This presentation showcases the "best of the best" practices for operating securely at scale on AWS, taken from real customer examples, incorporating practical examples found in the Center for Internet Security’s CIS AWS Foundation and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
Security must be the number one priority for any cloud provider and that's no different for AWS. Stephen Schmidt, vice president and chief information officer for AWS, will share his insights into cloud security and how AWS meets the needs of today's IT security challenges. Stephen, with his background with the FBI and his work with AWS customers in the government and space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Pop-up Loft | London - Introduction to AWS Security by Ian Massingham, Chief Evangelist EMEA, 19 April 2016
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
Security must be the number one priority for any cloud provider and that's no different for AWS. Stephen Schmidt, vice president and chief information officer for AWS, will share his insights into cloud security and how AWS meets the needs of today's IT security challenges. Stephen, with his background with the FBI and his work with AWS customers in the government and space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers. At the conclusion of this session, Stephen also provides a brief summary of the other sessions available to you in the security track.
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Amazon Web Services
Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Pop-up Loft | London - Introduction to AWS Security by Ian Massingham, Chief Evangelist EMEA, 19 April 2016
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
Vortrag "Datensicherheit mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag bietet Ihnen eine Übersicht über mögliche Leistungsmerkmale und Optionen von Amazon Web Services, mit denen Ihre Daten gesichert werden können. Die AWS Dienste folgen spezifischen Bauplänen auf Basis von Regionen und Verfügbarkeitszonen. Das Verstehen dieser Baupläne ermöglicht es Ihnen, die richtige Wahl zu treffen, um erfolgreich Anwendungen auf AWS laufen zu lassen. Auch existieren verschiedenste Optionen welche von AWS zur Sicherung der Anwendungen empfohlen werden. Der Vortrag wird einen Überblick über diese Optionen geben und einige bewährte Verfahren im Bereich Verschlüsselung und AWS-Konto-Verwaltung beschreiben.
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering flexibility for customers to build a wide range of applications. Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Topics covered include:
• The AWS approach to security and how responsibilities are shared between AWS and our customers
• How to build your own secure virtual private cloud and integrate it with your existing solutions
• How to use AWS Identity and Access Management to securely manage and operate your applications
• Best practices for securing your AWS account, your content and your applications
View a recording of this webinar here: http://youtu.be/Ihe_8o00-WI
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017Amazon Web Services
Highly regulated workloads, like those that are HIPAA or HITRUST based, can be created using native tools on AWS, but how do we manage them after they've been made? This session will review governance and compliance designs for a regulated workload, like HIPAA or HITRUST, and demonstrate how you can better validate and document your compliance. You will learn how to quickly get started with the AWS compliance accelerators and ways to leverage AWS native features to monitor and control your accounts. We will answer common questions, such as: How do I know that I’m using the approved services from the BAA? How can I enforce policy on many accounts? How can I make sure data is being securely transmitted? And how can I automate compliance notifications and alerting? This session is designed for a technical audience to dive deep into the AWS service offerings, console, and API. Learn More: https://aws.amazon.com/government-education/
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help security professionals thwart cyber security incidents. Within this list of strategies, eight have been identified as essential for government agencies to implement as a security baseline starting point. This session offers customers practical guidance for meeting the ASD Essential Eight using AWS services to help them achieve compliance goals faster and more cost effectively.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...Amazon Web Services
Most law enforcement agencies today manage, store, process, analyze, and report on digital forensics using on-premises data centers for computing. Digital forensics is a spiky workload that requires ever increasing storage. Workloads for digital evidence are increasing as it becomes routine to collect laptops, thumb drives, phones, and media (video, images, etc.) during criminal investigations. With oscillating workloads and a need for large amounts of storage, digital forensics is prime workload for the AWS Cloud. This session explores the use of AWS in the tracking and evolution of digital forensics. Learn how to tackle CJIS evidence management in the cloud using AWS GovCloud (US). Learn More: https://aws.amazon.com/government-education/
Migrating from the data center to the cloud requires us to rethink much of what we do to secure our applications. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, you need to adapt your security architecture to meet both compliance and security threats.
In the presentation we will cover topics including:
- Minimize attack vectors and surface area
- Perimeter assessments of your VPCs
- Internal vs. External threats
- Monitoring threats
- Re-evaluating Intrusion Detection, Activity Monitoring, and Vulnerability Assessment in AWS
This workshop is an introduction to security-related services on AWS. We will discuss security services on AWS and also walk through how to import third-party security solutions from the AWS marketplace. This Workshop will include a demo and some customer case studies.
Dev ops on aws deep dive on continuous delivery - TorontoAmazon Web Services
Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.
AWS Solutions Architect Matt Tavis reviews high availability features for Microsoft Windows Server and SQL Server running on the AWS cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications. We will walk through an example implementation and share templates and sample code to help you deploy high availability architectures. Please review this virtual event geared for a technical audience.
This talk showcases the "best of the best" practices for operating securely at scale on AWS, taken from real customer examples. It introduces the AWS Security Best Practices whitepaper and covers a range of security recommendations for Identity and Access Management, Logging and Monitoring, Infrastructure Security, and Data Protection. It incorporates practical examples found in the Center for Internet Security’s CIS AWS Foundation and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
Speakers:
Phil Rodrigues, Security Solutions Architect, Amazon Web Services
Michael Fuller, Principal Systems Engineer, Atlassian
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
Vortrag "Datensicherheit mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag bietet Ihnen eine Übersicht über mögliche Leistungsmerkmale und Optionen von Amazon Web Services, mit denen Ihre Daten gesichert werden können. Die AWS Dienste folgen spezifischen Bauplänen auf Basis von Regionen und Verfügbarkeitszonen. Das Verstehen dieser Baupläne ermöglicht es Ihnen, die richtige Wahl zu treffen, um erfolgreich Anwendungen auf AWS laufen zu lassen. Auch existieren verschiedenste Optionen welche von AWS zur Sicherung der Anwendungen empfohlen werden. Der Vortrag wird einen Überblick über diese Optionen geben und einige bewährte Verfahren im Bereich Verschlüsselung und AWS-Konto-Verwaltung beschreiben.
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
Amazon Web Services (AWS) delivers a scalable cloud computing platform with high availability and dependability, offering flexibility for customers to build a wide range of applications. Helping to protect the security of our customers content is of utmost importance to AWS, as is maintaining customer trust and confidence. Under the AWS shared responsibility model, AWS provides a secure global infrastructure, including compute, storage, networking and database services, as well as a range of high level services.
AWS provides a range of security services and features that AWS customers can use to secure their content and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
Topics covered include:
• The AWS approach to security and how responsibilities are shared between AWS and our customers
• How to build your own secure virtual private cloud and integrate it with your existing solutions
• How to use AWS Identity and Access Management to securely manage and operate your applications
• Best practices for securing your AWS account, your content and your applications
View a recording of this webinar here: http://youtu.be/Ihe_8o00-WI
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017Amazon Web Services
Highly regulated workloads, like those that are HIPAA or HITRUST based, can be created using native tools on AWS, but how do we manage them after they've been made? This session will review governance and compliance designs for a regulated workload, like HIPAA or HITRUST, and demonstrate how you can better validate and document your compliance. You will learn how to quickly get started with the AWS compliance accelerators and ways to leverage AWS native features to monitor and control your accounts. We will answer common questions, such as: How do I know that I’m using the approved services from the BAA? How can I enforce policy on many accounts? How can I make sure data is being securely transmitted? And how can I automate compliance notifications and alerting? This session is designed for a technical audience to dive deep into the AWS service offerings, console, and API. Learn More: https://aws.amazon.com/government-education/
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help security professionals thwart cyber security incidents. Within this list of strategies, eight have been identified as essential for government agencies to implement as a security baseline starting point. This session offers customers practical guidance for meeting the ASD Essential Eight using AWS services to help them achieve compliance goals faster and more cost effectively.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...Amazon Web Services
Most law enforcement agencies today manage, store, process, analyze, and report on digital forensics using on-premises data centers for computing. Digital forensics is a spiky workload that requires ever increasing storage. Workloads for digital evidence are increasing as it becomes routine to collect laptops, thumb drives, phones, and media (video, images, etc.) during criminal investigations. With oscillating workloads and a need for large amounts of storage, digital forensics is prime workload for the AWS Cloud. This session explores the use of AWS in the tracking and evolution of digital forensics. Learn how to tackle CJIS evidence management in the cloud using AWS GovCloud (US). Learn More: https://aws.amazon.com/government-education/
Migrating from the data center to the cloud requires us to rethink much of what we do to secure our applications. The idea of physical security morphs as infrastructure becomes virtualized by AWS APIs. In a new world of ephemeral, auto-scaling infrastructure, you need to adapt your security architecture to meet both compliance and security threats.
In the presentation we will cover topics including:
- Minimize attack vectors and surface area
- Perimeter assessments of your VPCs
- Internal vs. External threats
- Monitoring threats
- Re-evaluating Intrusion Detection, Activity Monitoring, and Vulnerability Assessment in AWS
This workshop is an introduction to security-related services on AWS. We will discuss security services on AWS and also walk through how to import third-party security solutions from the AWS marketplace. This Workshop will include a demo and some customer case studies.
Dev ops on aws deep dive on continuous delivery - TorontoAmazon Web Services
Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.
AWS Solutions Architect Matt Tavis reviews high availability features for Microsoft Windows Server and SQL Server running on the AWS cloud. Windows Server Failover Clustering (WSFC) and SQL AlwaysOn Availability Groups are part of the underpinnings for many enterprise-class solutions, including Microsoft SharePoint and .NET applications. We will walk through an example implementation and share templates and sample code to help you deploy high availability architectures. Please review this virtual event geared for a technical audience.
This talk showcases the "best of the best" practices for operating securely at scale on AWS, taken from real customer examples. It introduces the AWS Security Best Practices whitepaper and covers a range of security recommendations for Identity and Access Management, Logging and Monitoring, Infrastructure Security, and Data Protection. It incorporates practical examples found in the Center for Internet Security’s CIS AWS Foundation and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
Speakers:
Phil Rodrigues, Security Solutions Architect, Amazon Web Services
Michael Fuller, Principal Systems Engineer, Atlassian
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
This session showcases best practices for operating securely at scale on AWS. We’ll introduce the AWS Security Best Practices whitepaper that covers a range of security recommendations for identity and access management, logging and monitoring, infrastructure security, and data protection. We’ll also examine practical examples found in the Center for Internet Security’s CIS AWS Foundations and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!"
Speaker:
Angus McAllister, Solutions Architect, Amazon Web Services
Securing Media Content and Applications in the Cloud (MED401) | AWS re:Invent...Amazon Web Services
"Are your media assets secure? For media companies, security is paramount. Few things can more directly impact your company's bottom line. As the move to store, process, and distribute digital media via the cloud continues, it is imperative to examine the relevant security implications of a multitenant public cloud environment. This talk is intended to answer questions around securely storing, processing, distributing, and archiving digital media assets in the AWS environment. The talk also covers the security controls, features, and services that AWS provides its customers. Learn how AWS aligns with the MPAA security best practices and how media companies can leverage that for their media workloads.
This session also includes a representative from Sony Media Cloud Sevices discussing the path to MPAA alignment of their application Ci on AWS based on these best practices."
In this workshop, we will provide you with an overview of AWS Security. We will dive deep into how to establish tight network security, introduce identity and access management capabilities and how to add additional layers of security to your data. We will also discuss the latest security innovations coming from AWS and how security systems at cloud scale.
Techniques for securely storing your digital content and running media workloads. Efficient uses of Access Control, Approval Flows, Encryption, Log Analysis and Virtual Private Clouds.
AWS provides several security capabilities and services to increase privacy and control infrastructure access. Built-in firewalls allow you to create private networks within AWS, and also control network access to your instances and subnets. Identity and access management capabilities enable you to define individual user accounts with permissions across AWS resources. AWS also provides tools and features that enable you to see exactly what’s happening in your AWS environment. In this session, you will gain an understanding of preventive and detective controls at the infrastructure level on AWS. We will cover Identity and Access Management as well as the security aspects of Amazon EC2, Virtual Private Cloud (VPC), Elastic Load Balancing (ELB), and CloudTrail.
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.
Security & Governance on AWS – Better, Faster, and Cost Effective - Technical...Amazon Web Services
AWS and the Cloud has ushered in a new era for Information Security & Risk Professionals. In this session, we will talk through how the world's leading corporates are reinventing their internal GRC practices to enable their business to leverage the business value of AWS while improving the security posture of their organisation. We will talk about the journey undertaken by globally regulated entities such as Capital One who now believe they can operate more securely in the public cloud than they can in their own data centres. Finally, we will provide lessons and best practices on how you can use AWS to improve the security posture of your organisation.
Speaker: Rodney Haywood, Manager Solutions Architecture, Amazon Web Services
Featured Customer - Xero
Tom Jones, Solution Architect at Amazon Web Services leads a 60-minute tour through everything you need to know to develop, deploy and operate your first secure applications and services on AWS.
Learn how to leverage AWS and security super friends like Trend Micro to create an impenetrable fortress for your AWS workloads, without hindering performance or agility.
Join this session and learn three cloud security super powers that will help you thwart villains interested in your workloads. We will walk through three stories of Amazon EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Join us to learn:
• Design a workload-centric security architecture
• Improve visibility of AWS-only or hybrid environments
• Stop patching live instances but still prevent exploits
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
The cloud enables users to run workloads more securely than they could in a traditional data center. However, customers are still not sure how to harden their AWS accounts and resources in order to enforce compliance. Consistency around governance can also be a concern when large customers have multiple accounts. In this session, we show you how to use automation, tools, and techniques to harden and audit your AWS account as well as how to leverage AWS Organizations to ensure compliance in your enterprise.
Security Automation: Spend Less Time Securing Your Applications.Amazon Web Services
While security and compliance outside the cloud can be an endless struggle against long checklists, the cloud makes it possible to both have a perfect inventory of resources and their state at any given point in time, and the APIs to make the changes needed to ensure a good posture on security.
Moving to the cloud can simplify and improve your security posture by shifting a large portion of security management burden to an infrastructure environment that’s designed and managed to the specifications of some of the world’s most security-sensitive organizations. AWS also provides you the tools to automate many common security tasks.
We look at effective implementations of security automation that demonstrate why more and more organisations believe and have demonstrated that " you can be more secure in the AWS Cloud than in your own data center.
Speaker: Myles Hosford,
Security Solution Architect, AWS APAC
Secure your AWS Account and your Organization's Accounts Amazon Web Services
The cloud enables users to run workloads more securely than they could in a traditional data center. However, customers are still not sure how to harden their AWS accounts and resources in order to enforce compliance. Consistency around governance can also be a concern when large customers have multiple accounts. In this session, we show you how to use automation, tools, and techniques to harden and audit your AWS account as well as how to leverage AWS Organizations to ensure compliance in your enterprise.
Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services.
Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN
Similar to Best Practices for Security at Scale (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
2. Agenda
• Sources of Best Practices
• A Bad Day
• Best of the Best Practices
– Identity and Access Management
– Logging and Monitoring
– Infrastructure Security
– Data Protection
• Click, Script, Commit
• Tools and Automation
3. Sources of Best Practices
AWS Cloud Adoption
Framework (CAF)
AWS Security Best
Practices
Center for Internet
Security (CIS)
Benchmarks
How to move to the cloud securely
following the Security Perspective
Core Capabilities:
• Identity and Access Management
• Logging and Monitoring (Detect)
• Infrastructure Security
• Data Protection
• Incident Response
Whitepaper with 44 best practices
including:
• Identity and Access Management
(10 best practices)
• Logging and Monitoring (4)
• Infrastructure Security (15)
• Data Protection (15)
148 detailed recommendations for
configuration and auditing covering:
• “AWS Foundations” with 52
checks aligned to AWS Best
Practices
• “AWS Three-Tier Web
Architecture” with 96 checks for
web applications
7. S3 Bucket
“Data
Backup”
Internal
Data ServiceBad Person
S3 Bucket
“Website
Images”
Web Server
InstanceInternet
AWS Account
Internet
Gateway
1 2
3 4
5
Bill’sBadDay
Bill
1
Access the
vulnerable web
application
2
Pivot to the data
service
3
Delete the website
image files
4
Change
permissions to the
data backup
5
Download the data
backup
8. S3 Bucket
“Website
Images”
Web Server
InstanceInternet
AWS Account
Internet
Gateway
Bill’sBadDay
Bill
No web application
protection
2 One account
3 No segmentation
4
All permissions
granted
5
Sensitive data not
encrypted
1
6
No logging,
monitoring, alerting
… now let’s help Andy
have a great day! :-)
Andy S3 Bucket
“Data
Backup”
Internal
Data Service
9. Best of the Best Practices: Identity and Access Mgmt
1) Use multiple AWS
accounts to reduce blast
radius
2) Use limited roles and
grant temporary security
credentials
3) Federate to an existing
identity service
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
Production Staging
Temporary
Security
Credentials
IAM IAM
MFA token
AWS Directory
Service
IAM Roles
AWS accounts provide
administrative isolation
between workloads across
different lines of business,
regions, stages of
production and types of data
classification.
IAM roles and temporary
security credentials mean
you don't always have to
manage long-term
credentials and IAM users
for each entity that requires
access to a resource.
Control access to AWS
resources, and manage the
authentication and
authorisation process
without needing to re-create
all your corporate users as
IAM users.
11. Best of the Best Practices: Logging and Monitoring
4) Turn on logging in all
accounts, for all services, in
all regions
5) Use the AWS platform’s
built-in monitoring and
alerting features
6) Use a separate AWS
account to fetch and store
copies of all logs
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS
Config
Amazon
CloudWatch
AWS
CloudTrail
CloudWatch
Alarms
Production Security
The AWS API history in
CloudTrail enables security
analysis, resource change
tracking, and compliance
auditing. CloudWatch
collects and tracks metrics
and monitors log files.
Monitoring a broad range of
sources will ensure that
unexpected occurrences are
detected. Establish alarms
and notifications for
anomalous or sensitive
account activity.
Configuring a security
account to copy logs to a
separate bucket ensures
access to information which
can be useful in security
incident response
workflows.
13. Best of the Best Practices: Infrastructure Security
7) Create a threat
prevention layer using
AWS edge services
8) Create network zones
with Virtual Private Clouds
(VPCs) and security groups
9) Manage vulnerabilities
through patching and
scanning
Use the 70 worldwide points
of presence in the AWS
edge network to provide
scalability, protect from
denial of service attacks,
and protect from web
application attacks.
Implement security controls
at the boundaries of hosts
and virtual networks within
the cloud environment to
enforce access policy.
Test virtual machine images
and snapshots for operating
system and application
vulnerabilities throughout
the build pipeline and into
the operational environment.
AWS WAFAWS Shield
Amazon
CloudFront
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
Security Group
Amazon
Inspector
14. InfrastructureSecurity
AWS WAF
AWS Shield
S3 Bucket
“Website
Images”
Amazon
CloudFront
Internet
Internet
Gateway
3
Andy
Web Server
Instance
Security Group Security Group
Amazon
Inspector
S3 Bucket
“Data
Backup”
Internal
Data Service
Temporary
Security
Credentials
IAM
MFA token
AWS
Config
Amazon
CloudWatch
AWS
CloudTrail
AWS Directory
Service
AWS Account AWS Account
15. Best of the Best Practices: Data Protection
10) Encrypt data at rest
(with occasional exceptions)
11) Use server-side
encryption with provider
managed keys
12) Encrypt data in transit
(with no exceptions)
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS Best
Practices Paper
CIS Web-Tier
Benchmark
CIS Foundation
Benchmark
AWS KMS
Data
Encryption Key
AWS KMS Amazon S3 Amazon
CloudFront
Internet
Gateway
SSL / TLS /
HTTPS
Enabling encryption at rest
helps ensure the
confidentiality and integrity
of data. Consider encrypting
everything that is not public.
AWS Key Management
Service (KMS) is seamlessly
integrated with 18 other
AWS services. You can use
a default master key or
select a custom master key,
both managed by AWS.
Encryption of data in transit
provides protection from
accidental disclosure,
verifies the integrity of the
data, and can be used to
validate the remote
connection.
16. AWS WAF
AWS KMS
AWS Shield
S3 Bucket
“Website
Images”
Amazon
CloudFront
AWS KMS
Data
Encryption Key
Internet
Internet
Gateway
Andy
Amazon
Inspector
S3 Bucket
“Data
Backup”
DataProtection
Security Group
Web Server
Instance
Internal
Data Service
Temporary
Security
Credentials
IAM
MFA token
AWS
Config
Amazon
CloudWatch
AWS
CloudTrail
AWS Directory
Service
AWS Account AWS Account
4
Security Group Security Group
17. AWS WAF
AWS KMS
AWS Shield
Temporary
Security
Credentials
IAM
S3 Bucket
“Website
Images”
Amazon
CloudFront
MFA token
Web Server
Instance
AWS KMS
Data
Encryption Key
Internet
AWS Account AWS Account
Security Group Security Group
Internet
Gateway
Andy
AWS
Config
Amazon
CloudWatch
AWS
CloudTrail
Amazon
Inspector
AWS Directory
Service
S3 Bucket
“Data
Backup”
Internal
Data Service
BestPractices
26. Three Stages of Cloud Security Maturity
Stage One “Click”
Manual Best Practices
Static Workloads
Release 1x per month
Stage Two “Script”
Automated Controls
Evolving Workloads
Release 1-10x per
month
Stage Three “Commit”
Continuous Security
Agile Workloads
Release 10-100x per
month
… DevSecOps?
27. Tools and Automation
Amazon
Inspector
Amazon
CloudWatch Events
AWS
Config Rules
An automated security
assessment service that helps
improve the security and
compliance of applications
deployed on AWS. Amazon
Inspector automatically assesses
applications for vulnerabilities or
deviations from best practices.
A monitoring service for AWS
cloud resources and the
applications you run on AWS.
You can easily build workflows
that automatically take actions
you define, such as invoking an
AWS Lambda function, when an
event of interest occurs.
A fully managed service that
provides you with an AWS
resource inventory, configuration
history, and configuration change
notifications. Config Rules
enables you to create rules that
automatically check the
configuration of AWS resources
recorded by AWS Config.
AWS re:Invent 2016: “5 Security Automation Improvements You Can Make
by Using Amazon CloudWatch Events and AWS Config Rules” (SAC401)