SlideShare a Scribd company logo

How Inovalon Uses Sophos to Control Security Costs on AWS

Amazon Web Services
Amazon Web Services

In this webinar, we will show you how Inovalon, a healthcare focused technology consulting firm headquartered in Bowie, M.D. deploys cloud-based platforms on AWS that meet strict HIPAA security requirements, all while minimizing security, administration and infrastructure costs. By using the Sophos UTM Auto Scaling security solution and a shared security AWS architecture, the Inovalon security team is able to centrally deploy and manage an ingress security layer for each client VPC across multiple AWS accounts.

1 of 27
Download to read offline
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scott Ward, Solutions Architect April 26, 2018 How Inovalon Controls Security Costs with Sophos on AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is security traditionally so hard? Lack of visibility Low degree of automation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The most sensitive workloads run on AWS “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.” — Richard Daly, CEO DNAnexus “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” —John Brady, CISO, FINRA (Financial Industry Regulatory Authority) “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” — Richard Crowley, Director of Operations, Slack
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS to strengthen your security posture
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inherit global security and compliance controls
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management Service (KMS) or managing your own encryption keys with Cloud HSM using FIPS validated cryptography systems Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill Prout, Security Architect Manager, April 26, 2018 Properly securing complex cloud environments with Sophos Unified Threat Management (UTM)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The AWS Shared Responsibility Model
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common customer requirements Web Application Firewall Intrusion Prevention System Virtual Private Network Next-Gen Firewall Outbound Traffic Protection
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction to Sophos  Recognized leader in Endpoint Protection, Mobile Data Protection, and Unified Threat Management.  Long history of helping customer secure their applications, data, endpoints, and networks— both on-premises and more recently in the cloud.  Our solutions help secure more than 200,000 customers in over 150 countries.  Customers like Xerox, Under Armour, Pixar, Northrop Grumman, Ford, Avis, and Amazon.  AWS Security Competency Partner
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Achieving defense-in-depth and controlling costs with Sophos UTM To achieve defense-in-depth, AWS recommends layered security. Sophos UTM provides layered security in a single solution, driving down costs. Infrastructure Protection Intrusion Prevention System (IPS) Web Application Firewall (WAF) Sandstorm Protection (ATP and Cloud Sandboxing)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM gives you flexibility along your cloud journey For most organizations, cloud adoption happens incrementally, and their security needs get more robust over time. Start with free trial, then standalone UTM Move to High Availability or Auto Scaling when needed Use Sophos UTM Conversion to automatically modify your architecture
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM on AWS integrations Amazon Elastic Load Balancing AWS CloudFormation Amazon S3 Auto Scaling  High Availability (HA) and redundancy supporting multiple Availability Zones (AZ)  Auto Scaling WAF that automatically scales to inspect all web traffic  Built-in load balancer support for ELB and site- to-site VPN configuration for VPC  CloudFormation templates that automatically deploy and configure Sophos UTM  Automated outbound route table updates to ensure continuous traffic flow Sophos UTM is integrated with AWS services to make deployment and management easy
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM deployment and pricing  Deploy directly from AWS Marketplace  Evaluate under free trial  Easy pay-as-you-go pricing  Leverage an existing investment with bring-your-own-license (BYOL) option
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM - High Availability 10.10.0.0/16 Internet Gateway Availability Zone #1 Private Client Subnet 10.10.100.0/24 Primary UTM 10.10.1.0/24 Availability Zone Failover UTM Deployment CloudFormation Launches UTMs and associated AWS services Availability Zone #2 Auto Scaling Group Auto Scaling Launches and maintains UTM AutoScaling groups CloudWatch Monitors UTM Health and collects logs S3 Stores UTM Controller license, logs, and configuration EIP 10.10.2.0/24 Backup UTM
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM - Auto Scaling Internet Gateway Availability Zone #1 Private Client Subnet UTM WorkersUTM Controller Active/Active Auto Scaling UTM CloudFormation Launches UTMs and associated AWS services Auto Scaling Group Auto Scaling Launches and maintains UTM AutoScaling groups CloudWatch Monitors UTM Health and collects logs S3 Stores UTM Controller license, logs, and configuration UTM Workers Private Client Subnet Admin (Controller -> Workers) Syslog (Controller <- Workers) External ELB Internal ELB Availability Zone #2
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Frank Scalzo, Director of Cloud Technologies & Engineering at Avalere Health/ Inovalon April 26, 2018 How Inovalon is more agile and secure with Sophos on AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. About Inovalon  Leading provider of cloud-based healthcare platforms  Enable organizations to make data-driven transformation and better serve their patients  Technology supports nearly:  500 healthcare organizations  932,000 physicians  455,000 clinical facilities  240 million Americans
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why Inovalon moved to the cloud Agility to deploy hinged on delivering against tight timelines, and procuring hardware was translating to lost time and productivity as well as large procurement costs to meet over architecting an environment Legacy security products are very expensive and cumbersome to manage Commercial Cloud Engineering Team consisted of only 6 people The ability to segregate products and departments within AWS with a multi account strategy allowed for better cost governance over each product but still allowing for central management and granular security
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Syslog sends all logging information from Workers to Controller UTM on AWS Multi VPC
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The considerations  Storage and compute infrastructure  Consolidating security tools  Maturity of service offerings  Ability to provision and configure resources quickly  HIPAA compliance  Minimizing security management overhead  Automation and centralized control  Customer support Functionality Security Management Cost
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The choice: Deploying Sophos UTM on AWS  Chose AWS for maturity, cost, and operational simplicity  Met all security needs at a fraction of the costs  Worked with Sophos Partner to negotiate fixed Enterprise Agreement, minimizing license costs  Started with single UTMs and NAT rules for inbound traffic protection  Converted to UTM Auto Scaling with Web Server Protection WAF to better align with AWS Best Practices  Added Intrusion Prevention and Advanced Threat Protection  Were able to modify default UTM Auto Scaling template to accommodate need for multi-account/VPC solution
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Benefits Reduced security costs by 40% over comparable security products Centralized management has led to 20% reduction in security operations labor costs In-box logging and monitoring is tightly integrated with SIEM, Can meet customer demands and get to market in a matter of hours, with the flexibility to scale up or down at any time
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Looking forward– protecting Amazon Workspaces with Outbound Gateway Internet Gateway Availability Zone #1 Workspaces Client Subnet UTM WorkersUTM Controller Auto Scaling UTM with OGW CloudFormation Launches UTMs and associated AWS services Auto Scaling Launches and maintains UTM AutoScaling groups CloudWatch Monitors UTM Health and collects logs S3 Stores UTM Controller license, logs, and configuration UTM Workers Admin (Controller -> Workers) Syslog (Controller <- Workers) External ELB Internal ELB Availability Zone #2 OGW Can be setup as Active/Active or Active/Passive OGW Subnet Private Client Subnet Auto Scaling Group GRE Tunnel IEP Auto Scaling Group GRE Tunnel
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scott Ward, Solutions Architect, AWS Bill Prout, Security Architect, Sophos Frank Scalzo, Director, Cloud Technologies & Engineering, Inovalon Thank you Questions & Answers

Recommended

How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS
Amazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summits
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
Amazon Web Services
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Amazon Web Services
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Amazon Web Services
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Amazon Web Services
 

Recommended

How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS
Amazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summits
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
Amazon Web Services
 
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019 Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Governance for the Cloud Age - DEM12-R - AWS re:Inforce 2019
Amazon Web Services
 
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019 Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Balancing cloud innovation and security - GRC317 - AWS re:Inforce 2019
Amazon Web Services
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Amazon Web Services
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Amazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Amazon Web Services
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Amazon Web Services
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...
Amazon Web Services
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Amazon Web Services
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Amazon Web Services
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summits
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
Amazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Amazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Amazon Web Services
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 

More Related Content

What's hot

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Amazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Amazon Web Services
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Amazon Web Services
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
Amazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
Amazon Web Services
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Amazon Web Services
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...
Amazon Web Services
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Amazon Web Services
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Amazon Web Services
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
Amazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Amazon Web Services
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summits
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
Amazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Amazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Amazon Web Services
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
Amazon Web Services
 

What's hot (20)

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
 
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
 
How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...How policymakers can fulfill promises of security for cloud services - SEP205...
How policymakers can fulfill promises of security for cloud services - SEP205...
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
 
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
Using AWS WAF to protect against bots and scrapers - SDD311 - AWS re:Inforce ...
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
 

Similar to How Inovalon Uses Sophos to Control Security Costs on AWS

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
Amazon Web Services
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
Amazon Web Services
 
Migrate, Modernize, and Manage: Best Practices for a Cloud Migration
Migrate, Modernize, and Manage: Best Practices for a Cloud MigrationMigrate, Modernize, and Manage: Best Practices for a Cloud Migration
Migrate, Modernize, and Manage: Best Practices for a Cloud Migration
Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Amazon Web Services
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
 

Similar to How Inovalon Uses Sophos to Control Security Costs on AWS (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
Migrate, Modernize, and Manage: Best Practices for a Cloud Migration
Migrate, Modernize, and Manage: Best Practices for a Cloud MigrationMigrate, Modernize, and Manage: Best Practices for a Cloud Migration
Migrate, Modernize, and Manage: Best Practices for a Cloud Migration
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

How Inovalon Uses Sophos to Control Security Costs on AWS

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scott Ward, Solutions Architect April 26, 2018 How Inovalon Controls Security Costs with Sophos on AWS
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why is security traditionally so hard? Lack of visibility Low degree of automation
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The most sensitive workloads run on AWS “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.” — Richard Daly, CEO DNAnexus “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” —John Brady, CISO, FINRA (Financial Industry Regulatory Authority) “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” — Richard Crowley, Director of Operations, Slack
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS to strengthen your security posture
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Inherit global security and compliance controls
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management Service (KMS) or managing your own encryption keys with Cloud HSM using FIPS validated cryptography systems Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Bill Prout, Security Architect Manager, April 26, 2018 Properly securing complex cloud environments with Sophos Unified Threat Management (UTM)
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The AWS Shared Responsibility Model
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Common customer requirements Web Application Firewall Intrusion Prevention System Virtual Private Network Next-Gen Firewall Outbound Traffic Protection
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Introduction to Sophos  Recognized leader in Endpoint Protection, Mobile Data Protection, and Unified Threat Management.  Long history of helping customer secure their applications, data, endpoints, and networks— both on-premises and more recently in the cloud.  Our solutions help secure more than 200,000 customers in over 150 countries.  Customers like Xerox, Under Armour, Pixar, Northrop Grumman, Ford, Avis, and Amazon.  AWS Security Competency Partner
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Achieving defense-in-depth and controlling costs with Sophos UTM To achieve defense-in-depth, AWS recommends layered security. Sophos UTM provides layered security in a single solution, driving down costs. Infrastructure Protection Intrusion Prevention System (IPS) Web Application Firewall (WAF) Sandstorm Protection (ATP and Cloud Sandboxing)
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM gives you flexibility along your cloud journey For most organizations, cloud adoption happens incrementally, and their security needs get more robust over time. Start with free trial, then standalone UTM Move to High Availability or Auto Scaling when needed Use Sophos UTM Conversion to automatically modify your architecture
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM on AWS integrations Amazon Elastic Load Balancing AWS CloudFormation Amazon S3 Auto Scaling  High Availability (HA) and redundancy supporting multiple Availability Zones (AZ)  Auto Scaling WAF that automatically scales to inspect all web traffic  Built-in load balancer support for ELB and site- to-site VPN configuration for VPC  CloudFormation templates that automatically deploy and configure Sophos UTM  Automated outbound route table updates to ensure continuous traffic flow Sophos UTM is integrated with AWS services to make deployment and management easy
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM deployment and pricing  Deploy directly from AWS Marketplace  Evaluate under free trial  Easy pay-as-you-go pricing  Leverage an existing investment with bring-your-own-license (BYOL) option
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM - High Availability 10.10.0.0/16 Internet Gateway Availability Zone #1 Private Client Subnet 10.10.100.0/24 Primary UTM 10.10.1.0/24 Availability Zone Failover UTM Deployment CloudFormation Launches UTMs and associated AWS services Availability Zone #2 Auto Scaling Group Auto Scaling Launches and maintains UTM AutoScaling groups CloudWatch Monitors UTM Health and collects logs S3 Stores UTM Controller license, logs, and configuration EIP 10.10.2.0/24 Backup UTM
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sophos UTM - Auto Scaling Internet Gateway Availability Zone #1 Private Client Subnet UTM WorkersUTM Controller Active/Active Auto Scaling UTM CloudFormation Launches UTMs and associated AWS services Auto Scaling Group Auto Scaling Launches and maintains UTM AutoScaling groups CloudWatch Monitors UTM Health and collects logs S3 Stores UTM Controller license, logs, and configuration UTM Workers Private Client Subnet Admin (Controller -> Workers) Syslog (Controller <- Workers) External ELB Internal ELB Availability Zone #2
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Frank Scalzo, Director of Cloud Technologies & Engineering at Avalere Health/ Inovalon April 26, 2018 How Inovalon is more agile and secure with Sophos on AWS
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. About Inovalon  Leading provider of cloud-based healthcare platforms  Enable organizations to make data-driven transformation and better serve their patients  Technology supports nearly:  500 healthcare organizations  932,000 physicians  455,000 clinical facilities  240 million Americans
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why Inovalon moved to the cloud Agility to deploy hinged on delivering against tight timelines, and procuring hardware was translating to lost time and productivity as well as large procurement costs to meet over architecting an environment Legacy security products are very expensive and cumbersome to manage Commercial Cloud Engineering Team consisted of only 6 people The ability to segregate products and departments within AWS with a multi account strategy allowed for better cost governance over each product but still allowing for central management and granular security
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Syslog sends all logging information from Workers to Controller UTM on AWS Multi VPC
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The considerations  Storage and compute infrastructure  Consolidating security tools  Maturity of service offerings  Ability to provision and configure resources quickly  HIPAA compliance  Minimizing security management overhead  Automation and centralized control  Customer support Functionality Security Management Cost
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The choice: Deploying Sophos UTM on AWS  Chose AWS for maturity, cost, and operational simplicity  Met all security needs at a fraction of the costs  Worked with Sophos Partner to negotiate fixed Enterprise Agreement, minimizing license costs  Started with single UTMs and NAT rules for inbound traffic protection  Converted to UTM Auto Scaling with Web Server Protection WAF to better align with AWS Best Practices  Added Intrusion Prevention and Advanced Threat Protection  Were able to modify default UTM Auto Scaling template to accommodate need for multi-account/VPC solution
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Benefits Reduced security costs by 40% over comparable security products Centralized management has led to 20% reduction in security operations labor costs In-box logging and monitoring is tightly integrated with SIEM, Can meet customer demands and get to market in a matter of hours, with the flexibility to scale up or down at any time
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Looking forward– protecting Amazon Workspaces with Outbound Gateway Internet Gateway Availability Zone #1 Workspaces Client Subnet UTM WorkersUTM Controller Auto Scaling UTM with OGW CloudFormation Launches UTMs and associated AWS services Auto Scaling Launches and maintains UTM AutoScaling groups CloudWatch Monitors UTM Health and collects logs S3 Stores UTM Controller license, logs, and configuration UTM Workers Admin (Controller -> Workers) Syslog (Controller <- Workers) External ELB Internal ELB Availability Zone #2 OGW Can be setup as Active/Active or Active/Passive OGW Subnet Private Client Subnet Auto Scaling Group GRE Tunnel IEP Auto Scaling Group GRE Tunnel
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scott Ward, Solutions Architect, AWS Bill Prout, Security Architect, Sophos Frank Scalzo, Director, Cloud Technologies & Engineering, Inovalon Thank you Questions & Answers