SlideShare a Scribd company logo

Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017

Amazon Web Services
Amazon Web Services

Macquarie, a global provider of financial services, identified early on that it would require strong partnership between its business, technology and risk teams to enable the rapid adoption of AWS cloud technologies. As a result, Macquarie built a Cloud Governance Platform to enable its risk functions to move as quickly as its development teams. This platform has been the backbone of Macquarie’s adoption of AWS over the past two years and has enabled Macquarie to accelerate its use of cloud technologies for the benefit of clients across multiple global markets. This talk will outline the strategy that Macquarie embarked on, describe the platform they built, and provide examples for other organizations who are on a similar journey.

1 of 43
STRICTLY CONFIDENTIAL re:Inventing digital banking Macquarie Group Adam Prettejohn November 30, 2017
PAGE 2
PAGE 3 2017 Macquarie Group overview 13,966 employees assets under management as of 30 Sep 17 $961m 1H18 net profit Macquarie Group overview 1 Global locations Annuity-style businesses Capital markets facing businesses Macquarie Asset Management Banking and Financial Services Corporate and Asset Finance Macquarie Capital Commodities and Global Markets Macquarie Group Asia 13 locations Middle East 2 locations Europe 12 locations North America 19 locations New Zealand One location Australia Nine locations Africa Two locations Latin America Three locations 1. Net profit contribution is management accounting profit before unallocated corporate costs, profit share and income tax. Pie chart is based on 1H18 net profit contribution from operating groups. Macquarie Group in numbers 27 countries ~$371.3b 14% 7%11% 23% 45%
PAGE 4 Innovation is in our heritage
PAGE 5 BusinessBusiness TechnologyTechnology Risk ManagementRisk management Cloud innovation Cloud innovation
STRICTLY CONFIDENTIAL
PAGE 7 What sets Macquarie apart? Heavily regulated Globally distributed Diverse applications Opportunistic businesses Dynamic organisation
PAGE 8 Our principles for cloud… Customer focused Application centric Immutable infrastructure Security, compliance, resilience in depth and by design Agile DevOps Buy rather than build Cloud Principles
PAGE 9 How we implemented it… 1 Standardised deployment framework 2Continuous delivery and infrastructure as code 3 Extendable engines that automate security & compliance 4Continual assurance score-carding Arturo—Macquarie Cloud Platform
PAGE 10 Standardised deployment framework 1 Data driven Application centric Dynamic ‘CMDB’ Automated governance
PAGE 11 05 Immutable deployment 04 Pipeline installs your application 03 Pipeline provisions cloud infrastructure 02 Write infrastructure as code & commit change Continuous delivery & infrastructure as code 2 Repeatable, auditable process 01 Register app in Arturo (Macquarie Cloud Platform)
PAGE 12 Extendable engines that automate security & compliance 3 Security and compliance Cloud compliance Lifecycle management IAM policies Security logging Security groups Encryption
PAGE 13 Extendable engines that automate security & compliance 3 Amazon Web Services (AWS) provides the building blocks for managing our side of the shared responsibility model Putting security and compliance standards first? With a minimal amount of effort? And still enable business agility? while HOW Can we delegate the tools at scale within the organisation?
PAGE 14 Extendable engines that automate security & compliance 3 Example applications
PAGE 15 Extendable engines that automate security & compliance 3 Example applications db
PAGE 16 HOW Extendable engines that automate security & compliance 3 Do I need RDS encryption? Which Amazon RDS encryption key should I use? When should I be multi–AZ for my RDS databases? How do I take RDS backups? Relational Database Service (Amazon RDS)
PAGE 17 RDS { "ebs": { "type": "ebs", "template": { "Resources" : { "Volume" : { "Metadata" : { "Pipeline::Dataset" : "ebs_test_dataset" } } } } } } Extendable engines that automate security & compliance 3 "Resources" : { "DBInstance" : { "Properties" : { "DBInstanceClass" : "db.m3.medium", "Engine" : "MYSQL", "EngineVersion" : "5.7.17", "AllocatedStorage" : “20” }, "Metadata” : { "Pipeline::Dataset" : “mysql_test_dataset" } } } "Pipeline::Dataset" : "mysql_test_dataset"
PAGE 18 { "DBInstance": { "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "MySQL", "EngineVersion" : "5.7.17", "DBInstanceClass" : "db.m3.medium", "AllocatedStorage": {"Ref" : "DBSize"], "StorageEncrypted" : true, "KmsKeyID" : "arn:aws:kms:ap-southeast-2:<redacted>", "DBSubnetGroupName": {"Ref": "DBSubnetGroupName"}, "VPCSecurityGroups": { "Ref": "SecurityGroups"}, "MasterUsername" : "root", "MasterUserPassword" : {"Ref": "MasterPasswordNoEcho"}, "Tags" : {"Key": "DataClassification", "Value" : “Internal" } "MultiAZ": true, "BackupRetentionPeriod": "35", "AutoMinorVersionUpgrade": false }, "DeletionPolicy": "Snapshot", } } Extendable engines that automate security & compliance 3 "StorageEncrypted" : true, "KmsKeyID": "arn:aws:kms:ap-southeast-2:<redacted>", "Tags" : {"Key": "DataClassification", "Value":"Internal"} "DeletionPolicy": "Snapshot", RDS
PAGE 19 Extendable engines that automate security & compliance 3 AWS Identity and Access Management (IAM) policy bucket
PAGE 20 HOW IAM policy Extendable engines that automate security & compliance 3 How do I ensure my application is using “least privilege” IAM policies? • Resources and Principals • Condition keys on some actions but not others • Cross account delegation • How do I know which application an IAM entity belongs to? • What if that other application hasn’t even been created yet? • How do I ensure everyone in my organisation knows not to ever set Principal to public in a bucket policy?
PAGE 21 IAM access policies Extendable engines that automate security & compliance 3 { "S3BucketPolicy" : { "Properties" : { "PolicyDocument": { "Statement" : [ { "Sid" : "WriteWorkers", "Effect" : "Allow", "Principal" : { "Component" : ["workers" ] }, "Action" : ["write", "delete"], "Resource": ["analytics/*", "data/*" ]}, { "Sid" : "ReadAnalytics", "Effect" : "Allow", "Principal" : { "Application" : [ "prn:aws:syd:prod:analytics:*::*" ]}, "Action" : ["read"], “Resource" : "analytics/*" } ] } } } } "Sid" : "WriteWorkers", "Effect" : "Allow", "Principal" : { "Component" : ["workers" ] }, "Action" : ["write", "delete"], "Resource": ["analytics/*", "data/*" ]}, "Sid" : "ReadAnalytics", "Effect" : "Allow", "Principal" : { "Application" : [ "prn:aws:syd:prod:analytics:*::*" ] }, "Action" : ["read"], “Resource" : "analytics/*"
PAGE 22 { "Statement": [ { "Sid": "AllBucketsActions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::*"] }, { "Sid": "DeleteWithPrefix", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:RestoreObject", "s3:DeleteObject", "s3:DeleteObjectVersion"], "Resource": [ "arn:aws:s3:::<redacted_bucket>/analytics/*", "arn:aws:s3:::<redacted_bucket>/data/*"] }, { "Sid": "ReadWithPrefix", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectMetaData", "s3:GetObjectTorrent", "s3:GetObjectTorrentVersion", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::<redacted_bucket>/analytics/*", "arn:aws:s3:::<redacted_bucket>/data/*"] }, IAM access policies Extendable engines that automate security & compliance 3
PAGE 23 Extendable engines that automate security & compliance 3 Security groups
PAGE 24 HOW Extendable engines that automate security & compliance 3 How do I control which other network assets can connect to my application? (ingress rules) How can I ensure my own network assets have “least privilege” access (egress rules) Security groups
PAGE 25 Security groups Extendable engines that automate security & compliance 3 { "ALBSecurityGroup": { "Properties": { "IngressRules": [ { "sources": [ "@UserDevices" ], "ports": [ "TCP:443"] }, { "sources": [ "prn:aws:syd:prod:admin:prod:appservers"], "ports" : [ "TCP:8443"]} ] } }, "WorkersSecurityGroup": { "Properties": { "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:5555"] } ] } }, "DBSecurityGroup": { "Properties": { "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:SQL"] } ] } } } "IngressRules": [ { "sources": [ "@UserDevices" ], "ports": [ "TCP:443"] }, { "sources": [ "prn:aws:syd:prod:admin:prod:appservers"], "ports" : [ "TCP:8443"]} ] "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:5555"] } ] "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:SQL"] } ]
PAGE 26 { "Resources": { "ALBSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "CidrIp": "192.0.2.0/24" }, { "IpProtocol": "tcp", "FromPort" : 8443, "ToPort" : 8443, "SourceSecurityGroupId" : { "Fn::ImportValue" : "security-group-prn:aws:syd:prod:admin:prod:appservers“ } } ], "VpcId": { "Ref" : "VpcId" } } }, "WorkersSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref" : "VpcId" } Security groups Extendable engines that automate security & compliance 3
PAGE 27 Application centric AWS “Trusted Advisor” Continual assurance score-carding 4 Financials Data management Resilience Security AWS Best Practices
PAGE 28 Corporate level governance Continual assurance score-carding 4 Enabling empowered and accountable application owners z Application: commodity market insights Commodity Market Insights is forecast to only use $2,650 of its $3,000 budget Budget Active Environments Time to ExpiryEnvironment Cost (per day) Total Cost Owner Production N/A Uptime 25 days $80.50 $2,012.50 Julie Smith Feature-334 3 Hrs 5 mins 5 days $13.50 $67.50 Martin Jones Dev-339 4 Days 3 hours $5.50 $5.50 Jagan Vander ViolationIssue Due SoonNo IssuesAssurances Non-ProdProd Assurance Issue Stack Rolls Resilience Snapshots N/A N/A There is one non-prod environment that is due to be stack-rolled in the next 5 days
PAGE 29 Corporate level governance Continual assurance score-carding 4 Enabling empowered and accountable application owners Trading Analytics is forecast to use $8,250 of its total $10,000 budget Trade Capture has exceeded its budget of $2,000 by $65 Data Analytics is forecast to exceed its budget of $2,000 by $112 Real-time Routing is forecast to exceed its budget of $1,500 by $30 Market Insights is forecast to only use $2,543 of its $4,500 budget Applications Portfolio: trading analytics Services Portfolios Budget Assurances Non-ProdProd Trade Capture is fully compliant Data Analytics is fully compliant Real-time Routing is fully compliant Market Insights has one non-prod assurance (stack rolls) coming due
PAGE 30 Did it work ? 100+ running on AWS and hundreds of dev/test solutions production applications 10k each month all fully automated, zero-touch, developer driven environment builds 100+ for each cloud engineer developers enabled
PAGE 31 1 ‘One team one dream’ Business, technology and risk management Establish a cloud centre of excellence Keys to success 2 3 Embrace DevOps, InfraOps and DevSecOps Listen to your customers4 Culture Culture Culture Culture Culture Culture5
STRICTLY CONFIDENTIAL
PAGE 33 BusinessBusiness TechnologyTechnology Risk ManagementRisk management Cloud innovation Cloud innovation
PAGE 34 https://macquarie.com/careers
STRICTLY CONFIDENTIAL re:Inventing digital banking Macquarie Group 30th November 2017 Adam Prettejohn
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RESOURCES C l o u d A d o p t i o n i n R e g u l a t e d F i n a n c i a l S e r v i c e s
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk Management: AWS Artifact Global Financial Services Regulatory Principles Whitepaper PCI DSS Attestation of Compliance and Responsibility Summary Australian Prudential Regulation Authority (APRA) “Management of Security Risk in IT” CPG 234 Workbook https://aws.amazon.com/artifact/ APRA
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tech: AWS Quick Starts NIST Quick Start PCI DSS Quick Start Data Lake Foundation on AWS Quick Start https://aws.amazon.com/quickstart/ Amazon S3 Amazon Redshift Amazon Athena
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business: AWS Cloud Adoption Framework https://aws.amazon.com/professional-services/CAF/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to Start? AWS Partner Network https://aws.amazon.com/partners/ https://aws.amazon.com/partners/find/results/?facets=office+%3A+%27australia
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Starts on Day One Compliance Loves Automation Financial Services Runs in the Cloud Remember
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Adam Prettejohn Cloud Division Director Macquarie Group Phil Rodrigues Principal Security Solutions Architect Amazon Web Services (ANZ) philrod@amazon.com Contact Come down (under) and ask us some questions
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 

Recommended

Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017AWS Security State of the Union - SID326 - re:Invent 2017
AWS Security State of the Union - SID326 - re:Invent 2017Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon Web Services
 
ThreatResponse
ThreatResponseThreatResponse
ThreatResponseAmazon Web Services
 
The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityAmazon Web Services
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityAmazon Web Services
 
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...Amazon Web Services
 
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...Amazon Web Services
 
Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Amazon Web Services
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
 
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Amazon Web Services
 
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
Infrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitInfrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitDanilo Poccia
 
AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAmazon Web Services
 

More Related Content

What's hot

The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityAmazon Web Services
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityAmazon Web Services
 
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...Amazon Web Services
 
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...Amazon Web Services
 
Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Amazon Web Services
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017Amazon Web Services
 
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Amazon Web Services
 
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...Amazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 

What's hot (20)

ThreatResponse
ThreatResponseThreatResponse
ThreatResponse
 
The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
 
The Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information SecurityThe Future of Securing Access Controls in Information Security
The Future of Securing Access Controls in Information Security
 
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityFSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum Security
 
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
How Dow Jones Identifies, Analyzes, and Remediates Security Issues with Hamme...
 
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
The 1%: Identity and Governance Patterns From the Most Advanced AWS Customers...
 
Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017Engineering the IoT at AWS - IOT402 - re:Invent 2017
Engineering the IoT at AWS - IOT402 - re:Invent 2017
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
 
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
Analytics, Authentication and Data with AWS Amplify - MBL403 - re:Invent 2017
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security Team
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
 
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
NEW LAUNCH! AWS Serverless Application Repository - SRV215 - re:Invent 2017
 
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
Data Security in the Cloud Demystified – Policies, Protection, and Tools for ...
 
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
How Zocdoc Achieved Security and Compliance at Scale With Infrastructure as C...
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
 

Similar to Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017

Infrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitInfrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitDanilo Poccia
 
AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAmazon Web Services
 
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013Amazon Web Services
 
Microxchg Analyzing Response Time Distributions for Microservices
Microxchg Analyzing Response Time Distributions for MicroservicesMicroxchg Analyzing Response Time Distributions for Microservices
Microxchg Analyzing Response Time Distributions for MicroservicesAdrian Cockcroft
 
Deep Dive - Infrastructure as Code
Deep Dive - Infrastructure as CodeDeep Dive - Infrastructure as Code
Deep Dive - Infrastructure as CodeAmazon Web Services
 
Managing the Life Cycle of IT Products
Managing the Life Cycle of IT ProductsManaging the Life Cycle of IT Products
Managing the Life Cycle of IT ProductsAmazon Web Services
 
Automating your Infrastructure Deployment with CloudFormation and OpsWorks –...
Automating your Infrastructure Deployment with CloudFormation and OpsWorks –... Automating your Infrastructure Deployment with CloudFormation and OpsWorks –...
Automating your Infrastructure Deployment with CloudFormation and OpsWorks –...Amazon Web Services
 
Stratalux Cloud Formation and Chef Integration Presentation
Stratalux Cloud Formation and Chef Integration PresentationStratalux Cloud Formation and Chef Integration Presentation
Stratalux Cloud Formation and Chef Integration PresentationJeremy Przygode
 
ELK - What's new and showcases
ELK - What's new and showcasesELK - What's new and showcases
ELK - What's new and showcasesAndrii Gakhov
 
IOOF IT System Modernisation
IOOF IT System ModernisationIOOF IT System Modernisation
IOOF IT System ModernisationMongoDB
 
Eagle6 mongo dc revised
Eagle6 mongo dc revisedEagle6 mongo dc revised
Eagle6 mongo dc revisedMongoDB
 
Eagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational AwarenessEagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational AwarenessMongoDB
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
ITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The Win
ITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The WinITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The Win
ITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The WinITCamp
 
MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...
MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...
MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...MongoDB
 
Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...
Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...
Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...randyguck
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)Pat Patterson
 
Case Study: Using Terraform and Packer to deploy go applications to AWS
Case Study: Using Terraform and Packer to deploy go applications to AWSCase Study: Using Terraform and Packer to deploy go applications to AWS
Case Study: Using Terraform and Packer to deploy go applications to AWSPatrick Bolduan
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseAmazon Web Services
 
Raquel Guimaraes- Third party infrastructure as code
Raquel Guimaraes- Third party infrastructure as codeRaquel Guimaraes- Third party infrastructure as code
Raquel Guimaraes- Third party infrastructure as codeThoughtworks
 

Similar to Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017 (20)

Infrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with GitInfrastructure as Code: Manage your Architecture with Git
Infrastructure as Code: Manage your Architecture with Git
 
AWS CloudFormation Best Practices
AWS CloudFormation Best PracticesAWS CloudFormation Best Practices
AWS CloudFormation Best Practices
 
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
Zero to Sixty: AWS CloudFormation (DMG201) | AWS re:Invent 2013
 
Microxchg Analyzing Response Time Distributions for Microservices
Microxchg Analyzing Response Time Distributions for MicroservicesMicroxchg Analyzing Response Time Distributions for Microservices
Microxchg Analyzing Response Time Distributions for Microservices
 
Deep Dive - Infrastructure as Code
Deep Dive - Infrastructure as CodeDeep Dive - Infrastructure as Code
Deep Dive - Infrastructure as Code
 
Managing the Life Cycle of IT Products
Managing the Life Cycle of IT ProductsManaging the Life Cycle of IT Products
Managing the Life Cycle of IT Products
 
Automating your Infrastructure Deployment with CloudFormation and OpsWorks –...
Automating your Infrastructure Deployment with CloudFormation and OpsWorks –... Automating your Infrastructure Deployment with CloudFormation and OpsWorks –...
Automating your Infrastructure Deployment with CloudFormation and OpsWorks –...
 
Stratalux Cloud Formation and Chef Integration Presentation
Stratalux Cloud Formation and Chef Integration PresentationStratalux Cloud Formation and Chef Integration Presentation
Stratalux Cloud Formation and Chef Integration Presentation
 
ELK - What's new and showcases
ELK - What's new and showcasesELK - What's new and showcases
ELK - What's new and showcases
 
IOOF IT System Modernisation
IOOF IT System ModernisationIOOF IT System Modernisation
IOOF IT System Modernisation
 
Eagle6 mongo dc revised
Eagle6 mongo dc revisedEagle6 mongo dc revised
Eagle6 mongo dc revised
 
Eagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational AwarenessEagle6 Enterprise Situational Awareness
Eagle6 Enterprise Situational Awareness
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
ITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The Win
ITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The WinITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The Win
ITCamp 2018 - Magnus Mårtensson - Azure Resource Manager For The Win
 
MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...
MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...
MongoDB World 2019: Building an Efficient and Performant Data Model: Real Wor...
 
Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...
Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...
Strata Presentation: One Billion Objects in 2GB: Big Data Analytics on Small ...
 
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
OData: Universal Data Solvent or Clunky Enterprise Goo? (GlueCon 2015)
 
Case Study: Using Terraform and Packer to deploy go applications to AWS
Case Study: Using Terraform and Packer to deploy go applications to AWSCase Study: Using Terraform and Packer to deploy go applications to AWS
Case Study: Using Terraform and Packer to deploy go applications to AWS
 
Incident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat ResponseIncident Response: Preparing and Simulating Threat Response
Incident Response: Preparing and Simulating Threat Response
 
Raquel Guimaraes- Third party infrastructure as code
Raquel Guimaraes- Third party infrastructure as codeRaquel Guimaraes- Third party infrastructure as code
Raquel Guimaraes- Third party infrastructure as code
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Cloud Adoption in Regulated Financial Services - SID328 - re:Invent 2017

  • 1. STRICTLY CONFIDENTIAL re:Inventing digital banking Macquarie Group Adam Prettejohn November 30, 2017
  • 3. PAGE 3 2017 Macquarie Group overview 13,966 employees assets under management as of 30 Sep 17 $961m 1H18 net profit Macquarie Group overview 1 Global locations Annuity-style businesses Capital markets facing businesses Macquarie Asset Management Banking and Financial Services Corporate and Asset Finance Macquarie Capital Commodities and Global Markets Macquarie Group Asia 13 locations Middle East 2 locations Europe 12 locations North America 19 locations New Zealand One location Australia Nine locations Africa Two locations Latin America Three locations 1. Net profit contribution is management accounting profit before unallocated corporate costs, profit share and income tax. Pie chart is based on 1H18 net profit contribution from operating groups. Macquarie Group in numbers 27 countries ~$371.3b 14% 7%11% 23% 45%
  • 4. PAGE 4 Innovation is in our heritage
  • 5. PAGE 5 BusinessBusiness TechnologyTechnology Risk ManagementRisk management Cloud innovation Cloud innovation
  • 7. PAGE 7 What sets Macquarie apart? Heavily regulated Globally distributed Diverse applications Opportunistic businesses Dynamic organisation
  • 8. PAGE 8 Our principles for cloud… Customer focused Application centric Immutable infrastructure Security, compliance, resilience in depth and by design Agile DevOps Buy rather than build Cloud Principles
  • 9. PAGE 9 How we implemented it… 1 Standardised deployment framework 2Continuous delivery and infrastructure as code 3 Extendable engines that automate security & compliance 4Continual assurance score-carding Arturo—Macquarie Cloud Platform
  • 10. PAGE 10 Standardised deployment framework 1 Data driven Application centric Dynamic ‘CMDB’ Automated governance
  • 11. PAGE 11 05 Immutable deployment 04 Pipeline installs your application 03 Pipeline provisions cloud infrastructure 02 Write infrastructure as code & commit change Continuous delivery & infrastructure as code 2 Repeatable, auditable process 01 Register app in Arturo (Macquarie Cloud Platform)
  • 12. PAGE 12 Extendable engines that automate security & compliance 3 Security and compliance Cloud compliance Lifecycle management IAM policies Security logging Security groups Encryption
  • 13. PAGE 13 Extendable engines that automate security & compliance 3 Amazon Web Services (AWS) provides the building blocks for managing our side of the shared responsibility model Putting security and compliance standards first? With a minimal amount of effort? And still enable business agility? while HOW Can we delegate the tools at scale within the organisation?
  • 14. PAGE 14 Extendable engines that automate security & compliance 3 Example applications
  • 15. PAGE 15 Extendable engines that automate security & compliance 3 Example applications db
  • 16. PAGE 16 HOW Extendable engines that automate security & compliance 3 Do I need RDS encryption? Which Amazon RDS encryption key should I use? When should I be multi–AZ for my RDS databases? How do I take RDS backups? Relational Database Service (Amazon RDS)
  • 17. PAGE 17 RDS { "ebs": { "type": "ebs", "template": { "Resources" : { "Volume" : { "Metadata" : { "Pipeline::Dataset" : "ebs_test_dataset" } } } } } } Extendable engines that automate security & compliance 3 "Resources" : { "DBInstance" : { "Properties" : { "DBInstanceClass" : "db.m3.medium", "Engine" : "MYSQL", "EngineVersion" : "5.7.17", "AllocatedStorage" : “20” }, "Metadata” : { "Pipeline::Dataset" : “mysql_test_dataset" } } } "Pipeline::Dataset" : "mysql_test_dataset"
  • 18. PAGE 18 { "DBInstance": { "Type": "AWS::RDS::DBInstance", "Properties": { "Engine": "MySQL", "EngineVersion" : "5.7.17", "DBInstanceClass" : "db.m3.medium", "AllocatedStorage": {"Ref" : "DBSize"], "StorageEncrypted" : true, "KmsKeyID" : "arn:aws:kms:ap-southeast-2:<redacted>", "DBSubnetGroupName": {"Ref": "DBSubnetGroupName"}, "VPCSecurityGroups": { "Ref": "SecurityGroups"}, "MasterUsername" : "root", "MasterUserPassword" : {"Ref": "MasterPasswordNoEcho"}, "Tags" : {"Key": "DataClassification", "Value" : “Internal" } "MultiAZ": true, "BackupRetentionPeriod": "35", "AutoMinorVersionUpgrade": false }, "DeletionPolicy": "Snapshot", } } Extendable engines that automate security & compliance 3 "StorageEncrypted" : true, "KmsKeyID": "arn:aws:kms:ap-southeast-2:<redacted>", "Tags" : {"Key": "DataClassification", "Value":"Internal"} "DeletionPolicy": "Snapshot", RDS
  • 19. PAGE 19 Extendable engines that automate security & compliance 3 AWS Identity and Access Management (IAM) policy bucket
  • 20. PAGE 20 HOW IAM policy Extendable engines that automate security & compliance 3 How do I ensure my application is using “least privilege” IAM policies? • Resources and Principals • Condition keys on some actions but not others • Cross account delegation • How do I know which application an IAM entity belongs to? • What if that other application hasn’t even been created yet? • How do I ensure everyone in my organisation knows not to ever set Principal to public in a bucket policy?
  • 21. PAGE 21 IAM access policies Extendable engines that automate security & compliance 3 { "S3BucketPolicy" : { "Properties" : { "PolicyDocument": { "Statement" : [ { "Sid" : "WriteWorkers", "Effect" : "Allow", "Principal" : { "Component" : ["workers" ] }, "Action" : ["write", "delete"], "Resource": ["analytics/*", "data/*" ]}, { "Sid" : "ReadAnalytics", "Effect" : "Allow", "Principal" : { "Application" : [ "prn:aws:syd:prod:analytics:*::*" ]}, "Action" : ["read"], “Resource" : "analytics/*" } ] } } } } "Sid" : "WriteWorkers", "Effect" : "Allow", "Principal" : { "Component" : ["workers" ] }, "Action" : ["write", "delete"], "Resource": ["analytics/*", "data/*" ]}, "Sid" : "ReadAnalytics", "Effect" : "Allow", "Principal" : { "Application" : [ "prn:aws:syd:prod:analytics:*::*" ] }, "Action" : ["read"], “Resource" : "analytics/*"
  • 22. PAGE 22 { "Statement": [ { "Sid": "AllBucketsActions", "Effect": "Allow", "Action": [ "s3:GetBucketLocation", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::*"] }, { "Sid": "DeleteWithPrefix", "Effect": "Allow", "Action": [ "s3:AbortMultipartUpload", "s3:RestoreObject", "s3:DeleteObject", "s3:DeleteObjectVersion"], "Resource": [ "arn:aws:s3:::<redacted_bucket>/analytics/*", "arn:aws:s3:::<redacted_bucket>/data/*"] }, { "Sid": "ReadWithPrefix", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:GetObjectVersion", "s3:GetObjectMetaData", "s3:GetObjectTorrent", "s3:GetObjectTorrentVersion", "s3:ListMultipartUploadParts" ], "Resource": [ "arn:aws:s3:::<redacted_bucket>/analytics/*", "arn:aws:s3:::<redacted_bucket>/data/*"] }, IAM access policies Extendable engines that automate security & compliance 3
  • 23. PAGE 23 Extendable engines that automate security & compliance 3 Security groups
  • 24. PAGE 24 HOW Extendable engines that automate security & compliance 3 How do I control which other network assets can connect to my application? (ingress rules) How can I ensure my own network assets have “least privilege” access (egress rules) Security groups
  • 25. PAGE 25 Security groups Extendable engines that automate security & compliance 3 { "ALBSecurityGroup": { "Properties": { "IngressRules": [ { "sources": [ "@UserDevices" ], "ports": [ "TCP:443"] }, { "sources": [ "prn:aws:syd:prod:admin:prod:appservers"], "ports" : [ "TCP:8443"]} ] } }, "WorkersSecurityGroup": { "Properties": { "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:5555"] } ] } }, "DBSecurityGroup": { "Properties": { "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:SQL"] } ] } } } "IngressRules": [ { "sources": [ "@UserDevices" ], "ports": [ "TCP:443"] }, { "sources": [ "prn:aws:syd:prod:admin:prod:appservers"], "ports" : [ "TCP:8443"]} ] "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:5555"] } ] "IngressRules": [ { "sources": [ "workers" ], "ports": [ "TCP:SQL"] } ]
  • 26. PAGE 26 { "Resources": { "ALBSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "SecurityGroupIngress": [ { "IpProtocol": "tcp", "FromPort": 443, "ToPort": 443, "CidrIp": "192.0.2.0/24" }, { "IpProtocol": "tcp", "FromPort" : 8443, "ToPort" : 8443, "SourceSecurityGroupId" : { "Fn::ImportValue" : "security-group-prn:aws:syd:prod:admin:prod:appservers“ } } ], "VpcId": { "Ref" : "VpcId" } } }, "WorkersSecurityGroup": { "Type": "AWS::EC2::SecurityGroup", "Properties": { "VpcId": { "Ref" : "VpcId" } Security groups Extendable engines that automate security & compliance 3
  • 27. PAGE 27 Application centric AWS “Trusted Advisor” Continual assurance score-carding 4 Financials Data management Resilience Security AWS Best Practices
  • 28. PAGE 28 Corporate level governance Continual assurance score-carding 4 Enabling empowered and accountable application owners z Application: commodity market insights Commodity Market Insights is forecast to only use $2,650 of its $3,000 budget Budget Active Environments Time to ExpiryEnvironment Cost (per day) Total Cost Owner Production N/A Uptime 25 days $80.50 $2,012.50 Julie Smith Feature-334 3 Hrs 5 mins 5 days $13.50 $67.50 Martin Jones Dev-339 4 Days 3 hours $5.50 $5.50 Jagan Vander ViolationIssue Due SoonNo IssuesAssurances Non-ProdProd Assurance Issue Stack Rolls Resilience Snapshots N/A N/A There is one non-prod environment that is due to be stack-rolled in the next 5 days
  • 29. PAGE 29 Corporate level governance Continual assurance score-carding 4 Enabling empowered and accountable application owners Trading Analytics is forecast to use $8,250 of its total $10,000 budget Trade Capture has exceeded its budget of $2,000 by $65 Data Analytics is forecast to exceed its budget of $2,000 by $112 Real-time Routing is forecast to exceed its budget of $1,500 by $30 Market Insights is forecast to only use $2,543 of its $4,500 budget Applications Portfolio: trading analytics Services Portfolios Budget Assurances Non-ProdProd Trade Capture is fully compliant Data Analytics is fully compliant Real-time Routing is fully compliant Market Insights has one non-prod assurance (stack rolls) coming due
  • 30. PAGE 30 Did it work ? 100+ running on AWS and hundreds of dev/test solutions production applications 10k each month all fully automated, zero-touch, developer driven environment builds 100+ for each cloud engineer developers enabled
  • 31. PAGE 31 1 ‘One team one dream’ Business, technology and risk management Establish a cloud centre of excellence Keys to success 2 3 Embrace DevOps, InfraOps and DevSecOps Listen to your customers4 Culture Culture Culture Culture Culture Culture5
  • 33. PAGE 33 BusinessBusiness TechnologyTechnology Risk ManagementRisk management Cloud innovation Cloud innovation
  • 35. STRICTLY CONFIDENTIAL re:Inventing digital banking Macquarie Group 30th November 2017 Adam Prettejohn
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. RESOURCES C l o u d A d o p t i o n i n R e g u l a t e d F i n a n c i a l S e r v i c e s
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Risk Management: AWS Artifact Global Financial Services Regulatory Principles Whitepaper PCI DSS Attestation of Compliance and Responsibility Summary Australian Prudential Regulation Authority (APRA) “Management of Security Risk in IT” CPG 234 Workbook https://aws.amazon.com/artifact/ APRA
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tech: AWS Quick Starts NIST Quick Start PCI DSS Quick Start Data Lake Foundation on AWS Quick Start https://aws.amazon.com/quickstart/ Amazon S3 Amazon Redshift Amazon Athena
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business: AWS Cloud Adoption Framework https://aws.amazon.com/professional-services/CAF/
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to Start? AWS Partner Network https://aws.amazon.com/partners/ https://aws.amazon.com/partners/find/results/?facets=office+%3A+%27australia
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Starts on Day One Compliance Loves Automation Financial Services Runs in the Cloud Remember
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Adam Prettejohn Cloud Division Director Macquarie Group Phil Rodrigues Principal Security Solutions Architect Amazon Web Services (ANZ) philrod@amazon.com Contact Come down (under) and ask us some questions
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!