This document discusses cloud control frameworks and compliance on AWS. It provides an overview of AWS compliance programs and certifications across different regions and standards. It emphasizes that security and compliance are shared responsibilities between AWS and customers. Customers can use AWS services to implement controls that meet their objectives and address risks. The document provides examples of how to structure enterprise-wide, service-specific, and workload-specific controls on AWS. It recommends taking a risk-based approach and focusing on controls needed to achieve strategic objectives. Customers can use industry standard frameworks that AWS already supports as a starting point.
How Dow Jones uses AWS to create a secure perimeter around its web properties...Amazon Web Services
Dow Jones, a world-leading data, media, and intelligence solutions provider with brands like the Wall Street Journal and MarketWatch, has numerous applications that need protection. The company was seeking a protection solution and a way to gain more control over security, and it looked to AWS to secure the cloud right at the edge. This session explores how Dow Jones implemented innovative architecture to meet its software security framework using CloudFront, AWS Shield, AWS WAF, Lambda, and more. Learn how to use AWS services to architect software environments for securing applications. Join Kamal Verma, senior principal engineer at Dow Jones, for a deep dive into their implementation and learnings.
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
"DevSecOps is driving the use of security testing throughout the application lifecycle, from initial development to product monitoring. Application security testing is unlike other forms of security in that it directly impacts the daily routines of developers. John Maski, the former director of DevSecOps at AT&T, discusses securing CI/CD pipelines in enterprise environments and “shifting left” with security. He reveals best practices gained from moving AT&T’s primary DevOps practice to a DevSecOps practice using static and dynamic application security testing. You’ll discover why strong executive sponsorship, a cultural shift, and solid cross-organization teaming are critical and how they can be the way forward to your own DevSecOps success.
"
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...Amazon Web Services
AWS GovCloud (US) is an offering of isolated AWS infrastructure and services that address stringent US regulatory and compliance requirements. Government agencies and private sector enterprises in regulated industries leverage AWS GovCloud to run mission-critical and sensitive workloads on the cloud. This session details AWS GovCloud and the use cases and workloads that are fit for it, including how it can help address ITAR, FedRAMP, DOD SRG, CJIS, DFARS, and other requirements. We cover the Authority to Operate on AWS program and how it helps speed up the time to compliance for workloads in AWS GovCloud. Come learn about AWS GovCloud and the benefits of automating security and compliance.
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements.
Senior Principal Security Engineer Don "Beetle" Bailey and Corey Quinn from the highly acclaimed "Last Week in AWS" newsletter present best practices, features, and security updates you may have missed in the AWS Cloud. With more than 1,000 service updates per year being released, having expert distillation of what's relevant to your environment can accelerate your adoption of the cloud. As techniques for operationalizing cloud security, compliance, and identity remain a critical business need, this leadership session considers a strategic path forward for all levels of enterprises and users, from beginner to advanced.
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
For regulated data types, such as personally identifiable information, customers often ask the same questions. This session addresses questions on topics that range from deletion of data to third-party assurance reports, and it connects you with the corresponding risk discussions and the applicable AWS technology or supporting language from AWS documentation. Learn how to speed up your risk assessment by equipping yourself with facts and knowledge that will help you make informed decisions about your AWS journey.
How does the cloud foster innovation? Join Vice President and Distinguished Engineer Eric Brandwine as he details why there is no better time than now to be a pioneer in the AWS Cloud, discussing the changes that next-gen technologies such as quantum computing, machine learning, serverless, and IoT are expected to make to the digital and physical spaces over the next decade. Organizations within the large AWS customer base can take advantage of security features that would have been inaccessible even five years ago; Eric discusses customer use cases along with simple ways in which customers can realize tangible benefits around topics previously considered mere buzzwords.
How Dow Jones uses AWS to create a secure perimeter around its web properties...Amazon Web Services
Dow Jones, a world-leading data, media, and intelligence solutions provider with brands like the Wall Street Journal and MarketWatch, has numerous applications that need protection. The company was seeking a protection solution and a way to gain more control over security, and it looked to AWS to secure the cloud right at the edge. This session explores how Dow Jones implemented innovative architecture to meet its software security framework using CloudFront, AWS Shield, AWS WAF, Lambda, and more. Learn how to use AWS services to architect software environments for securing applications. Join Kamal Verma, senior principal engineer at Dow Jones, for a deep dive into their implementation and learnings.
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
"DevSecOps is driving the use of security testing throughout the application lifecycle, from initial development to product monitoring. Application security testing is unlike other forms of security in that it directly impacts the daily routines of developers. John Maski, the former director of DevSecOps at AT&T, discusses securing CI/CD pipelines in enterprise environments and “shifting left” with security. He reveals best practices gained from moving AT&T’s primary DevOps practice to a DevSecOps practice using static and dynamic application security testing. You’ll discover why strong executive sponsorship, a cultural shift, and solid cross-organization teaming are critical and how they can be the way forward to your own DevSecOps success.
"
AWS GovCloud (US): A path to high compliance in the cloud - GRC344 - AWS re:I...Amazon Web Services
AWS GovCloud (US) is an offering of isolated AWS infrastructure and services that address stringent US regulatory and compliance requirements. Government agencies and private sector enterprises in regulated industries leverage AWS GovCloud to run mission-critical and sensitive workloads on the cloud. This session details AWS GovCloud and the use cases and workloads that are fit for it, including how it can help address ITAR, FedRAMP, DOD SRG, CJIS, DFARS, and other requirements. We cover the Authority to Operate on AWS program and how it helps speed up the time to compliance for workloads in AWS GovCloud. Come learn about AWS GovCloud and the benefits of automating security and compliance.
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
OLX, the world's leading online classifieds service platform, operates a network of online trading platforms, with over 300M monthly users in over 45 countries. In this session, learn how we built a serverless PCI SAQ A-EP-compliant credit card payment service. Understand how regulation changes affected the solution and the importance of defining the right PCI scope on AWS. Also learn which AWS artifacts are critical and which AWS services can help meet compliance requirements.
Senior Principal Security Engineer Don "Beetle" Bailey and Corey Quinn from the highly acclaimed "Last Week in AWS" newsletter present best practices, features, and security updates you may have missed in the AWS Cloud. With more than 1,000 service updates per year being released, having expert distillation of what's relevant to your environment can accelerate your adoption of the cloud. As techniques for operationalizing cloud security, compliance, and identity remain a critical business need, this leadership session considers a strategic path forward for all levels of enterprises and users, from beginner to advanced.
Technology as a means for compliance - GRC206 - AWS re:Inforce 2019 Amazon Web Services
For regulated data types, such as personally identifiable information, customers often ask the same questions. This session addresses questions on topics that range from deletion of data to third-party assurance reports, and it connects you with the corresponding risk discussions and the applicable AWS technology or supporting language from AWS documentation. Learn how to speed up your risk assessment by equipping yourself with facts and knowledge that will help you make informed decisions about your AWS journey.
How does the cloud foster innovation? Join Vice President and Distinguished Engineer Eric Brandwine as he details why there is no better time than now to be a pioneer in the AWS Cloud, discussing the changes that next-gen technologies such as quantum computing, machine learning, serverless, and IoT are expected to make to the digital and physical spaces over the next decade. Organizations within the large AWS customer base can take advantage of security features that would have been inaccessible even five years ago; Eric discusses customer use cases along with simple ways in which customers can realize tangible benefits around topics previously considered mere buzzwords.
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Amazon Web Services
Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. In this session, we describe the opportunities and challenges of bringing FIPS 140 to the cloud. We review the current state and new, automated approaches that are under evaluation at the National Institute of Standards and Technology (NIST).
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Amazon Web Services
In this session, Bill Reid, Senior Manager of Security Solutions Architects, and Bill Shinn, Senior Principal in the Office of the CISO, walk attendees through the ways in which security leadership and security best practices have evolved, with an emphasis on advanced tooling and features. Both speakers have provided frontline support on complex security and compliance questions posed by AWS customers; join them in this master class in cloud strategy and tactics.
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption.
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization today.
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
Do you ever feel like your efforts with security are futile? Change can lead to new, never-before-recognized opportunities to innovate. Security is no exception. Using measurements to drive us, we have found innovations in security that have led to greater collaboration and carefully curated security outcomes. The cloud has made never-before-seen security capabilities possible. Have you ever imagined talking about the five nines of security? We are! Come join the debate about how to make cloud workloads safer by adopting securability and a bounded measurable means of increasing the safety of software.
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
"In this workshop, you learn how to deploy AWS WAF in front of your application, how to set up AWS WAF full logging for compliance and monitoring purposes, and how to increase your security posture by creating custom rules using Amazon Elasticsearch Service with Kibana. You also learn how to protect your application against bad bots, web scrapers, and scanners by configuring bad and benign bot signatures and then automating your AWS WAF rules by parsing AWS WAF full logs using an AWS Lambda function.
All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services."
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
In this session, we explain how customers can enable business agility by evolving their governance approach to run at the speed of cloud. Learn how to think about security in the AWS Cloud, and receive prescriptive guidance on implementing technology to support your business. Hear about what good looks like, and learn how you can apply this approach in your organization today.
Unify security, compliance, and finance teams with governance at scale - GRC2...Amazon Web Services
Cloud users typically feel that security, compliance, and finance teams throttle speed and innovation. However, the concerns of security misconfigurations and cloud budget overruns are real threats to the enterprise as adoption scales. Organizations struggle with finding the right balance to empower these teams while giving end-users the autonomy required. The governance at scale framework provides visibility, control, autonomy, and confidence to move enterprises to the cloud. It was built on a decade of lessons learned from the largest customers, including AWS itself. This session shares stories of customer successes using this framework and the impacts to their cloud journeys.
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
Distributed Denial of Service (DDoS) attacks seek to affect the availability of applications through network congestion, connection state exhaustion, and application stress. AWS distills exabytes of NetFlow data, application logs, and service health metrics to inform DDoS attack detection, reporting, and mitigation systems. In this session, learn how to access insights about the DDoS threat environment and attacks against your specific AWS resources through the AWS Management Console, API, and Amazon CloudWatch. Finally, learn how to use this information to automate notification and response.
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Amazon Web Services
Every day, AWS and AWS customers encrypt an astounding volume of data. In this talk, we dive into the layers of encryption available on AWS and how to best use each one. We cover the whole stack, including encryption SDKs, key management and certificate management services, storage and database services that incorporate encryption, transport and network layers, datalink and physical layers, and encryption features built into Amazon EC2 Nitro hardware and the Amazon VPC network. Learn about the ways that you can protect your data using AWS technologies and of the many situations where you can achieve automatic, state-of-the-art encryption without doing anything.
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
GoDaddy is a company full of builders, and its mission is to empower everyday entrepreneurs to be successful online. In this session, learn how its Cloud Center of Excellence team is setting new standards for security and data encryption on AWS. Learn how GoDaddy leverages AWS Key Management Service to enable distributed application teams to move quickly and securely and how it has used advanced encryption handling techniques to protect sensitive data (e.g., ecommerce) for its 18 million customers. Finally, learn how you can leverage GoDaddy’s open-source advanced encryption handling SDK to protect your company’s most sensitive assets.
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Amazon Web Services
Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
Over the last 7 years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of Security at Alert Logic, and Zach Vinduska, VP of IT Infrastructure and Security at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 Security Operations Center can help you quickly detect threats, verify them as incidents, and support you in responding quickly and effectively.
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
Learn about AWS Security Hub and how it gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. See how Security Hub aggregates, prioritizes, and helps you act on your alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions.
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
Capital One innovates by leveraging AWS managed services such as AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), Amazon RDS for SQL Server and EC2 to deploy critical Windows workloads securely in an automated fashion. In this session, attendees will learn how Capital One uses AWS Managed Microsoft AD with their on-premises domain to provide secure and highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. You also learn security best practices for setting up AWS Managed Microsoft AD including implementing MFA, AD Trust options, AWS account isolation, security log collection, and more. In addition, we detail how Capital One uses AWS Managed Microsoft AD and Lambda Functions to simplify and automate Windows workload deployments across multiple AWS accounts and Amazon VPCs.
AWS event engineering at scale - SEP329 - AWS re:Inforce 2019 Amazon Web Services
"Are you interested in how AWS provides network infrastructure and IT security at global events? In this session, learn about the network and security challenges encountered when running events for 2,000 to 60,000 attendees. We describe the architecture used to deliver high-quality connectivity, considerations for large-scale attendee Wi-Fi, integration with other AWS services using AWS Direct Connect, and examples of incidents and events that we’ve managed over the years. Join the AWS event engineering team to see what it takes to deploy a huge temporary network for one week, provide secure and reliable service, and then remove it, leaving no trace!
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
Walk through the threat landscape, looking at what has happened over the last year. Learn about the best tools to have in your architecture currently and in the future to help you detect and deal with the threats of this year and the next. Identify where these threats are coming from, and learn how to detect them more easily. The information in this session is provided by various teams and sources.
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
This session is for those who are new to cloud security at AWS. We discuss common compliance programs, such as PCI DSS, any ISO, SoC, FedRAMP, and so on. We also cover which industries care about them and how we support them in the context of the AWS Shared Responsibility Model. In addition, we describe why these compliance programs are important to understand at a basic level. Our goal is to help you feel comfortable in describing certain compliance programs when a customer asks you about them.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
Innovating FIPS crypto validation in the Cloud - SEP321 - AWS re:Inforce 2019 Amazon Web Services
Federal Information Processing Standard (FIPS) 140-2 was published at a time when the full operational environment, from the cryptographic module to the processor, was definable, self-contained, and controlled by a single operator. With the arrival of cloud computing, these basic assumptions are no longer valid. The operational environment is not shippable to a lab, and it is not self-contained. In this session, we describe the opportunities and challenges of bringing FIPS 140 to the cloud. We review the current state and new, automated approaches that are under evaluation at the National Institute of Standards and Technology (NIST).
Leadership session: Security deep dive - SDD334-L - AWS re:Inforce 2019 Amazon Web Services
In this session, Bill Reid, Senior Manager of Security Solutions Architects, and Bill Shinn, Senior Principal in the Office of the CISO, walk attendees through the ways in which security leadership and security best practices have evolved, with an emphasis on advanced tooling and features. Both speakers have provided frontline support on complex security and compliance questions posed by AWS customers; join them in this master class in cloud strategy and tactics.
The fundamentals of AWS cloud security - FND209-R - AWS re:Inforce 2019 Amazon Web Services
The services that make up AWS are many and varied, but the set of concepts you need to secure your data and infrastructure is simple and straightforward. By the end of this session, you will know the fundamental patterns that you can apply to secure any workload you run in AWS with confidence. We cover the basics of network security, the process of reading and writing access management policies, and data encryption.
Build security into CI/CD pipelines for effective security automation on AWS ...Amazon Web Services
Realizing DevSecOps and effectively implementing security into CI/CD pipelines on AWS remains a challenging proposition for most organizations today. In this session, we share the essential principles of achieving security automation in your CI/CD pipelines and across the build, deploy, and run phases of your applications. Finally, we conclude with a demonstration of security automation across all three phases of your applications that are deployed on AWS infrastructure, showing you how to bring security automation to your organization today.
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...Amazon Web Services
Do you ever feel like your efforts with security are futile? Change can lead to new, never-before-recognized opportunities to innovate. Security is no exception. Using measurements to drive us, we have found innovations in security that have led to greater collaboration and carefully curated security outcomes. The cloud has made never-before-seen security capabilities possible. Have you ever imagined talking about the five nines of security? We are! Come join the debate about how to make cloud workloads safer by adopting securability and a bounded measurable means of increasing the safety of software.
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Amazon Web Services
"In this workshop, you learn how to deploy AWS WAF in front of your application, how to set up AWS WAF full logging for compliance and monitoring purposes, and how to increase your security posture by creating custom rules using Amazon Elasticsearch Service with Kibana. You also learn how to protect your application against bad bots, web scrapers, and scanners by configuring bad and benign bot signatures and then automating your AWS WAF rules by parsing AWS WAF full logs using an AWS Lambda function.
All attendees need a laptop, an active AWS Account, an AWS IAM Administrator, and a familiarity with core AWS services."
Security at the speed of cloud: How to think about it & how you can do it now...Amazon Web Services
In this session, we explain how customers can enable business agility by evolving their governance approach to run at the speed of cloud. Learn how to think about security in the AWS Cloud, and receive prescriptive guidance on implementing technology to support your business. Hear about what good looks like, and learn how you can apply this approach in your organization today.
Unify security, compliance, and finance teams with governance at scale - GRC2...Amazon Web Services
Cloud users typically feel that security, compliance, and finance teams throttle speed and innovation. However, the concerns of security misconfigurations and cloud budget overruns are real threats to the enterprise as adoption scales. Organizations struggle with finding the right balance to empower these teams while giving end-users the autonomy required. The governance at scale framework provides visibility, control, autonomy, and confidence to move enterprises to the cloud. It was built on a decade of lessons learned from the largest customers, including AWS itself. This session shares stories of customer successes using this framework and the impacts to their cloud journeys.
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
Distributed Denial of Service (DDoS) attacks seek to affect the availability of applications through network congestion, connection state exhaustion, and application stress. AWS distills exabytes of NetFlow data, application logs, and service health metrics to inform DDoS attack detection, reporting, and mitigation systems. In this session, learn how to access insights about the DDoS threat environment and attacks against your specific AWS resources through the AWS Management Console, API, and Amazon CloudWatch. Finally, learn how to use this information to automate notification and response.
Encrypting everything with AWS - SEP402 - AWS re:Inforce 2019 Amazon Web Services
Every day, AWS and AWS customers encrypt an astounding volume of data. In this talk, we dive into the layers of encryption available on AWS and how to best use each one. We cover the whole stack, including encryption SDKs, key management and certificate management services, storage and database services that incorporate encryption, transport and network layers, datalink and physical layers, and encryption features built into Amazon EC2 Nitro hardware and the Amazon VPC network. Learn about the ways that you can protect your data using AWS technologies and of the many situations where you can achieve automatic, state-of-the-art encryption without doing anything.
How GoDaddy protects ecommerce and domains with AWS KMS and encryption - SDD4...Amazon Web Services
GoDaddy is a company full of builders, and its mission is to empower everyday entrepreneurs to be successful online. In this session, learn how its Cloud Center of Excellence team is setting new standards for security and data encryption on AWS. Learn how GoDaddy leverages AWS Key Management Service to enable distributed application teams to move quickly and securely and how it has used advanced encryption handling techniques to protect sensitive data (e.g., ecommerce) for its 18 million customers. Finally, learn how you can leverage GoDaddy’s open-source advanced encryption handling SDK to protect your company’s most sensitive assets.
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Amazon Web Services
This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Amazon Web Services
Liberty Mutual is opinionated about how application teams deliver and deploy code into AWS. Applications must be able to secure all data types, meet security standards, and deploy via automation. Radar is an event-driven, rules-based service for validating and remediating AWS cloud resources, and it ensures that security standards are enforced. In this session, learn about Radar, which is built on AWS and designed to ensure compliance across hundreds of AWS accounts in 14 regions while providing flexibility for rule variation. Whether risks are prevented during continuous integration or detected upon deployment and remediated, the goal is the same: all policy is enforced at the earliest moment of risk.
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
Over the last 7 years, Alert Logic has helped AWS customers achieve enhanced security and peace of mind. Learn how positive security outcomes are attained by combining human expertise and the latest in AWS security in this engaging session with Jack Danahy, SVP of Security at Alert Logic, and Zach Vinduska, VP of IT Infrastructure and Security at ClubCorp. Hear real-world examples of how expert defenders in Alert Logic’s 24/7 Security Operations Center can help you quickly detect threats, verify them as incidents, and support you in responding quickly and effectively.
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
Learn about AWS Security Hub and how it gives you a comprehensive view of your high-priority security alerts and compliance status across AWS accounts. See how Security Hub aggregates, prioritizes, and helps you act on your alerts from multiple AWS services, such as Amazon GuardDuty, Amazon Inspector, and Amazon Macie, as well as from AWS Partner solutions.
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
Capital One innovates by leveraging AWS managed services such as AWS Directory Service for Microsoft Active Directory (AWS Managed Microsoft AD), Amazon RDS for SQL Server and EC2 to deploy critical Windows workloads securely in an automated fashion. In this session, attendees will learn how Capital One uses AWS Managed Microsoft AD with their on-premises domain to provide secure and highly available authentication and authorization services for its Windows workloads, such as Amazon RDS for SQL Server. You also learn security best practices for setting up AWS Managed Microsoft AD including implementing MFA, AD Trust options, AWS account isolation, security log collection, and more. In addition, we detail how Capital One uses AWS Managed Microsoft AD and Lambda Functions to simplify and automate Windows workload deployments across multiple AWS accounts and Amazon VPCs.
AWS event engineering at scale - SEP329 - AWS re:Inforce 2019 Amazon Web Services
"Are you interested in how AWS provides network infrastructure and IT security at global events? In this session, learn about the network and security challenges encountered when running events for 2,000 to 60,000 attendees. We describe the architecture used to deliver high-quality connectivity, considerations for large-scale attendee Wi-Fi, integration with other AWS services using AWS Direct Connect, and examples of incidents and events that we’ve managed over the years. Join the AWS event engineering team to see what it takes to deploy a huge temporary network for one week, provide secure and reliable service, and then remove it, leaving no trace!
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Amazon Web Services
One of the first questions that customers ask during their cloud journeys is how to establish and build AWS environments or landing zones. In this session, we discuss best practices for establishing a scalable approach and necessary landing zone framework. We present an overview of the approach and solutions to help you implement a landing zone. We also introduce the AWS Landing Zone, which is an automated solution for setting up a robust, flexible AWS environment, and we discuss how it reduces the time needed to get started. Finally, we provide a high level overview of AWS Control Tower and how it fits into the overall approach.
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
Walk through the threat landscape, looking at what has happened over the last year. Learn about the best tools to have in your architecture currently and in the future to help you detect and deal with the threats of this year and the next. Identify where these threats are coming from, and learn how to detect them more easily. The information in this session is provided by various teams and sources.
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
This session is for those who are new to cloud security at AWS. We discuss common compliance programs, such as PCI DSS, any ISO, SoC, FedRAMP, and so on. We also cover which industries care about them and how we support them in the context of the AWS Shared Responsibility Model. In addition, we describe why these compliance programs are important to understand at a basic level. Our goal is to help you feel comfortable in describing certain compliance programs when a customer asks you about them.
Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
Why Your Customers Care About Compliance and You Should TooAmazon Web Services
As you're expanding your business into regulated markets, addressing compliance requirements can feel overwhelming. AWS has developed a robust compliance portfolio designed to help you and your customers meet compliance goals. During this session we will discuss ways to implement, market, and communicate compliance to your customers and grow your business in regulated industries. We’ll also cover common objections from customers and how you can find information to counter these concerns—and you’ll have time to discuss and share your own customer’s objections.
Speakers:
Kristin Haught - Technical PM III, AWS
Bill Reid - Sr Mgr, Solutions Architecture, AWS
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters - visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits of using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption. This is an executive level presentation that covers key technical concepts and capabilities to meet business security and compliance objectives. Intended audience includes CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically-savvy business managers.
The practice of cloud security and compliance now enables enterprises to innovate both quickly and securely. Many enterprises moving to the cloud may find that some aspects of the cloud security model differ from the model used in their traditional on-premises infrastructure. At AWS, security is our top priority, and this session provides an overview of our security model and best practices to help your organization innovate quickly while maintaining enterprise-level security in the cloud.
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
This year, the focus goes beyond technology to mining business insights around how cloud enables strategic industry trends such as Open and Virtual Banking and Insurance, Security and Compliance, Data Analytics and AI/ ML, FinTech and RegTech, Surveillance and more through sharing of best practices and use cases. In sessions led by customers, partners, industry leaders and AWS subject matter experts, you’ll learn how AWS helps financial institutions to focus on the innovation and outcomes that truly drive business forward. Business stakeholders, market makers, and technology owners will all learn something new, valuable and actionable.
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionAmazon Web Services
There are four common challenges that CISOs and their security teams struggle with even in the most secure and mature organizational datacenters: visibility, resilience, defense-in-depth, and automation. Learn how these challenges become benefits when using the AWS Cloud and why cybersecurity is becoming a driving force behind commercial cloud adoption.
CIOs, CISOs, technical managers, senior architects and engineers new to AWS, and technically savvy business managers are invited to this session are invited to explore key technical concepts and capabilities to meet business security and compliance objectives.
Secure Your Customers' Data from Day 1: Armando Leite, AWS
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
Security is job zero at AWS. Come and learn how to build a modern security practice on AWS and supercharge it with AWS partners and serverless automation. Learn about the Security Perspectives found the AWS Well-Architected Framework, which equip your security program to not only keep your environment secure but also move fast. Learn advanced techniques to empower your teams with Amazon GuardDuty so you can elevate your team's ability to identify, protect, detect, respond, and recover from security events.
Traditionally, technology governance has required long, detailed documents and hours of work for IT managers, security or audit professionals, and administrators. Automating governance on AWS offers a better way. AWS services modernize technology governance by enshrining policy into code and embedding security guardrails at the development level, to provide reliable policy implementation and allow for continuous and real-time auditing capabilities. Leave this session with a better understanding of the benefits of automating technology governance and managing security and compliance with AWS.
Presenter: John McDonald, Financial Services Compliance Specialist, AWS
Security & Identity: the Continuous Mitigation & Diagnostic Journey on AWSAmazon Web Services
Strengthening the security of federal networks, systems, and data is one of the most important challenges we face as a nation. The Office of Management and Budget (OMB) issued guidance that all federal agencies must establish information exchanges between their dashboards and the central federal dashboard. To assist in this requirement, we explore how agencies can implement a continuous diagnostics and mitigation (CDM) program using AWS. Topics include AWS services that map to CDM requirements; how to enforce compliance with standards; ways to provide visibility into current and actual states; how to centralize service data to build a dashboard; and how to create a chief information officer FISMA dashboard using AWS native services.
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
In this session, we discuss the challenges that regulated industries, such as government, finance, and healthcare, face in demonstrating compliance with security requirements. Through customer use cases, you learn which AWS Marketplace services enable appropriate threat mitigation in cloud computing, which can help you understand how to minimize your burden. Finally, we demonstrate methods to reduce business impact while increasing security effectiveness and reducing risk in your environment.
AWS Security Week: Why Your Customers Care About ComplianceAmazon Web Services
AWS Security Week at the San Francisco Loft: Why Your Customers Care About Compliance...and You Should Too!
Presenter: Kristen Haught, AWS Security Assurance
The Cybersecurity Maturity Model Certification enforces the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is shared by the U.S. Department of Defense with contractors and subcontractors. Learn more in the ControlCase CMMC Basics Webinar.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.