AWS Security Week at the San Francisco Loft: Why Your Customers Care About Compliance...and You Should Too!
Presenter: Kristen Haught, AWS Security Assurance
AWS Security Week: Threat Detection & Remediation WorkshopAmazon Web Services
This document outlines an agenda for a threat detection and remediation workshop. The agenda includes:
- Module 1: Building and configuring the environment in about 20 minutes.
- Module 2: Simulating an attack and presenting on threat detection and remediation for about 40 minutes, including a live role playing demo.
- Module 3: Investigating the attack and detection/remediation techniques for about 45 minutes.
- Module 4: Reviewing, discussing, and cleaning up for about 15 minutes.
The workshop guides participants through setting up resources, simulating an attack, detecting the attack, and remediating threats using AWS security services.
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAmazon Web Services
AWS Security Week at the San Francisco Loft: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
Presenter: William Reid, CISM, FIP
Head of Security and Compliance Solution Architecture, AWS
by Zack Milem, Trend Micro
DevOps can be coded quickly in the cloud, but it still needs to be secured. In this session, we will discuss how an automated security infrastructure can be constructed. Building from the ground up with API driven security controls, a Security Fabric in AWS can be the foundation to deliver a fast and secure environment in the cloud.
The document discusses security best practices when using AWS. It highlights some common security anti-patterns to avoid, such as overcrowding AWS accounts, using personal AWS accounts, and relying only on manual technical auditing. It promotes practices like implementing least privilege access, continuous automated auditing using native AWS services, and adopting a DevSecOps approach to development that incorporates security testing and monitoring throughout the software development lifecycle.
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
Learn about how AWS security built a security knowledge management platform to distribute guidance at the scale of the AWS organization using Amazon API Gateway, AWS Lambda, Amazon RDS, and Amazon S3. This platform defines the AWS security bar and empowers AWS with the knowledge that is needed to build secure products and protect customer data. In this session, we look at how the content is consumed by tools and how it powers automated threat modeling for security reviews.
by Nathan Case, Sr. Consultant, AWS
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
The document discusses automating incident response and forensics in AWS. It focuses on two scenarios - detecting an insider threat based on an IAM access denied event, and responding to a compromised EC2 instance. For the insider threat, the presenter demonstrates how AWS services like CloudTrail, Lambda, and SNS can be used to detect the denied access and notify relevant parties. For the compromised instance, the presenter shows how Step Functions can automate isolating the instance and launching a "clean room" to forensically analyze the instance without further risk of compromise. The goal is to contain incidents quickly and gather information automatically without human intervention.
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
According to Gartner, the IaaS market grew at a blistering 42.8% in 2017—twice as fast as SaaS. And with last year’s high-profile data exposures, the focus on bolstering IaaS security practices has increased. We’ve worked with AWS and hundreds of IaaS security professionals to develop a list of security practices specifically designed to protect AWS environments and the applications and data within them. In this session, you’ll discover: common yet preventable scenarios that can result in the loss of corporate data, security best practices for user and admin behavior monitoring, secure auditable configuration, Amazon S3 data loss and threat prevention, blueprints for how a solution-based approach (including bridging to your on-premises best practices) can provide IaaS visibility and control, step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements, and recommendations for creating a successful DevOps workflow that integrates security.
AWS Security Week: Threat Detection & Remediation WorkshopAmazon Web Services
This document outlines an agenda for a threat detection and remediation workshop. The agenda includes:
- Module 1: Building and configuring the environment in about 20 minutes.
- Module 2: Simulating an attack and presenting on threat detection and remediation for about 40 minutes, including a live role playing demo.
- Module 3: Investigating the attack and detection/remediation techniques for about 45 minutes.
- Module 4: Reviewing, discussing, and cleaning up for about 15 minutes.
The workshop guides participants through setting up resources, simulating an attack, detecting the attack, and remediating threats using AWS security services.
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAmazon Web Services
AWS Security Week at the San Francisco Loft: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
Presenter: William Reid, CISM, FIP
Head of Security and Compliance Solution Architecture, AWS
by Zack Milem, Trend Micro
DevOps can be coded quickly in the cloud, but it still needs to be secured. In this session, we will discuss how an automated security infrastructure can be constructed. Building from the ground up with API driven security controls, a Security Fabric in AWS can be the foundation to deliver a fast and secure environment in the cloud.
The document discusses security best practices when using AWS. It highlights some common security anti-patterns to avoid, such as overcrowding AWS accounts, using personal AWS accounts, and relying only on manual technical auditing. It promotes practices like implementing least privilege access, continuous automated auditing using native AWS services, and adopting a DevSecOps approach to development that incorporates security testing and monitoring throughout the software development lifecycle.
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
Learn about how AWS security built a security knowledge management platform to distribute guidance at the scale of the AWS organization using Amazon API Gateway, AWS Lambda, Amazon RDS, and Amazon S3. This platform defines the AWS security bar and empowers AWS with the knowledge that is needed to build secure products and protect customer data. In this session, we look at how the content is consumed by tools and how it powers automated threat modeling for security reviews.
by Nathan Case, Sr. Consultant, AWS
Responding to an incident requires that you’re aware that an incident exists. To be aware that an incident exists, you have to know where to look and what to look for. In this session, you will learn the tools and techniques to take in the breadth of visibility that AWS offers to your environment as well as some ideas on how to inspect events of interest and identify indicators of compromise.
The document discusses automating incident response and forensics in AWS. It focuses on two scenarios - detecting an insider threat based on an IAM access denied event, and responding to a compromised EC2 instance. For the insider threat, the presenter demonstrates how AWS services like CloudTrail, Lambda, and SNS can be used to detect the denied access and notify relevant parties. For the compromised instance, the presenter shows how Step Functions can automate isolating the instance and launching a "clean room" to forensically analyze the instance without further risk of compromise. The goal is to contain incidents quickly and gather information automatically without human intervention.
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
According to Gartner, the IaaS market grew at a blistering 42.8% in 2017—twice as fast as SaaS. And with last year’s high-profile data exposures, the focus on bolstering IaaS security practices has increased. We’ve worked with AWS and hundreds of IaaS security professionals to develop a list of security practices specifically designed to protect AWS environments and the applications and data within them. In this session, you’ll discover: common yet preventable scenarios that can result in the loss of corporate data, security best practices for user and admin behavior monitoring, secure auditable configuration, Amazon S3 data loss and threat prevention, blueprints for how a solution-based approach (including bridging to your on-premises best practices) can provide IaaS visibility and control, step-by-step guidance on how to gain visibility across all workloads, protect against advanced threats, and discover insights into lateral threat movements, and recommendations for creating a successful DevOps workflow that integrates security.
This document discusses cloud control frameworks and compliance on AWS. It provides an overview of AWS compliance programs and certifications across different regions and standards. It emphasizes that security and compliance are shared responsibilities between AWS and customers. Customers can use AWS services to implement controls that meet their objectives and address risks. The document provides examples of how to structure enterprise-wide, service-specific, and workload-specific controls on AWS. It recommends taking a risk-based approach and focusing on controls needed to achieve strategic objectives. Customers can use industry standard frameworks that AWS already supports as a starting point.
Amazon FreeRTOS is an IoT operating system for microcontrollers that makes small, low powered edge devices easy to program, deploy, secure, connect and maintain. It is based on the popular FreeRTOS kernel and includes libraries for local and cloud connectivity, security, and over-the-air firmware updates. Amazon FreeRTOS integrates with AWS IoT services like Greengrass, IoT Core, IoT Analytics and more to provide a full solution for IoT devices, edge computing and the cloud.
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
In this session you will learn how to align your AWS environment to industry standard best practices for security. This session covers AWS' prescriptive recommendations for securing cloud workloads, including the the Well-Architected Framework for Security. In addition, see how AWS Security Hub simplifies the task of measuring the security of your workloads.
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...Amazon Web Services
by Fritz Kunstler, Sr. AWS Security Consultant, AWS
Across the AWS customer base there's a wide spectrum of experience levels. In this session, we'll dive deep into a number of advanced patterns that some of our most advanced customers are using to make themselves successful. By equipping you with these deep learnings, you'll be able to raise the bar within your organization, allowing you to achieve greater levels of control, speed, and visibility at a greatly accelerated pace.
This document outlines an agenda for a workshop on threat detection and remediation. It includes:
- Running a CloudFormation template to set up the initial environment.
- A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help.
- A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption.
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements.
In this session, learn about all of the AWS storage solutions, and get guidance about which ones to use for different use cases. We discuss the core AWS storage services. These include Amazon Simple Storage Service (Amazon S3), Amazon Glacier, Amazon Elastic File System (Amazon EFS), and Amazon Elastic Block Store (Amazon EBS). We also discuss data transfer services such as AWS Snowball, Snowball Edge, and AWS Snowmobile, and hybrid storage solutions such as AWS Storage Gateway.
How Dow Jones uses AWS to create a secure perimeter around its web properties...Amazon Web Services
Dow Jones, a world-leading data, media, and intelligence solutions provider with brands like the Wall Street Journal and MarketWatch, has numerous applications that need protection. The company was seeking a protection solution and a way to gain more control over security, and it looked to AWS to secure the cloud right at the edge. This session explores how Dow Jones implemented innovative architecture to meet its software security framework using CloudFront, AWS Shield, AWS WAF, Lambda, and more. Learn how to use AWS services to architect software environments for securing applications. Join Kamal Verma, senior principal engineer at Dow Jones, for a deep dive into their implementation and learnings.
Are you ready for a cloud pentest? AWS re:Inforce 2019Teri Radichel
The document discusses preparing for a penetration test of systems hosted in the cloud. It emphasizes defining the test scope and rules of engagement. Key aspects that are different for cloud pentests compared to on-premises include dynamic resources like IP addresses, new technologies like serverless architectures, and the need to comply with the cloud provider's terms of service. Preparation steps like vulnerability scanning and following security best practices can help optimize the results of the pentest.
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
Amazon FreeRTOS is an open-source operating system for cloud-connected embedded devices. As customers start working on embedded Internet of Things projects, they ask AWS for security best practices. In this session, we discuss provisioning, device authentication and authorization, secure software updates, and monitoring. Finally, we show these lifecycle considerations in context by demonstrating an over-the-air firmware update to an embedded developer board, highlighting the many security-relevant steps in the workflow.
by Trevor Sullivan, Solutions Architect, AWS
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
by Cameron Worrell, Sr. Solutions Architect, AWS
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Best practices for privileged access & secrets management in the cloud - DEM0...Amazon Web Services
In this session, you learn from real-world scenarios related to privileged access security in cloud environments. Experts from TOTVS and CyberArk provide insights from lessons learned while securing commercial SaaS applications, cloud infrastructure, and internal applications deployed in the cloud. Topics covered include privilege and cloud scenarios (e.g., human access models, support for automation, proactive controls, and programmatic deployment), as well as best practices and augmentation of existing security controls for privilege and secrets management on the AWS Cloud. We also cover limited use of root accounts, considerations for human administrator access in the cloud, and success with hybrid cloud environments.
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
In this session, you learn pragmatic steps to integrate security controls into DevOps processes in your AWS environment at scale. Cyber security expert and founder of Alert Logic Misha Govshteyn shares insights from high performing teams who are embracing the reality that an agile security program can enable faster and more secure workload deployments. Joining Misha is Joey Peloquin, Director of Cloud Security Operations at Citrix, who discusses Citrix’s DevOps experiences and how they manage their cyber security posture within the AWS Cloud.
Session sponsored by Alert Logic
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.
Here are the slides from the advanced Techniques for securing web applications session delivered by Sundar Jayashekar at the perimeter protection event in Stockholm.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
This document discusses implementing an AWS landing zone using a multi-account strategy. It describes setting up initial core accounts for AWS Organizations, log archive, security, and shared services. It provides details on account structures and roles. The next steps outlined are to define tagging and automation strategies before creating the core accounts and implementing security best practices and cross-account access controls.
In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend.
Why Your Customers Care About Compliance and You Should TooAmazon Web Services
As you're expanding your business into regulated markets, addressing compliance requirements can feel overwhelming. AWS has developed a robust compliance portfolio designed to help you and your customers meet compliance goals. During this session we will discuss ways to implement, market, and communicate compliance to your customers and grow your business in regulated industries. We’ll also cover common objections from customers and how you can find information to counter these concerns—and you’ll have time to discuss and share your own customer’s objections.
Speakers:
Kristin Haught - Technical PM III, AWS
Bill Reid - Sr Mgr, Solutions Architecture, AWS
The practice of cloud security and compliance now enables enterprises to innovate both quickly and securely. Many enterprises moving to the cloud may find that some aspects of the cloud security model differ from the model used in their traditional on-premises infrastructure. At AWS, security is our top priority, and this session provides an overview of our security model and best practices to help your organization innovate quickly while maintaining enterprise-level security in the cloud.
This document discusses cloud control frameworks and compliance on AWS. It provides an overview of AWS compliance programs and certifications across different regions and standards. It emphasizes that security and compliance are shared responsibilities between AWS and customers. Customers can use AWS services to implement controls that meet their objectives and address risks. The document provides examples of how to structure enterprise-wide, service-specific, and workload-specific controls on AWS. It recommends taking a risk-based approach and focusing on controls needed to achieve strategic objectives. Customers can use industry standard frameworks that AWS already supports as a starting point.
Amazon FreeRTOS is an IoT operating system for microcontrollers that makes small, low powered edge devices easy to program, deploy, secure, connect and maintain. It is based on the popular FreeRTOS kernel and includes libraries for local and cloud connectivity, security, and over-the-air firmware updates. Amazon FreeRTOS integrates with AWS IoT services like Greengrass, IoT Core, IoT Analytics and more to provide a full solution for IoT devices, edge computing and the cloud.
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Amazon Web Services
In this session you will learn how to align your AWS environment to industry standard best practices for security. This session covers AWS' prescriptive recommendations for securing cloud workloads, including the the Well-Architected Framework for Security. In addition, see how AWS Security Hub simplifies the task of measuring the security of your workloads.
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...Amazon Web Services
by Fritz Kunstler, Sr. AWS Security Consultant, AWS
Across the AWS customer base there's a wide spectrum of experience levels. In this session, we'll dive deep into a number of advanced patterns that some of our most advanced customers are using to make themselves successful. By equipping you with these deep learnings, you'll be able to raise the bar within your organization, allowing you to achieve greater levels of control, speed, and visibility at a greatly accelerated pace.
This document outlines an agenda for a workshop on threat detection and remediation. It includes:
- Running a CloudFormation template to set up the initial environment.
- A presentation on threat detection and remediation that discusses why it is difficult, the importance of removing humans from data analysis and detection, and AWS security services that can help.
- A walkthrough of the workshop where participants will simulate attacks and threats in their environment and use AWS security tools like GuardDuty, Lambda, and CloudWatch Events for detection and remediation.
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption.
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements.
In this session, learn about all of the AWS storage solutions, and get guidance about which ones to use for different use cases. We discuss the core AWS storage services. These include Amazon Simple Storage Service (Amazon S3), Amazon Glacier, Amazon Elastic File System (Amazon EFS), and Amazon Elastic Block Store (Amazon EBS). We also discuss data transfer services such as AWS Snowball, Snowball Edge, and AWS Snowmobile, and hybrid storage solutions such as AWS Storage Gateway.
How Dow Jones uses AWS to create a secure perimeter around its web properties...Amazon Web Services
Dow Jones, a world-leading data, media, and intelligence solutions provider with brands like the Wall Street Journal and MarketWatch, has numerous applications that need protection. The company was seeking a protection solution and a way to gain more control over security, and it looked to AWS to secure the cloud right at the edge. This session explores how Dow Jones implemented innovative architecture to meet its software security framework using CloudFront, AWS Shield, AWS WAF, Lambda, and more. Learn how to use AWS services to architect software environments for securing applications. Join Kamal Verma, senior principal engineer at Dow Jones, for a deep dive into their implementation and learnings.
Are you ready for a cloud pentest? AWS re:Inforce 2019Teri Radichel
The document discusses preparing for a penetration test of systems hosted in the cloud. It emphasizes defining the test scope and rules of engagement. Key aspects that are different for cloud pentests compared to on-premises include dynamic resources like IP addresses, new technologies like serverless architectures, and the need to comply with the cloud provider's terms of service. Preparation steps like vulnerability scanning and following security best practices can help optimize the results of the pentest.
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
GE has very deep security requirements for their cloud applications. In this session, hear their story on replacing on premises complex solutions with AWS native services like Amazon GuardDuty, VPC Flow logs, AWS CloudTrail, and AWS Config rules. Learn how large enterprises can accelerate their cloud adoption by meeting established security standards with AWS native services. Please join us for a speaker meet-and-greet following this session at the Speaker Lounge (ARIA East, Level 1, Willow Lounge). The meet-and-greet starts 15 minutes after the session and runs for half an hour.
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon Web Services
Amazon FreeRTOS is an open-source operating system for cloud-connected embedded devices. As customers start working on embedded Internet of Things projects, they ask AWS for security best practices. In this session, we discuss provisioning, device authentication and authorization, secure software updates, and monitoring. Finally, we show these lifecycle considerations in context by demonstrating an over-the-air firmware update to an embedded developer board, highlighting the many security-relevant steps in the workflow.
by Trevor Sullivan, Solutions Architect, AWS
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice.
by Cameron Worrell, Sr. Solutions Architect, AWS
In this talk, we will introduce several methods of threat detection and remediation on AWS, including GuardDuty, Macie, WAF, Shield, Lambda, AWS Config, Systems Manager and Inspector. We will do a brief overview of each of these services, and then talk about how to put them all together, to have a comprehensive thread detection and remediation solution. We will also discuss how to use these services across multiple AWS accounts and regions, to cover the governance needs of enterprise AWS deployments.
Best practices for privileged access & secrets management in the cloud - DEM0...Amazon Web Services
In this session, you learn from real-world scenarios related to privileged access security in cloud environments. Experts from TOTVS and CyberArk provide insights from lessons learned while securing commercial SaaS applications, cloud infrastructure, and internal applications deployed in the cloud. Topics covered include privilege and cloud scenarios (e.g., human access models, support for automation, proactive controls, and programmatic deployment), as well as best practices and augmentation of existing security controls for privilege and secrets management on the AWS Cloud. We also cover limited use of root accounts, considerations for human administrator access in the cloud, and success with hybrid cloud environments.
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
In this session, you learn pragmatic steps to integrate security controls into DevOps processes in your AWS environment at scale. Cyber security expert and founder of Alert Logic Misha Govshteyn shares insights from high performing teams who are embracing the reality that an agile security program can enable faster and more secure workload deployments. Joining Misha is Joey Peloquin, Director of Cloud Security Operations at Citrix, who discusses Citrix’s DevOps experiences and how they manage their cyber security posture within the AWS Cloud.
Session sponsored by Alert Logic
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.
Here are the slides from the advanced Techniques for securing web applications session delivered by Sundar Jayashekar at the perimeter protection event in Stockholm.
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
This document discusses implementing an AWS landing zone using a multi-account strategy. It describes setting up initial core accounts for AWS Organizations, log archive, security, and shared services. It provides details on account structures and roles. The next steps outlined are to define tagging and automation strategies before creating the core accounts and implementing security best practices and cross-account access controls.
In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend.
Why Your Customers Care About Compliance and You Should TooAmazon Web Services
As you're expanding your business into regulated markets, addressing compliance requirements can feel overwhelming. AWS has developed a robust compliance portfolio designed to help you and your customers meet compliance goals. During this session we will discuss ways to implement, market, and communicate compliance to your customers and grow your business in regulated industries. We’ll also cover common objections from customers and how you can find information to counter these concerns—and you’ll have time to discuss and share your own customer’s objections.
Speakers:
Kristin Haught - Technical PM III, AWS
Bill Reid - Sr Mgr, Solutions Architecture, AWS
The practice of cloud security and compliance now enables enterprises to innovate both quickly and securely. Many enterprises moving to the cloud may find that some aspects of the cloud security model differ from the model used in their traditional on-premises infrastructure. At AWS, security is our top priority, and this session provides an overview of our security model and best practices to help your organization innovate quickly while maintaining enterprise-level security in the cloud.
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
This year, the focus goes beyond technology to mining business insights around how cloud enables strategic industry trends such as Open and Virtual Banking and Insurance, Security and Compliance, Data Analytics and AI/ ML, FinTech and RegTech, Surveillance and more through sharing of best practices and use cases. In sessions led by customers, partners, industry leaders and AWS subject matter experts, you’ll learn how AWS helps financial institutions to focus on the innovation and outcomes that truly drive business forward. Business stakeholders, market makers, and technology owners will all learn something new, valuable and actionable.
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
Speaker: Jonathan Allen, Enterprise Strategist, AWS
Hear why customers adopt, how you can follow and the positive impact of Financial Services customers choosing to use AWS Cloud. This session will be presented by Jonathan Allen – AWS Enterprise Strategist and Evangelist. Sharing some of his experience and lessons learned when he was the CTO of Capital One UK, across the paradigms of People, Process and Technology and leveraging first-hand knowledge of the AWS Cloud Adoption Framework and Mass Migration best practices.
How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit...Amazon Web Services
The document discusses Payment Card Industry Data Security Standard (PCI DSS) compliance on Amazon Web Services (AWS). It provides an overview of PCI DSS requirements and guidelines for protecting cardholder data. It then describes how AWS services like Lambda, Step Functions, and a segmented cardholder data environment can help achieve PCI DSS compliance by leveraging the AWS shared responsibility model. Finally, it mentions the AWS PCI Quick Start, which automates deployment of a standardized architecture for PCI DSS workloads on AWS.
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
The cloud is accelerating the pace at which companies innovate and has shifted the focus on how to approach technology governance and compliance. AWS elects to have a variety of security assessments performed and provides several built-in security features to help meet your security and compliance objectives. In this open roundtable session, we look at how AWS attestations and governance automation can reduce scope to drive security, compliance, and audit assertions across customers organizations. Come and join a discussion with AWS security and compliance Solutions Architects.
by Henrik Johansson, Principal Solutions Architect, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in-source repositories, and discuss SSH access and necessary SDKs.
FINRA uses big data and data science technologies to detect fraud, market manipulation, and insider trading across US capital markets. As a financial regulator, FINRA analyzes highly sensitive data, so information security is critical. Learn how FINRA secures its Amazon S3 Data Lake and its data science platform on Amazon EMR and Amazon Redshift, while empowering data scientists with tools they need to be effective. In addition, FINRA shares AWS security best practices, covering topics such as AMI updates, micro segmentation, encryption, key management, logging, identity and access management, and compliance.
This document discusses security and compliance when using cloud services like AWS. It provides an introduction to AWS and an overview of AWS security features. It discusses how AWS meets various compliance standards and regulations like GDPR. It explains that customers are responsible for security and compliance of their own content, while AWS is responsible for the security of the cloud infrastructure. The document is intended to help public sector organizations understand how to securely use cloud services.
DevSecOps is the premise that everyone in the software development lifecycle is responsible for security. DevSecOps aims to embed security in every part of the development process. In this *workshop*, participants explore taking a standard CI/CD pipeline and adding security stages to improve security posture. Learn how to use AWS CodeCommit and AWS CodePipeline to build and publish golden AMI images. Also, learn how to modify pipeline flow to add security test cases. You also have to opportunity to perform CVE analysis and code analysis using Amazon Inspector and perform observational container analysis using Amazon GuardDuty.
Whether you’re just beginning to explore cloud computing or adopting it at enterprise-scale, it is important to build security into your architecture. But where do you begin? This requires a thorough understanding of your shared security responsibilities as well as familiarity with the tools available to address these issues.
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days. There will be code giveaways and more!
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
Customers trust AWS with mission-critical workloads because AWS is designed and built to deliver the most flexible, reliable, scalable, and secure cloud computing environment available today. AWS works to earn that trust by offering transparency, demonstrating consistency, and providing best practices to keep themselves secure. As customers adopt AWS, they traverse several trust-building milestones with due-diligence activities, such as assurance report and AWS Well-Architected Tool reviews and deep dives with AWS subject matter experts. This session addresses these milestones at common AWS adoption stages with examples, questions that customers often ask, and suggestions for how to get started.
Achieving Compliance and Selling to Regulated Markets on AWSAmazon Web Services
Security is the top priority at AWS, and whether you are a startup or an enterprise our compliance programs can help you demonstrate the effectiveness of this security to your customers. In this session, you will learn how to build your own compliance programs on AWS, and how to show your customers evidence of this compliance. Bring both your business and technical hat as we will dive into a cross-functional strategy that will accelerate your path to compliance on AWS and your business growth in regulated markets.
Attend this day-long workshop for U.S. Federal government and Department of Defense IT professionals, architects, and administrators to learn how to architect for DoD workloads in the cloud. Join this session to map DoD requirements for cloud architecture and get hands-on experience with AWS NIST Quick Start tools, which can help fast track the FedRAMP/DoD ATO process.
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
When migrating to the cloud, the shared responsibility model inherent to AWS creates different paradigms for assessing your security, risk and compliance posture. Determining how to deal with these aspects of cloud can often slow migration and adoption far more than any technical blockers. In this session, we will discuss how you can build your landing zone in a way that addresses your security, risk, and compliance requirements. The session will feature ECMC who will chronicle the migration and transformation of regulated workloads to AWS and their approach to addressing security risk and compliance in the cloud
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
In this session, we discuss the challenges that regulated industries, such as government, finance, and healthcare, face in demonstrating compliance with security requirements. Through customer use cases, you learn which AWS Marketplace services enable appropriate threat mitigation in cloud computing, which can help you understand how to minimize your burden. Finally, we demonstrate methods to reduce business impact while increasing security effectiveness and reducing risk in your environment.
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
The document discusses security in the AWS cloud. It covers the shared responsibility model between AWS and customers, AWS global infrastructure and security features, identity and access management, encryption options, security best practices, and AWS security partners. It also provides an overview of a presentation about AWS security solutions and compliance.
Amazon FreeRTOS: IoT Operating System for Microcontrollers (IOT208-R1) - AWS ...Amazon Web Services
In this presentation, we take a deeper look at Amazon FreeRTOS. As OEMs work to squeeze more functionality onto cheaper and smaller IoT devices, they face a series of challenges in development and operations that results in security vulnerabilities, inefficient code, compatibility issues, and unclear licensing. With Amazon FreeRTOS, it is now easier to build, deploy, and update connected microcontroller-based devices quickly and economically, while retaining confidence that the devices are secure. Also, learn how Pentair, a leading water treatment company, is developing an IoT solution with the help of Amazon FreeRTOS and Espressif Systems, a hardware partner.
The document summarizes a panel discussion on federal cloud adoption. It introduces the moderator Brian Fogg and panel members Jeff Shilling of the National Cancer Institute and Rick Jack of SPAWAR Systems Center Pacific. Jeff Shilling discusses how NCI is building a cloud hosting model with AWS to deliver its scientific mission more quickly. Rick Jack discusses how SSC Pacific established a cloud brokerage to streamline cloud adoption across Navy research centers and provide transparency on cloud costs. Both emphasize the importance of an incremental approach, communication, and automation in their cloud journeys.
Similar to AWS Security Week: Why Your Customers Care About Compliance (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
1) The document discusses building a minimum viable product (MVP) using Amazon Web Services (AWS).
2) It provides an example of an MVP for an omni-channel messenger platform that was built from 2017 to connect ecommerce stores to customers via web chat, Facebook Messenger, WhatsApp, and other channels.
3) The founder discusses how they started with an MVP in 2017 with 200 ecommerce stores in Hong Kong and Taiwan, and have since expanded to over 5000 clients across Southeast Asia using AWS for scaling.
This document discusses pitch decks and fundraising materials. It explains that venture capitalists will typically spend only 3 minutes and 44 seconds reviewing a pitch deck. Therefore, the deck needs to tell a compelling story to grab their attention. It also provides tips on tailoring different types of decks for different purposes, such as creating a concise 1-2 page teaser, a presentation deck for pitching in-person, and a more detailed read-only or fundraising deck. The document stresses the importance of including key information like the problem, solution, product, traction, market size, plans, team, and ask.
This document discusses building serverless web applications using AWS services like API Gateway, Lambda, DynamoDB, S3 and Amplify. It provides an overview of each service and how they can work together to create a scalable, secure and cost-effective serverless application stack without having to manage servers or infrastructure. Key services covered include API Gateway for hosting APIs, Lambda for backend logic, DynamoDB for database needs, S3 for static content, and Amplify for frontend hosting and continuous deployment.
This document provides tips for fundraising from startup founders Roland Yau and Sze Lok Chan. It discusses generating competition to create urgency for investors, fundraising in parallel rather than sequentially, having a clear fundraising narrative focused on what you do and why it's compelling, and prioritizing relationships with people over firms. It also notes how the pandemic has changed fundraising, with examples of deals done virtually during this time. The tips emphasize being fully prepared before fundraising and cultivating connections with investors in advance.
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
This document discusses Amazon's machine learning services for building conversational interfaces and extracting insights from unstructured text and audio. It describes Amazon Lex for creating chatbots, Amazon Comprehend for natural language processing tasks like entity extraction and sentiment analysis, and how they can be used together for applications like intelligent call centers and content analysis. Pre-trained APIs simplify adding machine learning to apps without requiring ML expertise.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.