fast, reliable graph database that makes it easy to build applications over highly connected data. We will then explore how Siemens is building a knowledge using Amazon Neptune.
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
As Chick-fil-A became a cloud-first organization, their security team didn't want to become the bottleneck for agility. But the security team also wanted to raise the bar for their security posture on AWS. Robert Davis, security architect at Chick-fil-A, provides an overview about how he and his team recognized that writing code was the best way for their security policies to scale across the many AWS accounts that Chick-fil-A operates. The use of DevSecOps within Chick-fil-A led to the creation of a set of account bootstrapping tools, auditing capabilities, and event-based policy enforcement. This session goes over these tools and how they were built on AWS.
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
Are you curious about how to authenticate and authorize your applications on AWS? Have you thought about how to integrate AWS Identity and Access Management (IAM) with your app authentication? Have you tried to integrate third-party SAML providers with your app authentication? Look no further. This workshop walks you through step by step to configure and create Amazon Cognito user pools and identity pools. This workshop presents you with the framework to build an application using Java, .NET, and serverless. You choose the stack and build the app with local users. See the service being used not only with mobile applications, but with other stacks that normally don’t include Amazon Cognito.
ALX401-Advanced Alexa Skill Building Conversation and MemoryAmazon Web Services
This session walks you through some of the more advanced features offered in Alexa Skill Builder, like Dialog Management, Entity Resolution, state management, session persistence, and maintaining context. Using Dialog Management, you can engage skill users in a multi-turn dialog to elicit and confirm slots for an intent. Using Entity Resolution, you can greatly simplify slot management by mapping multiple synonyms of your slot to a unique ID. We couple these conversational techniques with the management of session state and persistence to enable memory and personalization.
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
Adversaries automate. Who says the good guys can't as well? By combining AWS offerings like AWS CloudTrail, Amazon Cloudwatch, AWS Config, and AWS Lambda with the power of Amazon Alexa, you can do more security tasks faster, with fewer resources. Force multiplying your security team is all about automation! Last year, we showed off penetration testing at the push of an (AWS IoT) button, and surprise-previewed how to ask Alexa to run Inspector as-needed. Want to see other ways to ask Alexa to be your cloud security sidekick? We have crazy new demos at the ready to show security geeks how to sling security automation solutions for their AWS environments (and impress and help your boss, too).
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline.
Session Sponsored by: Dome9
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...Amazon Web Services
In less than 12 months, Zocdoc became a cloud-first organization, diversifying their tech stack and liberating data to help drive rapid product innovation. Brian Lozada, CISO at Zocdoc, and Zhen Wang, Director of Engineering, provide an overview on how their teams recognized that infrastructure as code was the most effective approach for their security policies to scale across their AWS infrastructure. They leveraged tools such as AWS CloudFormation, hardened AMIs, and hardened containers. The use of DevSecOps within Zocdoc has enhanced data protection with the use of AWS services such as AWS KMS and AWS CloudHSM and auditing capabilities, and event-based policy enforcement with Amazon Elasticsearch Service and Amazon CloudWatch, all built on top of AWS.
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
How can you ensure your environment is Secure? How can you implement an effective governance model in your organization? The AWS Cloud Adoption Framework (CAF) and its Security Perspective provide a structured approach to make risk based decisions, build security guardrails and meet your compliance goals as you migrate to AWS. The Security perspective of the CAF provides a set of 5 core themes designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. In this session you will learn what it takes to lead a Secure Cloud Journey for your organization and make key strategic decisions.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
Using Access Advisor to Strike the Balance Between Security and Usability - S...Amazon Web Services
AWS provides a killer feature for security operations teams: Access Advisor. In this session, we discuss how Access Advisor shows the services to which an IAM policy grants access and provides a timestamp for the last time that the role authenticated against that service. At Netflix, we use this valuable data to automatically remove permissions that are no longer used. By continually removing excess permissions, we can achieve a balance of empowering developers and maintaining a best-practice, secure environment.
Data exfiltration—also called data extrusion, data exportation, or data theft—is the unauthorized transfer of data. It is a very serious challenge to business because attackers go after business critical or highly confidential data. Data exfiltration can be done manually by a person, or automated using scripts. Attack sophistication increases by the day. Signature-based techniques to defend against attacks are limited and cannot protect against zero-day attacks. To counter this, we use machine learning (ML) techniques. ML is effective at solving many problems in computer vision, robotics, etc., and is increasingly used in security. Learn an ML technique called anomaly detection, and other state-of-the-art techniques to identify data exfiltration attempts.
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
This presentation will include a deep dive into the code behind multiple security automation and remediation functions. This session will consider potential use cases, as well as feature a demonstration of a proposed script, and then walk through the code set to explain the various challenges and solutions of the intended script. All examples of code will be previously unreleased and will feature integration with services such as Trusted Advisor and Macie. All code will be released as OSS after re:Invent.
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
Managed Rules for AWS WAF is a new feature that allows you to purchase Managed Rules from security sellers in the AWS Marketplace. Managed Rules are proactively updated by security sellers as new threats emerge and enable you to easily protect your web applications and APIs from a wide range of Internet threats.
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
For Vanguard, managing the creation of AWS Identity and Access Management (IAM) objects is key to balancing developer velocity and compliance. In this session, you will learn how Vanguard designs IAM roles to control the blast radius of AWS resources and maintain simplicity for developers. Vanguard will also share best practices to help you manage governance and improve your visibility across your AWS resources.
AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
Compliance is necessary and a good thing. However, many compliant companies are still getting breached. In this talk, we discuss the importance of using a risk model to figure out the biggest threat to your business and mitigation and monitoring tactics to guard against these high-risk threats. We also dive into a real-world example of achieving Payment Card Industry Data Security Standard (PCI-DSS) compliance in under a year; we share architecture and design patterns; and we discuss what worked and what didn't. Leave this session knowing what the top cloud attack vectors are and how to protect yourself by using AWS services to build a fully automated, highly flexible and secure environment.
This session is part of the re:Invent Developer Community Day, six community-led sessions where AWS enthusiasts share technical insights on trending topics based on first-hand experiences and knowledge shared within local AWS communities.
How does a practice become a "best" practice? How does a pattern become an "anti" pattern? As always, experience is the best teacher. As Partner Solution Architects, we receive a lot of partner feedback on how practices and design patterns work—and occasionally fail to work—in the real world. We use this feedback to inform our recommendations and reference architectures. In this session, we explore a representative set of real-life "failures." We look at what these failures have to teach us about design and how to prioritize remediation of known issues.
by Greg McConnel, Sr. Solutions Architect, AWS
Join us for this hands-on lab where you will learn about the new threat detection and monitoring service, Amazon GuardDuty, by walking through its capabilities and some real-world attack scenarios. You need a personal (not corporate) AWS account to take the lab. We will provide AWS credits to help cover any costs you incur while taking the lab.
Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017Amazon Web Services
Macquarie, a global provider of financial services, identified early on that it would require strong partnership between its business, technology and risk teams to enable the rapid adoption of AWS cloud technologies. As a result, Macquarie built a Cloud Governance Platform to enable its risk functions to move as quickly as its development teams. This platform has been the backbone of Macquarie’s adoption of AWS over the past two years and has enabled Macquarie to accelerate its use of cloud technologies for the benefit of clients across multiple global markets. This talk will outline the strategy that Macquarie embarked on, describe the platform they built, and provide examples for other organizations who are on a similar journey.
Operating a security practice on AWS brings many new challenges that haven't been faced in data center environments. The dynamic nature of infrastructure, the relationship between development team members and their applications, and the architecture paradigms have all changed as a result of building software on top of AWS. In this session, learn how your security team can leverage AWS Lambda as a tool to monitor, audit, and enforce your security policies within an AWS environment.
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
In this session, we will discuss how the AWS Serverless Application Repository makes it easy to discover and deploy serverless applications published by fellow developers and companies like Datadog, Here, Splunk, and many others. We will cover how you can use the repository to find applications for a variety of use cases and then deploy them to your AWS account. In addition, we will discuss how you can publish your own applications to the repository. You will also hear from two contributors, Datadog and Here, who will describe their approach to building the serverless applications that they have published to the Serverless Application Repository.
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
As attacks and attempts to exploit vulnerabilities in web applications become more sophisticated, having an effective web request filtering solution becomes key to keeping your users’ data safe. In this workshop, discover how the OWASP Top 10 list of application security risks can help you secure your web applications. Learn how to use AWS services, such as AWS WAF, to mitigate vulnerabilities. This session includes hands-on labs to help you build a solution. Key learning goals include understanding the breadth and complexity of vulnerabilities customers need to protect from, understanding the AWS tools and capabilities that can help mitigate vulnerabilities, and learning how to configure effective HTTP request filtering rules using AWS WAF.
NEW LAUNCH! Amazon Neptune Overview and Customer Use Cases - DAT319 - re:Inve...Amazon Web Services
In this session, we will provide an overview of Amazon Neptune, AWS’s newest database service. Amazon Neptune is a fast, reliable graph database that makes it easy to build applications over highly connected data. We will then explore how Siemens is building a knowledge using Amazon Neptune.
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
As Chick-fil-A became a cloud-first organization, their security team didn't want to become the bottleneck for agility. But the security team also wanted to raise the bar for their security posture on AWS. Robert Davis, security architect at Chick-fil-A, provides an overview about how he and his team recognized that writing code was the best way for their security policies to scale across the many AWS accounts that Chick-fil-A operates. The use of DevSecOps within Chick-fil-A led to the creation of a set of account bootstrapping tools, auditing capabilities, and event-based policy enforcement. This session goes over these tools and how they were built on AWS.
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
Are you curious about how to authenticate and authorize your applications on AWS? Have you thought about how to integrate AWS Identity and Access Management (IAM) with your app authentication? Have you tried to integrate third-party SAML providers with your app authentication? Look no further. This workshop walks you through step by step to configure and create Amazon Cognito user pools and identity pools. This workshop presents you with the framework to build an application using Java, .NET, and serverless. You choose the stack and build the app with local users. See the service being used not only with mobile applications, but with other stacks that normally don’t include Amazon Cognito.
ALX401-Advanced Alexa Skill Building Conversation and MemoryAmazon Web Services
This session walks you through some of the more advanced features offered in Alexa Skill Builder, like Dialog Management, Entity Resolution, state management, session persistence, and maintaining context. Using Dialog Management, you can engage skill users in a multi-turn dialog to elicit and confirm slots for an intent. Using Entity Resolution, you can greatly simplify slot management by mapping multiple synonyms of your slot to a unique ID. We couple these conversational techniques with the management of session state and persistence to enable memory and personalization.
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
Adversaries automate. Who says the good guys can't as well? By combining AWS offerings like AWS CloudTrail, Amazon Cloudwatch, AWS Config, and AWS Lambda with the power of Amazon Alexa, you can do more security tasks faster, with fewer resources. Force multiplying your security team is all about automation! Last year, we showed off penetration testing at the push of an (AWS IoT) button, and surprise-previewed how to ask Alexa to run Inspector as-needed. Want to see other ways to ask Alexa to be your cloud security sidekick? We have crazy new demos at the ready to show security geeks how to sling security automation solutions for their AWS environments (and impress and help your boss, too).
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
Infrastructure-as-Code (IaC) has emerged as an essential element of organizational DevOps practices. Tools such as AWS CloudFormation and Terraform allow software-defined infrastructure to be deployed quickly and repeatably to AWS. But the agility of CI/CD pipelines also creates new challenges in infrastructure security hardening. How do you ensure that your CloudFormation templates meet your organization's security, compliance, and governance needs before you deploy them? How do you deploy infrastructure securely to production environments, and monitor the security posture on a continuous basis? And how do you do this repeatedly without hitting a speed bump? This session provides a foundation for how to bring proven software hardening practices into the world of infrastructure deployment. We discuss how to build security and compliance tests for infrastructure analogous to unit tests for application code, and showcase how security, compliance and governance testing fit in a modern CI/CD pipeline.
Session Sponsored by: Dome9
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...Amazon Web Services
In less than 12 months, Zocdoc became a cloud-first organization, diversifying their tech stack and liberating data to help drive rapid product innovation. Brian Lozada, CISO at Zocdoc, and Zhen Wang, Director of Engineering, provide an overview on how their teams recognized that infrastructure as code was the most effective approach for their security policies to scale across their AWS infrastructure. They leveraged tools such as AWS CloudFormation, hardened AMIs, and hardened containers. The use of DevSecOps within Zocdoc has enhanced data protection with the use of AWS services such as AWS KMS and AWS CloudHSM and auditing capabilities, and event-based policy enforcement with Amazon Elasticsearch Service and Amazon CloudWatch, all built on top of AWS.
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
How can you ensure your environment is Secure? How can you implement an effective governance model in your organization? The AWS Cloud Adoption Framework (CAF) and its Security Perspective provide a structured approach to make risk based decisions, build security guardrails and meet your compliance goals as you migrate to AWS. The Security perspective of the CAF provides a set of 5 core themes designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. In this session you will learn what it takes to lead a Secure Cloud Journey for your organization and make key strategic decisions.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework provides a framework for maturation via a structured program that incorporates best practices and processes for define, build and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice and follow with an afternoon agenda that will dive deep in each of the individual core topics.
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation, separation of duties, and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance. Thomson Reuters shared their journey and their approach to a multi-account strategy. At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
We encourage you attend the full multi-account track:
SID331: Architecting Security and Governance Across a Multi-Account Strategy (Session)
SID335: Implementing Security and Governance Across a Multi-Account Strategy (Chalk Talk)
ENT324: Automating and Auditing Cloud Governance and Compliance in Multi-Account Environments (Session)
SID311: Designing Security and Governance Across a Multi-Account Strategy (Workshop)
SID308: Multi-Account Strategies (Chalk Talk)"
At AWS, security is job zero and we have architected our infrastructure for the most data-sensitive organizations in the world. In this session, we will cover our Shared Responsibility Model in relation to Security and our Compliance Program, and what that means for our customers when using our suite of storage services.
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
Healthcare organizations are rapidly adopting container technology to drive innovation. In this session, join Horizon Blue Cross Blue Shield of New Jersey and ClearDATA to learn about how to integrate Amazon ECS into your deployment pipeline while maintaining compliance for healthcare workloads, how to harden container environments for sensitive workloads, and how to leverage AWS tooling and microservices to provide new views and analysis for data stored in on-premises data centers.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
NEW LAUNCH! Introduction to Amazon GuardDuty - SID218 - re:Invent 2017Amazon Web Services
Amazon GuardDuty is a managed threat detection service that continuously monitors for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. It monitors for activity such as unusual API calls or potentially unauthorized deployments that indicate a possible account compromise. Enabled with a few clicks in the AWS Management Console, Amazon GuardDuty can immediately begin analyzing billions of events across your AWS accounts for signs of risk. It does not require you to deploy and maintain software or security infrastructure, meaning it can be enabled quickly with no risk of negatively impacting existing application workloads.
How Rent-A-Center Stays Secure and Compliant on AWS with Alert LogicAmazon Web Services
In this webinar, Alert Logic will talk about how you can protect your AWS workloads with their suite of security offerings in a matter of days instead of months, without having to hire additional staff. You’ll also learn how Rent-A-Center uses Alert Logic to comply with SOX and PCI, increase efficiency of security operations, and maintain a strong security posture on AWS.
El sector de los servicios financieros atrae a algunas de las amenazas de seguridad de la información más hostiles y es una de las industrias más reguladas del mundo. AWS es consciente de estas obligaciones y ha colaborado con las organizaciones de servicios financieros más complejas con el fin de cumplir los requisitos de seguridad y conformidad en cada uno de los pasos de su viaje a la nube. La protección de sus datos es la mayor prioridad de AWS y nuestra infraestructura global está diseñada y administrada de acuerdo con las prácticas recomendadas de seguridad, así como varias normas de conformidad.
by Bill Reid, Leader, North American Solutions Architects
Security and Compliance Specialists AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
by Michael Wasielewski, CISSP, CCSP, AWS
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS platform. The Security perspective of the CAF provides a set of 5 core foundational theme designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection, and Incident response. During this session, we address how to put the Security Perspective of the CAF into practice.
Automate Best Practices and Operational Health for AWS Resources with AWS Tru...Amazon Web Services
Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges.
It can be challenging to optimize AWS resources across cost, performance, security, and fault tolerance, much less do it automatically. AWS Trusted Advisor, an online resource, provides real-time guidance to help you provision your resources following AWS best practices. AWS Health provides ongoing visibility into the state of your AWS resources and remediation guidance for resource performance or availability issues that may affect your applications. Learn how to safely automate these best practices using Amazon CloudWatch Events and AWS Lambda, with samples for you to use. We also introduce you to AWS Health tools, a community-based source of tools to automate remediation actions and customize health alerts. See how to automate AWS best practices from Trusted Advisor and implement remediation from the AWS Health API on your AWS resources. Attendees should bring their own laptops.
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...Amazon Web Services
Many customers are hesitant to adopt SaaS solutions due to the concerns on the safety of the network connectivity traversing internet. It is also difficult to manage the firewall rules, NAT Gateway or VPN connections. AWS PrivateLink provided solution that let our customers’ applications, whether in a VPC or in their own data center, to connect to SaaS solutions in a highly scalable and highly available manner, while keeping all the network traffic within the AWS network.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and how you can inherit controls from the rich compliance and accreditation programs maintained by AWS.
Similar to AWS Security State of the Union - SID326 - re:Invent 2017 (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
35. Investor Protection – Market Integrity
• Write and enforce rules governing the activities
of 3,800 brokerages with 634,000 brokers
• Examine for compliance with those rules
• Foster market transparency
• Educate investors
• FINRA uses Big Data and data science
technologies to detect and analyze fraud,
market manipulation, and insider trading across
US capital markets
36. UP TO
75 BILLION
EVENTS
PER DAY
Over
25 PETABYTES
of Storage
Market
Reconstruction
Containing
TRILLIONS of
Nodes & Edges
FINRA Technology
INNOVATING
TO PROTECT INVESTORS AND ENSURE MARKET INTEGRITY
37. Need for Nimbleness
Legacy approach not meeting needs
Market volumes are volatile and
steadily increasing
Exchanges are dynamically evolving
Regulatory landscape is changing
Market manipulators innovate
38. Cloud Architecture Solved Our Problems
Huge capacity
Decouple storage and processing
Consume processing when needed
Manual processes replaced by code
39. Cloud Risk Management
Private data centers have risk
Cloud has equivalent security controls
In fact, for most organizations Cloud
can be more secure
But… you must do it right
40. • Easy micro-segmentation
• Fine-grained entitlements
• Strict separation of duties (SoD)
• Automation = consistent compliance
• Rich audit trail
• Best-of-breed security services (AWS KMS)
• Cloud and DevOps = more rapid patching
• Resilience and multiple recovery options
• Assurance through third-party assessments
• Cloud provider must be secure to survive
Cloud Security – Do It RIGHT