SlideShare a Scribd company logo
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your
Mobile App End-to-End
Lahav Savir - lahav.savir@allcloud.io
Co-founder and CTO
AllCloud
How to Secure Your Mobile App End-to End | May 2017
AllCloud is a leading global Cloud Solutions Provider
with expertise across the cloud stack, Infrastructure,
Platform, and Software-as-a-Service
How to Secure Your Mobile App End-to End | May 2017
“AWS Managed Service Partners
are skilled at cloud infrastructure
and application migration, and
deliver value to customers by
offering proactive monitoring,
automation, and management of
their customer’s environment.”
https://aws.amazon.com/partners/msp/
http://www.emind.co/msp
AWS Next-Gen (v3) Managed Service Partner (MSP)
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Enabling Next Generation
Businesses through SaaSification
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
End-to-End
Security for
Cloud
Powered
Mobile Apps
How to Secure Your Mobile App End-to End | May 2017
Where there is more data,
there are bound to be more
data breaches!
How to Secure Your Mobile App End-to End | May 2017
Part 1:
Securing the
Mobile to Cloud
Integration
● Identifying the mobile app
● Identifying the user
● Providing secure
communication to
backend
● Grant fine grained
permission to cloud
services and API’s
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.ioOver 60 million users worldwide, supporting +1,200 cities, in 77 countries,
and 43 languages.
How to Secure Your Mobile App End-to End | May 2017
AWS Cognito
How to Secure Your Mobile App End-to End | May 2017
Cognito Authentication Flow
How to Secure Your Mobile App End-to End | May 2017
Mobile Integration to AWS Services
How to Secure Your Mobile App End-to End | May 2017
Mobile Integration to non AWS Services
How to Secure Your Mobile App End-to End | May 2017
Part 2:
Securing the
Mobile Backend
● Securing the backend
service endpoints
● Protecting user’s data
● Ensuring service
resiliency
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Gett has raised $640 million in funding and was selected by Forbes as one of
the “top 15 explosively growing companies”.
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Security
in the
Cloud
Security
of the
Cloud
How to Secure Your Mobile App End-to End | May 2017
Top Topics
● AWS Account
Security
● Identity Management
● Network Security
● Host Security
● Data Encryption
● Monitoring &
Auditing
How to Secure Your Mobile App End-to End | May 2017
AWS Account Security
How to Secure Your Mobile App End-to End | May 2017
Basic Account Configurations
● Services Enablement
○ CloudTrail (in all regions)
○ Config
● Provisions
○ Identities / Federations
○ IAM Roles and Policies
(Admin, DevOps, Developer,
Support)
○ IAM Password Policies
○ CIS Benchmark tools
● Config Checks
○ S3 Bucket Policy (Private /
Public)
○ Logging enabled on
■ ELB, S3 Buckets, CloudFront,
VPC Flow logs
○ Root Account MFA
○ Tag Strategy
■ Owner / Launcher
■ Stage
■ Env / AppName
○ Resources Backups
How to Secure Your Mobile App End-to End | May 2017
Identity Management
How to Secure Your Mobile App End-to End | May 2017
Why do you
want a
Single Identity?
● Multiple AWS
Accounts
● Multiple Security
Policies
● Multiple Entry Points
● Many Resources
● Multiple 3rd Party
Services
How to Secure Your Mobile App End-to End | May 2017
Single Identity
Provider
● Single Password
Policy
● Single Lock Policy
● Single OTP
● Single Login Audit
● Same username used
across all resources
How to Secure Your Mobile App End-to End | May 2017
Organization users accessing:
AWS Resources
● AWS Console
● AWS API
● Network Access / VPN
● EC2 Instances
Other Resources
● New Relic
● Datadog
● Pingdom
● Google Apps
● Office 365
● Jira
● Github
● Logz.io
● ...
How to Secure Your Mobile App End-to End | May 2017
● Don't mix Corporate
and Cloud Resources
● Minimize Replication
● Maximize Federation
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Corporate
● Corporate Active Directory
● Mix of users and desktops / servers
● 3rd Party SSO / Federation Services
Cloud
● Cloud Active Directory
● Cloud Resources Only
Integration
● One Way Trust between Corp AD and
Cloud AD
● Temporary credentials “Token
Vending Machine”
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Login Scenarios
● AWS Console
○ SAML Federation
● VPN
○ Radius
● Jumpbox on EC2
○ Radius / LDAP
● Windows instance on EC2
○ Kerberos / LDAP
● Linux instance on EC2
○ Kerberos / LDAP
Avoid multiple identities
including IAM Users
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
Network Access
How to Secure Your Mobile App End-to End | May 2017
Networking
● Public Internet
● VPN / IPSec
Tunnel
● DirectConnect
How to Secure Your Mobile App End-to End | May 2017
Direct Connect
Options
● Private Virtual Interface –
Access to VPC
○ Note: VPC Endpoints are
not transitive via VPC
Peering
● Public Virtual Interface –
Access to the region IP
address space (non-VPC
Services)
How to Secure Your Mobile App End-to End | May 2017
Access to your
private
resources over
SSL VPN
● OpenVPN
● Fortinet Fortigate
● CheckPoint
● Sophos
● pfSense
● … Others
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Don’t assume your corporate
network is secure and expose your
production networks to all users
How to Secure Your Mobile App End-to End | May 2017
Perimeter Security
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Inbound Layer
Application Layer
Outbound Layer
How to Secure Your Mobile App End-to End | May 2017
AWS Shield -
Managed (DDoS)
protection service
● Basic / Advanced
● Seamless Integration and
Deployment
● Customizable Protection
● Cost Efficient
AWS WAF -
Web Application
Firewall
● Increased Protection
Against Web Attacks
● Security Integrated with
Applications
● Web Traffic Visibility
● Cost Effective Web
Application Protection
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
● Inspect inbound and outbound
traffic
● Create a controlled environment
that minimizes human mistakes
How to Secure Your Mobile App End-to End | May 2017
Host Security
How to Secure Your Mobile App End-to End | May 2017
What’s Host
Security ?
● OS Hardening
● Anti Virus
● Malware Protection
● Host Based IPS
● File Integrity Monitoring
● Vulnerability Scanning
How to Secure Your Mobile App End-to End | May 2017
Data Encryption
How to Secure Your Mobile App End-to End | May 2017
AWS Encryption Options
Data at Rest
● EC2 Parameter Store
● EBS Encryption (inc. root device)
● S3 Client / Server Side Encryption
● RDS / Redshift Storage
Encryption
● DynamoDB Client Side
Encryption
https://d0.awsstatic.com/whitepapers/aws-securing-data
-at-rest-with-encryption.pdf
Data in Transit
● API’s are TLS Encrypted
● Service Endpoints are TLS
Encrypted
● Elastic Load Balancer supports
TLS
● CloudFront supports TLS
● IPSec VPN
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Encrypt all your data with fine
grained policy, you never know who
and when someone will gain access
to the data
How to Secure Your Mobile App End-to End | May 2017
Centrally Monitor and Audit
How to Secure Your Mobile App End-to End | May 2017
Events Sources
● CloudTrail
● ELB / S3 / CloudFront
Access Logs
● VPC Flow logs
● AWS Inspector
● Host AV & IPS
● Network WAF & IPS
● Evident.io / Dome9
● Observable
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
● Create Clear Visibility
● Set Governance Rules
● Define Actions
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
3 Pages AWS Secuirty Checklist
https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pd
f
How to Secure Your Mobile App End-to End | May 2017
www.allcloud.io
Join our Fastlane to a
Successful Cloud Deployment
Contact me: lahav.savir@allcloud.io

More Related Content

What's hot

Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS Lambda
Amazon Web Services
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
AWS Germany
 
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Amazon Web Services
 
Startup Showcase - QuizUp
Startup Showcase - QuizUpStartup Showcase - QuizUp
Startup Showcase - QuizUp
Amazon Web Services
 
Serverless beyond AWS Lambda
Serverless beyond AWS LambdaServerless beyond AWS Lambda
Serverless beyond AWS Lambda
Ben Kehoe
 
Multi-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, ChicagoMulti-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, Chicago
AWS Chicago
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
Mark Nunnikhoven
 
Introduction to Serverless on AWS
Introduction to Serverless on AWSIntroduction to Serverless on AWS
Introduction to Serverless on AWS
Amazon Web Services
 
Distributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageDistributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect Marriage
Amazon Web Services
 
Simplestream
SimplestreamSimplestream
Simplestream
Amazon Web Services
 
Serverless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about serversServerless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about servers
Amazon Web Services
 
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
Amazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
Amazon Web Services
 
Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017
Amazon Web Services
 
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Amazon Web Services
 
Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017
Amazon Web Services
 
I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
I servizi AWS per le applicazioni mobili: sviluppo, test e produzioneI servizi AWS per le applicazioni mobili: sviluppo, test e produzione
I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
Amazon Web Services
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
Amazon Web Services
 
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)
Amazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
Amazon Web Services
 

What's hot (20)

Compute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS Lambda
 
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
 
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
Using Security To Build With Confidence in AWS – Justin Foster, Director of P...
 
Startup Showcase - QuizUp
Startup Showcase - QuizUpStartup Showcase - QuizUp
Startup Showcase - QuizUp
 
Serverless beyond AWS Lambda
Serverless beyond AWS LambdaServerless beyond AWS Lambda
Serverless beyond AWS Lambda
 
Multi-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, ChicagoMulti-Account Strategy At Scale - Nick Bausch, Chicago
Multi-Account Strategy At Scale - Nick Bausch, Chicago
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Introduction to Serverless on AWS
Introduction to Serverless on AWSIntroduction to Serverless on AWS
Introduction to Serverless on AWS
 
Distributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageDistributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect Marriage
 
Simplestream
SimplestreamSimplestream
Simplestream
 
Serverless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about serversServerless Computing: build and run applications without thinking about servers
Serverless Computing: build and run applications without thinking about servers
 
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
AWS re:Invent 2016: Unlocking the Four Seasons of Migrations and Operations: ...
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 
Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017
 
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
Orchestrating Network with Web Services Session Sponsored by Megaport – Camer...
 
Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017
 
I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
I servizi AWS per le applicazioni mobili: sviluppo, test e produzioneI servizi AWS per le applicazioni mobili: sviluppo, test e produzione
I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)
AWS re:Invent 2016: Blockchain on AWS: Disrupting the Norm (GPST301)
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 

Similar to How to Secure Your AWS Powered Mobile App End-to-End

How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWS
Lahav Savir
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
Amazon Web Services
 
Nader Dabit - Introduction to Mobile Development with AWS.pdf
Nader Dabit - Introduction to Mobile Development with AWS.pdfNader Dabit - Introduction to Mobile Development with AWS.pdf
Nader Dabit - Introduction to Mobile Development with AWS.pdf
Amazon Web Services
 
Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...
Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...
Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...
Amazon Web Services
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
Lahav Savir
 
Introduction to Mobile Development with AWS
Introduction to Mobile Development with AWSIntroduction to Mobile Development with AWS
Introduction to Mobile Development with AWS
Amazon Web Services
 
Introduction to Mobile Development with AWS
Introduction to Mobile Development with AWSIntroduction to Mobile Development with AWS
Introduction to Mobile Development with AWS
Amazon Web Services
 
Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...
Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...
Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...
Vidyasagar Machupalli
 
Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!
VMware Tanzu
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
NGINX, Inc.
 
Bridging Microservices, APIs and Integration
Bridging Microservices, APIs and IntegrationBridging Microservices, APIs and Integration
Bridging Microservices, APIs and Integration
Kasun Indrasiri
 
An Introduction to AWS Mobile Services - DevDay Los Angeles 2017
An Introduction to AWS Mobile Services - DevDay Los Angeles 2017An Introduction to AWS Mobile Services - DevDay Los Angeles 2017
An Introduction to AWS Mobile Services - DevDay Los Angeles 2017
Amazon Web Services
 
Agile integration architecture in relation to APIs and messaging
Agile integration architecture in relation to APIs and messagingAgile integration architecture in relation to APIs and messaging
Agile integration architecture in relation to APIs and messaging
Kim Clark
 
Patterns for Mobile and IoT backends with serverless paradigms
Patterns for Mobile and IoT backends with serverless paradigmsPatterns for Mobile and IoT backends with serverless paradigms
Patterns for Mobile and IoT backends with serverless paradigms
Vidyasagar Machupalli
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
Sebastian Taphanel CISSP-ISSEP
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
Judy Breedlove
 
Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018
Amazon Web Services
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Amazon Web Services
 
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Vidyasagar Machupalli
 
Collision 2018: AWS Serverless Platform for Mobile
Collision 2018: AWS Serverless Platform for MobileCollision 2018: AWS Serverless Platform for Mobile
Collision 2018: AWS Serverless Platform for Mobile
Amazon Web Services
 

Similar to How to Secure Your AWS Powered Mobile App End-to-End (20)

How to protect your IoT data on AWS
How to protect your IoT data on AWSHow to protect your IoT data on AWS
How to protect your IoT data on AWS
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Nader Dabit - Introduction to Mobile Development with AWS.pdf
Nader Dabit - Introduction to Mobile Development with AWS.pdfNader Dabit - Introduction to Mobile Development with AWS.pdf
Nader Dabit - Introduction to Mobile Development with AWS.pdf
 
Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...
Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...
Building secure and scalable mobile applications on AWS - AWS Summit Cape Tow...
 
How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS Environment
 
Introduction to Mobile Development with AWS
Introduction to Mobile Development with AWSIntroduction to Mobile Development with AWS
Introduction to Mobile Development with AWS
 
Introduction to Mobile Development with AWS
Introduction to Mobile Development with AWSIntroduction to Mobile Development with AWS
Introduction to Mobile Development with AWS
 
Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...
Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...
Building Enterprise enabled Cognitive Mobile application for a Hybrid Cloud E...
 
Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!Supercharge Your Spring Boot Apps!
Supercharge Your Spring Boot Apps!
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
 
Bridging Microservices, APIs and Integration
Bridging Microservices, APIs and IntegrationBridging Microservices, APIs and Integration
Bridging Microservices, APIs and Integration
 
An Introduction to AWS Mobile Services - DevDay Los Angeles 2017
An Introduction to AWS Mobile Services - DevDay Los Angeles 2017An Introduction to AWS Mobile Services - DevDay Los Angeles 2017
An Introduction to AWS Mobile Services - DevDay Los Angeles 2017
 
Agile integration architecture in relation to APIs and messaging
Agile integration architecture in relation to APIs and messagingAgile integration architecture in relation to APIs and messaging
Agile integration architecture in relation to APIs and messaging
 
Patterns for Mobile and IoT backends with serverless paradigms
Patterns for Mobile and IoT backends with serverless paradigmsPatterns for Mobile and IoT backends with serverless paradigms
Patterns for Mobile and IoT backends with serverless paradigms
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
API Integration: Red Hat integration perspective
API Integration: Red Hat integration perspectiveAPI Integration: Red Hat integration perspective
API Integration: Red Hat integration perspective
 
Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018Intro To AWS for Mobile Developers: Collision 2018
Intro To AWS for Mobile Developers: Collision 2018
 
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singa...
 
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
Create Event-Driven iOS Apps Using IBM Mobile Foundation, OpenWhisk Runtime a...
 
Collision 2018: AWS Serverless Platform for Mobile
Collision 2018: AWS Serverless Platform for MobileCollision 2018: AWS Serverless Platform for Mobile
Collision 2018: AWS Serverless Platform for Mobile
 

More from Lahav Savir

Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
Lahav Savir
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform Benchmark
Lahav Savir
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
Lahav Savir
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWS
Lahav Savir
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360°   high availability in the cloudDevOps sensors 360°   high availability in the cloud
DevOps sensors 360° high availability in the cloud
Lahav Savir
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
Lahav Savir
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםLahav Savir
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
Lahav Savir
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir
 

More from Lahav Savir (9)

Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform Benchmark
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWS
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360°   high availability in the cloudDevOps sensors 360°   high availability in the cloud
DevOps sensors 360° high availability in the cloud
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתיים
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile Gateways
 

Recently uploaded

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Speck&Tech
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Vladimir Iglovikov, Ph.D.
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
James Anderson
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Neo4j
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 

Recently uploaded (20)

GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIEnchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
 
Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 

How to Secure Your AWS Powered Mobile App End-to-End

  • 1. How to Secure Your Mobile App End-to End | May 2017 How to Secure Your Mobile App End-to-End Lahav Savir - lahav.savir@allcloud.io Co-founder and CTO AllCloud
  • 2. How to Secure Your Mobile App End-to End | May 2017 AllCloud is a leading global Cloud Solutions Provider with expertise across the cloud stack, Infrastructure, Platform, and Software-as-a-Service
  • 3. How to Secure Your Mobile App End-to End | May 2017 “AWS Managed Service Partners are skilled at cloud infrastructure and application migration, and deliver value to customers by offering proactive monitoring, automation, and management of their customer’s environment.” https://aws.amazon.com/partners/msp/ http://www.emind.co/msp AWS Next-Gen (v3) Managed Service Partner (MSP)
  • 4. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Enabling Next Generation Businesses through SaaSification
  • 5. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io End-to-End Security for Cloud Powered Mobile Apps
  • 6. How to Secure Your Mobile App End-to End | May 2017 Where there is more data, there are bound to be more data breaches!
  • 7. How to Secure Your Mobile App End-to End | May 2017 Part 1: Securing the Mobile to Cloud Integration ● Identifying the mobile app ● Identifying the user ● Providing secure communication to backend ● Grant fine grained permission to cloud services and API’s
  • 8. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.ioOver 60 million users worldwide, supporting +1,200 cities, in 77 countries, and 43 languages.
  • 9. How to Secure Your Mobile App End-to End | May 2017 AWS Cognito
  • 10. How to Secure Your Mobile App End-to End | May 2017 Cognito Authentication Flow
  • 11. How to Secure Your Mobile App End-to End | May 2017 Mobile Integration to AWS Services
  • 12. How to Secure Your Mobile App End-to End | May 2017 Mobile Integration to non AWS Services
  • 13. How to Secure Your Mobile App End-to End | May 2017 Part 2: Securing the Mobile Backend ● Securing the backend service endpoints ● Protecting user’s data ● Ensuring service resiliency
  • 14. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Gett has raised $640 million in funding and was selected by Forbes as one of the “top 15 explosively growing companies”.
  • 15. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Security in the Cloud Security of the Cloud
  • 16. How to Secure Your Mobile App End-to End | May 2017 Top Topics ● AWS Account Security ● Identity Management ● Network Security ● Host Security ● Data Encryption ● Monitoring & Auditing
  • 17. How to Secure Your Mobile App End-to End | May 2017 AWS Account Security
  • 18. How to Secure Your Mobile App End-to End | May 2017 Basic Account Configurations ● Services Enablement ○ CloudTrail (in all regions) ○ Config ● Provisions ○ Identities / Federations ○ IAM Roles and Policies (Admin, DevOps, Developer, Support) ○ IAM Password Policies ○ CIS Benchmark tools ● Config Checks ○ S3 Bucket Policy (Private / Public) ○ Logging enabled on ■ ELB, S3 Buckets, CloudFront, VPC Flow logs ○ Root Account MFA ○ Tag Strategy ■ Owner / Launcher ■ Stage ■ Env / AppName ○ Resources Backups
  • 19. How to Secure Your Mobile App End-to End | May 2017 Identity Management
  • 20. How to Secure Your Mobile App End-to End | May 2017 Why do you want a Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
  • 21. How to Secure Your Mobile App End-to End | May 2017 Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
  • 22. How to Secure Your Mobile App End-to End | May 2017 Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
  • 23. How to Secure Your Mobile App End-to End | May 2017 ● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
  • 24. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD ● Temporary credentials “Token Vending Machine”
  • 25. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP Avoid multiple identities including IAM Users
  • 26. How to Secure Your Mobile App End-to End | May 2017
  • 27. How to Secure Your Mobile App End-to End | May 2017 Network Access
  • 28. How to Secure Your Mobile App End-to End | May 2017 Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
  • 29. How to Secure Your Mobile App End-to End | May 2017 Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: VPC Endpoints are not transitive via VPC Peering ● Public Virtual Interface – Access to the region IP address space (non-VPC Services)
  • 30. How to Secure Your Mobile App End-to End | May 2017 Access to your private resources over SSL VPN ● OpenVPN ● Fortinet Fortigate ● CheckPoint ● Sophos ● pfSense ● … Others
  • 31. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Don’t assume your corporate network is secure and expose your production networks to all users
  • 32. How to Secure Your Mobile App End-to End | May 2017 Perimeter Security
  • 33. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Inbound Layer Application Layer Outbound Layer
  • 34. How to Secure Your Mobile App End-to End | May 2017 AWS Shield - Managed (DDoS) protection service ● Basic / Advanced ● Seamless Integration and Deployment ● Customizable Protection ● Cost Efficient AWS WAF - Web Application Firewall ● Increased Protection Against Web Attacks ● Security Integrated with Applications ● Web Traffic Visibility ● Cost Effective Web Application Protection
  • 35. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io ● Inspect inbound and outbound traffic ● Create a controlled environment that minimizes human mistakes
  • 36. How to Secure Your Mobile App End-to End | May 2017 Host Security
  • 37. How to Secure Your Mobile App End-to End | May 2017 What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
  • 38. How to Secure Your Mobile App End-to End | May 2017 Data Encryption
  • 39. How to Secure Your Mobile App End-to End | May 2017 AWS Encryption Options Data at Rest ● EC2 Parameter Store ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data -at-rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
  • 40. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Encrypt all your data with fine grained policy, you never know who and when someone will gain access to the data
  • 41. How to Secure Your Mobile App End-to End | May 2017 Centrally Monitor and Audit
  • 42. How to Secure Your Mobile App End-to End | May 2017 Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
  • 43. How to Secure Your Mobile App End-to End | May 2017
  • 44. How to Secure Your Mobile App End-to End | May 2017
  • 45. How to Secure Your Mobile App End-to End | May 2017
  • 46. How to Secure Your Mobile App End-to End | May 2017
  • 47. How to Secure Your Mobile App End-to End | May 2017
  • 48. How to Secure Your Mobile App End-to End | May 2017
  • 49. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io ● Create Clear Visibility ● Set Governance Rules ● Define Actions
  • 50. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io 3 Pages AWS Secuirty Checklist https://d0.awsstatic.com/whitepapers/Security/AWS_Security_Checklist.pd f
  • 51. How to Secure Your Mobile App End-to End | May 2017 www.allcloud.io Join our Fastlane to a Successful Cloud Deployment Contact me: lahav.savir@allcloud.io