SlideShare a Scribd company logo

Getting Started with AWS Security Foundations

Amazon Web Services
Amazon Web Services

This document provides an overview of AWS security best practices. It recommends taking a prescriptive approach to: understand the AWS security model, build strong compliance foundations through programs like SOC and PCI certifications, integrate identity and access management using IAM, enable detective controls with services like CloudTrail and CloudWatch, establish network security using VPC and security groups, implement data protection with encryption services, optimize change management with Config and CloudFormation, and automate security functions using partners from the AWS Marketplace. The document emphasizes that security is a shared responsibility between AWS and customers and provides resources for security training.

Software
1 of 49
Download to read offline
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Rahul Sareen Sr. Consultant, AWS Professional Services September 28th, 2016 Getting Started with AWS Security
Prescriptive Approach Understand AWS Security Practice Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
Understand AWS Security Practice
Why is Enterprise Security Traditionally Hard? Lack of visibility Low degree of automation
AND Move Fast Stay Secure
Making life easier Choosing security does not mean giving up on convenience or introducing complexity
Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Security is a shared responsibility Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
Security Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
Build Strong Compliance Foundations
AWS Assurance Programs AWS maintains a formal control environment • SOC 1 Type II • SOC 2 Type II and public SOC 3 report • ISO 27001, 27017, 27018 Certification • Certified PCI DSS Level 1 Service Provider • FedRAMP Authorization • Architect for HIPAA compliance
AWS Account Relationship AWS Account Ownership AWS Account Contact Information AWS Sales AWS Solutions Architects AWS Support AWS Professional Services AWS Consulting Partners
AWS Trusted Advisor AWS Trusted Advisor
Integrate Identity & Access Management
AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
Account Governance – New Accounts InfoSec’s Cross- Account Roles AWS Account Credential Management (“Root Account”) Federation Baseline Requirements Actions & Conditions Map Enterprise Roles
Enable Detective Controls
AWS CloudTrail & CloudWatch AWS CloudTrail Amazon CloudWatch  Enable globally for all AWS Regions  Encryption & Integrity Validation  Archive & Forward  Amazon CloudWatch Logs  Metrics & Filters  Alarms & Notifications
Establish Network Security
AWS Global Footprint 13 Regions (11 Public, China Region and GovCloud Region) Canada, Ohio, UK and another China Region planned for 2016 and beyond 32+ Availability zones (adding more in 2016 across new Regions) 55+ Edge locations Region Edge location
VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public ELB Internal ELB RDS Master Autoscaling Web Tier Autoscaling Application Tier Internet Gateway RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Datacenter Virtual Private Gateway Customer Gateway VPN Connection Direct Connect Network Partner Location Administrators & Corporate Users Amazon Virtual Private Cloud
Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security Groups sg_Backend (Backend Security Group)
Security Groups
Security Groups
Security Groups
VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
VPC Flow Logs – CloudWatch Alarms
Implement Data Protection
Cryptographic Services Amazon CloudHSM  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption  Dedicated HSM  Integrate with on-premises HSMs  Hybrid Architectures AWS KMS
Optimize Change Management
AWS Config & Config Rules AWS Config Amazon Config Rules  Record configuration changes continuously  Time-series view of resource changes  Archive & Compare  Enforce best practices  Automatically roll-back unwanted changes  Trigger additional workflow
AWS Config
AWS Config
AWS Config Rules – Tenancy Enforcement Example
AWS Config Rules – Tenancy Enforcement Example
AWS Config Rules – Tenancy Enforcement Example
AWS Config Partners
AWS CloudFormation – Infrastructure as Code Template StackAWS CloudFormation  Orchestrate changes across AWS Services  Use as foundation to Service Catalog products  Use with source code repositories to manage infrastructure changes  JSON-based text file describing infrastructure  Resources created from a template  Can be updated  Updates can be restrictured
Change Sets – Create Change Set
Change Sets
Change Sets
Automate Security Functions
Evolving the Practice of Security Architecture Security architecture can now be part of the ‘maker’ team Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Jenkins
AWS Marketplace Security Partners Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection
Prescriptive Approach – Get Started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
Thank you!

Recommended

AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSAmazon Web Services
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Amazon Web Services
 

Recommended

AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSAmazon Web Services
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...
Best Practices for Managing Security Operations in AWS - AWS July 2016 Webina...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3Amazon Web Services
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security WorkshopAmazon Web Services
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance SummitAmazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the CloudAmazon Web Services
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowAmazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended PracticesAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
 
AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9Amazon Web Services
 
AWS Summit Auckland Sponsor presentation - Fronde
AWS Summit Auckland Sponsor presentation - FrondeAWS Summit Auckland Sponsor presentation - Fronde
AWS Summit Auckland Sponsor presentation - FrondeAmazon Web Services
 

More Related Content

What's hot

Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the CloudAmazon Web Services
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowAmazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
 

What's hot (20)

Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and Archive
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
 
(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud(SEC203) Journey to Securing Time Inc's Move to the Cloud
(SEC203) Journey to Securing Time Inc's Move to the Cloud
 
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
AWS re:Invent 2016: Advanced Techniques for Managing Sensitive Data in the Cl...
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWS
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security Roadshow
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS Resources
 

Viewers also liked

AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9Amazon Web Services
 
AWS Summit Auckland Sponsor presentation - Fronde
AWS Summit Auckland Sponsor presentation - FrondeAWS Summit Auckland Sponsor presentation - Fronde
AWS Summit Auckland Sponsor presentation - FrondeAmazon Web Services
 
AWS Summit Auckland - Sponsor Presentation - Zerto
AWS Summit Auckland - Sponsor Presentation - ZertoAWS Summit Auckland - Sponsor Presentation - Zerto
AWS Summit Auckland - Sponsor Presentation - ZertoAmazon Web Services
 
Getting Started with Amazon Redshift
Getting Started with Amazon Redshift Getting Started with Amazon Redshift
Getting Started with Amazon RedshiftAmazon Web Services
 
Another day, another billion packets - Toronto
Another day, another billion packets - TorontoAnother day, another billion packets - Toronto
Another day, another billion packets - TorontoAmazon Web Services
 
Building Event-driven Serverless Applications
Building Event-driven Serverless ApplicationsBuilding Event-driven Serverless Applications
Building Event-driven Serverless ApplicationsAmazon Web Services
 
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th... Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th...Amazon Web Services
 
Cloud Economics, from Genesis to Scale
Cloud Economics, from Genesis to ScaleCloud Economics, from Genesis to Scale
Cloud Economics, from Genesis to ScaleAmazon Web Services
 
Cloud Computing for the Enterprise
Cloud Computing for the EnterpriseCloud Computing for the Enterprise
Cloud Computing for the EnterpriseAmazon Web Services
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day Amazon Web Services
 
AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...
AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...
AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...Amazon Web Services
 
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless CloudAWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoDevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoAmazon Web Services
 
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016Amazon Web Services
 
AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...
AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...
AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...Amazon Web Services
 
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Amazon Web Services
 
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...Amazon Web Services
 
Building Scalable Immersive Media Solutions on AWS
Building Scalable Immersive Media Solutions on AWSBuilding Scalable Immersive Media Solutions on AWS
Building Scalable Immersive Media Solutions on AWSAmazon Web Services
 
Fast Data at Scale with Amazon ElastiCache for Redis
Fast Data at Scale with Amazon ElastiCache for RedisFast Data at Scale with Amazon ElastiCache for Redis
Fast Data at Scale with Amazon ElastiCache for RedisAmazon Web Services
 

Viewers also liked (20)

AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9AWS Summit Auckland Sponsor Presentation - Dome9
AWS Summit Auckland Sponsor Presentation - Dome9
 
AWS Summit Auckland Sponsor presentation - Fronde
AWS Summit Auckland Sponsor presentation - FrondeAWS Summit Auckland Sponsor presentation - Fronde
AWS Summit Auckland Sponsor presentation - Fronde
 
AWS Summit Auckland - Sponsor Presentation - Zerto
AWS Summit Auckland - Sponsor Presentation - ZertoAWS Summit Auckland - Sponsor Presentation - Zerto
AWS Summit Auckland - Sponsor Presentation - Zerto
 
Getting Started with Amazon Redshift
Getting Started with Amazon Redshift Getting Started with Amazon Redshift
Getting Started with Amazon Redshift
 
Another day, another billion packets - Toronto
Another day, another billion packets - TorontoAnother day, another billion packets - Toronto
Another day, another billion packets - Toronto
 
Building Event-driven Serverless Applications
Building Event-driven Serverless ApplicationsBuilding Event-driven Serverless Applications
Building Event-driven Serverless Applications
 
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th... Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th...
Keep Cloud Transformation on Track: Nine Best Practices to Avoid or Break Th...
 
Amazon ECS Deep Dive
Amazon ECS Deep DiveAmazon ECS Deep Dive
Amazon ECS Deep Dive
 
Cloud Economics, from Genesis to Scale
Cloud Economics, from Genesis to ScaleCloud Economics, from Genesis to Scale
Cloud Economics, from Genesis to Scale
 
Cloud Computing for the Enterprise
Cloud Computing for the EnterpriseCloud Computing for the Enterprise
Cloud Computing for the Enterprise
 
AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day AWS Security in Plain English – AWS Security Day
AWS Security in Plain English – AWS Security Day
 
AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...
AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...
AWS re:Invent 2016: [REPEAT] How EA Leveraged Amazon Redshift and AWS Partner...
 
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless CloudAWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud
AWS Summit Auckland - Getting Started with AWS Lambda and the Serverless Cloud
 
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - TorontoDevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
DevOps on AWS: Deep Dive on Infrastructure as Code - Toronto
 
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
Apache Spark Clusters for Everyone | AWS Public Sector Summit 2016
 
AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...
AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...
AWS re:Invent 2016: Tips for Building Successful Solutions with AWS Marketpla...
 
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
Hybrid IT Approach and Technologies with the AWS Cloud | AWS Public Sector Su...
 
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
AWS June 2016 Webinar Series - Best Practices for Architecting Cloud Backup a...
 
Building Scalable Immersive Media Solutions on AWS
Building Scalable Immersive Media Solutions on AWSBuilding Scalable Immersive Media Solutions on AWS
Building Scalable Immersive Media Solutions on AWS
 
Fast Data at Scale with Amazon ElastiCache for Redis
Fast Data at Scale with Amazon ElastiCache for RedisFast Data at Scale with Amazon ElastiCache for Redis
Fast Data at Scale with Amazon ElastiCache for Redis
 

Similar to Getting Started with AWS Security Foundations

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSAlexandre Santos
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Amazon Web Services
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 

Similar to Getting Started with AWS Security Foundations (20)

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017Security Best Practices - AWS Summit Bahrain 2017
Security Best Practices - AWS Summit Bahrain 2017
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Application Migrations
Application MigrationsApplication Migrations
Application Migrations
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsMehedi Hasan Shohan
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 

Recently uploaded (20)

XpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software SolutionsXpertSolvers: Your Partner in Building Innovative Software Solutions
XpertSolvers: Your Partner in Building Innovative Software Solutions
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Naraina Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 

Getting Started with AWS Security Foundations

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Rahul Sareen Sr. Consultant, AWS Professional Services September 28th, 2016 Getting Started with AWS Security
  • 2. Prescriptive Approach Understand AWS Security Practice Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions
  • 4. Why is Enterprise Security Traditionally Hard? Lack of visibility Low degree of automation
  • 6. Making life easier Choosing security does not mean giving up on convenience or introducing complexity
  • 7. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
  • 8. Strengthen your security posture Get native functionality and tools Over 30 global compliance certifications and accreditations Leverage security enhancements gleaned from 1M+ customer experiences Benefit from AWS industry leading security teams 24/7, 365 days a year Security infrastructure built to satisfy military, global banks, and other high-sensitivity organizations
  • 9. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers Security is a shared responsibility Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
  • 10. Security Training Security Fundamentals on AWS (Free online course) Security Operations on AWS (3-day class) Details at aws.amazon.com/training
  • 12. AWS Assurance Programs AWS maintains a formal control environment • SOC 1 Type II • SOC 2 Type II and public SOC 3 report • ISO 27001, 27017, 27018 Certification • Certified PCI DSS Level 1 Service Provider • FedRAMP Authorization • Architect for HIPAA compliance
  • 13. AWS Account Relationship AWS Account Ownership AWS Account Contact Information AWS Sales AWS Solutions Architects AWS Support AWS Professional Services AWS Consulting Partners
  • 14. AWS Trusted Advisor AWS Trusted Advisor
  • 15. Integrate Identity & Access Management
  • 16. AWS Identity & Access Management IAM Users IAM Groups IAM Roles IAM Policies
  • 17.
  • 18. Account Governance – New Accounts InfoSec’s Cross- Account Roles AWS Account Credential Management (“Root Account”) Federation Baseline Requirements Actions & Conditions Map Enterprise Roles
  • 20. AWS CloudTrail & CloudWatch AWS CloudTrail Amazon CloudWatch  Enable globally for all AWS Regions  Encryption & Integrity Validation  Archive & Forward  Amazon CloudWatch Logs  Metrics & Filters  Alarms & Notifications
  • 22. AWS Global Footprint 13 Regions (11 Public, China Region and GovCloud Region) Canada, Ohio, UK and another China Region planned for 2016 and beyond 32+ Availability zones (adding more in 2016 across new Regions) 55+ Edge locations Region Edge location
  • 23. VPC Public Subnet 10.10.1.0/24 VPC Public Subnet 10.10.2.0/24 VPC CIDR 10.10.0.0/16 VPC Private Subnet 10.10.3.0/24 VPC Private Subnet 10.10.4.0/24 VPC Private Subnet 10.10.5.0/24 VPC Private Subnet 10.10.6.0/24 AZ A AZ B Public ELB Internal ELB RDS Master Autoscaling Web Tier Autoscaling Application Tier Internet Gateway RDS Standby Snapshots Multi-AZ RDS Data Tier Existing Datacenter Virtual Private Gateway Customer Gateway VPN Connection Direct Connect Network Partner Location Administrators & Corporate Users Amazon Virtual Private Cloud
  • 24. Availability Zone A Private subnet Public subnet Private subnet Availability Zone B Public subnet Private subnet ELB Web Back end VPC CIDR 10.1.0.0/16 ELB Web Back end VPC sg_ELB_FrontEnd (ELB Security Group) sg_Web_Frontend (Web Security Group) Security Groups sg_Backend (Backend Security Group)
  • 28. VPC Flow Logs • Agentless • Enable per ENI, per subnet, or per VPC • Logged to AWS CloudWatch Logs • Create CloudWatch metrics from log data • Alarm on those metrics AWS account Source IP Destination IP Source port Destination port Interface Protocol Packets Bytes Start/end time Accept or reject
  • 29. VPC Flow Logs • Amazon Elasticsearch Service • Amazon CloudWatch Logs subscriptions
  • 30. VPC Flow Logs – CloudWatch Alarms
  • 32. Cryptographic Services Amazon CloudHSM  Deep integration with AWS Services  CloudTrail  AWS SDK for application encryption  Dedicated HSM  Integrate with on-premises HSMs  Hybrid Architectures AWS KMS
  • 34. AWS Config & Config Rules AWS Config Amazon Config Rules  Record configuration changes continuously  Time-series view of resource changes  Archive & Compare  Enforce best practices  Automatically roll-back unwanted changes  Trigger additional workflow
  • 37. AWS Config Rules – Tenancy Enforcement Example
  • 38. AWS Config Rules – Tenancy Enforcement Example
  • 39. AWS Config Rules – Tenancy Enforcement Example
  • 41. AWS CloudFormation – Infrastructure as Code Template StackAWS CloudFormation  Orchestrate changes across AWS Services  Use as foundation to Service Catalog products  Use with source code repositories to manage infrastructure changes  JSON-based text file describing infrastructure  Resources created from a template  Can be updated  Updates can be restrictured
  • 42. Change Sets – Create Change Set
  • 46. Evolving the Practice of Security Architecture Security architecture can now be part of the ‘maker’ team Architecture artifacts (design choices, narrative, etc.) committed to common repositories Complete solutions account for automation Solution architectures are living audit/compliance artifacts and evidence in a closed loop Evolved Security Architecture Practice AWS CodeCommit AWS CodePipeline Jenkins
  • 47. AWS Marketplace Security Partners Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection
  • 48. Prescriptive Approach – Get Started! Understand AWS Security Approach Build Strong Compliance Foundations Integrate Identity & Access Management Enable Detective Controls Establish Network Security Implement Data Protection Optimize Change Management Automate Security Functions