SlideShare a Scribd company logo

Getting Started with AWS Security

Amazon Web Services
Amazon Web Services

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Technology
1 of 53
Download to read offline
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Michael Capicotto Solutions Architect August 23rd, 2016 Getting Started with AWS Security
Prescriptive Approach Understand AWS Security Practice Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
Understand AWS Security Practice
Why is Enterprise Security Traditionally Hard? Lack of visibility Low degree of automation
AND Move Fast Stay Secure
Making life easier Choosing security does not mean giving up on convenience or introducing complexity
Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Security is a shared responsibility Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
Security Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
Build Strong Compliance Foundations
AWS Assurance Programs AWS maintains a formal control environment • SOC 1 Type II • SOC 2 Type II and public SOC 3 report • ISO 27001, 27017, 27018 Certification • Certified PCI DSS Level 1 Service Provider • FedRAMP Authorization • Architect for HIPAA compliance
AWS Account Relationship AWS Account Ownership AWS Account Contact Information AWS Sales AWS Solutions Architects AWS Support AWS Professional Services AWS Consulting Partners
AWS Trusted Advisor AWS Trusted Advisor
Integrate Identity & Access Management
AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
Account Governance – New Accounts InfoSec’s Cross- Account Roles AWS Account Credential Management (“Root Account”) Federation Baseline Requirements Actions & Conditions Map Enterprise Roles
Enable Detective Controls
AWS CloudTrail & CloudWatch AWS CloudTrail Amazon CloudWatch  Enable globally for all AWS Regions  Encryption & Integrity Validation  Archive & Forward  Amazon CloudWatch Logs  Metrics & Filters  Alarms & Notifications
Establish Network Security
AWS Global Footprint 12 Regions (10 Public, China Region and GovCloud Region) Canada, Ohio, India, UK and another China Region planned for 2016 and beyond 32 Availability zones (adding 11 more in 2016 across new Regions) 55+ Edge locations Region Edge location
VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public ELB Internal ELB RDS Master Autoscaling Web Tier Autoscaling Application Tier Internet Gateway RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Datacenter Virtual Private Gateway Customer Gateway VPN Connection Direct Connect Network Partner Location Administrators & Corporate Users Amazon Virtual Private Cloud
Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security Groups sg_Backend (Backend Security Group)
Security Groups
Security Groups
Security Groups
VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
VPC Flow Logs – CloudWatch Alarms
Implement Data Protection
Cryptographic Services Amazon CloudHSM  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption  Dedicated HSM  Integrate with on-premises HSMs  Hybrid Architectures AWS KMS
Optimize Change Management
AWS Config & Config Rules AWS Config Amazon Config Rules  Record configuration changes continuously  Time-series view of resource changes  Archive & Compare  Enforce best practices  Automatically roll-back unwanted changes  Trigger additional workflow
AWS Config
AWS Config
AWS Config Rules – Tenancy Enforcement Example
AWS Config Rules – Tenancy Enforcement Example
AWS Config Rules – Tenancy Enforcement Example
AWS Config Partners
MONITORING, REPORTING, & OPTIMIZATION Enterprise Security & Cost Management from CloudCheckr The CloudCheckr Unified Cloud Security and Governance Platform Leveraging AWS data – CloudTrail, Config, VPC Flow logs, CloudWatch logs, DBR, and more metrics Providing complete transparency – into 1 or across 1000s of AWS accounts Automating security, configuration, and activity monitoring and alerting Continuous monitoring of configurations, resources and permissions Active optimization, sophisticated allocation, and simplified invoicing for enterprise cloud cost management
SAVING $2 MILLION WHILE IMPROVING SECURITY CloudCheckr’s unified cost & security management platform Case Study Problem Statement Business Outcomes AWS usage started small and grew very complex with time Needed clarity around cost, utilization and security Saved $2 million USD Total control of the Detailed Billing Report Change monitoring for security weaknesses WWW.CLOUDCHECKR.COM CloudCheckr gives us total visibility and control over our AWS investment. Patrick Neville, Manager of Systems Operations
SAVES TIME & MONEY, IMPROVES SECURITY CloudCheckr’s unified cost & security management platform Case Study Problem Statement Business Outcomes Needed to track changes and costs Needed to drive accountability across all key stakeholders Saved $2 million USD Total control of the Detailed Billing Report Change monitoring for security weaknesses WWW.CLOUDCHECKR.COM The S3 functionality alone revealed immediate cost savings that paid for CloudCheckr 3x over. Dave North, Director of DevOps
AWS CloudFormation – Infrastructure as Code Template StackAWS CloudFormation  Orchestrate changes across AWS Services  Use as foundation to Service Catalog products  Use with source code repositories to manage infrastructure changes  JSON-based text file describing infrastructure  Resources created from a template  Can be updated  Updates can be restrictured
Change Sets – Create Change Set
Change Sets
Change Sets
Automate Security Functions
Evolving the Practice of Security Architecture Security architecture as a separate function can no longer exist Static position papers, architecture diagrams & documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes Current Security Architecture Practice
Evolving the Practice of Security Architecture Security architecture can now be part of the ‘maker’ team Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Jenkins
AWS Marketplace Security Partners Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection
Prescriptive Approach – Get Started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
Visit Us! Enter to Win an Echo.
Thank you!

Recommended

Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 

Recommended

Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech TrackAmazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance SummitAmazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the CloudAmazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWSPolarSeven Pty Ltd
 

More Related Content

What's hot

(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSAmazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the CloudAmazon Web Services
 

What's hot (20)

(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech Track
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day
 
Optimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWSOptimize Developer Agility & App Delivery on AWS
Optimize Developer Agility & App Delivery on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
 

Viewers also liked

Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWSAmazon Web Services
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesAmazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAmazon Web Services
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennaivinoth kumar
 
Automating Your CloudStack Cloud with Puppet
Automating Your CloudStack Cloud with PuppetAutomating Your CloudStack Cloud with Puppet
Automating Your CloudStack Cloud with Puppetbuildacloud
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In ActionMark Nunnikhoven
 
Digital Workloads on Amazon Web Services
Digital Workloads on Amazon Web ServicesDigital Workloads on Amazon Web Services
Digital Workloads on Amazon Web ServicesAmazon Web Services
 
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAmazon Web Services
 

Viewers also liked (20)

Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWS
 
Intro to AWS Security
Intro to AWS SecurityIntro to AWS Security
Intro to AWS Security
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
You Can’t Protect What You Can’t See: AWS Security Monitoring & Compliance Va...
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS security - NULL meet chennai
AWS security - NULL meet chennaiAWS security - NULL meet chennai
AWS security - NULL meet chennai
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Automating Your CloudStack Cloud with Puppet
Automating Your CloudStack Cloud with PuppetAutomating Your CloudStack Cloud with Puppet
Automating Your CloudStack Cloud with Puppet
 
Aws security Fundamentals
Aws security Fundamentals Aws security Fundamentals
Aws security Fundamentals
 
Shared Responsibility In Action
Shared Responsibility In ActionShared Responsibility In Action
Shared Responsibility In Action
 
Digital Workloads on Amazon Web Services
Digital Workloads on Amazon Web ServicesDigital Workloads on Amazon Web Services
Digital Workloads on Amazon Web Services
 
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology UpdateAWS Partner ConneXions Taiwan - Q3 2016 Technology Update
AWS Partner ConneXions Taiwan - Q3 2016 Technology Update
 

Similar to Getting Started with AWS Security

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Amazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?AWS Germany
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 

Similar to Getting Started with AWS Security (20)

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 

Recently uploaded (20)

SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 

Getting Started with AWS Security

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Michael Capicotto Solutions Architect August 23rd, 2016 Getting Started with AWS Security
  • 2. Prescriptive Approach Understand AWS Security Practice Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
  • 4. Why is Enterprise Security Traditionally Hard? Lack of visibility Low degree of automation
  • 6. Making life easier Choosing security does not mean giving up on convenience or introducing complexity
  • 7. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
  • 8. Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
  • 9. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Security is a shared responsibility Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
  • 10. Security Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
  • 12. AWS Assurance Programs AWS maintains a formal control environment • SOC 1 Type II • SOC 2 Type II and public SOC 3 report • ISO 27001, 27017, 27018 Certification • Certified PCI DSS Level 1 Service Provider • FedRAMP Authorization • Architect for HIPAA compliance
  • 13. AWS Account Relationship AWS Account Ownership AWS Account Contact Information AWS Sales AWS Solutions Architects AWS Support AWS Professional Services AWS Consulting Partners
  • 14. AWS Trusted Advisor AWS Trusted Advisor
  • 15. Integrate Identity & Access Management
  • 16. AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
  • 17. Account Governance – New Accounts InfoSec’s Cross- Account Roles AWS Account Credential Management (“Root Account”) Federation Baseline Requirements Actions & Conditions Map Enterprise Roles
  • 19. AWS CloudTrail & CloudWatch AWS CloudTrail Amazon CloudWatch  Enable globally for all AWS Regions  Encryption & Integrity Validation  Archive & Forward  Amazon CloudWatch Logs  Metrics & Filters  Alarms & Notifications
  • 21. AWS Global Footprint 12 Regions (10 Public, China Region and GovCloud Region) Canada, Ohio, India, UK and another China Region planned for 2016 and beyond 32 Availability zones (adding 11 more in 2016 across new Regions) 55+ Edge locations Region Edge location
  • 22. VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public ELB Internal ELB RDS Master Autoscaling Web Tier Autoscaling Application Tier Internet Gateway RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Datacenter Virtual Private Gateway Customer Gateway VPN Connection Direct Connect Network Partner Location Administrators & Corporate Users Amazon Virtual Private Cloud
  • 23. Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security Groups sg_Backend (Backend Security Group)
  • 27. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 28. VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
  • 29. VPC Flow Logs – CloudWatch Alarms
  • 31. Cryptographic Services Amazon CloudHSM  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption  Dedicated HSM  Integrate with on-premises HSMs  Hybrid Architectures AWS KMS
  • 33. AWS Config & Config Rules AWS Config Amazon Config Rules  Record configuration changes continuously  Time-series view of resource changes  Archive & Compare  Enforce best practices  Automatically roll-back unwanted changes  Trigger additional workflow
  • 36. AWS Config Rules – Tenancy Enforcement Example
  • 37. AWS Config Rules – Tenancy Enforcement Example
  • 38. AWS Config Rules – Tenancy Enforcement Example
  • 40. MONITORING, REPORTING, & OPTIMIZATION Enterprise Security & Cost Management from CloudCheckr The CloudCheckr Unified Cloud Security and Governance Platform Leveraging AWS data – CloudTrail, Config, VPC Flow logs, CloudWatch logs, DBR, and more metrics Providing complete transparency – into 1 or across 1000s of AWS accounts Automating security, configuration, and activity monitoring and alerting Continuous monitoring of configurations, resources and permissions Active optimization, sophisticated allocation, and simplified invoicing for enterprise cloud cost management
  • 41. SAVING $2 MILLION WHILE IMPROVING SECURITY CloudCheckr’s unified cost & security management platform Case Study Problem Statement Business Outcomes AWS usage started small and grew very complex with time Needed clarity around cost, utilization and security Saved $2 million USD Total control of the Detailed Billing Report Change monitoring for security weaknesses WWW.CLOUDCHECKR.COM CloudCheckr gives us total visibility and control over our AWS investment. Patrick Neville, Manager of Systems Operations
  • 42. SAVES TIME & MONEY, IMPROVES SECURITY CloudCheckr’s unified cost & security management platform Case Study Problem Statement Business Outcomes Needed to track changes and costs Needed to drive accountability across all key stakeholders Saved $2 million USD Total control of the Detailed Billing Report Change monitoring for security weaknesses WWW.CLOUDCHECKR.COM The S3 functionality alone revealed immediate cost savings that paid for CloudCheckr 3x over. Dave North, Director of DevOps
  • 43. AWS CloudFormation – Infrastructure as Code Template StackAWS CloudFormation  Orchestrate changes across AWS Services  Use as foundation to Service Catalog products  Use with source code repositories to manage infrastructure changes  JSON-based text file describing infrastructure  Resources created from a template  Can be updated  Updates can be restrictured
  • 44. Change Sets – Create Change Set
  • 48. Evolving the Practice of Security Architecture Security architecture as a separate function can no longer exist Static position papers, architecture diagrams & documents UI-dependent consoles and technologies Auditing, assurance, and compliance are decoupled, separate processes Current Security Architecture Practice
  • 49. Evolving the Practice of Security Architecture Security architecture can now be part of the ‘maker’ team Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Jenkins
  • 50. AWS Marketplace Security Partners Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection
  • 51. Prescriptive Approach – Get Started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
  • 52. Visit Us! Enter to Win an Echo.