SlideShare a Scribd company logo

How to protect your IoT data on AWS

Lahav Savir
Lahav Savir

Data and IoT are very exciting but also very dangerous, this presentation walk though AWS best practicing for securing the cloud platfrom

Technology
1 of 41
How to Protect Your IoT data on AWS Lahav Savir Co-founder and CTO AllCloud
A Global Leader in Cloud Transformation and Adoption for SaaS, ISV and Enterprises
“AWS Managed Service Partners are skilled at cloud infrastructure and application migration, and deliver value to customers by offering proactive monitoring, automation, and management of their customer’s environment.” https://aws.amazon.com/partners/msp/ http://www.emind.co/msp AWS Next-Gen (v3) Managed Service Partner (MSP)
A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS-specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
360° Solution for vending business ● 100s of thousands connected devices around the world ● GPRS / 3G / Wifi ● Real-Time Data ● PCI-DSS Certified http://www.emind.co/case-study/nayax-partners-with-emind-to-migr ate-cashless-service-solutions-to-amazon-cloud/
More Than Just A Wireless Charging Solution. ● 1000s of locations worldwide ● Driving more traffic to businesses ● Big-data and real-time analytics http://www.emind.co/case-study/powermat-partners-with-emind-to- fully-manage-their-wireless-charging-services-on-aws/
Where there is more data, there are bound to be more data breaches!
Security in the Cloud Security of the Cloud
Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
Why the Cloud is more Secure? ● More segmentation ● More encryption ● Stronger authentication ● More logging and monitoring ● More managed platforms
Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
Identity Federation
Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP You can avoid the IAM Users
Network Access
Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: VPC Endpoints are not transitive via VPC Peering ● Public Virtual Interface – Access to the region IP address space (non-VPC Services)
SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● CheckPoint ● Sophos ● pfSense ● … Others
Don’t assume your corporate network is secure and expose your production networks to all users
Smart Separation
Inbound Layer Application Layer Outbound Layer
● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
Host Security
What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
Data Encryption
AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data -at-rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
Encrypt all your data, you never know who and when someone will request access to the data
Centrally Monitor and Audit
Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
● Create Clear Visibility ● Set Governance Rules ● Define Actions
© 2016 AllCloud Join our Fastlane to a Successful Cloud Deployment Contact me: lahav.savir@allcloud.io

Recommended

How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
Lahav Savir
 
Cloud Computing workshop
Cloud Computing workshopCloud Computing workshop
Cloud Computing workshop
Suraj Kumar Jana
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Codit
 
The hidden secrets of azure networking
The hidden secrets of azure networkingThe hidden secrets of azure networking
The hidden secrets of azure networking
Mohamed Wali
 
AWS Security
AWS SecurityAWS Security
AWS Security
armincoralic
 
Distributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageDistributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect Marriage
Amazon Web Services
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS Cloud
Franklin Mosley
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
Evident.io
 

Recommended

How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
Lahav Savir
 
Cloud Computing workshop
Cloud Computing workshopCloud Computing workshop
Cloud Computing workshop
Suraj Kumar Jana
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Codit
 
The hidden secrets of azure networking
The hidden secrets of azure networkingThe hidden secrets of azure networking
The hidden secrets of azure networking
Mohamed Wali
 
AWS Security
AWS SecurityAWS Security
AWS Security
armincoralic
 
Distributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageDistributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect Marriage
Amazon Web Services
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS Cloud
Franklin Mosley
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
Evident.io
 
Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web Services
Amazon Web Services
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
CloudHesive
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft Azure
Xpand IT
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
Amazon Web Services
 
How to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSHow to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWS
Databarracks
 
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
Amazon Web Services
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
Amazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
Amazon Web Services
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Amazon Web Services
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure Administrator
Viknaraj Manogararajah
 
aOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsaOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory News
Maxime Rastello
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
Amazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
Chris Farris
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
Andrew Backhouse
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api Apps
Bill Chesnut
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
Lahav Savir
 
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-time
Dynatrace
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Introduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeIntroduction to Microsoft Azure Compute
Introduction to Microsoft Azure Compute
Ravikanth Chaganti
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
Amazon Web Services
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Amazon Web Services
 

More Related Content

What's hot

Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web Services
Amazon Web Services
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
CloudHesive
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft Azure
Xpand IT
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
Amazon Web Services
 
How to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSHow to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWS
Databarracks
 
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
Amazon Web Services
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
Amazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
Amazon Web Services
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Amazon Web Services
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure Administrator
Viknaraj Manogararajah
 
aOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsaOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory News
Maxime Rastello
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
Amazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
Chris Farris
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
Andrew Backhouse
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api Apps
Bill Chesnut
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
Lahav Savir
 
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-time
Dynatrace
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
Christian Posta
 
Introduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeIntroduction to Microsoft Azure Compute
Introduction to Microsoft Azure Compute
Ravikanth Chaganti
 

What's hot (20)

Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web Services
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft Azure
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
 
How to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSHow to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWS
 
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure Administrator
 
aOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsaOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory News
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api Apps
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
 
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-time
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Introduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeIntroduction to Microsoft Azure Compute
Introduction to Microsoft Azure Compute
 

Similar to How to protect your IoT data on AWS

How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
Amazon Web Services
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Amazon Web Services
 
Low Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the CloudLow Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the Cloud
Dhaval Nagar
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
Amazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Amazon Web Services
 
Write less (code) and build more with serverless
Write less (code) and build more with serverlessWrite less (code) and build more with serverless
Write less (code) and build more with serverless
Dhaval Nagar
 
Introduction to amazon web services for developers
Introduction to amazon web services for developersIntroduction to amazon web services for developers
Introduction to amazon web services for developers
Ciklum Ukraine
 
Building self service framework
Building self service frameworkBuilding self service framework
Building self service framework
Rovshan Musayev
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
John Varghese
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
Lalit Rawat
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Amazon Web Services
 
How to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndHow to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-End
Lahav Savir
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
Rajendra548895
 
The Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSThe Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWS
RightScale
 
An introduction to cloud systems architecture
An introduction to cloud systems architectureAn introduction to cloud systems architecture
An introduction to cloud systems architecture
Neela Muhil Vannan Mayavannan
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
Architecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsArchitecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.js
Henry Fougere
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Priyanka Aash
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
Denodo
 

Similar to How to protect your IoT data on AWS (20)

How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
 
Low Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the CloudLow Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the Cloud
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Write less (code) and build more with serverless
Write less (code) and build more with serverlessWrite less (code) and build more with serverless
Write less (code) and build more with serverless
 
Introduction to amazon web services for developers
Introduction to amazon web services for developersIntroduction to amazon web services for developers
Introduction to amazon web services for developers
 
Building self service framework
Building self service frameworkBuilding self service framework
Building self service framework
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
 
How to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndHow to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-End
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
The Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSThe Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWS
 
An introduction to cloud systems architecture
An introduction to cloud systems architectureAn introduction to cloud systems architecture
An introduction to cloud systems architecture
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Architecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsArchitecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.js
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 

More from Lahav Savir

Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentation
Lahav Savir
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform Benchmark
Lahav Savir
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
Lahav Savir
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWS
Lahav Savir
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
Lahav Savir
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
Lahav Savir
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםLahav Savir
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
Lahav Savir
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir
 

More from Lahav Savir (9)

Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentation
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform Benchmark
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWS
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתיים
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile Gateways
 

Recently uploaded

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
Mariano Tinti
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
名前 です男
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
IndexBug
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 

Recently uploaded (20)

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Mariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceXMariano G Tinti - Decoding SpaceX
Mariano G Tinti - Decoding SpaceX
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceAI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 

How to protect your IoT data on AWS

  • 1. How to Protect Your IoT data on AWS Lahav Savir Co-founder and CTO AllCloud
  • 2. A Global Leader in Cloud Transformation and Adoption for SaaS, ISV and Enterprises
  • 3. “AWS Managed Service Partners are skilled at cloud infrastructure and application migration, and deliver value to customers by offering proactive monitoring, automation, and management of their customer’s environment.” https://aws.amazon.com/partners/msp/ http://www.emind.co/msp AWS Next-Gen (v3) Managed Service Partner (MSP)
  • 4. A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS-specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
  • 5.
  • 6. 360° Solution for vending business ● 100s of thousands connected devices around the world ● GPRS / 3G / Wifi ● Real-Time Data ● PCI-DSS Certified http://www.emind.co/case-study/nayax-partners-with-emind-to-migr ate-cashless-service-solutions-to-amazon-cloud/
  • 7. More Than Just A Wireless Charging Solution. ● 1000s of locations worldwide ● Driving more traffic to businesses ● Big-data and real-time analytics http://www.emind.co/case-study/powermat-partners-with-emind-to- fully-manage-their-wireless-charging-services-on-aws/
  • 8. Where there is more data, there are bound to be more data breaches!
  • 10. Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
  • 11. Why the Cloud is more Secure? ● More segmentation ● More encryption ● Stronger authentication ● More logging and monitoring ● More managed platforms
  • 12. Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
  • 14. Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
  • 15. Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
  • 16. Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
  • 17. ● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
  • 18. Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
  • 19. Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP You can avoid the IAM Users
  • 20.
  • 22. Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
  • 23. Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: VPC Endpoints are not transitive via VPC Peering ● Public Virtual Interface – Access to the region IP address space (non-VPC Services)
  • 24. SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● CheckPoint ● Sophos ● pfSense ● … Others
  • 25. Don’t assume your corporate network is secure and expose your production networks to all users
  • 28. ● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
  • 30. What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
  • 32. AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data -at-rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
  • 33. Encrypt all your data, you never know who and when someone will request access to the data
  • 35. Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. ● Create Clear Visibility ● Set Governance Rules ● Define Actions
  • 41. © 2016 AllCloud Join our Fastlane to a Successful Cloud Deployment Contact me: lahav.savir@allcloud.io