SlideShare a Scribd company logo

(GEN117) AWS Compliance Summit

Amazon Web Services
Amazon Web Services

Want to learn more about Compliance in the Cloud? Attend the AWS Compliance Summit, where key verticals such as Financial Services, Government and Public Sector, and Healthcare and Life Sciences will be discussed, along with customer use cases and prescriptive guidance from AWS subject matter experts.

Technology
1 of 118
Download to read offline
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance Summit October 6, 2015 Financial Industry Regulatory Authority
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS in Healthcare and Life Sciences
Chad Woolf Director of Risk and Compliance
Peter Spellman Chief Technical Office & Co-Founder
The world’s largest track and trace network for connecting the life sciences supply chain and eliminating counterfeit prescription drugs from the global marketplace. AWS Services We Use Accomplishments in AWS Regulated Workloads 1. Network-driven regulated workloads 195,000+ network entities generating tens of millions of messages resulting in billions of transactions 2. Serialized operations in production at massive scale for global compliance 3. Automated IQ, OQ, crowd-sourced PQ (moving to automated) EC2 RDS Elasticache CloudWatch CloudTrail Trusted Advisor SQS SNS S3 DynamoDB Route 53 CloudFormation IAM Kinesis CloudSearch Redshift Data Translation Distributed Network Tenancy Pharma Companies Wholesale Distributors Dispensers Repackagers 3PLs CMOs/CPOs Business Collaboration B2B Relationship Platforms
Questions? Peter@Tracelink.com
Dan Dziadiw Director of IT Compliance & Risk Management
We are committed to improving health and well-being around the world. From developing new therapies that treat and prevent disease to helping people in need, we are guided by a rich legacy and inspired by a shared vision. AWS Services We Use 250+ Applications supported by AWS Infrastructure 1000+ EC2 Instances 617TB of S3 Storage 2TB of EBS Storage across our Merck VPCs in 3 AWS regions (US, Ireland, Singapore) Accomplishments in AWS Regulated Workloads How Did We Do It? By Integrating ‘Cloud’ into: • SDLC & Cloud Guidance • Security Controls and Design • Info Risk, Privacy & Data Mgmt • Supplier Mgmt Considerations 1. Regulated R&D Application running on AWS 2. Qualified AWS Infrastructure per our SDLC Policies
Bruce Kratz Vice President of Research and Development
Quality Professional s • Independent Software Vendor • Leader in Enterprise Quality Management Solutions • Serving Highly Regulated Industries • Driving Control, Compliance & Product Safety Top 35 Pharma Companies Top 13 out of 15 Medical Device Companies 700 Implementations Over 650,000 Users Over 30 Countries Across the World More Than
Partner Eco-System CMO CRO CMOCRO Quality Management System Quality Management System Quality Management System
CMOCRO Quality Management System Quality Management System The Quality Network CMO Quality Management System <QDX> QUALITY DATA EXCHANGE
The Quality Network CMO Quality Management System <QDX> QUALITY DATA EXCHANGE
Why AWS • AWS Focus on Life Sciences • Proven Compliant Validated Workloads • Better Understanding of Virtualization by the Audit Community • Life Sciences Cooperation re: how to respond to FDA requests • Long History of Innovation EC2 S3 VPC KMS / IAM CloudWatch CloudTrail RDS Glacier Route 53 CloudFormation Config AutoScaling AWS Services Industry Factors • Faster Time to Market • Constant Innovation • World-Wide Scalability • Cost Advantages Business Advantages
Bruce Kratz VP Research & Development bruce.kratz@spartasystems.com Ivan Latanision VP Product Management & Strategy Ivan.latanision@spartasystems.com We Help Protect Millions of Lives Everyday
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chris Whalley Compliance Program Manager October 6, 2015 Using AWS in HCLS Systems Healthcare and Life Sciences
What to Expect from the Session Session for executives, quality & security assurance managers, and other stakeholders. Focus on using AWS cloud products. Lessons learned from organizations who are already using AWS in HCLS systems.
How is Compliance in AWS Different? Traditional AWS Infrastructure Devices Hardware Code Delivery Processes Manual Automated Software Architecture Embedded Distributed Access Controls and Logging Disparate Harmonized System Updates Larger & Infrequent Smaller & Continuous Monitoring in Production Periodic Polls of Selected Samples Real-Time Alarms on Full Population
Considerations Using AWS in HCLS Systems Purchasing Controls Organization and Personnel Design Controls Validation Production Environment Controls Records and Reports Auditing
Traditional P.O. Purchasing 1. Specify Server Requirements 2. Source server & OS 3. Submit request to Purchasing 4. Submit P.O. to vendor 5. Receive server shipment 6. Install server & OS 7. Configure OS 8. Qualify server & OS 9. Pay Invoice and depreciate asset as CapEx Purchasing Controls Purchasing in AWS 1. Specify Server Requirements 2. Select matching EC2 Instance Type & BYO qualified OS image 3. Launch Instance with your qualified image with automatic logging 4. Pay for what you use as OpEx PROMPT> ec2-run-instances ami-978d91fe -k my-key-pair --instance-type t2.micro < 5 minutes > 2 weeks
Organization and Personnel Awareness Training Training per se Employee Qualification Online Documentation Self-paced Labs Foundational Courses Role-based Courses Associate and Professional Certifications Update job descriptions and training plans for cloud skills. Developers DBAs Network & Security Engineers Business Analysts Auditors QA/RA Managers
Design Controls HCLSOperations Elastic Load Balancing Availability Zone B Availability Zone A HCLS System End User DB Server Web Server App Server Define User Requirements Define System SLA Define App Requirements Define Data Requirements Select AZs for Availability SLA Architect Ability to Fail Over for SLA Architect Data + Replication Match App to EC2 Instance Type HCLS System Engineer
Validation Hardware Era Cloud EraVirtualization Era Protocol-Driven Manual Activities Procedure-Driven Manual Activities Code-Driven Automated Activities
Production Environment Controls Automate deployment to production with tools like AWS CodePipeline. Establish and monitor control parameters programmatically using Amazon CloudWatch alarms. Record and justify deviations from automated processes. Create end user SLAs and support channels, then feed their requests into engineering. HCLS end usersHCLS engineers
Records and Reports Logs in CloudTrail and CloudWatch CloudFormation Templates and custom code Application validation records Virtual infrastructure qualification records HCLS end user account info & training records HCLS engineer account info & training records AWS technical support cases • Automated Logging vs • Manual CreationGenerate • Review • Analyze • Act, Present, or Submit Use • Keep originals or true copies • Define retention schedule & locations • Ensure protection & retrievability Retain • Record destruction authorizationDispose
Auditing Review your… AWS account credentials IAM users IAM groups IAM roles IAM providers for SAML and OpenID Connect Mobile apps Amazon EC2 security configurations Resource-based policies in other services like S3 Monitor activity in your AWS account Training records
In Summary Infrastructure as Code is fundamentally transforming HCLS IT compliance Automation and shorter change cycles require rethinking traditional SDLCs Cloud skills are the new job skills qualifications HCLS organizations are achieving more control with less effort than ever before
Upcoming Sessions This Week ARC305 - Self-service Cloud Services: How J&J Is Managing AWS at Scale for Enterprise Workloads ARC311 – Decoding the Genetic Blueprint of Life on a Cloud Connected Ecosystem, ThermoFisher BDT316 – Offloading ETL to Amazon EMR, Amgen SEC304 - Architecting for HIPAA Compliance on AWS, Emdeon SEC310 - Splitting the Check on Compliance and Security: Keeping Developers and Auditors Happy in the Cloud SEC312 - Reliable Design and Deployment of Security and Compliance SEC313 – Security and Compliance at Petabyte Scale: Lessons from the National Cancer Institute's Cancer Genomics Cloud Pilot
Helpful Resources Compliance Enablers: https://aws.amazon.com/compliance/compliance-enablers/ Risk & Compliance Whitepaper: https://aws.amazon.com/whitepapers/overview-of-risk-and-compliance/ Compliance Center Website: https://aws.amazon.com/compliance Security Center: https://aws.amazon.com/security Security Blog: https://blogs.aws.amazon.com/security/ AWS Audit Training: awsaudittraining@amazon.com AWS Loft New York: Audit Days Security By Design: https://aws.amazon.com/compliance/security-by-design
Thank you!
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. October 6, 2015 Using AWS in Financial Services
Chad Woolf Director of Risk and Compliance
Tony Spinelli Senior Vice President, Chief Information Officer
. Largest direct bank 4th largest credit card issuer in the U.S.: • $310.5 billion in assets • $209.7 billion in loans • $208.8 billion in deposits • 65+ million accounts • 46,000+ associates • A FORTUNE 500 Company - #124 • Experimentation: e.g. mobile pilots, hackathons • Development & Test: e.g. online banking, stream data processing • Production: e.g. mobile banking app, core banking platform Accomplishments in AWS Regulated Workloads AWS Services We Use • Compute: EC2, ELB, • Storage: EBS, S3 • Database: RDS • Network: VPC, DirectConnect, Route53 • Admin & Security: IAM, CloudTrail, CloudWatch, Config, CloudHSM, KMS • Deployment & Management: CloudFormation • Application & Mobile: SQS, SNS How Did We Do It? • Due diligence service-based assessment • Governance model and standards playbook • Security by design for workloads, including in-house and third party developed tools
Daniel Schaefer DevOps Team Lead
We provide faster payment connections to financial institutions We provide features and controls to businesses that make the payments system easier Accomplishments in AWS Regulated Workloads 1. Strong Authentication (MFA) 2. Identity Access Management 3. Segmentation/isolation of resources IAM - Users, Access Policies EC2, ECS - Scalability, Auto recovery S3, RDS, ElastiCache - Storage, Caching, Search Redshift, EMR - Big Data, Data Warehouse, Reporting VPC, Route 53 - Isolation, Firewall, Subnets CloudFormation - Automation How Did We Do It? ● Infrastructure as code - changes have clear audit trail ● Iterative approach to infrastructure - Evolved over time, kept up to date with leading practices. ● Defined mapping of integrated compliance requirements ● Avoid theater - Evaluate the security/compliance goal and develop a process that accomplishes goal while allowing for rapid and easy development. AWS Services We Use
Miles Wellesley Head of Business Development
Our mission is to democratize access to the financial markets and inspire a new generation of investors. OUR MISSION
Robinhood is the first financial services firm to win an Apple Design Award.
SNS Auto Scaling Direct Connect EC2 IAM Lambda Elasticache EBS S3 ELB VPC RDS Data Pipeline Redshift Route 53 CloudWatch
Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3) Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3) Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3)] Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3)] Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
THANK YOU
Nicki Sonpar Director of Data Platforms
About Intake Ecosystem As part of its regulatory mission, FINRA requests and receives information from broker-dealers In addition to Market Big Data, millions of documents submitted each year - documents can be up to 100’s of gigabytes Customers are uploading more and larger documents – 20% YoY submission growth All document uploads must be auditable in case of litigation
Requirements Centralize all document intake into Unified Data Catalog leveraged by FINRA users and applications Leverage proven cloud-based services such as storage, security and network infrastructure to deliver business functionality FINRA must manage and control encryption in transit and at rest Maintain focus on FINRA’s key mission of analyzing data while minimizing operational overhead
Approach Build a large file service which uses S3, KMS, and IAM policies to ensure compliance with FINRA policies Firms directly submit data to AWS with temporary write-only access to a fixed location Data is always encrypted, in transit and final destination Leveraged FINRA’s Data Manager which provides a Unified Data Catalog and usage tracking on top of AWS Storage Large File Service Large File Service
Lessons Learned Refine and review architecture with your Security Team and AWS SME’s Gigabyte uploads require security token refresh during the upload process KMS keys are not replicated across regions, therefore a duplicate object in another region requires re-encryption – this is on AWS’ roadmap! Partner with your AWS Pro Serv and internal product teams to build your service layer
Future Migrate all documents which are less than 5 years old to S3 and Glacier Unified Data Catalog gives us new opportunities to apply data mining, machine learning and pattern-recognition across all documents Move all existing Data Intake platforms and applications to the cloud
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jodi Scrofani Global Financial Services Compliance Strategist October 6, 2015 Strengthening Your GRC Financial Services
What to Expect from the Session - AWS services and tools gives financial services customers transparency into AWS services and security configurations. - AWS services and tools offer financial services customers ease of audibility and streamline compliance requirements.
Risk Measures Critical to Moving to the Cloud (Direct Customer Feedback) GLBA National Regulations PCI-DSS Corporate Governance Data Protection Basel 3
No published guidance Third-Party Relationships: Risk Management (2013) Initial cybersecurity guidelines (2014) Technology-related risk management considerations – (2003/2012) U.S. Regulatory Guidelines that Apply to the Cloud
Simplifying Compliance Enabling Evidencing and Transparency AWS Trusted Advisor AWS IAM AWS Config Workbooks Training
The Next Big Thing in GRC 1. The right Security By Design tech - AWS 2. SbD Whitepaper 3. AWS GoldBase 4. FFIEC & OCIE Audit Guides 5. IT Auditor Days & Training Courses AWS CloudTrailAWS CloudHSM AWS IAM AWS KMS AWS Config
FFIEC & SEC Audit GuidesNew
The Next Big Thing in GRC 1. The right Security By Design tech - AWS 2. SbD Whitepaper 3. AWS GoldBase 4. FFIEC & OCIE Audit Guides 5. IT Auditor Days & Training Courses AWS CloudTrailAWS CloudHSM AWS IAM AWS KMS AWS Config
IT Auditor Days Customer June 3, 2015 “I appreciated the firsthand view of the controls (access management, logging/auditing) available for governance. The training would not only be helpful for technology, but for risk/compliance and internal audit teams as well.” Coming soon to San Francisco, London, and Berlin RegulatorsNew IT AUDITOR DAY FOR U.S. FINANCIAL SERVICES REGULATORS Thursday, December 3, 2015 AWS Loft | 350 West Broadway | New York, NY 10005 Amazon Web Services (AWS) offers a number oftools that allow customers transparencyand ease of auditabilityof their AWS environment.AWS also recognizes thatthe regulatorycommunityis critical to the auditing process ofits customers. That is why we are offering a free invitation-only seminar to U.S. financial services regulators that includes an introduction to and auditing of AWS's services.This hands -on training will introduce AWS services and apply practical exercises to demonstrate how AWS can enable customers to implement industrybestpractices for security and fulfill auditobjectives related to Organizational Governance, AssetConfiguration,Logical Access Controls,Operating Systems,Databases and Applications Security Configurations. By the end of the day, you will understand how customers are using AWS and the technical control features of AWS that can demonstrate a repeatable,reportable,and auditable architecture,and the evidence supplied to demonstrate it. WORKSHOP DETAILS WHEN: Thursday, December 3,2015 TIME: 10:30 AM TO 5:00 PM (EST) WHERE: AWS Loft, 350 West Broadway, New York, NY 10013 TO RSVP: Click here WHO SHOULD ATTEND U.S. financial services regulators who are responsible for auditing financial services organizations who are AWS customers. This is a closed event for U.S. Financial Services Regulators Only: the Federal Reserve, the Federal Reserve of New York, the Securities Exchange Commission, the Office of the Comptroller of the Currency, the U.S. Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Consumer Financial Protection Bureau, the National Credit Union Administration, and the National Association of Insurance Commissioners. PREREQUISITES We recommend,butdo not require,that attendees ofthis cours e have some familiaritywith general December 3, 2015
Related Sessions • SEC 312 - Reliable Design and Deployment of Security and Compliance (1:30 p.m. Wednesday/Delfino 4005) • SEC 302 - IAM Best Practices to Live By (1:30 p.m. Wednesday – see the replay) • SEC 324 –Security Insights into Your Application Deployments (5:30 p.m. Wednesday) • SEC305 - How to Become a Policy Ninja in 60 Minutes or Less (11:00 p.m. Thursday) • SEC314 - Full Configuration Visibility and Control with AWS Config (5:30 p.m. Thursday/Palazzo K)
Helpful Resources Compliance Enablers: https://aws.amazon.com/compliance/compliance-enablers/ Risk & Compliance Whitepaper: https://aws.amazon.com/whitepapers/overview-of-risk-and-compliance/ Compliance Center Website: https://aws.amazon.com/compliance Security Center: https://aws.amazon.com/security Security Blog: https://blogs.aws.amazon.com/security/ AWS Audit Training: awsaudittraining@amazon.com AWS Loft New York: Audit Days Security By Design: https://aws.amazon.com/compliance/security-by-design
Thank you!
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS in Public Sector
Chad Woolf Director of Risk and Compliance
Justin Ewald IT Architecture / Infrastructure Manager
City of Houston, Public Works & Engineering AWS Services We Use Accomplishments in AWS Regulated Workloads 1. Utility billing system for 500,000 customers and $1.2 billion in annual revenue. 2. Collect and store 3.7 billion water meter reads annually. 3. Advanced analytics provide early leak detection, conserving water. 4. AWS PCI Compliance ensures that a system of this magnitude is secure. 5. Additional initiatives moved to AWS: ReBuild Houston, Electronic Plan Review. • Amazon EC2 • Amazon VPC • Amazon Access Control
Albert "Scotty" Ellis, CISSP Assistant Director, Center for Collaborative and Interactive Technologies
GIVING LIFE TO POSSIBLE EC2 VPC IAM CloudTrail CloudWatch Glacier Accomplishments in AWS Regulated Workloads How Did We Do It? An interlocking combination of the services and personnel training. Making distinct compliance levels our infrastructure as per our various site/application requirements. AWS Services We Use 1. Better security. Better functionality. A win-win. 2. Easier planning, better cost control, more automation. 3. Faster feature development. EBS AWS CLI SES SNS RDS Route 53
Albert "Scotty" Ellis, CISSP Assistant Director, Center for Collaborative and Interactive Technologies Baylor College of Medicine Email: alellis@bcm.edu
Noah Kunin Infrastructure Director Rajat Ravinder Varuni Information Systems Security Officer
Bureaucracy hacking our way to the cloud
Let's ship it!
Or not.
This isn't rocket science
Is the launch checklist working?
The U.S. Government's Digital Launch Checklist
Records Management Records Schedule Privacy Act Paperwork Reduction Act Section 508 and Accessibility Standards Federal Acquisition Regulation Anti-deficiency Act Economy Act E-Government Act Computer Matching Act National Cyber Protection System Guidance for Agency Use of Third-Party Websites and Applications Social Media and Web-Based Interactive Technologies Office of Management Budget Circular A-130 Appendix 3 Federal Information Security and Management Act Federal Information Processing Standard (FIPS) 199 Federal Information Processing Standard (FIPS) 200 Federal Information Processing Standard (FIPS) 140-2 Special Publication 800-37 Special Publication 800-53 Revision 4 Special Publication 800-60 Volume 1 Special Publication 800-60 Volume 2
Special Publication 800-18 Special Publication 800-137 Special Publication 800-171 Special Publication 800-133 Special Publication 800-95 EINSTEIN Compliance FedRAMP OMB Guidance on third party websites and applications OMB Memo M-14-04 OMB Memo M-15-01 Trusted Internet Connection 2.o Reference Architecture Pages in total: 4006
My friend, you can clearly see the intention of FIPS 140-2 Annex A was to deprecate SHA-1 on the lunar new year...
How long is this going to take?
6 - 14 months to ship
Speed is the new security.
Rajat Ravinder Varuni Information Systems Security Officer
Lessons Learned
Information Systems can be TIC complaint by leveraging native AWS services.
AWS Config TIC Operations: ✓ Inventories ✓ Ownership and awareness ✓ Configuration + change mgmt
AWS VPC TIC Services: ✓ Framework for packet filtering ✓ Ensures network segmentation ✓ Feeds monitoring engine
What's next?
More alerts
"Game day" planning
Visualize the data
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jenn Gray October 6, 2015 Using AWS to Enforce TIC AWS/18F FedRAMP-TIC Overlay Pilot
What to Expect from the Session • What is the AWS/FedRAMP –TIC Overlay Pilot? • What can I use to build my TIC overlay assessment using AWS? • How can I audit and capture flow logs to ease satisfying more than one TIC Capability? • How can I automate enforcing TIC Capabilities using AWS?
What is the Trusted Internet Connection (TIC)? As outlined by OMB Memorandum M-08-05 • Optimize and standardize • Reduce & consolidate • Enhanced monitoring and situational awareness of external network connections.
Proposed Draft FedRAMP – TIC Overlay
Use AWS/TIC Overlay Shared Responsibility Matrix 72 60 55 43 12 0 10 20 30 40 50 60 70 80 Total AWS Shared Responsibility for TIC Capabilities TIC Capabilities Met by AWS FedRAMP ATO Adjusted Shared Customer
Use AWS/TIC Overlay Test Plans
Use VPC flow logs and other AWS audit sources to ease satisfying more than one TIC Capability with a single configuration change AWS CloudTrailAmazon CloudWatch AWS VPC Amazon S3AWS Elastic Load Balancing
Look for Upcoming AWS Customer Resources AWS/TIC Overlay Use Case and Whitepaper Gold Base TIC Connection Scenarios using AWS
Customer’s Network Amazon Web Services Cloud Subnets Isolated AWS Customer Resources Amazon VPC Architecture Router VPN Gateway Private Private PrivateInternet TIC Provider Secure Circuit Secure VPN Connection over the Internet or Direct Connect
Customer’s Network Amazon Web Services Cloud Subnets Isolated AWS Customer Resources Amazon VPC Architecture Router Private Private PrivateInternet TIC Provider Secure Circuit Secure VPN Connection over the Internet or Direct Connect VPN Gateway
Success! “AWS answered the call of the Department of Homeland Security (DHS) Trusted Internet Connections (TIC) Program Management Office (PMO) and FedRAMP PMO for CSPs to participate in their FedRAMP - TIC Overlay Pilots in order to help develop a solution towards data security and network connections between federal agency networks and cloud service providers. AWS successfully completed the pilot and provided their assessment of addressing the controls identified in the Draft FedRAMP-TIC Overlay to DHS TIC and FedRAMP PMO to develop further guidance on TIC Ready CSP solution.” Matthew Goodrich, FedRAMP Director, US General Services Administration Sara Mosely, Branch Chief, US Department of Homeland Security, Trusted Internet Connection
Want More Info? Email: awscompliance@amazon.com Subject: AWS/FedRAMP -TIC Overlay Pilot Copy of Draft FedRAMP-TIC Overlay https://www.fedramp.gov/draft-fedramp-tic-overlay/
Thank you!

Recommended

Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Amazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS Resources
Amazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by Design
Amazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
Amazon Web Services
 

Recommended

Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Amazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
Amazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
Amazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS Resources
Amazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by Design
Amazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
Amazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
Amazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
Amazon Web Services
 
Dev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - TorontoDev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - Toronto
Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
Amazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
Amazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security Roadshow
Amazon Web Services
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - Beach
Amazon Web Services
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWS
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
Amazon Web Services
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance Framework
Amazon Web Services
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
Amazon Web Services
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
CloudHesive
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
Amazon Web Services
 
The Enterprise Grade SQL Server Deployments in AWS
The Enterprise Grade SQL Server Deployments in AWSThe Enterprise Grade SQL Server Deployments in AWS
The Enterprise Grade SQL Server Deployments in AWS
Amazon Web Services
 

More Related Content

What's hot

Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
Amazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
Amazon Web Services
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWS
Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
Amazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Amazon Web Services
 

What's hot (20)

Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
Dev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - TorontoDev ops on aws deep dive on continuous delivery - Toronto
Dev ops on aws deep dive on continuous delivery - Toronto
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security Roadshow
 
AWS Governance Overview - Beach
AWS Governance Overview - BeachAWS Governance Overview - Beach
AWS Governance Overview - Beach
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWS
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance Framework
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection ServiceNEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
NEW LAUNCH! AWS Shield—A Managed DDoS Protection Service
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 

Viewers also liked

The Enterprise Grade SQL Server Deployments in AWS
The Enterprise Grade SQL Server Deployments in AWSThe Enterprise Grade SQL Server Deployments in AWS
The Enterprise Grade SQL Server Deployments in AWS
Amazon Web Services
 
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Amazon Web Services
 
(DAT202) Managed Database Options on AWS
(DAT202) Managed Database Options on AWS(DAT202) Managed Database Options on AWS
(DAT202) Managed Database Options on AWS
Amazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
Amazon Web Services
 
使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用
使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用
使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用
Amazon Web Services
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
Capgemini
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
Amazon Web Services
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Craig Martin
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
Amazon Web Services
 

Viewers also liked (13)

Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
The Enterprise Grade SQL Server Deployments in AWS
The Enterprise Grade SQL Server Deployments in AWSThe Enterprise Grade SQL Server Deployments in AWS
The Enterprise Grade SQL Server Deployments in AWS
 
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
Build Your Mobile App Faster with AWS Mobile Services (Part 1 - AWS)
 
(DAT202) Managed Database Options on AWS
(DAT202) Managed Database Options on AWS(DAT202) Managed Database Options on AWS
(DAT202) Managed Database Options on AWS
 
Internet of Things (IoT) HackDay
Internet of Things (IoT) HackDayInternet of Things (IoT) HackDay
Internet of Things (IoT) HackDay
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用
使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用
使用 Amazon Rekognition 打造以深度學習為基礎的圖片辨識應用
 
Automating Compliance in the Cloud
Automating Compliance in the CloudAutomating Compliance in the Cloud
Automating Compliance in the Cloud
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
Information Security Benchmarking 2015
Information Security Benchmarking 2015Information Security Benchmarking 2015
Information Security Benchmarking 2015
 
Best Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS WorkloadsBest Practices for Integrating Active Directory with AWS Workloads
Best Practices for Integrating Active Directory with AWS Workloads
 
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
Risk-driven and Business-outcome-focused Enterprise Security Architecture Fra...
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
 

Similar to (GEN117) AWS Compliance Summit

2016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,20162016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
Amazon Web Services
 
How MediaMath Turbo-charged DevOps with AWS and CloudCheckr
How MediaMath Turbo-charged DevOps with AWS and CloudCheckrHow MediaMath Turbo-charged DevOps with AWS and CloudCheckr
How MediaMath Turbo-charged DevOps with AWS and CloudCheckr
Amazon Web Services
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
James Strong
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Amazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
Amazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
Amazon Web Services
 

Similar to (GEN117) AWS Compliance Summit (20)

2016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,20162016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
 
AWS in FSI 2019
AWS in FSI 2019AWS in FSI 2019
AWS in FSI 2019
 
How MediaMath Turbo-charged DevOps with AWS and CloudCheckr
How MediaMath Turbo-charged DevOps with AWS and CloudCheckrHow MediaMath Turbo-charged DevOps with AWS and CloudCheckr
How MediaMath Turbo-charged DevOps with AWS and CloudCheckr
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
 
Aberdeen Oil & Gas Event - Introduction to the AWS Cloud
Aberdeen Oil & Gas Event - Introduction to the AWS CloudAberdeen Oil & Gas Event - Introduction to the AWS Cloud
Aberdeen Oil & Gas Event - Introduction to the AWS Cloud
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?
 
8 k miles embracing the cloud webinar
8 k miles embracing the cloud webinar8 k miles embracing the cloud webinar
8 k miles embracing the cloud webinar
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Introduction to Cloud Computing with Amazon Web Services and Customer Case Study
Introduction to Cloud Computing with Amazon Web Services and Customer Case StudyIntroduction to Cloud Computing with Amazon Web Services and Customer Case Study
Introduction to Cloud Computing with Amazon Web Services and Customer Case Study
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology Governance
 
What is Cloud Computing?
What is Cloud Computing?What is Cloud Computing?
What is Cloud Computing?
 
Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS Achieving Continuous Compliance with CTP and AWS
Achieving Continuous Compliance with CTP and AWS
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
2016 AWS Life Sciences Day | New Jersey – July 26th, 2016
2016 AWS Life Sciences Day | New Jersey – July 26th, 20162016 AWS Life Sciences Day | New Jersey – July 26th, 2016
2016 AWS Life Sciences Day | New Jersey – July 26th, 2016
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
ScyllaDB
 

Recently uploaded (20)

Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya HalderCustom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
Custom Approval Process: A New Perspective, Pavel Hrbacek & Anindya Halder
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
PLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. StartupsPLAI - Acceleration Program for Generative A.I. Startups
PLAI - Acceleration Program for Generative A.I. Startups
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 

(GEN117) AWS Compliance Summit

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance Summit October 6, 2015 Financial Industry Regulatory Authority
  • 2. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS in Healthcare and Life Sciences
  • 3. Chad Woolf Director of Risk and Compliance
  • 4. Peter Spellman Chief Technical Office & Co-Founder
  • 5. The world’s largest track and trace network for connecting the life sciences supply chain and eliminating counterfeit prescription drugs from the global marketplace. AWS Services We Use Accomplishments in AWS Regulated Workloads 1. Network-driven regulated workloads 195,000+ network entities generating tens of millions of messages resulting in billions of transactions 2. Serialized operations in production at massive scale for global compliance 3. Automated IQ, OQ, crowd-sourced PQ (moving to automated) EC2 RDS Elasticache CloudWatch CloudTrail Trusted Advisor SQS SNS S3 DynamoDB Route 53 CloudFormation IAM Kinesis CloudSearch Redshift Data Translation Distributed Network Tenancy Pharma Companies Wholesale Distributors Dispensers Repackagers 3PLs CMOs/CPOs Business Collaboration B2B Relationship Platforms
  • 7. Dan Dziadiw Director of IT Compliance & Risk Management
  • 8. We are committed to improving health and well-being around the world. From developing new therapies that treat and prevent disease to helping people in need, we are guided by a rich legacy and inspired by a shared vision. AWS Services We Use 250+ Applications supported by AWS Infrastructure 1000+ EC2 Instances 617TB of S3 Storage 2TB of EBS Storage across our Merck VPCs in 3 AWS regions (US, Ireland, Singapore) Accomplishments in AWS Regulated Workloads How Did We Do It? By Integrating ‘Cloud’ into: • SDLC & Cloud Guidance • Security Controls and Design • Info Risk, Privacy & Data Mgmt • Supplier Mgmt Considerations 1. Regulated R&D Application running on AWS 2. Qualified AWS Infrastructure per our SDLC Policies
  • 9. Bruce Kratz Vice President of Research and Development
  • 10. Quality Professional s • Independent Software Vendor • Leader in Enterprise Quality Management Solutions • Serving Highly Regulated Industries • Driving Control, Compliance & Product Safety Top 35 Pharma Companies Top 13 out of 15 Medical Device Companies 700 Implementations Over 650,000 Users Over 30 Countries Across the World More Than
  • 11. Partner Eco-System CMO CRO CMOCRO Quality Management System Quality Management System Quality Management System
  • 12. CMOCRO Quality Management System Quality Management System The Quality Network CMO Quality Management System <QDX> QUALITY DATA EXCHANGE
  • 13. The Quality Network CMO Quality Management System <QDX> QUALITY DATA EXCHANGE
  • 14. Why AWS • AWS Focus on Life Sciences • Proven Compliant Validated Workloads • Better Understanding of Virtualization by the Audit Community • Life Sciences Cooperation re: how to respond to FDA requests • Long History of Innovation EC2 S3 VPC KMS / IAM CloudWatch CloudTrail RDS Glacier Route 53 CloudFormation Config AutoScaling AWS Services Industry Factors • Faster Time to Market • Constant Innovation • World-Wide Scalability • Cost Advantages Business Advantages
  • 15. Bruce Kratz VP Research & Development bruce.kratz@spartasystems.com Ivan Latanision VP Product Management & Strategy Ivan.latanision@spartasystems.com We Help Protect Millions of Lives Everyday
  • 16. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chris Whalley Compliance Program Manager October 6, 2015 Using AWS in HCLS Systems Healthcare and Life Sciences
  • 17. What to Expect from the Session Session for executives, quality & security assurance managers, and other stakeholders. Focus on using AWS cloud products. Lessons learned from organizations who are already using AWS in HCLS systems.
  • 18. How is Compliance in AWS Different? Traditional AWS Infrastructure Devices Hardware Code Delivery Processes Manual Automated Software Architecture Embedded Distributed Access Controls and Logging Disparate Harmonized System Updates Larger & Infrequent Smaller & Continuous Monitoring in Production Periodic Polls of Selected Samples Real-Time Alarms on Full Population
  • 19. Considerations Using AWS in HCLS Systems Purchasing Controls Organization and Personnel Design Controls Validation Production Environment Controls Records and Reports Auditing
  • 20. Traditional P.O. Purchasing 1. Specify Server Requirements 2. Source server & OS 3. Submit request to Purchasing 4. Submit P.O. to vendor 5. Receive server shipment 6. Install server & OS 7. Configure OS 8. Qualify server & OS 9. Pay Invoice and depreciate asset as CapEx Purchasing Controls Purchasing in AWS 1. Specify Server Requirements 2. Select matching EC2 Instance Type & BYO qualified OS image 3. Launch Instance with your qualified image with automatic logging 4. Pay for what you use as OpEx PROMPT> ec2-run-instances ami-978d91fe -k my-key-pair --instance-type t2.micro < 5 minutes > 2 weeks
  • 21. Organization and Personnel Awareness Training Training per se Employee Qualification Online Documentation Self-paced Labs Foundational Courses Role-based Courses Associate and Professional Certifications Update job descriptions and training plans for cloud skills. Developers DBAs Network & Security Engineers Business Analysts Auditors QA/RA Managers
  • 22. Design Controls HCLSOperations Elastic Load Balancing Availability Zone B Availability Zone A HCLS System End User DB Server Web Server App Server Define User Requirements Define System SLA Define App Requirements Define Data Requirements Select AZs for Availability SLA Architect Ability to Fail Over for SLA Architect Data + Replication Match App to EC2 Instance Type HCLS System Engineer
  • 23. Validation Hardware Era Cloud EraVirtualization Era Protocol-Driven Manual Activities Procedure-Driven Manual Activities Code-Driven Automated Activities
  • 24. Production Environment Controls Automate deployment to production with tools like AWS CodePipeline. Establish and monitor control parameters programmatically using Amazon CloudWatch alarms. Record and justify deviations from automated processes. Create end user SLAs and support channels, then feed their requests into engineering. HCLS end usersHCLS engineers
  • 25. Records and Reports Logs in CloudTrail and CloudWatch CloudFormation Templates and custom code Application validation records Virtual infrastructure qualification records HCLS end user account info & training records HCLS engineer account info & training records AWS technical support cases • Automated Logging vs • Manual CreationGenerate • Review • Analyze • Act, Present, or Submit Use • Keep originals or true copies • Define retention schedule & locations • Ensure protection & retrievability Retain • Record destruction authorizationDispose
  • 26. Auditing Review your… AWS account credentials IAM users IAM groups IAM roles IAM providers for SAML and OpenID Connect Mobile apps Amazon EC2 security configurations Resource-based policies in other services like S3 Monitor activity in your AWS account Training records
  • 27. In Summary Infrastructure as Code is fundamentally transforming HCLS IT compliance Automation and shorter change cycles require rethinking traditional SDLCs Cloud skills are the new job skills qualifications HCLS organizations are achieving more control with less effort than ever before
  • 28. Upcoming Sessions This Week ARC305 - Self-service Cloud Services: How J&J Is Managing AWS at Scale for Enterprise Workloads ARC311 – Decoding the Genetic Blueprint of Life on a Cloud Connected Ecosystem, ThermoFisher BDT316 – Offloading ETL to Amazon EMR, Amgen SEC304 - Architecting for HIPAA Compliance on AWS, Emdeon SEC310 - Splitting the Check on Compliance and Security: Keeping Developers and Auditors Happy in the Cloud SEC312 - Reliable Design and Deployment of Security and Compliance SEC313 – Security and Compliance at Petabyte Scale: Lessons from the National Cancer Institute's Cancer Genomics Cloud Pilot
  • 29. Helpful Resources Compliance Enablers: https://aws.amazon.com/compliance/compliance-enablers/ Risk & Compliance Whitepaper: https://aws.amazon.com/whitepapers/overview-of-risk-and-compliance/ Compliance Center Website: https://aws.amazon.com/compliance Security Center: https://aws.amazon.com/security Security Blog: https://blogs.aws.amazon.com/security/ AWS Audit Training: awsaudittraining@amazon.com AWS Loft New York: Audit Days Security By Design: https://aws.amazon.com/compliance/security-by-design
  • 31. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. October 6, 2015 Using AWS in Financial Services
  • 32. Chad Woolf Director of Risk and Compliance
  • 33. Tony Spinelli Senior Vice President, Chief Information Officer
  • 34. . Largest direct bank 4th largest credit card issuer in the U.S.: • $310.5 billion in assets • $209.7 billion in loans • $208.8 billion in deposits • 65+ million accounts • 46,000+ associates • A FORTUNE 500 Company - #124 • Experimentation: e.g. mobile pilots, hackathons • Development & Test: e.g. online banking, stream data processing • Production: e.g. mobile banking app, core banking platform Accomplishments in AWS Regulated Workloads AWS Services We Use • Compute: EC2, ELB, • Storage: EBS, S3 • Database: RDS • Network: VPC, DirectConnect, Route53 • Admin & Security: IAM, CloudTrail, CloudWatch, Config, CloudHSM, KMS • Deployment & Management: CloudFormation • Application & Mobile: SQS, SNS How Did We Do It? • Due diligence service-based assessment • Governance model and standards playbook • Security by design for workloads, including in-house and third party developed tools
  • 36. We provide faster payment connections to financial institutions We provide features and controls to businesses that make the payments system easier Accomplishments in AWS Regulated Workloads 1. Strong Authentication (MFA) 2. Identity Access Management 3. Segmentation/isolation of resources IAM - Users, Access Policies EC2, ECS - Scalability, Auto recovery S3, RDS, ElastiCache - Storage, Caching, Search Redshift, EMR - Big Data, Data Warehouse, Reporting VPC, Route 53 - Isolation, Firewall, Subnets CloudFormation - Automation How Did We Do It? ● Infrastructure as code - changes have clear audit trail ● Iterative approach to infrastructure - Evolved over time, kept up to date with leading practices. ● Defined mapping of integrated compliance requirements ● Avoid theater - Evaluate the security/compliance goal and develop a process that accomplishes goal while allowing for rapid and easy development. AWS Services We Use
  • 37. Miles Wellesley Head of Business Development
  • 38. Our mission is to democratize access to the financial markets and inspire a new generation of investors. OUR MISSION
  • 39. Robinhood is the first financial services firm to win an Apple Design Award.
  • 41. Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3) Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
  • 42. Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3) Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
  • 43. Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3)] Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
  • 44. Systems must be secure, redundant, and available Innovative workflows: Documents associated with user profiles (S3)] Security: Security through encryption and narrow permissions scoping (IAM) Redundancy / Business Continuity: Backups and snapshots Combating Fraud: Data Science without a Data Science Infrastructure Team (Redshift)
  • 46. Nicki Sonpar Director of Data Platforms
  • 47.
  • 48. About Intake Ecosystem As part of its regulatory mission, FINRA requests and receives information from broker-dealers In addition to Market Big Data, millions of documents submitted each year - documents can be up to 100’s of gigabytes Customers are uploading more and larger documents – 20% YoY submission growth All document uploads must be auditable in case of litigation
  • 49. Requirements Centralize all document intake into Unified Data Catalog leveraged by FINRA users and applications Leverage proven cloud-based services such as storage, security and network infrastructure to deliver business functionality FINRA must manage and control encryption in transit and at rest Maintain focus on FINRA’s key mission of analyzing data while minimizing operational overhead
  • 50. Approach Build a large file service which uses S3, KMS, and IAM policies to ensure compliance with FINRA policies Firms directly submit data to AWS with temporary write-only access to a fixed location Data is always encrypted, in transit and final destination Leveraged FINRA’s Data Manager which provides a Unified Data Catalog and usage tracking on top of AWS Storage Large File Service Large File Service
  • 51. Lessons Learned Refine and review architecture with your Security Team and AWS SME’s Gigabyte uploads require security token refresh during the upload process KMS keys are not replicated across regions, therefore a duplicate object in another region requires re-encryption – this is on AWS’ roadmap! Partner with your AWS Pro Serv and internal product teams to build your service layer
  • 52. Future Migrate all documents which are less than 5 years old to S3 and Glacier Unified Data Catalog gives us new opportunities to apply data mining, machine learning and pattern-recognition across all documents Move all existing Data Intake platforms and applications to the cloud
  • 53. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jodi Scrofani Global Financial Services Compliance Strategist October 6, 2015 Strengthening Your GRC Financial Services
  • 54. What to Expect from the Session - AWS services and tools gives financial services customers transparency into AWS services and security configurations. - AWS services and tools offer financial services customers ease of audibility and streamline compliance requirements.
  • 55. Risk Measures Critical to Moving to the Cloud (Direct Customer Feedback) GLBA National Regulations PCI-DSS Corporate Governance Data Protection Basel 3
  • 56. No published guidance Third-Party Relationships: Risk Management (2013) Initial cybersecurity guidelines (2014) Technology-related risk management considerations – (2003/2012) U.S. Regulatory Guidelines that Apply to the Cloud
  • 57. Simplifying Compliance Enabling Evidencing and Transparency AWS Trusted Advisor AWS IAM AWS Config Workbooks Training
  • 58. The Next Big Thing in GRC 1. The right Security By Design tech - AWS 2. SbD Whitepaper 3. AWS GoldBase 4. FFIEC & OCIE Audit Guides 5. IT Auditor Days & Training Courses AWS CloudTrailAWS CloudHSM AWS IAM AWS KMS AWS Config
  • 59. FFIEC & SEC Audit GuidesNew
  • 60. The Next Big Thing in GRC 1. The right Security By Design tech - AWS 2. SbD Whitepaper 3. AWS GoldBase 4. FFIEC & OCIE Audit Guides 5. IT Auditor Days & Training Courses AWS CloudTrailAWS CloudHSM AWS IAM AWS KMS AWS Config
  • 61. IT Auditor Days Customer June 3, 2015 “I appreciated the firsthand view of the controls (access management, logging/auditing) available for governance. The training would not only be helpful for technology, but for risk/compliance and internal audit teams as well.” Coming soon to San Francisco, London, and Berlin RegulatorsNew IT AUDITOR DAY FOR U.S. FINANCIAL SERVICES REGULATORS Thursday, December 3, 2015 AWS Loft | 350 West Broadway | New York, NY 10005 Amazon Web Services (AWS) offers a number oftools that allow customers transparencyand ease of auditabilityof their AWS environment.AWS also recognizes thatthe regulatorycommunityis critical to the auditing process ofits customers. That is why we are offering a free invitation-only seminar to U.S. financial services regulators that includes an introduction to and auditing of AWS's services.This hands -on training will introduce AWS services and apply practical exercises to demonstrate how AWS can enable customers to implement industrybestpractices for security and fulfill auditobjectives related to Organizational Governance, AssetConfiguration,Logical Access Controls,Operating Systems,Databases and Applications Security Configurations. By the end of the day, you will understand how customers are using AWS and the technical control features of AWS that can demonstrate a repeatable,reportable,and auditable architecture,and the evidence supplied to demonstrate it. WORKSHOP DETAILS WHEN: Thursday, December 3,2015 TIME: 10:30 AM TO 5:00 PM (EST) WHERE: AWS Loft, 350 West Broadway, New York, NY 10013 TO RSVP: Click here WHO SHOULD ATTEND U.S. financial services regulators who are responsible for auditing financial services organizations who are AWS customers. This is a closed event for U.S. Financial Services Regulators Only: the Federal Reserve, the Federal Reserve of New York, the Securities Exchange Commission, the Office of the Comptroller of the Currency, the U.S. Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Consumer Financial Protection Bureau, the National Credit Union Administration, and the National Association of Insurance Commissioners. PREREQUISITES We recommend,butdo not require,that attendees ofthis cours e have some familiaritywith general December 3, 2015
  • 62. Related Sessions • SEC 312 - Reliable Design and Deployment of Security and Compliance (1:30 p.m. Wednesday/Delfino 4005) • SEC 302 - IAM Best Practices to Live By (1:30 p.m. Wednesday – see the replay) • SEC 324 –Security Insights into Your Application Deployments (5:30 p.m. Wednesday) • SEC305 - How to Become a Policy Ninja in 60 Minutes or Less (11:00 p.m. Thursday) • SEC314 - Full Configuration Visibility and Control with AWS Config (5:30 p.m. Thursday/Palazzo K)
  • 63. Helpful Resources Compliance Enablers: https://aws.amazon.com/compliance/compliance-enablers/ Risk & Compliance Whitepaper: https://aws.amazon.com/whitepapers/overview-of-risk-and-compliance/ Compliance Center Website: https://aws.amazon.com/compliance Security Center: https://aws.amazon.com/security Security Blog: https://blogs.aws.amazon.com/security/ AWS Audit Training: awsaudittraining@amazon.com AWS Loft New York: Audit Days Security By Design: https://aws.amazon.com/compliance/security-by-design
  • 65. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS in Public Sector
  • 66. Chad Woolf Director of Risk and Compliance
  • 67. Justin Ewald IT Architecture / Infrastructure Manager
  • 68. City of Houston, Public Works & Engineering AWS Services We Use Accomplishments in AWS Regulated Workloads 1. Utility billing system for 500,000 customers and $1.2 billion in annual revenue. 2. Collect and store 3.7 billion water meter reads annually. 3. Advanced analytics provide early leak detection, conserving water. 4. AWS PCI Compliance ensures that a system of this magnitude is secure. 5. Additional initiatives moved to AWS: ReBuild Houston, Electronic Plan Review. • Amazon EC2 • Amazon VPC • Amazon Access Control
  • 69. Albert "Scotty" Ellis, CISSP Assistant Director, Center for Collaborative and Interactive Technologies
  • 70. GIVING LIFE TO POSSIBLE EC2 VPC IAM CloudTrail CloudWatch Glacier Accomplishments in AWS Regulated Workloads How Did We Do It? An interlocking combination of the services and personnel training. Making distinct compliance levels our infrastructure as per our various site/application requirements. AWS Services We Use 1. Better security. Better functionality. A win-win. 2. Easier planning, better cost control, more automation. 3. Faster feature development. EBS AWS CLI SES SNS RDS Route 53
  • 71. Albert "Scotty" Ellis, CISSP Assistant Director, Center for Collaborative and Interactive Technologies Baylor College of Medicine Email: alellis@bcm.edu
  • 72. Noah Kunin Infrastructure Director Rajat Ravinder Varuni Information Systems Security Officer
  • 74.
  • 75.
  • 76.
  • 79. This isn't rocket science
  • 80. Is the launch checklist working?
  • 81. The U.S. Government's Digital Launch Checklist
  • 82. Records Management Records Schedule Privacy Act Paperwork Reduction Act Section 508 and Accessibility Standards Federal Acquisition Regulation Anti-deficiency Act Economy Act E-Government Act Computer Matching Act National Cyber Protection System Guidance for Agency Use of Third-Party Websites and Applications Social Media and Web-Based Interactive Technologies Office of Management Budget Circular A-130 Appendix 3 Federal Information Security and Management Act Federal Information Processing Standard (FIPS) 199 Federal Information Processing Standard (FIPS) 200 Federal Information Processing Standard (FIPS) 140-2 Special Publication 800-37 Special Publication 800-53 Revision 4 Special Publication 800-60 Volume 1 Special Publication 800-60 Volume 2
  • 83. Special Publication 800-18 Special Publication 800-137 Special Publication 800-171 Special Publication 800-133 Special Publication 800-95 EINSTEIN Compliance FedRAMP OMB Guidance on third party websites and applications OMB Memo M-14-04 OMB Memo M-15-01 Trusted Internet Connection 2.o Reference Architecture Pages in total: 4006
  • 84. My friend, you can clearly see the intention of FIPS 140-2 Annex A was to deprecate SHA-1 on the lunar new year...
  • 85. How long is this going to take?
  • 86. 6 - 14 months to ship
  • 87.
  • 88.
  • 89. Speed is the new security.
  • 90.
  • 91.
  • 92.
  • 93.
  • 94.
  • 95. Rajat Ravinder Varuni Information Systems Security Officer
  • 97. Information Systems can be TIC complaint by leveraging native AWS services.
  • 98. AWS Config TIC Operations: ✓ Inventories ✓ Ownership and awareness ✓ Configuration + change mgmt
  • 99. AWS VPC TIC Services: ✓ Framework for packet filtering ✓ Ensures network segmentation ✓ Feeds monitoring engine
  • 100.
  • 101.
  • 106. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jenn Gray October 6, 2015 Using AWS to Enforce TIC AWS/18F FedRAMP-TIC Overlay Pilot
  • 107. What to Expect from the Session • What is the AWS/FedRAMP –TIC Overlay Pilot? • What can I use to build my TIC overlay assessment using AWS? • How can I audit and capture flow logs to ease satisfying more than one TIC Capability? • How can I automate enforcing TIC Capabilities using AWS?
  • 108. What is the Trusted Internet Connection (TIC)? As outlined by OMB Memorandum M-08-05 • Optimize and standardize • Reduce & consolidate • Enhanced monitoring and situational awareness of external network connections.
  • 109. Proposed Draft FedRAMP – TIC Overlay
  • 110. Use AWS/TIC Overlay Shared Responsibility Matrix 72 60 55 43 12 0 10 20 30 40 50 60 70 80 Total AWS Shared Responsibility for TIC Capabilities TIC Capabilities Met by AWS FedRAMP ATO Adjusted Shared Customer
  • 111. Use AWS/TIC Overlay Test Plans
  • 112. Use VPC flow logs and other AWS audit sources to ease satisfying more than one TIC Capability with a single configuration change AWS CloudTrailAmazon CloudWatch AWS VPC Amazon S3AWS Elastic Load Balancing
  • 113. Look for Upcoming AWS Customer Resources AWS/TIC Overlay Use Case and Whitepaper Gold Base TIC Connection Scenarios using AWS
  • 114. Customer’s Network Amazon Web Services Cloud Subnets Isolated AWS Customer Resources Amazon VPC Architecture Router VPN Gateway Private Private PrivateInternet TIC Provider Secure Circuit Secure VPN Connection over the Internet or Direct Connect
  • 115. Customer’s Network Amazon Web Services Cloud Subnets Isolated AWS Customer Resources Amazon VPC Architecture Router Private Private PrivateInternet TIC Provider Secure Circuit Secure VPN Connection over the Internet or Direct Connect VPN Gateway
  • 116. Success! “AWS answered the call of the Department of Homeland Security (DHS) Trusted Internet Connections (TIC) Program Management Office (PMO) and FedRAMP PMO for CSPs to participate in their FedRAMP - TIC Overlay Pilots in order to help develop a solution towards data security and network connections between federal agency networks and cloud service providers. AWS successfully completed the pilot and provided their assessment of addressing the controls identified in the Draft FedRAMP-TIC Overlay to DHS TIC and FedRAMP PMO to develop further guidance on TIC Ready CSP solution.” Matthew Goodrich, FedRAMP Director, US General Services Administration Sara Mosely, Branch Chief, US Department of Homeland Security, Trusted Internet Connection
  • 117. Want More Info? Email: awscompliance@amazon.com Subject: AWS/FedRAMP -TIC Overlay Pilot Copy of Draft FedRAMP-TIC Overlay https://www.fedramp.gov/draft-fedramp-tic-overlay/