DevSecOps, An Organizational Primer - AWS Security Week at the San Francisco Loft
We examine building DevSecOps culture for you or your customers, which includes foundational practices and scaling functions to instantiate and resiliently operate a DevSecOps model. To achieve this shift, we analyze common success patterns, such as how to use a secure CI/CD pipeline. You’ll learn key points such as building security owners, integrating continuous compliance and security, and removing people from the data to vastly improve your security posture over traditional operating models. Takeaways include a blueprint for building a DevSecOps operating model in your organization; an understanding the security practitioners' point of view and embracing it to drive innovation; and ways to identify operating characteristics in your organization and use them to drive a strategy for DevSecOps.
Level: 100
Speaker: Tim Anderson - Tech Industry Specialist, AWS Security
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
Determine your best way to modernize your organization’s applications with Microsoft Azure.
Want to know more? Don't hesitate to download our White Paper 'Making the Move to Application Modernization; Your Compass to Cloud Native': http://bit.ly/39XylZp
Now that you have assembled the delivery team, it's time to gain insights from the methodology and the various tools that AWS uses to help customers migrate their Data Centres to AWS. This session highlights some of the key native AWS tools and services that organisations are using to migrate their DCs into the Cloud.
Speaker: Shane Baldacchino, Solutions Architect, Amazon Web Services
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud.
The Ideal Approach to Application Modernization; Which Way to the Cloud?Codit
Determine your best way to modernize your organization’s applications with Microsoft Azure.
Want to know more? Don't hesitate to download our White Paper 'Making the Move to Application Modernization; Your Compass to Cloud Native': http://bit.ly/39XylZp
Now that you have assembled the delivery team, it's time to gain insights from the methodology and the various tools that AWS uses to help customers migrate their Data Centres to AWS. This session highlights some of the key native AWS tools and services that organisations are using to migrate their DCs into the Cloud.
Speaker: Shane Baldacchino, Solutions Architect, Amazon Web Services
Cloud Migration, Application Modernization and Security for PartnersAmazon Web Services
As AWS continues to expand, enterprise customers are increasingly looking to our partner ecosystem to assist in migrating their workloads to the cloud. This session describes the challenges, lessons learned and best practices for large scale application migrations. We will use real examples from our consulting partners and AWS Professional Services to illustrate how to move workloads to the cloud while modernizing the associated applications to take advantage of AWS’ unique benefits. We will also dive into how to use an array of AWS services and features to improve a customer’s security posture as they are migrating and once they are up and running in the cloud.
by Jeet Shangari, Sr. Technical Account Manager, AWS
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice. Level 200
For federal agencies, accomplishing in just a matter of weeks IT tasks that typically take months or years may seem like a pipe dream. That’s the promise of the DevSecOps methodology. DevSecOps is a way of thinking that encourages software developers to work collaboratively with IT operations and security staff on development, testing and quality assurance to develop and deploy software more quickly and automate deployment of code, security and infrastructure changes.
Commercial Cloud provides a comprehensive platform of tools, technologies and services that can enable federal agencies to realize this promise.
The VA Digital Services Team (DSVA) has been leading the Department of Veterans Affairs on their journey to the cloud for the past 4 years. The initial DSVA cloud deployment was vets.gov and Caseflow on AWS. Vets.gov and Caseflow are real world examples of how modern devsecops techniques be used with existing federal ATO security requirements.
In this talk, AWS and DSVA will present DevSecOps principles, best practices and lessons learned. DSVA will discuss how Vets.gov and Caseflow have implemented these techniques inside the VA. This includes applying continuous integration and continuous deployment (CI/CD) to the software development process where security checks are performed and automated to ensure compliance and ATO conformance with VA's security standards.
Are you looking to build Cloud-based application using DevOps methodlogy but worried that the traditional security methods may not adapt to the modern development techniques? Azure Secure DevOps Kit
Cloud migrations are hardly one size fits all. It can be challenging to migrate from a large-scale data center to an optimized AWS environment without draining IT resources. By leveraging CSC, organizations are able to determine exactly what they need from their IT infrastructure and efficiently migrate to a customized cloud environment on AWS that meets those needs. With 400+ AWS certified architects and 30+ experts with AWS professional-level certification, CSC helps organizations experience seamless, results-oriented migrations. Register for the upcoming webinar to hear speakers from CSC and AWS discuss the ins and outs of a successful large-scale migration to AWS.
Join us to learn:
How CSC helped a large federal systems integration company migrate their workloads to the AWS Cloud in less than three months
How CSC has facilitated customers split from their shared IT environment in less than 3 months
The step-by-step process of an efficient data center migration
Who Should Attend:
IT Manager, IT Security Manager, Solution Architect, Cloud App Architect, System Administrator, IT Project Manager, Product Manager, Business Development
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to successfully operate every day. How do you know whether your team is following best practices or what the risks are in your architectures? In this session, we show how the AWS Well-Architected Framework provides prescriptive advice on best practices as well as how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Most modern businesses depend on a portfolio of technology solutions to successfully operate every day. How do you know whether your team is following best practices or what the risks are in your architectures? In this session, we show how the AWS Well-Architected Framework provides prescriptive advice on best practices as well as how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
(Source: RSA Conference USA 2018)
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
Mactores Cloud Assessment Suite is strategically made for enterprises who foresee cloud as a driving force for their business. We help enterprises identify applications and resources which are well suited for cloud and distinguish benefits to the enterprise in terms of ROI, Scalability and Agility.
This session provides a holistic framework that can be used to build a Cloud Strategy that is tailor made for your organization. The Cloud Strategy covers 7 different perspectives of consideration including Business, People, Process, Operations, Security, Maturity, and Platform.
Creating an Operating Model to enable a high frequency organizationTom Laszewski
Establishing an appropriate cloud operating model is critical to forming your organization’s successful adoption of cloud, and delivering greater business agility, increasing the cloud migration Return on Investment, and deliver a more secure, performant, reliable, and cost effective cloud computing environment. The impact of the cloud will be felt across your entire organization, including processes and people - not just Information technology. It will significantly affect, and be affected by, your organizational culture and Information technology delivery structures. This session will provide prescriptive guidance regarding the best approaches to evolving an operating model from projects to products, manual, process intensive governance to a ‘trust but verify’ model, long development cycles to continuous integration and deployment, silos between business and IT into a collaborative organizational structure, self-service processes, and continuous improvement. The recommendations in the presentation are based upon lesson learned, best practices, and anti-patterns from thousands of customer’s cloud transformation journeys.
In this session you will get an understanding how to evaluate your company's or applications' cloud readiness. We will cover aspects such as workload and data categorisation, automation levels, design for failure and cost-optimised architectures. We will be looking at typical application evolution paths from tightly coupled physical systems, in some cases through virtualisation, to cloud-native, or cloud-ready, loosely coupled, distributed and automated solutions.
This session will also take a look at typical enterprise business processes, from procurement to development and testing, and operations and support. We will introduce known-to-work cloud-ready business processes and new best practices, through customer use cases from companies who are cloud native, or have undergone a cloud transformation to get there.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future.
Agenda:
-DevSecOps Introduction
-Key Challenges, Recommendations
-DevSecOps Analysis
-DevSecOps Core Practices
-DevSecOps pipeline for Application & Infrastructure Security
-DevSecOps Security Tools Selection Tips
-DevSecOps Implementation Strategy
-DevSecOps Final Checklist
How to build security into the DevOps environment. Introduction to DevSecOps for DevOps / Agile enthusiasts and practitioners. Presented on Czech DevOps meet-up.
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceTom Laszewski
This presentation is a practical playbook for defining, establishing, and implementing a Cloud Enablement Engine (CEE). It collates and summarizes the lessons learned and anti-patterns gathered from the CEE journeys successfully navigated at Amazon and other large enterprise companies. A lot has been written about the need to establish a CEE, the benefits of moving to a productization mindset, and the business value of tribes, guilds, and two-pizza teams. However, larger organizations are still struggling with a CEE 30-60-90 day plan, and the essential components of the CEE during its first six months in existence.
The prescriptive guidance in this presentation provides pragmatic and tactical advice for establishing a Cloud Enablement Engine (CEE) – also referred to as a Cloud Center of Excellence (CCoE) or Cloud Enablement Team. This presentation serves as a step-by-step guide for the initial setup activities, and the top ten best practices that have been extrapolated from working across a large number of customers. What not to do is as important as what to do. Therefore, the top ten anti-patterns are discussed.
A key focus of the CEE is transforming the IT organization from an on-premise operating model to a Cloud Operating Model (COM). The transformation to COM and the charter of a CEE are highly correlated and interconnected. During the nascent stage of the CEE, the focus of the CEE will be on the infrastructure components of a COM. This includes the operations, security & control, platform architecture & governance, and infrastructure provisioning & configuration management functions. AWS understands that enterprise (on-premises) operating models are based on ITIL. Therefore, the cloud transformation from an on-premises operating model to a COM will include mapping ITIL to a cloud, agile, and DevOps based capabilities and processes. Fortunately, ITIL 4.0 embraces DevOps, cloud, and agile.
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
In this in-depth, interactive workshop, we examine how different public sector customers achieve this shift and analyze common success patterns. We address key points such as continuous compliance, integrating security, and removing people from the data to vastly improve the organization's security posture over traditional operating models. Takeaways include a blueprint for building a DevSecOps operating model in your organization; an understanding the security practitioners' point of view and embracing it to drive innovation; and ways to identify current operating characteristics in your organization and use them to drive a strategy for DevSecOps.
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityAmazon Web Services
How do you get your security and compliance team to embrace the cloud? "Getting to Yes" with Vanguard’s Security, Legal, and Compliance Teams was a key factor to the organization’s journey to the cloud. Maintaining a high level of assurance is solvable when using an iterative, agile approach. Vanguard is taking existing on-premises controls, plus cloud frameworks such as NIST, CSA, etc., to develop the right set of cloud controls that provide maximum security without sacrificing business agility. In this session, we cover: Vanguard’s approach to developing appropriate controls for its cloud deployments; key considerations and best practices when implementing controls; leveraging the AWS Cloud Adoption Framework and the four security perspectives to map controls appropriately; and the various AWS services (IAM, Amazon VPC, AWS KMS, and AWS CloudTrail) that we leveraged. We also cover the iterative and agile approach we are taking by embracing DevSecOps principles.
by Jeet Shangari, Sr. Technical Account Manager, AWS
Software release cycles are now measured in days instead of months. Cutting edge companies are continuously delivering high-quality software at a fast pace. In this session, we will cover how you can begin your DevOps journey by sharing best practices and tools used by the engineering teams at Amazon. We will showcase how you can accelerate developer productivity by implementing continuous Integration and delivery workflows. We will also cover an introduction to AWS CodeStar, AWS CodeCommit, AWS CodeBuild, AWS CodePipeline, AWS CodeDeploy, AWS Cloud9, and AWS X-Ray the services inspired by Amazon's internal developer tools and DevOps practice. Level 200
For federal agencies, accomplishing in just a matter of weeks IT tasks that typically take months or years may seem like a pipe dream. That’s the promise of the DevSecOps methodology. DevSecOps is a way of thinking that encourages software developers to work collaboratively with IT operations and security staff on development, testing and quality assurance to develop and deploy software more quickly and automate deployment of code, security and infrastructure changes.
Commercial Cloud provides a comprehensive platform of tools, technologies and services that can enable federal agencies to realize this promise.
The VA Digital Services Team (DSVA) has been leading the Department of Veterans Affairs on their journey to the cloud for the past 4 years. The initial DSVA cloud deployment was vets.gov and Caseflow on AWS. Vets.gov and Caseflow are real world examples of how modern devsecops techniques be used with existing federal ATO security requirements.
In this talk, AWS and DSVA will present DevSecOps principles, best practices and lessons learned. DSVA will discuss how Vets.gov and Caseflow have implemented these techniques inside the VA. This includes applying continuous integration and continuous deployment (CI/CD) to the software development process where security checks are performed and automated to ensure compliance and ATO conformance with VA's security standards.
Are you looking to build Cloud-based application using DevOps methodlogy but worried that the traditional security methods may not adapt to the modern development techniques? Azure Secure DevOps Kit
Cloud migrations are hardly one size fits all. It can be challenging to migrate from a large-scale data center to an optimized AWS environment without draining IT resources. By leveraging CSC, organizations are able to determine exactly what they need from their IT infrastructure and efficiently migrate to a customized cloud environment on AWS that meets those needs. With 400+ AWS certified architects and 30+ experts with AWS professional-level certification, CSC helps organizations experience seamless, results-oriented migrations. Register for the upcoming webinar to hear speakers from CSC and AWS discuss the ins and outs of a successful large-scale migration to AWS.
Join us to learn:
How CSC helped a large federal systems integration company migrate their workloads to the AWS Cloud in less than three months
How CSC has facilitated customers split from their shared IT environment in less than 3 months
The step-by-step process of an efficient data center migration
Who Should Attend:
IT Manager, IT Security Manager, Solution Architect, Cloud App Architect, System Administrator, IT Project Manager, Product Manager, Business Development
Introduction to the Well-Architected Framework and Tool - SVC212 - Chicago AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to successfully operate every day. How do you know whether your team is following best practices or what the risks are in your architectures? In this session, we show how the AWS Well-Architected Framework provides prescriptive advice on best practices as well as how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Most modern businesses depend on a portfolio of technology solutions to successfully operate every day. How do you know whether your team is following best practices or what the risks are in your architectures? In this session, we show how the AWS Well-Architected Framework provides prescriptive advice on best practices as well as how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
DevSecOps is a very loaded term and it includes many topics. Despite what some will lead you to believe, DevSecOps is not just an integration of security testing tools. Nor is it merely a focus on achieving security quality attributes on CI and CD. DevSecOps is beyond the automatizing security testing and there are common misconceptions and roadblocks on how you can establish it successfully.
Learning Objectives:
1: Identify key principles of DevSecOps and see how it relates to DevOps principles.
2: Analyze common pitfalls and see where integration security takes part in DevSecOps.
3: Demonstrate how to do “Continuous Security” by using a lifecycle approach.
(Source: RSA Conference USA 2018)
Today’s cutting edge companies have release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This type of automation will help you catch bugs sooner and accelerate developer productivity. In this session we will share our AWS engineers embed security practices in DevOps, and discuss how you can use AWS services to securely enable DevOps agility in your organization.
Mactores Cloud Assessment Suite is strategically made for enterprises who foresee cloud as a driving force for their business. We help enterprises identify applications and resources which are well suited for cloud and distinguish benefits to the enterprise in terms of ROI, Scalability and Agility.
This session provides a holistic framework that can be used to build a Cloud Strategy that is tailor made for your organization. The Cloud Strategy covers 7 different perspectives of consideration including Business, People, Process, Operations, Security, Maturity, and Platform.
Creating an Operating Model to enable a high frequency organizationTom Laszewski
Establishing an appropriate cloud operating model is critical to forming your organization’s successful adoption of cloud, and delivering greater business agility, increasing the cloud migration Return on Investment, and deliver a more secure, performant, reliable, and cost effective cloud computing environment. The impact of the cloud will be felt across your entire organization, including processes and people - not just Information technology. It will significantly affect, and be affected by, your organizational culture and Information technology delivery structures. This session will provide prescriptive guidance regarding the best approaches to evolving an operating model from projects to products, manual, process intensive governance to a ‘trust but verify’ model, long development cycles to continuous integration and deployment, silos between business and IT into a collaborative organizational structure, self-service processes, and continuous improvement. The recommendations in the presentation are based upon lesson learned, best practices, and anti-patterns from thousands of customer’s cloud transformation journeys.
In this session you will get an understanding how to evaluate your company's or applications' cloud readiness. We will cover aspects such as workload and data categorisation, automation levels, design for failure and cost-optimised architectures. We will be looking at typical application evolution paths from tightly coupled physical systems, in some cases through virtualisation, to cloud-native, or cloud-ready, loosely coupled, distributed and automated solutions.
This session will also take a look at typical enterprise business processes, from procurement to development and testing, and operations and support. We will introduce known-to-work cloud-ready business processes and new best practices, through customer use cases from companies who are cloud native, or have undergone a cloud transformation to get there.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
An introduction to the devsecops webinar will be presented by me at 10.30am EST on 29th July,2018. It's a session focussed on high level overview of devsecops which will be followed by intermediate and advanced level sessions in future.
Agenda:
-DevSecOps Introduction
-Key Challenges, Recommendations
-DevSecOps Analysis
-DevSecOps Core Practices
-DevSecOps pipeline for Application & Infrastructure Security
-DevSecOps Security Tools Selection Tips
-DevSecOps Implementation Strategy
-DevSecOps Final Checklist
How to build security into the DevOps environment. Introduction to DevSecOps for DevOps / Agile enthusiasts and practitioners. Presented on Czech DevOps meet-up.
AWS Cloud Center Excellence Quick Start Prescriptive GuidanceTom Laszewski
This presentation is a practical playbook for defining, establishing, and implementing a Cloud Enablement Engine (CEE). It collates and summarizes the lessons learned and anti-patterns gathered from the CEE journeys successfully navigated at Amazon and other large enterprise companies. A lot has been written about the need to establish a CEE, the benefits of moving to a productization mindset, and the business value of tribes, guilds, and two-pizza teams. However, larger organizations are still struggling with a CEE 30-60-90 day plan, and the essential components of the CEE during its first six months in existence.
The prescriptive guidance in this presentation provides pragmatic and tactical advice for establishing a Cloud Enablement Engine (CEE) – also referred to as a Cloud Center of Excellence (CCoE) or Cloud Enablement Team. This presentation serves as a step-by-step guide for the initial setup activities, and the top ten best practices that have been extrapolated from working across a large number of customers. What not to do is as important as what to do. Therefore, the top ten anti-patterns are discussed.
A key focus of the CEE is transforming the IT organization from an on-premise operating model to a Cloud Operating Model (COM). The transformation to COM and the charter of a CEE are highly correlated and interconnected. During the nascent stage of the CEE, the focus of the CEE will be on the infrastructure components of a COM. This includes the operations, security & control, platform architecture & governance, and infrastructure provisioning & configuration management functions. AWS understands that enterprise (on-premises) operating models are based on ITIL. Therefore, the cloud transformation from an on-premises operating model to a COM will include mapping ITIL to a cloud, agile, and DevOps based capabilities and processes. Fortunately, ITIL 4.0 embraces DevOps, cloud, and agile.
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
In this in-depth, interactive workshop, we examine how different public sector customers achieve this shift and analyze common success patterns. We address key points such as continuous compliance, integrating security, and removing people from the data to vastly improve the organization's security posture over traditional operating models. Takeaways include a blueprint for building a DevSecOps operating model in your organization; an understanding the security practitioners' point of view and embracing it to drive innovation; and ways to identify current operating characteristics in your organization and use them to drive a strategy for DevSecOps.
FSV306_Getting to Yes—Minimal Viable Cloud with Maximum SecurityAmazon Web Services
How do you get your security and compliance team to embrace the cloud? "Getting to Yes" with Vanguard’s Security, Legal, and Compliance Teams was a key factor to the organization’s journey to the cloud. Maintaining a high level of assurance is solvable when using an iterative, agile approach. Vanguard is taking existing on-premises controls, plus cloud frameworks such as NIST, CSA, etc., to develop the right set of cloud controls that provide maximum security without sacrificing business agility. In this session, we cover: Vanguard’s approach to developing appropriate controls for its cloud deployments; key considerations and best practices when implementing controls; leveraging the AWS Cloud Adoption Framework and the four security perspectives to map controls appropriately; and the various AWS services (IAM, Amazon VPC, AWS KMS, and AWS CloudTrail) that we leveraged. We also cover the iterative and agile approach we are taking by embracing DevSecOps principles.
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
Many enterprises that follow regulated, process-driven workflows would like to take advantage of the innate features and benefits of AWS to become more agile, achieve operational excellence, and accelerate time-to-market while leveraging a DevOps culture and development methodology. But building a mature DevOps capability doesn’t happen overnight. Creating and implementing testing, compliance, and security automation frameworks requires time and organizational and process changes. Financial institutions are addressing this challenge by using AWS Service Catalog to help bridge the gap between traditional operations and true DevOps.
DevSecOps is the premise that everyone in the software development lifecycle is responsible for security. DevSecOps aims to embed security in every part of the development process. In this *workshop*, participants explore taking a standard CI/CD pipeline and adding security stages to improve security posture. Learn how to use AWS CodeCommit and AWS CodePipeline to build and publish golden AMI images. Also, learn how to modify pipeline flow to add security test cases. You also have to opportunity to perform CVE analysis and code analysis using Amazon Inspector and perform observational container analysis using Amazon GuardDuty.
ENT212-An Overview of Best Practices for Large-Scale MigrationsAmazon Web Services
We've partnered with hundreds of customers on their large-scale migrations to AWS. This session outlines some of the common challenges that our customers face and how they've overcome these challenges. The session also describes the patterns we've observed that make legacy migrations successful, and the mechanisms we've created to help customers migrate faster.
Building Best Practices and the Right Foundation for your 1st Production Work...Amazon Web Services
Cloud computing gives you a number of advantages, such as the ability to scale your web application or website on demand. Join us in this session to understand best practices for scaling your resources from zero to millions of users. We show you how to take your first steps on the AWS Cloud, explain how to make smarter decisions for architecting your application, and demonstrate the best way to scale your infrastructure.
Implementing a Cloud Center of Excellence (CCoE) promotes a seamless transition to the cloud for any organization. Cloud adoption includes communicating a new strategic direction, involving stakeholders from across the organization, identifying skill gaps, identifying key team members, and establishing a realistic roadmap. JHC Technology presents how organizations can manage, evaluate, automate, and continuously spur cloud adoption through repeatability, allowing the organization to deploy innovation today and be ready for whatever comes tomorrow. As part of this discussion we will review the framework necessary to identify AWS Partners that can provide the best value to your organization.
Elizabeth Boudreau, Cloud Executive Advisor, Amazon Web Services
Matt Jordan, Vice President, Corporate Strategy & Development, JHC Technology
For many organizations, a perceived lack of cloud skills in their staff can limit their move to the cloud. Proper training of your engineers and developers can speed the pace of adoption, cloud migration, and delivery of business benefits by effectively operating the AWS Cloud. In this session, we discuss field-proven, prescriptive steps for reskilling and scaling your technical teams so that you can use the AWS Cloud securely, efficiently, and effectively.
Speaker: Jonathan Allen, EMEA Enterprise Strategist & Evangelist, Amazon Web Services
Financial Services Firms are moving enterprise workloads to AWS to drive agility and innovation. Being regulated entities, firms need to ensure they have necessary controls in place to attain compliance with the industry regulations.
Find out how Cowen, a leader in diversified financial services, achieved a solution with CTP and AWS. With CTP’s Continuous Compliance for AWS managed service, Cowen has the confidence to move their workloads to AWS and can continuously monitor their applications in AWS against PCI and NIST compliance frameworks
Workforce Transformation: How to Effectively Lead Change ManagementAmazon Web Services
While many leaders are committed to a digital transformation, plans can easily get derailed before reaching execution. CIOs and executives, alike, should consider a different approach—one that takes into account the human and behavioural complexities underpinning this challenge. In this session, we’ll share stories of leaders who have managed successful IT transformations and their lessons learned along the way. We’ll address how to build skills among your IT staff through training and certification. We’ll also discuss ways to take advantage of collaborative workspaces, and best practices to aid in an effective implementation.
Bert Weyne, ICT Responsible Application, Manager, Agentschap Wegen & Verkeer
Thomas Blood, EMEA Enterprise Evangelist, AWS
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS Cloud. The Security Perspective of the CAF provides a set of five core foundational themes designed to help you structure your selection and implementation of controls that are right for your business: AWS Identity and Access Management, detective controls, infrastructure security, data protection, and incident response. During this session, you will learn how to put the Security Perspective of the CAF into practice.
Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Amazon Web Services
Speaker: Thomas Blood
Moving to the cloud can help transform technical and non-technical aspects of your organization, enabling agility, scale, security, and cost savings. However, transformational change requires strong leadership at all levels of the organization. In this session, we will review strategies and best practices to help you lead the organization through a successful cloud journey.
AWS Transformation Day is designed for enterprise organizations looking to make the move to the cloud in order to become more responsive, agile and innovative, while still staying secure and compliant. Join us for this virtual event and we'll share our experiences of helping enterprise customers accelerate the pace of migration and adoption of strategic services.
We recommend this event for IT and business leaders who are looking to create sustainable benefits and a competitive advantage by using the AWS Cloud.
Maintaining control of sensitive data is critical in the highly regulated financial investments environment that Vanguard operates in. This need for data control complicated Vanguard's move to the cloud. They needed to expand globally to provide a great user experience while at the same time maintaining their mainframe-based backend data architecture. In this session, Vanguard discusses the creative approach they took to decouple their monolithic backend architecture to empower a microservices architecture while maintaining compliance with regulations. They also cover solutions implemented to successfully meet their requirements for security, latency, and end-state consistency.
Speaker: Jon Austin, Enterprise Solutions Architect, AWS
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
The AWS Cloud Adoption Framework (AWS CAF) incorporates best practices and guidance learned through hundreds of customer engagements, into a comprehensive framework for implementing cloud computing across your organization. In this workshop, we break down the complicated process of launching your cloud adoption journey into manageable areas of focus that cover both technical and business stakeholders. Within each focus area, you learn to define work streams spanning multiple disciplines and teams, including how to create an action plan that can guide your organization's change management during your journey to the cloud. Attendees can prepare by reading theAWS Cloud Adoption Framework Introduction Whitepaper . Technical and nontechnical leaders and managers are encouraged to attend.
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
by Steve Laino, GRC Consultant, AWS
The Security Perspective of the AWS Cloud Adoption Framework (CAF) provides a framework for maturation via a structured program that incorporates best practices and processes to define, build, and optimize how you operate security controls in the AWS Cloud. The Security Perspective of the CAF provides a set of five core foundational themes designed to help you structure your selection and implementation of controls that are right for your business: AWS Identity and Access Management, detective controls, infrastructure security, data protection, and incident response. During this session, you will learn how to put the Security Perspective of the CAF into practice.
Migrate Enterprise Applications Framework and Guiding Principles.pdfAmazon Web Services
This webinar will cover the framework to migrate enterprise applications to AWS. You will learn AWS Cloud Adoption Framework which provides you with practical guidance and comprehensive guidelines including roles, governance and efficiency for your cloud adoption journey. We will also discuss technical and non-technical aspects of successful application migrations leveraging best practices and real world examples.
This is a Level 200 webinar.
Speaker: Manav Prabhakar, Practice Manager, AWS Professional Services
Similar to DevSecOps, An Organizational Primer - AWS Security Week at the SF Loft (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.