This document provides an overview of security best practices on AWS. It recommends taking a prescriptive approach to understand AWS security practices, build strong compliance foundations, integrate identity and access management, enable detective controls, establish network security, implement data protection, optimize change management, and automate security functions. The document highlights several native AWS security services and how they can help strengthen a customer's security posture.
We will guide you through the best practices associated with Microsoft products and services on AWS. You will discover how to address the questions (technical, licensing, pricing) associated with migrating existing platforms (such as Exchange or Sharepoint) and satisfy your core the requirements (AD authentication, monitoring, patching). From hybrid architectures, where the AWS cloud as an extension of your data center, to innovative DevOps centric approaches, we will cover the main use cases seen by our customers.
Expanding your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
Cloud is a new common for the Hybrid IT strategies. In this session, we will explain what’s different between cloud and your datacenter as well as how to make your Hybrid Cloud strategies
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
Fed up with stop and go in your data center? Shift into overdrive and pull into the fast lane!
Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn in the Cloud.
The secret ingredient? Culture! Because “Cloud” is only one half of the digital transformation story: The other half is how your organization deals with cultural change as you transition from the old world of IT into building microservices on AWS with agile DevOps teams in a true „you build it you run it“ fashion.
Listen to stories from the trenches, powered by Amazon Kinesis, Amazon DynamoDB, AWS Lambda, Amazon ECS, Amazon API Gateway and much more, backed by AWS Partners, AWS Professional Services, and AWS Enterprise Support.
Key takeaways: How to become Cloud native, evolve your architecture step by step, drive cultural change across your teams, and manage your company’s transformation for the future.
During the session we will describe common methods used to create a Hybrid Cloud with AWS. We step through successful operational models, how to get started, and tools to simplify operations. We will explore topics such as networking, directories, DNS, and security. Importantly, we will cover ongoing operational and management practices.
Speaker: Phil Barlow, Solutions Architect, Amazon Web Services
Featured Customer - AMP
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
Learning Objectives:
- Discover how to secure your cloud infrastructure with Amazon CloudFront, AWS Shield and AWS WAF
- Learn how to offload security heavy-lifting to the AWS Edge
- Learn about the built-in security in Amazon CloudFront
- Get tips on how to develop an adaptive security strategy for your cloud
In this tech talk, you will learn how you can better defend your websites and cloud infrastructure from cyberattacks using edge services from AWS, such as Amazon CloudFront, AWS Shield and AWS WAF. You will go behind the scenes to see how edge services help mitigate common DDoS attacks, how to use advanced protocols and ciphers, and how to enforce end-to-end HTTPS connections. You will also learn how to use additional features like AWS WAF's IP and bot blocking to implement tailored and advanced protection.
At re:Invent 2016, we are launching AWS Shield, a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
We will guide you through the best practices associated with Microsoft products and services on AWS. You will discover how to address the questions (technical, licensing, pricing) associated with migrating existing platforms (such as Exchange or Sharepoint) and satisfy your core the requirements (AD authentication, monitoring, patching). From hybrid architectures, where the AWS cloud as an extension of your data center, to innovative DevOps centric approaches, we will cover the main use cases seen by our customers.
Expanding your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
Cloud is a new common for the Hybrid IT strategies. In this session, we will explain what’s different between cloud and your datacenter as well as how to make your Hybrid Cloud strategies
AWS re:Invent 2016: [JK REPEAT] The Enterprise Fast Lane - What Your Competit...Amazon Web Services
Fed up with stop and go in your data center? Shift into overdrive and pull into the fast lane!
Learn how AutoScout24, the largest online car marketplace Europe-wide, are building their Autobahn in the Cloud.
The secret ingredient? Culture! Because “Cloud” is only one half of the digital transformation story: The other half is how your organization deals with cultural change as you transition from the old world of IT into building microservices on AWS with agile DevOps teams in a true „you build it you run it“ fashion.
Listen to stories from the trenches, powered by Amazon Kinesis, Amazon DynamoDB, AWS Lambda, Amazon ECS, Amazon API Gateway and much more, backed by AWS Partners, AWS Professional Services, and AWS Enterprise Support.
Key takeaways: How to become Cloud native, evolve your architecture step by step, drive cultural change across your teams, and manage your company’s transformation for the future.
During the session we will describe common methods used to create a Hybrid Cloud with AWS. We step through successful operational models, how to get started, and tools to simplify operations. We will explore topics such as networking, directories, DNS, and security. Importantly, we will cover ongoing operational and management practices.
Speaker: Phil Barlow, Solutions Architect, Amazon Web Services
Featured Customer - AMP
Securing Your AWS Infrastructure with Edge Services - May 2017 AWS Online Tec...Amazon Web Services
Learning Objectives:
- Discover how to secure your cloud infrastructure with Amazon CloudFront, AWS Shield and AWS WAF
- Learn how to offload security heavy-lifting to the AWS Edge
- Learn about the built-in security in Amazon CloudFront
- Get tips on how to develop an adaptive security strategy for your cloud
In this tech talk, you will learn how you can better defend your websites and cloud infrastructure from cyberattacks using edge services from AWS, such as Amazon CloudFront, AWS Shield and AWS WAF. You will go behind the scenes to see how edge services help mitigate common DDoS attacks, how to use advanced protocols and ciphers, and how to enforce end-to-end HTTPS connections. You will also learn how to use additional features like AWS WAF's IP and bot blocking to implement tailored and advanced protection.
At re:Invent 2016, we are launching AWS Shield, a managed DDoS protection service. With AWS Shield, you can help protect Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53 resources from DDoS attacks. In addition to introducing AWS Shield, this session presents some of the things we do behind the scenes to detect and mitigate Layer 3/4 network attacks and highlights ways you can use this new service to protect against Layer 7 application attacks.
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
Historically, relationships between developers and security teams have been challenging. Security teams sometimes see developers as careless and ignorant of risk, while developers might see security teams as dogmatic barriers to productivity. Can technologies and approaches such as the cloud, APIs, and automation lead to happier developers and more secure systems? Netflix has had success pursuing this approach, by leaning into the fundamental cloud concept of self-service, the Netflix cultural value of transparency in decision making, and the engineering efficiency principle of facilitating a “paved road.”
This session explores how security teams can use thoughtful tools and automation to improve relationships with development teams while creating a more secure and manageable environment. Topics include Netflix’s approach to IAM entity management, Elastic Load Balancing and certificate management, and general security configuration monitoring.
Keeping Security In-Step with your Application Demand CurveAmazon Web Services
Protecting dynamically scaled cloud compute resources can be challenging, especially for organizations that lack the time or money it takes to maintain dynamic security. Fortinet’s auto scaling security solution addresses this issue by providing the resources to help with deployment in order to optimize organizations’ AWS networks. Join the upcoming webinar hosted by Fortinet and AWS to learn how to leverage Fortinet for auto scaling complex security policies in your Amazon VPC. Fortinet has a broad set of capabilities that when combined with AWS services creates truly a complete security architecture.
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
In this session, we walk through the simple process of deploying and managing your own Linux-based application in the cloud and also discuss key use-cases and benefits to automated configuration, deployment, and administration of application stacks. Session sponsored by Red Hat.
This session introduces Lambda@Edge, a new AWS Lambda feature that allows developers to perform simple computations at AWS edge locations in response to CloudFront events. This will be of interest to developers who want to build low-latency, customized web experiences. We cover product functionality and details of the programming model, and we walk through potential use cases.
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits of the service. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
This session is recommended for anyone considering using the AWS cloud to augment their current capabilities. Adoption of cloud computing provides access to the benefits of new deployment models with significant cost and agility benefits. But how can the cloud benefit existing government organizations that have invested large amounts of resources in existing on-premises technologies? This session outlines several key factors to consider from the point of view of the large-scale IT shop stakeholder. Because each organization has its unique set of challenges in cloud adoption, this session compares some of the opportunities and risks of several hybrid cloud use-case models and then helps customers understand the cloud-native and third-party vendor options available that bridge the gap to the cloud for large-scale government environments.
This session provides an overview of how organizations can migrate workloads to the AWS cloud at scale. We will go through available migration frameworks and best practices with common use case examples during this session. After migrating the initial workloads, understand how to migrate at scale to the AWS cloud. Hear about real life experiences from the AWS Professional Services team and learn about common use case examples, frameworks, and best practices. Hear about what to avoid when migrating applications at scale to AWS and understand the tools and partner services that can assist you when migrating applications to AWS.
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
In this session, we discuss compliance programs at AWS, as well as key AWS security best practices for technology and consulting partners. Regardless of whether you have customers with stringent compliance requirements, security should be a top priority when thinking about your customer service model. AWS provides native security tools at all layers with such services AWS Identity and Access Management (IAM) and AWS Key Management Service (AWS KMS), which we dive deep into during this session. We provide a framework for using IAM roles and customer-managed encryption keys to securely interact with your customer's data and also showcase working example code that can be implemented across all compliance frameworks, as well as across applications that do not have specific compliance requirements.
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...Amazon Web Services
Take advantage of key trends in healthcare, financial services, and digital media and learn what they mean for your service offerings and technology solutions. For healthcare and life sciences, clearing the compliance hurdle and obtaining customer buy-in to bring HIPAA and GxP workloads on AWS. For financial services, automating security and fast-tracking compliance to generate more business (featuring NICE Actimize + Avoka). For media and entertainment, leading an end-to-end digital transformation story with your media customers and understanding where to apply the AWS platform, Elemental Technologies, and M&E partners to accelerate customer adoption. You gain insight into where to add value with consulting engagements and where to build managed services and SaaS offerings.
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
In this session, you will learn how to deploy complex Windows workloads and ways AWS CloudFormation, AWS OpsWorks, and AWS CodeDeploy enable you to automate your Windows application life-cycle management. We will also discuss the monitoring, logging, and automatically scaling of Windows applications. Learn More: https://aws.amazon.com/government-education/
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
Inside the IC Marketplace | AWS Public Sector Summit 2017Amazon Web Services
At AWS, we partner with the best to deliver the best to our customers. In this session, attendees learn how C2S and the C2S Partner Ecosystem work together to accelerate innovation and return time to the mission. This session will give you an update on the Intelligence Community (IC) Marketplace in C2S, including additional vendors, offerings, and changes to streamline the onboarding and procurement process. Learn More: https://aws.amazon.com/government-education/
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
Architecting for resilience doesn’t stop at spreading EC2 and VPC-based environments across multiple Availability Zones. We discuss and demonstrate a number of protective measures which can be put in place between the Internet and your AWS environments to mitigate DDoS and other varieties of attack, and measures that can be deployed on-instance to protect EC2 environments. We also discuss whether encryption in transit is necessary within a VPC, and for customers who consider it to be, how to manage distribution of key material and other secret credentials in autoscaling environments.
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
The AWS cloud infrastructure is architected to be one of the most flexible and secure cloud computing environments available today. By leveraging services such as EC2, you are able to build highly scalable and performant architectures. AWS also provides a rich set of services which help to remove much of the potentially undifferentiated heavy lifting associated to managing your EC2 based infrastructure. This session will introduce some of these services in the areas of Application Management, Database, Analytics, Security and Enterprise Applications.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and understand how to benefit from controls from the rich compliance and accreditation programs maintained by AWS. Speaker: Stephen Quigg, Solutions Architect, Amazon Web Services
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
Historically, relationships between developers and security teams have been challenging. Security teams sometimes see developers as careless and ignorant of risk, while developers might see security teams as dogmatic barriers to productivity. Can technologies and approaches such as the cloud, APIs, and automation lead to happier developers and more secure systems? Netflix has had success pursuing this approach, by leaning into the fundamental cloud concept of self-service, the Netflix cultural value of transparency in decision making, and the engineering efficiency principle of facilitating a “paved road.”
This session explores how security teams can use thoughtful tools and automation to improve relationships with development teams while creating a more secure and manageable environment. Topics include Netflix’s approach to IAM entity management, Elastic Load Balancing and certificate management, and general security configuration monitoring.
Keeping Security In-Step with your Application Demand CurveAmazon Web Services
Protecting dynamically scaled cloud compute resources can be challenging, especially for organizations that lack the time or money it takes to maintain dynamic security. Fortinet’s auto scaling security solution addresses this issue by providing the resources to help with deployment in order to optimize organizations’ AWS networks. Join the upcoming webinar hosted by Fortinet and AWS to learn how to leverage Fortinet for auto scaling complex security policies in your Amazon VPC. Fortinet has a broad set of capabilities that when combined with AWS services creates truly a complete security architecture.
AWS re:Invent 2016: Develop, Build, Deploy, and Manage Containerized Services...Amazon Web Services
In this session, we walk through the simple process of deploying and managing your own Linux-based application in the cloud and also discuss key use-cases and benefits to automated configuration, deployment, and administration of application stacks. Session sponsored by Red Hat.
This session introduces Lambda@Edge, a new AWS Lambda feature that allows developers to perform simple computations at AWS edge locations in response to CloudFront events. This will be of interest to developers who want to build low-latency, customized web experiences. We cover product functionality and details of the programming model, and we walk through potential use cases.
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
VMware CloudTM on AWS brings VMware’s enterprise class Software-Defined Data Center software to Amazon’s public cloud, delivered as an on-demand, elastically scalable, cloud-based VMware sold, operated and supported service for any application and optimized for next-generation, elastic, bare metal AWS infrastructure. This solution enables customers to use a common set of software and tools to manage both their AWS-based and on-premises vSphere resources consistently. Further virtual machines in this environment have seamless access to the broad range of AWS services as well. This session will introduce this exciting new service and examine some of the use cases and benefits of the service. The session will also include a VMware Tech Preview that demonstrates standing up a complete SDDC cluster on AWS and various operations using standard tools like vCenter.
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
This session is recommended for anyone considering using the AWS cloud to augment their current capabilities. Adoption of cloud computing provides access to the benefits of new deployment models with significant cost and agility benefits. But how can the cloud benefit existing government organizations that have invested large amounts of resources in existing on-premises technologies? This session outlines several key factors to consider from the point of view of the large-scale IT shop stakeholder. Because each organization has its unique set of challenges in cloud adoption, this session compares some of the opportunities and risks of several hybrid cloud use-case models and then helps customers understand the cloud-native and third-party vendor options available that bridge the gap to the cloud for large-scale government environments.
This session provides an overview of how organizations can migrate workloads to the AWS cloud at scale. We will go through available migration frameworks and best practices with common use case examples during this session. After migrating the initial workloads, understand how to migrate at scale to the AWS cloud. Hear about real life experiences from the AWS Professional Services team and learn about common use case examples, frameworks, and best practices. Hear about what to avoid when migrating applications at scale to AWS and understand the tools and partner services that can assist you when migrating applications to AWS.
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
In this session, we discuss compliance programs at AWS, as well as key AWS security best practices for technology and consulting partners. Regardless of whether you have customers with stringent compliance requirements, security should be a top priority when thinking about your customer service model. AWS provides native security tools at all layers with such services AWS Identity and Access Management (IAM) and AWS Key Management Service (AWS KMS), which we dive deep into during this session. We provide a framework for using IAM roles and customer-managed encryption keys to securely interact with your customer's data and also showcase working example code that can be implemented across all compliance frameworks, as well as across applications that do not have specific compliance requirements.
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...Amazon Web Services
Take advantage of key trends in healthcare, financial services, and digital media and learn what they mean for your service offerings and technology solutions. For healthcare and life sciences, clearing the compliance hurdle and obtaining customer buy-in to bring HIPAA and GxP workloads on AWS. For financial services, automating security and fast-tracking compliance to generate more business (featuring NICE Actimize + Avoka). For media and entertainment, leading an end-to-end digital transformation story with your media customers and understanding where to apply the AWS platform, Elemental Technologies, and M&E partners to accelerate customer adoption. You gain insight into where to add value with consulting engagements and where to build managed services and SaaS offerings.
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...Amazon Web Services
In this session, you will learn how to deploy complex Windows workloads and ways AWS CloudFormation, AWS OpsWorks, and AWS CodeDeploy enable you to automate your Windows application life-cycle management. We will also discuss the monitoring, logging, and automatically scaling of Windows applications. Learn More: https://aws.amazon.com/government-education/
Hybrid Infrastructure Integration is an approach to connect on-premises IT resources with AWS and bridge processes, services, and technologies used in common enterprise customer environments. This session addresses connectivity patterns, security controls, account governance, and operations monitoring approaches successfully implemented in enterprise engagements. Infrastructure architects and IT professionals can get an overview of various integration types, approaches, methodologies, and common service patterns, helping them to better understand and overcome typical challenges in hybrid enterprise environments.
Inside the IC Marketplace | AWS Public Sector Summit 2017Amazon Web Services
At AWS, we partner with the best to deliver the best to our customers. In this session, attendees learn how C2S and the C2S Partner Ecosystem work together to accelerate innovation and return time to the mission. This session will give you an update on the Intelligence Community (IC) Marketplace in C2S, including additional vendors, offerings, and changes to streamline the onboarding and procurement process. Learn More: https://aws.amazon.com/government-education/
Network security, Anti-DDoS and other Internet-side protections: Encryption i...Amazon Web Services
Architecting for resilience doesn’t stop at spreading EC2 and VPC-based environments across multiple Availability Zones. We discuss and demonstrate a number of protective measures which can be put in place between the Internet and your AWS environments to mitigate DDoS and other varieties of attack, and measures that can be deployed on-instance to protect EC2 environments. We also discuss whether encryption in transit is necessary within a VPC, and for customers who consider it to be, how to manage distribution of key material and other secret credentials in autoscaling environments.
Getting Started with Managed Services | AWS Public Sector Summit 2016Amazon Web Services
The AWS cloud infrastructure is architected to be one of the most flexible and secure cloud computing environments available today. By leveraging services such as EC2, you are able to build highly scalable and performant architectures. AWS also provides a rich set of services which help to remove much of the potentially undifferentiated heavy lifting associated to managing your EC2 based infrastructure. This session will introduce some of these services in the areas of Application Management, Database, Analytics, Security and Enterprise Applications.
Customers using AWS benefit from over 1,800 security and compliance controls built into the AWS platform and operations. In this session, you will learn how to take advantage of the advanced security features of the AWS platform to gain the visibility, agility, and control needed to be more secure in the cloud than in legacy environments. We'll take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the shared security responsibility model and understand how to benefit from controls from the rich compliance and accreditation programs maintained by AWS. Speaker: Stephen Quigg, Solutions Architect, Amazon Web Services
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
Security is a top priority to both AWS and its customers and many enterprises trust us with some of their most sensitive information, including financial, personal and health information. Learn about the key security features of AWS that these enterprise customers are using to build their own secure applications and secure and encrypt their content. We will also share how you can integrate AWS into your existing security policies and how partners like Trend Micro can help you extend this into the AWS Cloud.
This session will start with an overview of the AWS security & compliance programs that enable financial services institutions to create secure workloads as they move to the cloud. We will dive into Financial Services Institutions (FSI) specific security considerations and regional regulations that may need to be considered.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
Availability of cloud computing is helping Financial Services organizations realize accelerated go-to-market speeds, global scalability, and cost efficiencies. This new world forces considerations for security programs – what is different in the cloud and what do I do differently? AWS Security Architects will share protocols that need to be considered in the cloud, on premises, or in a hybrid model. They will also share best practices, lessons learned, efficiencies, and design patterns and architectures unique to cloud.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
Because the entire AWS cloud platform is programmable, it turns out that you can program security and compliance in advance of actually instantiating any actual workloads. In this session, we show how you can design a secure and compliant workload and even have it audited by a third-party auditor before creating it for the first time! Once it's created, other facilities provide mechanisms for detecting and alerting a drift from your baseline, and even automatically remediating the drift. Learn how the comprehensive automation available in AWS provides security and compliance professionals an entire new, more efficient, and more effective way to work.
Speaker: John Hildebrand, Solutions Architect, Amazon Web Services
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
This session will review how AWS allows FinTech’s across APAC to innovate at pace while maintaining the high level of security expected by the financial services community. We will review security domains including Infrastructure Security, Data Protection, Logging & Monitoring, Identity & Access Management and Intrusion Detection.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
This webinar will introduce the AWS Shared Security Model. We will examine how to use the inherent security of the AWS environment, coupled with the security tools and features AWS makes available, to create a resilient environment with the security you need.
Learning Objectives:
• Understand the security measures AWS puts in place to secure the environment where your data lives
• Understand the tools AWS offers to help you create a resilient environment with the security you need
• Consider actions when moving a sensitive workload to AWS • Security benefits you can expect by deploying in the AWS Cloud
Who Should Attend:
- Prospects and customers with a security background
- Who are interested in using AWS to manage security-sensitive workloads
This session showcases best practices for operating securely at scale on AWS. We’ll introduce the AWS Security Best Practices whitepaper that covers a range of security recommendations for identity and access management, logging and monitoring, infrastructure security, and data protection. We’ll also examine practical examples found in the Center for Internet Security’s CIS AWS Foundations and CIS AWS Three-Tier Web Architecture benchmarks. Information and eGovernance Authority (IGA) also steps in to debunk common security myths of cloud adoption and speak on why they entrust the cloud with data.
Segurança é uma das principais características da nuvem da AWS. Nesta apresentação, analisamos o modelo de segurança compartilhada da AWS, e os serviços usados para implementar este modelo.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Accelerate Enterprise Software Engineering with PlatformlessWSO2
Key takeaways:
Challenges of building platforms and the benefits of platformless.
Key principles of platformless, including API-first, cloud-native middleware, platform engineering, and developer experience.
How Choreo enables the platformless experience.
How key concepts like application architecture, domain-driven design, zero trust, and cell-based architecture are inherently a part of Choreo.
Demo of an end-to-end app built and deployed on Choreo.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
AI Pilot Review: The World’s First Virtual Assistant Marketing SuiteGoogle
AI Pilot Review: The World’s First Virtual Assistant Marketing Suite
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-pilot-review/
AI Pilot Review: Key Features
✅Deploy AI expert bots in Any Niche With Just A Click
✅With one keyword, generate complete funnels, websites, landing pages, and more.
✅More than 85 AI features are included in the AI pilot.
✅No setup or configuration; use your voice (like Siri) to do whatever you want.
✅You Can Use AI Pilot To Create your version of AI Pilot And Charge People For It…
✅ZERO Manual Work With AI Pilot. Never write, Design, Or Code Again.
✅ZERO Limits On Features Or Usages
✅Use Our AI-powered Traffic To Get Hundreds Of Customers
✅No Complicated Setup: Get Up And Running In 2 Minutes
✅99.99% Up-Time Guaranteed
✅30 Days Money-Back Guarantee
✅ZERO Upfront Cost
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
8. Security ownership as part of DNA
• Promotes culture of “everyone is an owner” for security
• Makes security a stakeholder in business success
• Enables easier and smoother communication
• Automate functions to reduce human access to near-zero
Distributed Embedded
9. Strengthen your security posture
Get native functionality and tools
Over 30 global compliance
certifications and accreditations
Leverage security enhancements gleaned from
1M+ customer experiences
Benefit from AWS industry leading
security teams 24/7
Security infrastructure built to
satisfy military, global banks, and other
high-sensitivity organizations
11. GxP
ISO 13485
AS9100
ISO/TS 16949
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
AWS is
responsible for
the security OF
the Cloud
Get assurance from independent sources
12. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
EC2 Operating System, Network, & Firewall Configuration
Customer applications & contentCustomers
Customers have
their choice of
security
configurations IN
the Cloud
AWS is
responsible for
the security OF
the Cloud
Customers control their own security policy
14. AWS Identity and Access Management
IAM Users IAM Groups IAM Roles IAM Policies
• Granular access control for least privileges
• Manage hierarchies of AWS Accounts with
AWS Organizations
• Federate with your existing directory services
• Role-based access and segregation of duties
• Achieve just-in-time access using automation
• Create rich mobile applications without giving
end-users long-term access keys
16. AWS CloudTrail and Amazon CloudWatch
AWS
CloudTrail
Amazon
CloudWatch
• Enable Globally for All AWS Regions
• Encryption and Integrity Validation
of Log Files
• Archive and Forward
• Read by every industry-standard
logging and SIEM platform
• Amazon CloudWatch Logs
• Metrics and Filters
• Alarms and Notifications
• Trigger automated actions
• Integrate with your existing ticketing
systems
18. AWS Global Infrastructure
16 Regions – 42 Availability Zones – 74 Edge Locations
Region & Number of Availability
Zones
AWS GovCloud (2) EU
Ireland (3)
US West Frankfurt (2)
Oregon (3) London (2)
Northern California
(3)
Asia Pacific
US East Singapore (2)
N. Virginia (5), Ohio
(3)
Sydney (3), Tokyo
(3),
Seoul (2), Mumbai (2)
Canada
Central (2) China
Beijing (2)
South America
São Paulo (3)
Announced Regions
Paris, Ningxia, Stockholm
Availability
Zone A
Availability
Zone B
Availability
Zone C
Each region has at least two Availability Zones
19. AWS Regions in Europe
EU (Ireland) Region EU (Frankfurt) Region
EC2 Availability Zones: 3 EC2 Availability Zones: 2
EU (London) Region EU (Paris) Region
EC2 Availability Zones: 2 Announced – launching 2017
EU (Stockholm) Region
Announced – launching 2018
AWS Edge Locations for CloudFront CDN and Route53 DNS
Amsterdam, The Netherlands (2); Berlin, Germany; Dublin, Ireland; Frankfurt, Germany
(5); London, England (4); Madrid, Spain; Marseille, France; Milan, Italy; Munich,
Germany; Paris, France (2); Prague, Czech Republic; Stockholm, Sweden; Vienna,
Austria; Warsaw, Poland; Zurich, Switzerland
20. Choose an AWS Region and AWS will not
replicate it elsewhere unless you choose to
do so
Control format, accuracy and encryption any
way that you choose
Control who can access content, it’s lifecycle
and disposal
We publish GDPR resources on our website
to help you meet your own compliance
Customers retain full ownership and control of their content
You are in full control of privacy
21. Your own isolated infrastructure with Amazon VPC
10.10.1.0/24
10.20.0.0/16
10.20.1.0/24
10.20.30.0/24
Amazon Virtual Private Cloud comes with granular security controls
Customer
Premises
VPC fully supports IPv6
22. Internet access is always optional
10.10.1.0/24 10.10.2.0/24
0.0.0.0/0
0.0.0.0/0
Public IP: 54.2.0.12
NAT Gateway
Destination Target Status
10.10.0.0/16 local Active
0.0.0.0/0 NAT-Gateway ID012471 Active
Everything not destined for
my VPC goes to the Internet
via the NAT Gateway
23. VPC Flow Logs give you network insight
• Agentless
• From full VPC logging to a single NIC
• Logged to Amazon CloudWatch Logs so you
can create alarms when metrics are breached
• Create your own network dashboards
AWS
account
Source IP
Destination IP
Source port
Destination port
Interface Protocol Packets
Bytes Start/end time
Accept
or reject
24. Block layer 7 attacks with AWS WAF
Web traffic filtering
with custom rules
Malicious request
blocking
Active monitoring
and tuning
25. AWS Shield detects and blocks DDoS
Advanced mitigation techniques
Deterministic
filtering
Traffic prioritization
based on scoring
Advanced routing
policies
27. Use AWS Cryptographic Services
Amazon
CloudHSM
• Deep integration with AWS Services
• CloudTrail
• AWS SDK for application encryption
• Dedicated HSM
• Integrate with on-premises HSMs
• Hybrid Architectures
AWS
KMS
… or you can always use your own
32. AWS CloudFormation – Infrastructure as Code
Template StackAWS
CloudFormation
• Orchestrate changes across AWS
Services
• Use as foundation to Service Catalog
products
• Use with source code repositories to
manage infrastructure changes
• JSON-based text file describing
infrastructure
• Resources created from a
template can be updated
• Updates can be restricted
33. Evolving the Practice of Security Architecture
Static position papers,
architecture diagrams, and
documents
UI-dependent consoles and
technologies
Auditing, assurance, and
compliance are decoupled,
separate processes
Current Security
Architecture
Practice
Security architecture should not be a separate function!
34. Evolving the Practice of Security Architecture
Security becomes a core part of the ’maker’ team
Architecture artifacts
(design choices, narrative,
etc.) committed to common
repositories
Complete solutions account
for automation
Solution architectures are living
audit/compliance artifacts and
evidence in a closed loop
Evolved Security
Architecture
Practice
AWS
CodeCommit
AWS
CodePipeline Jenkins
37. Easy Access To AWS Security Training
Security Fundamentals on AWS
(Free online course)
Security Operations on AWS
(3-day class)
Details at aws.amazon.com/training