The Executive Security Simulation takes senior security management and IT/business executive teams through an experiential exercise that illuminates key decision points for a successful and secure cloud journey. During this team-based, game-like competitive simulation, participants leverage an industry case study to make strategic security, risk, and compliance time-based decisions and investments. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. Join this workshop to gain an understanding of the major success factors to lead security, risk, and compliance in the cloud, and learn applicable decision and investment approaches to specific secure cloud adoption journeys. AWS facilitators translate lessons learned in the simulation into real-life examples and practical advice for your team.

2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Executive Security
Simulation
Gili Lev
Cloud Executive Security Advisor
AWS Professional Services
Security, Risk and Compliance
W P S 2 0 6

3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
Start End Session
11:30 11:40 Welcome: Opening note, key principles
11:40 12:40 Simulation round one
12:40 12:45 Simulation one debrief
12:45 1:30 Simulation round two
1:30 1:35 Simulation two debrief
1:35 1:45 Secure journey key points, epics program

4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Cloud Adoption Framework (AWS CAF)
The AWS CAF helps organizations understand how cloud adoption
transforms the way they work by identifying the stakeholders that are
critical to cloud adoption and grouping them into six perspectives

5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CAF Security Perspective
Security Perspective
Directive
Preventative Detective
Responsive

6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Enterprise stages of AWS adoption
Project
Foundation
Migration
Reinvention
Discovery
Targeted
At scale
CLIENTVALUE
CLOUD ADOPTION OVER TIME

7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS stages of cloud adoption
CUSTOMER CLOUD CENTER OF EXCELLENCE (CCOE)
PROJECT FOUNDATION
MIGRATION
REINVENTION
INNOVATION RETIRE TECH
DEBT
Value
Time
AWS CLOUD ADOPTION FRAMEWORK
DISCOVERY

8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Experience what it takes to lead a secure cloud
journey for your organization
A competitive, immersive experience
The AWS Executive Security Simulation is an engaging exercise
that illuminates keys to success for enabling a secure cloud
journey for your organization
For security leaders driving major change
The simulation is best delivered in person to participants leading a
secure cloud journey, including the CISO, senior security
management, and other CXOs
Impactful lessons and experience
Participants will walk away with an understanding of the major
success factors to delivering security in the cloud

9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What to expect from the session
UNDERSTANDING REAL CUSTOMER EXPERIENCES – You will be reviewing the case study and
experience scenarios and their impacts to accomplish a secure cloud migration
EXPERIENTIAL WORKSHOP –Based on real experience and observation, you will be actively
participating with table teammates
LEADERSHIP DECISION MAKERS – You and your table teammatesare an IT Security
Leadership Team
A COMPETITION – You will be competing against the other tables
GOAL – Progress your organization through the stages of adoption in a secure and compliant
manner. Understand the key success factors for a secure cloud journey
LEADERSHIP DECISION MAKERS – You and your table teammates are an IT Security
Leadership Team

10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Striking a balance
RealitySimplicity

11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
1
2
3
4
5

12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Participant guide

13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Event, option, and consequence cards

14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
What did I learn in round one that
I will take back to my company?
Round one debrief

16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Round two debrief
What are my lessons learned from today’s
journey?

18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Round two debrief
Select three strategic initiatives that require the most attention in my organization, and I
will put into practice

19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS pace of innovation
AWS has been continually expanding its services to
support virtually any cloud workload, and it now
has more than 90 services that range from
compute, storage, networking, database, analytics,
application services, deployment, management,
developer, mobile, Internet of Things (IoT), Artificial
Intelligence (AI), security, hybrid and enterprise
applications. AWS has launched a total of total of
4,343 new features and/or services since inception
in 2006.
2011
82
722
1,430
280
2013 2015 2017

20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Team
Operations
Application security
Engineering
Aligned for agility

21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security ownership as part of DNA
Distributed Embedded
• Promotes culture of “everyone is an owner” for security
• Makes security a stakeholder in business success
• Enables easier and smoother communication

22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AND
Move fast
Stay secure

23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Security is a shared responsibility
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge locations
Client-side
data encryption
Server-side
data encryption
Network traffic
protection
Platform, applications, identity and access management
Operating system, network, and firewall configuration
Customer content
AWS is responsible
for the security OF
the cloud
Customers are
responsible for their
security
and compliance IN
the cloud

25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Infrastructure services
Customer content
Platform and application management
Operating system, network, and firewall configuration
Client-side data
encryption and data
integrity authentication
Network traffic
protection encryption/
integrity/identity
Server-side encryption
file system and/or data
Optional—Opaque data: 0’s and 1’s (in transit/at rest)
CustomerIAM
AWS
endpoints
AWSIAM
NetworkingDatabasesStorageCompute
Edge
locations
Availability
Zones
Regions
AWS Global
Infrastructure
Foundation
Services
Managed by
customers
Managed by
AWS

26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Container services
Client-side data encryption and
data integrity authentication
Network traffic protection
encryption/integrity/identity
Optional—Opaque data: 0’s and 1’s (in transit/at rest)
Customer
IAMAWSIAM
NetworkingDatabasesStorageCompute
Edge
locations
Availability
Zones
RegionsAWS Global
Infrastructure
Foundation
Services
Managed by
customers
Managed by
AWS
Platform and application management
Firewall
configuration
Operating system and network configuration
Customer content
AWS
endpoints

27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Abstracted services
Client-side data encryption and
data integrity authentication
AWSIAM
NetworkingDatabasesStorageCompute
Edge
locations
Availability
Zones
Regions
AWS Global
Infrastructure
Foundation
Services
Managed by
customers
Optional—Opaque data:
0’s and 1’s (in transit/at rest)
Data protection provided by the platform
for data at rest
Network traffic protection provided by
the platform protection of data in transit
Platform and application management
Operating system, network, and firewall configuration
Customer content
AWS
endpoints
Managed by
AWS

28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Epics
Frequent iteration via sprints lead to increased maturity while retaining
flexibility to adapt to business pace and demand

30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Epics
Frequent iteration via sprints lead to increased maturity while retaining
flexibility to adapt to business pace and demand
First sprint example
Define the account structure and implement
the core set of best practices

31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Epics
Frequent iteration via sprints lead to increased maturity while retaining
flexibility to adapt to business pace and demand
First sprint example
Define the account structure and implement
the core set of best practices
Second sprint example
Implement federation

32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Security Epics
Frequent iteration via sprints lead to increased maturity while retaining
flexibility to adapt to business pace and demand
First sprint example
Define the account structure and implement
the core set of best practices
Second sprint example
Implement federation
Third sprint example
Expand account management to cater
to multiple accounts

33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS CAF Security Perspective
Increase agility and ability to perform actions faster, at a larger scale while validating information security
principles and ensuring your environment maintains strong security footing
CORE 5
• IAM
• Detective controls
• Infs. security
• Data protection
• Incident response

34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Getting to cloud is a journey.
Your journey will be unique.

35. Thank you!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Gili Lev
Cloud Executive Security Advisor
gililev@amazon.com

36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.