Lahav Savir, profile picture
Uploaded byLahav Savir
386 views

How to Protect your AWS Environment

This document provides an overview of how to protect an AWS environment. It discusses common types of managed service providers (MSPs) that focus on AWS, including cloud-native MSPs. It also covers important security topics like infrastructure security, network security, host security, data encryption, identity management, and monitoring/auditing. Specific recommendations are given around securing networking with options like Direct Connect, VPNs, and segmentation. The document emphasizes central monitoring, auditing, and encrypting all data for protection.

Technology
Related topics:
Information Security

Embed presentation

How to Protect Your AWS Environment Lahav Savir, CEO & Architect Emind Cloud Experts
A Global Expert in Cloud Enablement for Products, SaaS ISV, and Online Solutions
Top Level Partnership
A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS- specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
The future is all about cloud computing. Report shows how by 2018, over 78% of workloads will be managed by cloud data centers as against the remaining 22% processed by traditional data centers.
Where there is more data, there is bound to be more data breaches!
Security in the Cloud Security of the Cloud
Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
Why the Cloud is more Secure? ● More segmentation (separation) ● More encryption ● Stronger authentication ● More logging and monitoring
Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
Identity Federation
Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP No need for IAM Users
Network Access
Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: Not VPC Endpoints or transitive via VPC Peering ● Public Virtual Interface – Access to non-VPC Services
SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● Sophos ● pfSense ● … Others
Don’t assume your corporate network is secure and expose your production networks to all users
Smart Separation
Inbound Application Outbound
● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
Host Security
What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
Data Encryption
AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data-at- rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
Encrypt all your data, you never know who and when someone will request access to the data
Centrally Monitor and Audit
Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
● Create Clear Visibility ● Set Governance Rules ● Define Actions
Join our Fastlane to a Successful Cloud Deployment Thank you, lahavs@emind.co

More Related Content

PDF
Integrating Cloudera & Microsoft Azure
byXpand IT
 
PDF
How to protect your IoT data on AWS
byLahav Savir
 
PDF
Cloud Computing workshop
bySuraj Kumar Jana
 
PPTX
Slide share device to iot solution – a blueprint
byGuy Vinograd ☁
 
PDF
Advanced Event Brokers
bySolace
 
PPTX
Advanced Event Brokers
byNick Donaldson
 
PPTX
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
byCodit
 
PDF
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
byEvident.io
 
Integrating Cloudera & Microsoft Azure
byXpand IT
 
How to protect your IoT data on AWS
byLahav Savir
 
Cloud Computing workshop
bySuraj Kumar Jana
 
Slide share device to iot solution – a blueprint
byGuy Vinograd ☁
 
Advanced Event Brokers
bySolace
 
Advanced Event Brokers
byNick Donaldson
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
byCodit
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
byEvident.io
 

What's hot

PDF
Microsoft Azure Fundamentals
byAdwait Ullal
 
PPTX
Azure Administrator
byViknaraj Manogararajah
 
PPTX
2016, A new era of OS and Cloud Security
byTudor Damian
 
PPTX
Azure operational insights
byIlyas F ☁☁☁
 
PDF
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
byMongoDB
 
PPTX
Cloud computing
byThor Tolo
 
PDF
Wp cipher graph-cag-topology
byIRSHAD RATHER
 
PPTX
Cloud Security and some preferred practices
byMichael Pearce
 
PDF
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
byLenses.io
 
PPTX
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
byAndrew Backhouse
 
PPTX
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
byCodit
 
PDF
Nats meetup sf 20150826
byApcera
 
PPTX
Azure app services 2 - Logic & Api Apps
byBill Chesnut
 
PPTX
Microsoft Azure News - 2018 May
byDaniel Toomey
 
PPTX
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
byCloudHesive
 
PPTX
Moving Your Data to The Cloud
byAdwait Ullal
 
PDF
WSO2Con ASIA 2016: Planning Your Cloud Strategy
byWSO2
 
PDF
Taking Security Responsibility in the AWS Cloud
byFranklin Mosley
 
PDF
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
bymarketingsyone
 
Microsoft Azure Fundamentals
byAdwait Ullal
 
Azure Administrator
byViknaraj Manogararajah
 
2016, A new era of OS and Cloud Security
byTudor Damian
 
Azure operational insights
byIlyas F ☁☁☁
 
MongoDB World 2019: Wipro Software Defined Everything Powered by MongoDB
byMongoDB
 
Cloud computing
byThor Tolo
 
Wp cipher graph-cag-topology
byIRSHAD RATHER
 
Cloud Security and some preferred practices
byMichael Pearce
 
Dataops on streaming data: Kafka to InfluxDb via Kubernetes native flows
byLenses.io
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
byAndrew Backhouse
 
Event-Driven Serverless Architecture - the next big thing in the cloud (Cleme...
byCodit
 
Nats meetup sf 20150826
byApcera
 
Azure app services 2 - Logic & Api Apps
byBill Chesnut
 
Microsoft Azure News - 2018 May
byDaniel Toomey
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
byCloudHesive
 
Moving Your Data to The Cloud
byAdwait Ullal
 
WSO2Con ASIA 2016: Planning Your Cloud Strategy
byWSO2
 
Taking Security Responsibility in the AWS Cloud
byFranklin Mosley
 
Tiago Fonseca & Rui Velho - Syone & Leroy Merlin - OSL19
bymarketingsyone
 

Viewers also liked

PDF
Invest in the UK
byMehmet Basaran
 
PPTX
Why Form a Health Professions Training Program at Your Federally Qualified H...
byCHC Connecticut
 
DOC
ValeryBassenkoResume
byValery Bassenko
 
PPT
Angela Brady - Keynote
byCivic Agenda
 
PDF
JBoye Presentation: WCM Trends for 2010
byDavid Nuescheler
 
PDF
Openstack install-guide-apt-kilo
byduchant
 
PPT
Transforming Xml Data Into Html
byKarthikeyan Mkr
 
PDF
Thesis
bySanna Martinmäki
 
PPTX
Redaccion
byLuis Huerfano
 
PPTX
La perdurabilidad en las empresas amiliasde
bymariaperezgamboa
 
PPT
CGCA: Transition to Home School
byeeniarrol
 
PPT
Pengembangan sbi
bysmkfarmasi
 
PPTX
Work1m33 25,9
byRewV6
 
Invest in the UK
byMehmet Basaran
 
Why Form a Health Professions Training Program at Your Federally Qualified H...
byCHC Connecticut
 
ValeryBassenkoResume
byValery Bassenko
 
Angela Brady - Keynote
byCivic Agenda
 
JBoye Presentation: WCM Trends for 2010
byDavid Nuescheler
 
Openstack install-guide-apt-kilo
byduchant
 
Transforming Xml Data Into Html
byKarthikeyan Mkr
 
Thesis
bySanna Martinmäki
 
Redaccion
byLuis Huerfano
 
La perdurabilidad en las empresas amiliasde
bymariaperezgamboa
 
CGCA: Transition to Home School
byeeniarrol
 
Pengembangan sbi
bysmkfarmasi
 
Work1m33 25,9
byRewV6
 

Similar to How to Protect your AWS Environment

PDF
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
PDF
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
byAmazon Web Services Korea
 
PDF
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
byAmazon Web Services Korea
 
PDF
Security best practices on AWS cloud
byMartin Yan
 
PPTX
Cloudifying your Security Operations on AWS
byCloudHesive
 
PPTX
Blue Chip Tek Connect and Protect Presentation #3
byKimberly Macias
 
PDF
Practical AWS Security - Scott Hogg
byTrish McGinity, CCSK
 
PPTX
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
PDF
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
byVladimir Simek
 
PDF
AWS Finland User Group Meetup 2017-05-23
byRolf Koski
 
PDF
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
byAmazon Web Services Korea
 
PDF
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
byAmazon Web Services Korea
 
PPTX
Amazon Web Services Federation Integration Governance Workshop with Layer 7
byCA API Management
 
PPTX
Hack proof your aws cloud cloudcheckr_040416
byJarrett Plante
 
PDF
Securing Your Customers Data From Day One
byAmazon Web Services LATAM
 
PDF
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
byAWS Germany
 
PDF
Security in the cloud
byReham Maher El-Safarini
 
PDF
AWS Summit Berlin 2013 - Keynote Steve Schmidt
byAWS Germany
 
PPTX
Adopting AWS in your organization - ITPalooza 2015
byCloudHesive
 
PPTX
Deep dive - AWS security by design
byRichard Harvey
 
The AWS Shared Responsibility Model in Practice
byAlert Logic
 
AWS를 활용한 금융권 hybrid cloud 구축하기 :: Felix Candelario :: AWS ...
byAmazon Web Services Korea
 
Hybrid cloud for financial sector :: Felix Candelario :: AWS Finance Seminar
byAmazon Web Services Korea
 
Security best practices on AWS cloud
byMartin Yan
 
Cloudifying your Security Operations on AWS
byCloudHesive
 
Blue Chip Tek Connect and Protect Presentation #3
byKimberly Macias
 
Practical AWS Security - Scott Hogg
byTrish McGinity, CCSK
 
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
byVladimir Simek
 
AWS Finland User Group Meetup 2017-05-23
byRolf Koski
 
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
byAmazon Web Services Korea
 
엔터프라이즈를 위한 하이브리드 클라우드 및 보안 관리
byAmazon Web Services Korea
 
Amazon Web Services Federation Integration Governance Workshop with Layer 7
byCA API Management
 
Hack proof your aws cloud cloudcheckr_040416
byJarrett Plante
 
Securing Your Customers Data From Day One
byAmazon Web Services LATAM
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
byAWS Germany
 
Security in the cloud
byReham Maher El-Safarini
 
AWS Summit Berlin 2013 - Keynote Steve Schmidt
byAWS Germany
 
Adopting AWS in your organization - ITPalooza 2015
byCloudHesive
 
Deep dive - AWS security by design
byRichard Harvey
 

More from Lahav Savir

PDF
Multi Layer Monitoring V1
byLahav Savir
 
PPTX
Running an erlang based messaging system on AWS
byLahav Savir
 
PDF
How to Secure Your AWS Powered Mobile App End-to-End
byLahav Savir
 
PDF
Emind’s Architecture for Enterprise with AWS Integration
byLahav Savir
 
PDF
Best of re:Invent 2016 meetup presentation
byLahav Savir
 
PDF
DevOps sensors 360° high availability in the cloud
byLahav Savir
 
PPT
סע לשלום - הדרכה לרכזים כיתתיים
byLahav Savir
 
PPTX
Build Secure Cloud Solution using F5 BIG-IP on AWS
byLahav Savir
 
PDF
Deploying secure backup on to the Cloud
byLahav Savir
 
PDF
Real-Time Vote Platform Benchmark
byLahav Savir
 
PDF
Lahav Savir - Massively Scaleable Mobile Gateways
byLahav Savir
 
Multi Layer Monitoring V1
byLahav Savir
 
Running an erlang based messaging system on AWS
byLahav Savir
 
How to Secure Your AWS Powered Mobile App End-to-End
byLahav Savir
 
Emind’s Architecture for Enterprise with AWS Integration
byLahav Savir
 
Best of re:Invent 2016 meetup presentation
byLahav Savir
 
DevOps sensors 360° high availability in the cloud
byLahav Savir
 
סע לשלום - הדרכה לרכזים כיתתיים
byLahav Savir
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
byLahav Savir
 
Deploying secure backup on to the Cloud
byLahav Savir
 
Real-Time Vote Platform Benchmark
byLahav Savir
 
Lahav Savir - Massively Scaleable Mobile Gateways
byLahav Savir
 

Recently uploaded

PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PDF
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
PDF
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
PDF
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PDF
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
PDF
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
PDF
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PDF
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
DOCX
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
PPTX
cybercrime in Information security .pptx
byismaeelsahib032
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
The major tech developments for 2026 by Pluralsight, a research and training ...
byChris Skinner
 
Safeguarding AI-Based Financial Infrastructure
byYasir Naveed Riaz
 
Igniting the Future: Copilot trends, agentic transformation and product roadm...
byUni Systems S.M.S.A.
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Security Technologys: Access Control, Firewall, VPN
byShielaLasala
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
Knowing and Doing: Knowledge graphs, AI, and work
bymarainglezakis1
 
Zero Trust & Defense-in-Depth: The Future of Critical Infrastructure Security
byYasir Naveed Riaz
 
Making Sense of Raster: From Bit Depth to Better Workflows
bySafe Software
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
Is It Possible to Have Wi-Fi Without an Internet Provider
bySidra Jefferi
 
Introduction to the World of Computers (Hardware & Software)
byALIABBAS ABASOV
 
cybercrime in Information security .pptx
byismaeelsahib032
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Recursive Self Improvement vs Continuous Learning
byBob Marcus
 

How to Protect your AWS Environment

  • 1.
    How to ProtectYour AWS Environment Lahav Savir, CEO & Architect Emind Cloud Experts
  • 2.
    A Global Expertin Cloud Enablement for Products, SaaS ISV, and Online Solutions
  • 3.
  • 4.
    A “Cloud-native” MSP MarketGuide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS- specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
  • 5.
    The future isall about cloud computing. Report shows how by 2018, over 78% of workloads will be managed by cloud data centers as against the remaining 22% processed by traditional data centers.
  • 6.
    Where there ismore data, there is bound to be more data breaches!
  • 7.
  • 8.
    Assessing the Risk: Yes,the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
  • 9.
    Why the Cloudis more Secure? ● More segmentation (separation) ● More encryption ● Stronger authentication ● More logging and monitoring
  • 10.
    Top Topics ● Infrastructure Security ●Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
  • 11.
  • 12.
    Why do youneed Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
  • 13.
    Single Identity Provider ● SinglePassword Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
  • 14.
    Organization users accessing: AWSResources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
  • 15.
    ● Don't mixCorporate and Cloud Resources ● Minimize Replication ● Maximize Federation
  • 16.
    Corporate ● Corporate ActiveDirectory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
  • 17.
    Login Scenarios ● AWSConsole ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP No need for IAM Users
  • 19.
  • 20.
    Networking ● Public Internet ●VPN / IPSec Tunnel ● DirectConnect
  • 21.
    Direct Connect Options ● PrivateVirtual Interface – Access to VPC ○ Note: Not VPC Endpoints or transitive via VPC Peering ● Public Virtual Interface – Access to non-VPC Services
  • 22.
    SSL VPN Options ● OpenVPN ●Fortinet Fortigate ● Sophos ● pfSense ● … Others
  • 23.
    Don’t assume yourcorporate network is secure and expose your production networks to all users
  • 24.
  • 25.
  • 26.
    ● Create acontrolled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
  • 27.
  • 28.
    What’s Host Security ? ●OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
  • 29.
  • 30.
    AWS Encryption Options Dataat Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data-at- rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
  • 31.
    Encrypt all yourdata, you never know who and when someone will request access to the data
  • 32.
  • 33.
    Events Sources ● CloudTrail ●ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
  • 38.
    ● Create ClearVisibility ● Set Governance Rules ● Define Actions
  • 39.
    Join our Fastlaneto a Successful Cloud Deployment Thank you, lahavs@emind.co