DevSecOps AWS.pptx for AWS Summit Johannesburg 2023

•Download as PPTX, PDF•

0 likes•12 views

ellan12

Presentation of Improving Cloud Security Operations on AWS

Technology

SECURING YOUR AWS
FORTRESS
STRATEGIES FOR SECURE IDENTITY,DATA AND INFRASTRUCTURE
By Ellan G
This Photo by Unknown author is licensed under CC BY-SA.

AWS SUMMIT
JOHANNESBURG
AGENDA
• IMPORTANCE OF SECURITY STRATEGIES
• GROWING THREAT LANDSCAPE IN
CLOUD
• IDENTITY STRATEGY
• DATA SECURITY STRATEGY
• INFRASTRUCTURE STRATEGY
• SDLC STRATEGY
• TAKEAWAYS
• THANKS & Q/A

Importance Of Security Strategies
2023 cloud security statistics from RESMO

Cloud Threat Landscape: The Sneaky
World Of Software Supply Chain Attacks
• Supply Chain Attacks defined
• The Growing Frequency
• Consequences & Lessons from the
Attacks
• Increasing Threat Landscape & Attack
Vectors
• Regulatory & Compliance Implications
• Need for Proactive Defense

• Authentication is the process of confirming
the identity of the principal trying to access an
AWS product.
• Authorization: The identity has to be
configured on what permissions they have
under identity
• Account for the permissions one is given by
using tools such as IAM access analyzer
SECURING YOUR IDENTITY IN AWS

Locking The Front Door:
AWS Identity Best Practices
• Federate Human users using temporary
credentials
• MFA all Accounts
• Rotate Keys Regularly For long term use
cases
• Use Access Analyzer to Implement
Accountability to different Principles
• IAM Cross Account Guard Rails
• Regularly Review Your Roles and
Principles Use Cases

Guarding Your Data Fortress: AWS Data Security
• Proactive Security Response
• Encryption (at rest & in transit) is a
necessary evil
• Access Controls (user & resource level)
• Data Backups (security breach resilience)
• Monitoring (threat detection)
• Data Protection & Compliance

Data Security
Checklist: Check It
Twice
• Data Classification –
• is it public?
internal? Confidential? Tagged?
• Data Encryption & Key
Management
• Access Auditing
• Data Masking &
Anonymization
• Retention and Disposal

Building Fort Knox:
AWS Infrastructure
Security
• Paramount to Implement Defense in Depth
Principles
• Working With Zero Trust Architecture
Mindset
• Proactive rather than Reactive Cybersecurity
Culture
• Security Events can quickly escalate into
disasters

Cure or Chaos:
DevSecOps in SDLC
• Importance of a Secure SDLC
• DevSecOps as a Solution
• Integrated Security Testing
• Continuous Monitoring & Threat
Detection
• Vulnerability Scanning & Patching
• Container Security
• Challenges On Adoption

The Road To Security
Stardom: AWS Security
Maturity RoadMap
• With the growing complexity of
cloud environments, ensuring the
security of your AWS
infrastructure has become more
critical than ever. Developing a
robust security roadmap is
essential to safeguard your data
and protect against potential
threats

FOUNDATIONAL
MAKE AN INVENTORY OF
YOUR AWS
ENVIRONMENT
ANALYZE YOUR DATA
SECURITY POSTURE
TEST YOUR SECURITY
ASSURANCE &
COMPLIANCE
ESTABLISH A SOLID
SECURITY BASELINE

INTEGRATION
• ESTABLISH INCIDENT RESPONSE PROTOCOLS
• INTEGRATE DETECTION AND MONITORING
SYSTEMS
• IMPLEMENT REGULAR VULNERABILITY
ASSESSMENTS
• PRIVILEDGE REVIEW
• CULTURE OF SECURITY AWARENESS

AUTOMATION
INTEGRATE SIEM & SOAR TOOLS
LEVERAGE AWS NATIVE SECURITY SERVICES
AUTOMATE DEVIATION CORRECTION
AUTOMATE CRITICAL & MOST RUN PLAYBOOK
SECURITY CHAMPIONS IN DEVELOPMENT TEAMS

OPTIMIZE
STAY UPDATED ON EMERGING
THREATS & BEST PRACTICES
THREAT INTELLIGENCE &
THREAT HUNTING
REDUCE YOUR BLAST RADIUS

Thanks / Q&A
Thanks for making time to listen
-Ellan

1) Willbros Group is a global contractor that provides engineering, construction, and other services to the oil, gas, and power industries. 2) Willbros uses AWS to build secure and flexible solutions like pipeline routing and collaboration tools to improve productivity in the field. 3) Trend Micro's security solutions help Willbros defend workloads running on AWS against network attacks and malware while simplifying security management across accounts and environments.

Implementing Zero Trust strategy with Azure

Dinusha Kumarasiri

CSS17: Atlanta - Realities of Security in the Cloud

Alert Logic

CSS 17: NYC - Realities of Security in the Cloud

Alert Logic

NIST Cybersecurity Framework (CSF) on the Public Cloud

CloudHesive

The document discusses how public cloud services align with the NIST Cybersecurity Framework (CSF). It provides an overview of the CSF functions and an example of how they apply to end user computing security on AWS. It also discusses adjacent security frameworks like CIS benchmarks and how automation and processes tie into lifecycle management. Cloud adoption frameworks like CAF and WAF are summarized in relation to their alignment with CSF and security best practices.

Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...

Amazon Web Services

You might think it’s impossible to achieve NIST 800-53 high impact controls in your environment but with AWS and Trend Micro you can achieve this seemingly impossible mission, even in hybrid environments. Learn how to leverage AWS and Trend Micro security controls to retain logs, control access to systems or monitor changes and more and how to automate everything using technologies like AWS CloudFormation. Join this session and get a peek at the inner workings of the AWS & Trend Micro Quick Start Reference Deployment Guide for NIST 800-53 that can help you quickly deliver high-impact controls in an automated, repeatable fashion.

Improving Application Security With Azure

Softchoice Corporation

Application development and deployment in the traditional datacenter has been a challenge for many organizations primarily due to resource constraints. This has historically led to unfortunate compromises between functionality and security for business applications. With public cloud providers, we have seen the limitations to technical capabilities fall away; the attainable to the Fortune 500 has become available to organizations of any size. This yields some exciting new options for the development, deployment and operation of secure applications. Here you will find the presentation deck and recording of webinar.

Kabelo Sekele- Government in Transformation: Cloud Powered Security, Identity...

itnewsafrica

Ready to innovate on AWS, but want security that’s just as agile? In this webinar AWS, Barracuda Networks, and Securosis will show you leading-edge application security techniques for creating secure application environments, embedding security into continuous deployment, and scaling security to perfectly fit your operations. You will see the power of automating security on AWS with practical, hands-on examples. Harness the power of cloud and DevOps for security that leaves traditional infrastructures behind.

Outpost24 webinar - Mastering the art of multicloud security

Outpost24

Incident response in Cloud

Vandana Verma

This document discusses incident response in the cloud. It begins with an introduction to cloud basics like service and deployment models. It then contrasts traditional incident response with cloud incident response due to the dynamic nature of cloud environments. It stresses the importance of preparation, including establishing response plans with cloud providers and evaluating security controls. Specific areas of focus for preparation are also outlined, like identity management, monitoring, and backups. The document then provides best practices for containment, investigation, and recovery of cloud incidents. It concludes with recommendations on logging, automation, and resources for further information.

Shared Security in AWS

PolarSeven Pty Ltd

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al

Alert Logic

This document discusses security challenges in cloud computing. It notes that infrastructure has changed from buying hardware to using infrastructure as a service in the cloud. Security has also changed as cybercrime has become more organized and targets both large and small companies. While the cloud can be secure, it also introduces new security challenges around lack of control, increased threat surfaces, and difficulty tuning security tools. Effective cloud security requires applying the same standards as on-premises, understanding shared security responsibilities between the customer and cloud provider, and adopting a new approach tailored to the cloud. The document promotes Alert Logic as a solution that provides full-stack security monitoring, detection and protection across cloud workloads and applications.

BsidesNairobiPresentation.pptx for cloud threat intelligence presentation at...

ellan12

CSS17: Houston - Introduction to Security in the Cloud

Alert Logic

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

Whether you’re working exclusively on Azure or with multiple cloud environments, there are certain things you should consider when moving assets to the public cloud. As with any cloud deployment, security is a top priority, and moving your workloads to the Azure cloud doesn’t mean you’re not responsible for the security of your operating system, applications, and data. Building on the security of the Azure infrastructure, this shared security responsibility starts with making sure your environment is secure. In this session, we will discuss step-by-step what you need to do to secure access at the administrative, application and network layers.

(SEC203) Journey to Securing Time Inc's Move to the Cloud

Amazon Web Services

"Learn how Time Inc. met security requirements as they transitioned from their data centers to the AWS cloud. Colin Bodell, CTO from Time Inc. will start off this session by presenting Time’s objective to move away from on-premise and co-location data centers to AWS and the cost savings that has been realized with this transition. Chris Nicodemo from Time Inc. and Derek Uzzle from Alert Logic will then share lessons learned in the journey to secure dozens of high volume media websites during the migration, and how it has enhanced overall security flexibility and scalability. They will also provide a deep dive on the solutions Time has leveraged for their enterprise security best practices, and show you how they were able to execute their security strategy. Who should attend: InfoSec and IT management. Session sponsored by Alert Logic."

1. aws security and compliance wwps pre-day sao paolo - markry

Amazon Web Services LATAM

Compliance In The Cloud Using Security By Design

Amazon Web Services

This document discusses using a "Security by Design" approach on AWS to help customers modernize their technology governance and continuously comply with regulations. It describes building security into every layer, automating security operations, and using AWS services like Config, GuardDuty, and Inspector to continuously monitor for compliance. The Lunar Way case study shows how they use multiple AWS accounts, security groups, and AWS Config custom rules to meet financial regulations and continuously monitor their AWS infrastructure for compliance.

Cloud computing and Cloud security fundamentals

Viresh Suri

This document provides an overview of cloud computing fundamentals and cloud security. It defines cloud computing and describes the different cloud service models and deployment models. It discusses the benefits of cloud computing like elastic capacity and pay as you go models. It also covers some challenges of cloud like security, reliability and lack of standards. The document then focuses on cloud security, describing common security threats, key considerations like network security, access control and monitoring for public clouds. It provides examples of security services from AWS like CloudTrail, Config, Key Management and VPC.

Building a Secure and Compliant Azure Virtual Data Center

Patrick Sklodowski

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

Docker, Inc.

The document discusses a presentation about implementing zero trust networks on Docker Enterprise Kubernetes. It begins with motivations for zero trust like changes in app architectures, security threats, and deficiencies of traditional network zoning models. It then covers using Calico and Istio on Docker Enterprise to provide zero trust security with benefits like resilience against compromise and decoupling security from network location. The presentation includes a demo of a sample app and concludes with time for questions.

RightScale Webinar: Security and Compliance in the Cloud

RightScale

In this webinar we talk about how the cloud security landscape continues to evolve, then show you a demo of how enterprises are using RightScale to help them securely manage all their cloud infrastructure. Key Topics: 1. Understanding the security requirements of cloud 2. Security certifications among cloud providers 3. Managing secure & compliant cloud-enabled organizations 4. Live demo of the RightScale approach

110307 cloud security requirements gourley

GovCloud Network

This document provides a summary of core security requirements for cloud computing. It discusses the need to plan for security in cloud environments given issues like multi-tenancy, availability, confidentiality, and integrity. Specific requirements mentioned include secure access and separation of resources for multi-tenancy, assurances around availability, strong identity management, encryption of data at rest and in motion, and checks to ensure data integrity. The document emphasizes the importance of independent audits of cloud providers and having clear expectations around security requirements and notifications of any failures to meet requirements.

Aws cloud computing course

samyak IT solutions pvt ltd

AWS Cloud Security

AWS Riyadh User Group

The document provides an agenda for an AWS Security User Group meeting in Riyadh on May 1, 2019. The agenda includes discussions on cloud security, security terminology, cloud security threats, best practices for cloud security, AWS security services, identity and access management, and security of infrastructure. It also provides overviews and descriptions of AWS products and services related to security such as IAM, Inspector, Key Management Service, Macie, Organizations, Shield, Secrets Manager, SSO, WAF, and more.

Rik Ferguson

CloudExpoEurope

System Security on Cloud

Tu Pham

System Security on Cloud The document discusses system security when using cloud computing. It begins by describing the speaker's current big data system of over 10,000 users across 4 countries with over 1 billion user profiles and data ingested daily. It then discusses how infrastructure has changed from buying hardware to infrastructure as a service. Security has also changed, with cybercrime flourishing using organized groups. The rest of the document provides best practices for cloud security, such as understanding shared responsibilities and knowing your adversaries. It also promotes the services of Alert Logic for protecting cloud workloads and applications.

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers: * What is Vector Search? * Importance and benefits of vector search * Practical use cases across various industries * Step-by-step implementation guide * Live demos with code snippets * Enhancing LLM capabilities with vector search * Best practices and optimization strategies Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications. #MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

Similar to DevSecOps AWS.pptx for AWS Summit Johannesburg 2023

Barracuda, AWS & Securosis: Application Security for the Cloud

Amazon Web Services

Outpost24 webinar - Mastering the art of multicloud security

Outpost24

Incident response in Cloud

Vandana Verma

Shared Security in AWS

PolarSeven Pty Ltd

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al

Alert Logic

BsidesNairobiPresentation.pptx for cloud threat intelligence presentation at...

ellan12

CSS17: Houston - Introduction to Security in the Cloud

Alert Logic

Azure 101: Shared responsibility in the Azure Cloud

Paulo Renato

(SEC203) Journey to Securing Time Inc's Move to the Cloud

Amazon Web Services

1. aws security and compliance wwps pre-day sao paolo - markry

Amazon Web Services LATAM

Compliance In The Cloud Using Security By Design

Amazon Web Services

Cloud computing and Cloud security fundamentals

Viresh Suri

Building a Secure and Compliant Azure Virtual Data Center

Patrick Sklodowski

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

Docker, Inc.

RightScale Webinar: Security and Compliance in the Cloud

RightScale

110307 cloud security requirements gourley

GovCloud Network

Aws cloud computing course

samyak IT solutions pvt ltd

AWS Cloud Security

AWS Riyadh User Group

Rik Ferguson

CloudExpoEurope

System Security on Cloud

Tu Pham

Similar to DevSecOps AWS.pptx for AWS Summit Johannesburg 2023 (20)

Barracuda, AWS & Securosis: Application Security for the Cloud

Outpost24 webinar - Mastering the art of multicloud security

Incident response in Cloud

Shared Security in AWS

Css sf azure_8-9-17-intro to security in the cloud_mark brooks_al

BsidesNairobiPresentation.pptx for cloud threat intelligence presentation at...

CSS17: Houston - Introduction to Security in the Cloud

Azure 101: Shared responsibility in the Azure Cloud

(SEC203) Journey to Securing Time Inc's Move to the Cloud

1. aws security and compliance wwps pre-day sao paolo - markry

Compliance In The Cloud Using Security By Design

Cloud computing and Cloud security fundamentals

Building a Secure and Compliant Azure Virtual Data Center

DCSF 19 Zero Trust Networks Come to Enterprise Kubernetes

RightScale Webinar: Security and Compliance in the Cloud

110307 cloud security requirements gourley

Aws cloud computing course

AWS Cloud Security

Rik Ferguson

System Security on Cloud

Recently uploaded

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Malak Abu Hammad

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

shyamraj55

CAKE: Sharing Slices of Confidential Data on Blockchain

Claudio Di Ciccio

Presented at the CAiSE 2024 Forum, Intelligent Information Systems, June 6th, Limassol, Cyprus. Synopsis: Cooperative information systems typically involve various entities in a collaborative process within a distributed environment. Blockchain technology offers a mechanism for automating such processes, even when only partial trust exists among participants. The data stored on the blockchain is replicated across all nodes in the network, ensuring accessibility to all participants. While this aspect facilitates traceability, integrity, and persistence, it poses challenges for adopting public blockchains in enterprise settings due to confidentiality issues. In this paper, we present a software tool named Control Access via Key Encryption (CAKE), designed to ensure data confidentiality in scenarios involving public blockchains. After outlining its core components and functionalities, we showcase the application of CAKE in the context of a real-world cyber-security project within the logistics domain. Paper: https://doi.org/10.1007/978-3-031-61000-4_16

Infrastructure Challenges in Scaling RAG with Custom AI models

Zilliz

Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.

20240605 QFM017 Machine Intelligence Reading List May 2024

Matthew Sinclair

GenAI Pilot Implementation in the organizations

kumardaparthi1024

How to use Firebase Data Connect For Flutter

Daiki Mogmet Ito

AI 101: An Introduction to the Basics and Impact of Artificial Intelligence

IndexBug

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf

Techgropse Pvt.Ltd.

In this blog post, we'll delve into the intersection of AI and app development in Saudi Arabia, focusing on the food delivery sector. We'll explore how AI is revolutionizing the way Saudi consumers order food, how restaurants manage their operations, and how delivery partners navigate the bustling streets of cities like Riyadh, Jeddah, and Dammam. Through real-world case studies, we'll showcase how leading Saudi food delivery apps are leveraging AI to redefine convenience, personalization, and efficiency.

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

Mariano G Tinti - Decoding SpaceX

Mariano Tinti

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

Fueling AI with Great Data with Airbyte Webinar

Zilliz

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

20240609 QFM020 Irresponsible AI Reading List May 2024

Matthew Sinclair

Recently uploaded (20)

Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf

Climate Impact of Software Testing at Nordic Testing Days

Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack

CAKE: Sharing Slices of Confidential Data on Blockchain

Infrastructure Challenges in Scaling RAG with Custom AI models

20240605 QFM017 Machine Intelligence Reading List May 2024

GenAI Pilot Implementation in the organizations

How to use Firebase Data Connect For Flutter

AI 101: An Introduction to the Basics and Impact of Artificial Intelligence

Video Streaming: Then, Now, and in the Future

AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf

How to Get CNIC Information System with Paksim Ga.pptx

20240607 QFM018 Elixir Reading List May 2024

Full-RAG: A modern architecture for hyper-personalization

Mariano G Tinti - Decoding SpaceX

Essentials of Automations: The Art of Triggers and Actions in FME

Programming Foundation Models with DSPy - Meetup Slides

Fueling AI with Great Data with Airbyte Webinar

Presentation of the OECD Artificial Intelligence Review of Germany

20240609 QFM020 Irresponsible AI Reading List May 2024

DevSecOps AWS.pptx for AWS Summit Johannesburg 2023

1. SECURING YOUR AWS FORTRESS STRATEGIES FOR SECURE IDENTITY,DATA AND INFRASTRUCTURE By Ellan G This Photo by Unknown author is licensed under CC BY-SA.

2. AWS SUMMIT JOHANNESBURG AGENDA • IMPORTANCE OF SECURITY STRATEGIES • GROWING THREAT LANDSCAPE IN CLOUD • IDENTITY STRATEGY • DATA SECURITY STRATEGY • INFRASTRUCTURE STRATEGY • SDLC STRATEGY • TAKEAWAYS • THANKS & Q/A

3. Speaker Profile Ellan Wambugu I am a DevOps engineer with experience across AWS,GCP and Azure. A cybersecurity professional specializing in Multi-Cloud Red Teaming . A developer working mostly with Python and Golang REST APIs. A stressed Man Utd fan

4. Importance Of Security Strategies 2023 cloud security statistics from RESMO

5. Cloud Threat Landscape: The Sneaky World Of Software Supply Chain Attacks • Supply Chain Attacks defined • The Growing Frequency • Consequences & Lessons from the Attacks • Increasing Threat Landscape & Attack Vectors • Regulatory & Compliance Implications • Need for Proactive Defense

6. • Authentication is the process of confirming the identity of the principal trying to access an AWS product. • Authorization: The identity has to be configured on what permissions they have under identity • Account for the permissions one is given by using tools such as IAM access analyzer SECURING YOUR IDENTITY IN AWS

7. Locking The Front Door: AWS Identity Best Practices • Federate Human users using temporary credentials • MFA all Accounts • Rotate Keys Regularly For long term use cases • Use Access Analyzer to Implement Accountability to different Principles • IAM Cross Account Guard Rails • Regularly Review Your Roles and Principles Use Cases

8. Guarding Your Data Fortress: AWS Data Security • Proactive Security Response • Encryption (at rest & in transit) is a necessary evil • Access Controls (user & resource level) • Data Backups (security breach resilience) • Monitoring (threat detection) • Data Protection & Compliance

9. Data Security Checklist: Check It Twice • Data Classification – • is it public? internal? Confidential? Tagged? • Data Encryption & Key Management • Access Auditing • Data Masking & Anonymization • Retention and Disposal

10. Building Fort Knox: AWS Infrastructure Security • Paramount to Implement Defense in Depth Principles • Working With Zero Trust Architecture Mindset • Proactive rather than Reactive Cybersecurity Culture • Security Events can quickly escalate into disasters

11. Cure or Chaos: DevSecOps in SDLC • Importance of a Secure SDLC • DevSecOps as a Solution • Integrated Security Testing • Continuous Monitoring & Threat Detection • Vulnerability Scanning & Patching • Container Security • Challenges On Adoption

12. The Road To Security Stardom: AWS Security Maturity RoadMap • With the growing complexity of cloud environments, ensuring the security of your AWS infrastructure has become more critical than ever. Developing a robust security roadmap is essential to safeguard your data and protect against potential threats

13. FOUNDATIONAL MAKE AN INVENTORY OF YOUR AWS ENVIRONMENT ANALYZE YOUR DATA SECURITY POSTURE TEST YOUR SECURITY ASSURANCE & COMPLIANCE ESTABLISH A SOLID SECURITY BASELINE

14. INTEGRATION • ESTABLISH INCIDENT RESPONSE PROTOCOLS • INTEGRATE DETECTION AND MONITORING SYSTEMS • IMPLEMENT REGULAR VULNERABILITY ASSESSMENTS • PRIVILEDGE REVIEW • CULTURE OF SECURITY AWARENESS

15. AUTOMATION INTEGRATE SIEM & SOAR TOOLS LEVERAGE AWS NATIVE SECURITY SERVICES AUTOMATE DEVIATION CORRECTION AUTOMATE CRITICAL & MOST RUN PLAYBOOK SECURITY CHAMPIONS IN DEVELOPMENT TEAMS

16. OPTIMIZE STAY UPDATED ON EMERGING THREATS & BEST PRACTICES THREAT INTELLIGENCE & THREAT HUNTING REDUCE YOUR BLAST RADIUS

17. DEMO: DEVSECOPS PIPELINE IN AWS

18. Thanks / Q&A Thanks for making time to listen -Ellan

DevSecOps AWS.pptx for AWS Summit Johannesburg 2023

Recommended

Recommended

More Related Content

Similar to DevSecOps AWS.pptx for AWS Summit Johannesburg 2023

Similar to DevSecOps AWS.pptx for AWS Summit Johannesburg 2023 (20)

Recently uploaded

Recently uploaded (20)

DevSecOps AWS.pptx for AWS Summit Johannesburg 2023