This document provides an overview of Amazon Web Services' (AWS) CloudHSM service. It discusses how CloudHSM is tamper-proof and tamper-evident, can be used as a keystore or for document timestamping, and needs to be backed up. It also summarizes how CloudHSM can be integrated with other AWS services like S3, EBS, EC2, Redshift, and RDS. Finally, it briefly discusses auditing capabilities and some common use cases for CloudHSM.
Deep Dive on AWS CloudHSM (SEC358-R1) - AWS re:Invent 2018Amazon Web Services
Organizations building applications that handle confidential or sensitive data are subject to many types of regulatory requirements, and they often rely on hardware security modules (HSMs) to provide validated control of encryption keys and cryptographic operations. AWS CloudHSM is a cloud-based HSM that enables you to easily generate and use your own encryption keys on the AWS Cloud using FIPS 140-2 Level 3 validated HSMs. This talk demonstrates best practices in configuring and scaling your CloudHSM cluster, implementing cross-region disaster recovery, and optimizing throughput.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Educate customers in the types of problems CloudHSM solves for them
- Build customer trust in the ability of CloudHSM to secure their workloads and data
- Energize customers to try out the service and use it to transfer and/or modernize workloads in AWS
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
With AWS, you can choose the right storage service for the right use case. This session shows the range of AWS choices - object storage to block storage - that is available to you. We include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway.
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and makes web scale computing easier for customers. Amazon EC2 provides a wide variety of compute instances suited to every imaginable use case, from static websites to high performance supercomputing on-demand, available via highly flexible pricing options. Amazon EC2 works with Amazon Elastic Block Store (Amazon EBS) and Auto Scaling to make it easy for you to get the performance and availability you need for your applications. This session will introduce the key features and different instance types offered by Amazon EC2, demonstrate how you can get started and provide guidance on choosing the right types of instance and purchasing options.
Deep Dive on AWS CloudHSM (SEC358-R1) - AWS re:Invent 2018Amazon Web Services
Organizations building applications that handle confidential or sensitive data are subject to many types of regulatory requirements, and they often rely on hardware security modules (HSMs) to provide validated control of encryption keys and cryptographic operations. AWS CloudHSM is a cloud-based HSM that enables you to easily generate and use your own encryption keys on the AWS Cloud using FIPS 140-2 Level 3 validated HSMs. This talk demonstrates best practices in configuring and scaling your CloudHSM cluster, implementing cross-region disaster recovery, and optimizing throughput.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Educate customers in the types of problems CloudHSM solves for them
- Build customer trust in the ability of CloudHSM to secure their workloads and data
- Energize customers to try out the service and use it to transfer and/or modernize workloads in AWS
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
With AWS, you can choose the right storage service for the right use case. This session shows the range of AWS choices - object storage to block storage - that is available to you. We include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway.
Amazon Elastic Compute Cloud (Amazon EC2) provides resizable compute capacity in the cloud and makes web scale computing easier for customers. Amazon EC2 provides a wide variety of compute instances suited to every imaginable use case, from static websites to high performance supercomputing on-demand, available via highly flexible pricing options. Amazon EC2 works with Amazon Elastic Block Store (Amazon EBS) and Auto Scaling to make it easy for you to get the performance and availability you need for your applications. This session will introduce the key features and different instance types offered by Amazon EC2, demonstrate how you can get started and provide guidance on choosing the right types of instance and purchasing options.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...Amazon Web Services
In this chalk talk, we cover the fundamentals of certificate management with AWS Certificate Manager (ACM), including new features that further simplify the validation process. We also discuss how to build and configure a private certificate authority for issuing certificates that are trusted within your organization. Finally, we walk through use cases and examples showing how customers use certificates to automate authentication and secure communications.
by Dave Dave McDermitt, Advisor – Global Security / Risk / Compliance, AWS Professional Services
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
This presentation intends to introduce users to AWS KMS service and describes couple of design patterns to implement AWS KMS services in multi-account landing zone. This presentation also covers various KMS keys and how these keys can be used for various encryption operations.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
YouTube Link: https://youtu.be/9HsEMyKrlnw
**AWS Certification Training: https://www.edureka.co/cloudcomputing **
This "AWS S3 Tutorial for Beginners" PPT by Edureka will help you understand one of the most popular storage service, Amazon S3, and related concepts in detail. Following are the offerings of this PPT:
1. AWS Storage Services
2. What is AWS S3?
3. Buckets & Objects
4. Versioning & Cross Region Replication
5. Transfer Acceleration
6. S3 Demo and Use Case
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
Amazon Web Services (AWS) provides on-demand computing resources and services in the cloud, with pay-as-you-go pricing. This session provides an overview and describes how using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator. Using AWS resources provides many of the same benefits as a public utility: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks. A high-level overview of AWS’s infrastructure (such as AWS Regions and Availability Zones) and AWS services is provided as part of this session.
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key features, and the concept of instance generations.
Moving from an on-premises environment into AWS is just the start of the journey towards cost optimisation. In this session we’ll look at a range of ways in which our customers can understand their costs and increase their return-on-investment: building the business case; selecting the right models for the right workloads; benefiting from tiered pricing aggregation; using data to drive the choice of AWS services; implementation of intelligent auto-scaling; and, where appropriate, re-platforming to make use of new architectural patterns such as Serverless.
In this session, we cover all options for running containers on AWS. This includes an introduction of container concepts and an overview of the different services: Amazon Elastic Container Service, AWS Fargate, and Amazon Elastic Container Service for Kubernetes. We also cover best practices for how to choose the right orchestration platform for your workload, the different tools for making this process easier, and ways to find more information and support as you work.
With AWS, you can choose the right storage service for the right use case. This session shows the range of AWS choices - object storage to block storage - that are available to you. We include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway.
Speakers:
Matt McClean, AWS Solutions Architect
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
Cloud Migration, Application Modernization, and Security Tom Laszewski
As AWS continues to expand, enterprise customers are looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
AWS Certificate Management and Private Certificate Authority Deep Dive (SEC41...Amazon Web Services
In this chalk talk, we cover the fundamentals of certificate management with AWS Certificate Manager (ACM), including new features that further simplify the validation process. We also discuss how to build and configure a private certificate authority for issuing certificates that are trusted within your organization. Finally, we walk through use cases and examples showing how customers use certificates to automate authentication and secure communications.
by Dave Dave McDermitt, Advisor – Global Security / Risk / Compliance, AWS Professional Services
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
This presentation intends to introduce users to AWS KMS service and describes couple of design patterns to implement AWS KMS services in multi-account landing zone. This presentation also covers various KMS keys and how these keys can be used for various encryption operations.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
Learning Objectives:
- Learn how to make decisions about the service and share best practices and useful tips for success
- Learn about Content based routing, HTTP/2, WebSockets
- Secure your web applications using TLS termination, AWS WAF on Application Load Balancer
YouTube Link: https://youtu.be/9HsEMyKrlnw
**AWS Certification Training: https://www.edureka.co/cloudcomputing **
This "AWS S3 Tutorial for Beginners" PPT by Edureka will help you understand one of the most popular storage service, Amazon S3, and related concepts in detail. Following are the offerings of this PPT:
1. AWS Storage Services
2. What is AWS S3?
3. Buckets & Objects
4. Versioning & Cross Region Replication
5. Transfer Acceleration
6. S3 Demo and Use Case
Follow us to never miss an update in the future.
YouTube: https://www.youtube.com/user/edurekaIN
Instagram: https://www.instagram.com/edureka_learning/
Facebook: https://www.facebook.com/edurekaIN/
Twitter: https://twitter.com/edurekain
LinkedIn: https://www.linkedin.com/company/edureka
Castbox: https://castbox.fm/networks/505?country=in
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Amazon Web Services
Amazon Web Services (AWS) provides on-demand computing resources and services in the cloud, with pay-as-you-go pricing. This session provides an overview and describes how using AWS resources instead of your own is like purchasing electricity from a power company instead of running your own generator. Using AWS resources provides many of the same benefits as a public utility: Capacity exactly matches your need, you pay only for what you use, economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks. A high-level overview of AWS’s infrastructure (such as AWS Regions and Availability Zones) and AWS services is provided as part of this session.
Amazon EC2 provides a broad selection of instance types to accommodate a diverse mix of workloads. In this session, we provide an overview of the Amazon EC2 instance platform, key features, and the concept of instance generations.
Moving from an on-premises environment into AWS is just the start of the journey towards cost optimisation. In this session we’ll look at a range of ways in which our customers can understand their costs and increase their return-on-investment: building the business case; selecting the right models for the right workloads; benefiting from tiered pricing aggregation; using data to drive the choice of AWS services; implementation of intelligent auto-scaling; and, where appropriate, re-platforming to make use of new architectural patterns such as Serverless.
In this session, we cover all options for running containers on AWS. This includes an introduction of container concepts and an overview of the different services: Amazon Elastic Container Service, AWS Fargate, and Amazon Elastic Container Service for Kubernetes. We also cover best practices for how to choose the right orchestration platform for your workload, the different tools for making this process easier, and ways to find more information and support as you work.
With AWS, you can choose the right storage service for the right use case. This session shows the range of AWS choices - object storage to block storage - that are available to you. We include specifics about real-world deployments from customers who are using Amazon S3, Amazon EBS, Amazon Glacier, and AWS Storage Gateway.
Speakers:
Matt McClean, AWS Solutions Architect
AWS Fargate is a technology for Amazon ECS and EKS* that allows you to run containers without having to manage servers or clusters. Join us to learn more about how Fargate works, why we built it, and how you can get started using it to run containers today.
Cloud Migration, Application Modernization, and Security Tom Laszewski
As AWS continues to expand, enterprise customers are looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
In this session, we share best practices and easily-leveraged solutions for enacting autonomous systems in the face of subversion. From gag orders to warrantless searches and seizures, learn about specific tactics to protect and exercise data privacy, both for partners and customers.
APN Partner Webinar - Security & Compliance for AWS EMEA PartnersAmazon Web Services
Learn how AWS has delivered a compliant, secure infrastructure available on-demand; how our shared security model protects mission-critical data every day; and how you can meet your own security standards using sophisticated tools and controls on AWS.
Watch a recording of this presentation here: http://youtu.be/vgRpkcepAYI
This advanced technical session covers architecture patterns for different workloads, IAM policy tips & tricks, and how to implement security automation and forensics. Be prepared for a technically deep session on AWS security.
AWS Cryptography Services – Addressing your data security and compliance need...Amazon Web Services
Applications that handle confidential or sensitive data are subject to many types of regulatory requirements. Organizations rely on HSMs and key management infrastructure to encryption keys and cryptographic operations. AWS Cryptography simplifies the process of securing data in your applications. AWS CloudHSM enables you to easily generate and use your own encryption keys using FIPS 140-2 Level 3-validated HSMs. AWS Key Management Service uses keys to protect data and manage access to keys across on-premises systems and AWS services. AWS Certificate Manager and ACM Private Certificate Authority simplify the issuance, distribution, and management of certificates used in AWS services. In this talk, we explore these services and discuss which are best suited to address your data security and compliance needs.
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
Vortrag "Datensicherheit mit AWS" von Bertram Dorn beim AWS Security Web Day 2016. Alle Videos und Präsentationen finden Sie hier: http://amzn.to/1NFtR5P
Dieser Vortrag bietet Ihnen eine Übersicht über mögliche Leistungsmerkmale und Optionen von Amazon Web Services, mit denen Ihre Daten gesichert werden können. Die AWS Dienste folgen spezifischen Bauplänen auf Basis von Regionen und Verfügbarkeitszonen. Das Verstehen dieser Baupläne ermöglicht es Ihnen, die richtige Wahl zu treffen, um erfolgreich Anwendungen auf AWS laufen zu lassen. Auch existieren verschiedenste Optionen welche von AWS zur Sicherung der Anwendungen empfohlen werden. Der Vortrag wird einen Überblick über diese Optionen geben und einige bewährte Verfahren im Bereich Verschlüsselung und AWS-Konto-Verwaltung beschreiben.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
2. CloudHSM
• Tamper-Proof and Tamper-Evident
– Destroys its stored keys if under attack
• FIPS 140-2 Level 2 certified
• Base position is to be a Keystore
• Can also be used to timestamp documents
• You can send data for encrypt / decrypt
• Needs to be backed-up (ideally to HSM on customer premises)
• Can be (and should) be combined in HA clusters
• Is NOT a key management system
– but can work with some third-party ones
• Communicates via:
– PKCS#11
– JCE
• Some applications need a “plugin”
• Safenet have one for Apache
3. CloudHSM Integration with S3, EBS, EC2
• S3
– Integration using SafeNet KeySecure on EC2
– White paper at http://www2.safenet-inc.com/AWS-
guides/SafeNetKMIP_AmazonS3_IntegrationGuide.pdf
• EBS and EC2
– Use SafeNet KeySecure (6.1.2 or later) on EC2, backed by CloudHSM, for key
management
– Install SafeNet ProtectV Manager on EC2 (c1.medium / m1.medium)
– Install ProtectV Client on EC2 instances
– Use ProtectV for EBS volume encryption (ext3, ext4, swap)
– Supported platforms:
• RHEL 5.8, 6.2, 6.3
• CentOS 6.2
• Microsoft Windows 2008, 2012
– Encrypt full EBS-backed EC2 instances, including root volumes
4. AWS Databases and CloudHSM
• Redshift:
– When using CloudHSM
• Redshift gets cluster key from HSM
• Redshift generates a database key and encrypts it with the cluster key from the CloudHSM
• Redshift encrypts data with the database key
• Redshift supports re-encryption
• RDS
– RDS / Oracle EE can use CloudHSM to store keys as per Oracle Wallet
• So TDE can be HSM-backed
• Note that in-memory database contents (once the database has
been unlocked) are cleartext
– RAM encryption is not something AWS has today, but it has been done in other
contexts
– Homomorphic encryption
– Proof-of-concept with KVM
5. SafeNet Product Support for AWS
SafeNet Product AWS Service(s) Supported Notes
ProtectV and Virtual
KeySecure for AWS
EC2 or VPC Instances and EBS
Storage
GovCloud (Beta)
• Requires Safenet KeySecure (HW or Virtual)
• Available in AWS MarketPlace, as well as SafeNet sales channels
Virtual KeySecure for AWS CloudHSM • Available in AWS Marketplace
• CloudHSM supports Virtual KeySecure as the hardware root of trust
for vKS master keys
StorageSecure AWS Storage Gateway • Safenet KeySecure Hardware (optional)
• iSCSI integration (however StorageSecure also supports CIFS,
NFS, FTP, TFTP and HTTP protocols.)
Luna SA 7000 HSM CloudHSM
RedShift
RDS (via 3rd party vendor)
• High availability
• Key synchronization
• Key Management
Luna Backup HSM CloudHSM • Key backup
ProtectApp S3 and EBS volumes • Can be integrated with Amazon S3 Encryption Clients and AWS
SDKs (Java and .Net)
• Requires SafeNet KeySecure (HW or virtual)
• Can be installed on an EC2/VPC instance to protect data stored on
EBS volumes.
ProtectFile EBS volumes and S3 • Requires SafeNet KeySecure (HD or Virtual)
6. Difference between CloudHSM and
KMSCloudHSM
• Single-tenant HSM
• Customer-managed durability and
availability
• Customer managed root of trust
• FIPS 140-2 Validation
• Broad third-party app support
• Symmetric and asymmetric ops
• High fixed price ($16.5k/yr/hsm)
KMS
• Multi-tenant AWS service
• Highly available and durable key
storage and management
• AWS managed root of trust
• Extensive auditing
• Broad support for AWS services
• Symmetric encryption only
• Usage-based pricing
7. Why Customers Choose CloudHSM
• Reasons include:
– Control
• Complete control of encryption keys, AWS cannot access key material
• Fine-grained control of how AWS assets can use your keys
– Compliance
• FIPS 140-2 level 2 or 3 certification
• Common Criteria EAL4 certification
– Performance/Availability
• When required, “local” CloudHSM much better than on-prem
– Network transit times
– Usage patterns
8. Customer Control Over Keys
• Three reasons for this requirement
– Regulatory (hard), Policy (soft) and Trust (soft)
• Soft requirements may be addressed by threat
modelling
– KMS can be simpler and less expensive for customer to use
– Important to engage customer’s governance resources
• With CloudHSM, customers have absolute
control and authority over keys through
separation of duties
9. Separation of Duties
• Separation of duties is enforced by the HSM
appliance itself, using RBAC
Customer control keys
and crypto operations
CloudHSM
AWS manages the
appliance
10. Third-Party Compliance Validation
• Requirements
– PCI or other vertical-specific security standard
– Government workloads (US, Canada, and others)
– Enterprise policies increasingly require FIPS validation
• CloudHSM uses SafeNet Luna SA 7000
appliances
– FIPS 140-2 Level 2 Validated
– Common Criteria EAL4 Validated
11. Performance/Availability Advantages
• Customers may have existing on-prem HSMs
• Applications that require HSM access could
leverage on-prem HSMs over VPN or DX
• Latency and availability characteristics of VPN
or DX make CloudHSM desirable
12. Amazon Really Can’t Access Keys
• AWS has “appliance admin” to the HSM
• Luna SA separates appliance admin from “security officer”
• Customer initializes HSM themselves via SSH
• AWS never sees partition credentials
• Device is automatically wiped if unauthorised access
attempted
• Bottom line – you don’t have to trust AWS, you are trusting
the HSM vendor (SafeNet) and and third party FIPS/CC
validations
13. Operations
• Each HSM is dedicated to one customer
– No sharing or partitioning of the appliance
• Customer is responsible for operating the HSMs in HA mode
– SafeNet Client handles replication to multiple HSMs (up to 16)
– SafeNet Client load balances across available HSMs
• Password authentication controls access to the HSM
– PEDs (Pin Entry Devices) are not currently supported
• AWS monitors & manages the devices and network
infrastructure
• See FAQ and Technical docs for additional details
14. • Self-service provisioning and management now
supported through a public API
– CreateHSM and DeleteHSM to provision and terminate HSMs
– ModifyHSM permits changing the network configuration as well as
setting up syslog forwarding
• ListHSMs and DescribeHSM allow discovery and
querying of provisioned HSMs
• ListAvailableZones provides visibility into where
CloudHSM capacity is available
CloudHSM Public API and SDK
15. • Provisioning and de-provisioning
– Easy to provision an HSM, intialise it, clone keys from existing
HSMs
• Easier HSM management
– Lots of automation in the CLI to reduce management effort
• Simpler HA configuration
– Help you build and maintain HSM high availability (HA)
configurations
– From 9 manual steps, interacting with appliance shell directly
– To 2 simpler steps: create-hapg, add-hsm-to-hapg (for each HSM)
• Source code available via open source license
CloudHSM Command Line Interface (CLI) Tools
16. • Transparent data encryption support for RDS
Oracle databases
• Store master encryption keys in CloudHSM
instances
• High availability support for two or more HSMs
• Up to 20 separate databases per HSM
CloudHSM for RDS Oracle TDE
17. Auditing
• CloudTrail
– Track resource changes
– Audit activities for security and compliance purposes
– Review all CloudHSM API calls
• Syslog
– Audit operations on the HSM appliance
– Send syslog to customer-built and managed collector
19. EBS Volume Encryption
• Master key stored in CloudHSM
• SafeNet ProtectV & KeySecure
• Instances with ProtectV client
authenticate to KeySecure
• ProtectV client encrypts all I/O to
EBS volume (AES256)
Availability Zone
CloudHSM
Customer
Applications
SafeNet
KeySecure
SafeNet
ProtectV
Client
20. Redshift Encryption
• Cluster master key in CloudHSM
• Direct integration – no client software required
Your
applications
in Amazon
EC2
Amazon Redshift
Cluster
Your encrypted data
in Amazon Redshift
AWS CloudHSM
21. Database Encryption (non-RDS)
• Customer-managed
database in EC2
– Oracle 11g & 12c with
Transparent Data Encryption
(TDE)
– Microsoft SQL Server 2008 &
2012 with TDE
– Master key in CloudHSM
AWS
CloudHSM
Your database
with TDE in
Amazon EC2
Master key is created in
the HSM and never
leaves
Your applications
in Amazon EC2
22. Custom Software Applications
• Architectural building block to help you secure
your applications
• Use standard libraries, with back-end HSM
rather than software-based crypto
– PKCS#11, JCA/JCE, Microsoft CAPI/CNG/EKM
• Code examples and details in the CloudHSM
User Guide make it easier to get started
23. Other Use Cases
• Customer use cases continue to emerge:
– Enterprises using on-prem HSMs and want to move these workloads to the cloud
– Startups who want to offer high assurance services and achieve compliance
– Enterprises who are not using HSMs for some of their on-prem apps but who want
to use HSMs for these apps in the cloud
• Examples:
– Object encryption
– Digital Rights Management (DRM)
– Document signing, secure document management & secure document repository
– Payments, financial applications & transaction processing
– Privileged account management
– Certification authority (CA)
29. Install CLI Tools on Control Instance
• SSH to control instance deployed by CF Template
• Download and install the CloudHSM CLI Tools
# Install python 2.7
sudo yum install python27
wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
sudo python2.7 ez_setup.py
# Download and install the CloudHSM CLI Tools
wget https://s3.amazonaws.com/cloudhsm-software/CloudHsmCLI.egg
sudo easy_install-2.7 -s /usr/local/bin CloudHsmCLI-beta.egg
cloudhsm version
{
"Version": ”<version>"
}
• Assign an IAM role to your instance to permit CloudHSM API access
30. Provision HSMs
• Create two HSMs (one for each subnet)
$ cloudhsm -c cloudhsm.conf create-hsm --ssh-public-key-file
cloudhsm_ssh.pub --iam-role-arn
arn:aws:iam::315160724404:role/CloudHSM-FRA-CloudHsmRole-
1ZEAT0Z2PB8P --subnet-id subnet-d244b0bb
{
"HsmArn": "arn:aws:cloudhsm:eu-central-1:315160724404:hsm-
f32462d6",
"RequestId": "e55c9da1-7b5b-11e4-9222-dd57de14ff9c"
}
36. Configure High Availability
• Add the HSMs to the HAPG
cloudhsm -c cloudhsm.conf add-hsm-to-hapg -H
arn:aws:cloudhsm:eu-central-1:315160724404:hsm-f32462d6 --
hapg-arn arn:aws:cloudhsm:eu-central-1:315160724404:hapg-
8e3be050 --cloning-domain cloningDomain --partition-password
partitionPassword --so-password sopassword
{
"Status": "Addition of HSM arn:aws:cloudhsm:eu-central-
1:315160724404:hsm-f32462d6 to HAPG arn:aws:cloudhsm:eu-
central-1:315160724404:hapg-8e3be050 successful"
}
(then do it again for the second HSM)
37. Done!
• After this, you are ready to set up custom
software with SafeNet clients, RDS integration,
customer-managed databases, and more.
• Comprehensive documentation available at
http://aws.amazon.com/cloudhsm
38. CloudHSM Pricing and Trials
• HSM provisioned in any region has a $5,000
one-time charge, then metered hourly after that
• There is no “stop” only “terminate”
– We know this is challenging, since re-provisioning will incur
another $5,000 upfront charge
• 30-day trials are available for customers on
premium support
– Access these by opening a case with dev support
39. Conclusion
• HSMs, for basic key storage and bulk crypto,
are available in AWS, if you need them
• They’ll have better performance that on-prem
HSMs, owing to co-location
• CloudHSM (and HSMs in general) aren’t for
everyone
– Customers need trained staff, tight operational practice