Customers using AWS benefit from a multitude of security and compliance controls built into AWS solutions. In this session, you will learn how to take advantage of the advanced security features of AWS to gain the visibility, agility, and control that the cloud affords users over legacy environments. We will take a look at several reference architectures for common workloads and highlight the innovative ways customers are using AWS to manage security more efficiently. After attending this session, you will be familiar with the Shared Responsibility Model and ways you can inherit security controls from the rich compliance and accreditation programs maintained by AWS.
Matt Johnson, Solutions Architect, AWS
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?” That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
by Bill Reid, Sr. Manager of Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and labs. We will ensure you have an AWS account and understand EC2, prepare you to get set up on the AWS Command Line Interface (CLI) to access the AWS Management Console, introduce you to in source repositories, discuss SSH access and necessary SDKs, and more.
In this webinar, you'll learn about the foundational security blocks and how to start using them effectively to create robust and secure architectures. Discover how Identity and Access management is done and how it integrates with other AWS services. In addition, learn how to improve governance by using AWS Security Hub, AWS Config and CloudTrail to gain unprecedented visibility of activity in the account. Subsequently use AWS Config rules to rectify configuration issues quickly and effectively.
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Distributed denial of service (DDoS) can have an impact on the availability, security and resources consumption for your web application. AWS Web Application Firewall and AWS Shield allow to protect web applications from these attacks.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
At AWS, cloud security is our highest priority. All AWS customers inherit the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of the most security-sensitive organizations in the most highly-regulated industries in the world – including financial services. In this talk, AWS experts discuss the fundamentals of AWS Cloud security, best practices, and services customers can leverage in order to operate and innovate in the cloud – more securely than on premises.
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Amazon Web Services
The NIST Cybersecurity Framework (CSF) is endorsed by government and industry as a recommended baseline for use by any organization, regardless of sector or size, to implement risk-management best practices and achieve desired security outcomes. In this session, we discuss how organizations can use AWS to align to the CSF by providing a detailed breakout of AWS services and associated customer responsibilities (security in the cloud) and AWS responsibilities (security of the cloud).
Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Opinionated implementation of AWS Landing Zone - Best practices for automating AWS multi-account environment in your organization based on my past experience.
Is anyone interested in live webinar ?
Please write down in comments.
PS. I still have to add few more slides.
#hybridcloud #aws #cloud #devops #automation #cloudcomputing #vmware #kubernetes #teambuilding #bestpractices #cloudsecurity #automating #terraform #cloudformation #cloudnative
by Dave Dave McDermitt, Advisor – Global Security / Risk / Compliance, AWS Professional Services
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
Introduction to AWS Security: Security Week at the San Francisco Loft
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Level: 100
Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Amazon Web Services
Amazon GuardDuty is a threat detection system that is reimagined and purpose-built for the cloud. Once enabled, GuardDuty immediately starts analyzing continuous streams of account and network activity in near real-time and at scale. You do not have to deploy or manage any additional security software, sensors, or network appliances. Threat intelligence is pre-integrated into the service and is continuously updated and maintained. This session introduces you to GuardDuty, walks you through the detection of an event, and discusses the various ways you can react and remediate.
AWS is architected to be one of the most flexible and secure cloud computing environments available today. It provides an extremely scalable, highly reliable platform that enables customers to deploy applications and data quickly and securely. When using AWS, not only are infrastructure headaches removed, but so are many of the security issues that come with them.
Identity and Access Management: The First Step in AWS SecurityAmazon Web Services
by Fritz Kunstler, Sr. Security Consultant, AWS
AWS Identity and Access Management (IAM) is first in the Security Perspective of the AWS Cloud Adoption Framework CAF because in the cloud, first you grant access and only then can you provision infrastructure (the opposite approach of on-premises). In this session, you will learn how to define fine-grained access to AWS resources via users, roles, and groups; design privileged user and multifactor authentication mechanisms; and operate IAM at scale.
Aligning to the NIST Cybersecurity Framework in the AWS Cloud - SEC204 - Chic...Amazon Web Services
The NIST Cybersecurity Framework (CSF) is endorsed by government and industry as a recommended baseline for use by any organization, regardless of sector or size, to implement risk-management best practices and achieve desired security outcomes. In this session, we discuss how organizations can use AWS to align to the CSF by providing a detailed breakout of AWS services and associated customer responsibilities (security in the cloud) and AWS responsibilities (security of the cloud).
Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
Introduction to the Well-Architected Framework and Tool - SVC208 - Anaheim AW...Amazon Web Services
Most modern businesses depend on a portfolio of technology solutions to operate and be successful every day. How do you know whether your team is following best practices or what the risks are in your architectures? This session shows how the AWS Well-Architected Framework provides prescriptive advice on best practices and how the AWS Well-Architected Tool enables you to measure and improve your technology portfolio. We explain how other customers are using AWS Well-Architected in their businesses, and we share what we learned from reviewing tens of thousands of architectures across operational excellence, security, reliability, performance efficiency, and cost optimization.
Opinionated implementation of AWS Landing Zone - Best practices for automating AWS multi-account environment in your organization based on my past experience.
Is anyone interested in live webinar ?
Please write down in comments.
PS. I still have to add few more slides.
#hybridcloud #aws #cloud #devops #automation #cloudcomputing #vmware #kubernetes #teambuilding #bestpractices #cloudsecurity #automating #terraform #cloudformation #cloudnative
by Dave Dave McDermitt, Advisor – Global Security / Risk / Compliance, AWS Professional Services
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
For customers with hundreds or thousands of secrets, like database credentials and API keys, manually rotating and managing access to those secrets can be complex and cause application disruptions. AWS Secrets Manager protects access to your IT resources by enabling you to easily and centrally rotate and manage access to secrets. In this session, we explore the benefits and key features of Secrets Manager. We demonstrate how to safely rotate secrets, manage access to secrets with fine-grained access policies, and centrally secure and audit your secrets.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
Introduction to AWS Security: Security Week at the San Francisco Loft
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Level: 100
Speaker: Bill Reid - Sr. Manager, Solutions Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Level: 100
Speaker: Don Edwards - Sr. Technical Delivery Manager, AWS
This session will review how to secure your enterprise adoption of AWS at scale. At AWS security is job zero and at the heart of everything we build. This session will review the patterns of usage for AWS Identity and Access Management, AWS Key Management Service, AWS CloudTrail, AWS Config, Amazon GuardDuty AWS Systems Manager Parameter Store, Amazon EC2 Run Command, AWS Single Sign-On, AWS WAF, AWS Shield, and AWS Service Catalog to an create end-to-end security approach for your AWS cloud adoption. You will gain insight how these AWS services come together to increase your security posture in ways that are unique to AWS workloads.
At AWS, security is job zero and we have architected our infrastructure for the most data-sensitive organizations in the world. In this session, we will cover our Shared Responsibility Model in relation to Security and our Compliance Program, and what that means for our customers when using our suite of storage services.
Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. In this session you'll learn how to keep your data safe and meet compliance requirements, being able to scale quickly and save money.
by Bill Reid, Leader, North American Solutions Architects
Security and Compliance Specialists AWS
Join us for four days of security and compliance sessions and hands-on labs led by our AWS security pros during AWS Security Week at the San Francisco Loft. Join us for all four days, or pick just the days that are most relevant to you. We'll open on Monday with Security 101 day, followed by sessions Tuesday on Identity and Access Management, our popular Threat Detection and Remediation day Wednesday will feature an updated GuardDuty lab, and we'll end Thursday with Incident Response sessions, labs, and a talk by Netflix on their new open source IR tool. This week will also feature Dome9 as a sponsor, and you can hear them speak and present a hands-on workshop Monday during Security 101 day.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
In this webinar, you'll learn how to create security workspaces for multiple teams through your AWS account. Discover how IAM works and find out how it integrates with AWS services. In addition, learn how AWS Config rules and AWS Cloud Trial can help you identify and rectify misconfiguration issues quickly and effectively.
Secure Your Customers' Data from Day 1: Armando Leite, AWS
All companies, regardless of size, should build with protection of customer data as a top priority. This session will examine how to achieve this through topics including: control responsibilities; the automation of security baselines; the configuration of security; and the auditing of controls for AWS customer infrastructure, operating systems, services and applications. You'll learn key principles of how to build a secure organization and protect your customers data. Don't wait until your first security incident before putting these best practices in place.
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
You might think it’s impossible to achieve NIST 800-53 high-impact controls in your environment. However, AWS and Trend Micro make this a viable scenario, even in hybrid environments. Learn about the ability to use security controls to retain logs, control access to systems, or monitor changes, and discover how to achieve automation using technologies like AWS CloudFormation. Join this session and get a peek at the inner workings of the AWS & Trend Micro Quick Start Reference Deployment Guide for NIST 800-53 that can help you quickly deliver high-impact controls in an automated, repeatable fashion to help achieve and maintain GDPR compliance.
Bharat Mistry, Security Strategist, Trend Micro
The Executive Security Simulation takes senior security management and IT/business executive teams through an experiential exercise that illuminates key decision points for a successful and secure cloud journey. During this team-based, game-like competitive simulation, participants leverage an industry case study to make strategic security, risk, and compliance time-based decisions and investments. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. Join this workshop to gain an understanding of the major success factors to lead security, risk, and compliance in the cloud, and learn applicable decision and investment approaches to specific secure cloud adoption journeys. AWS facilitators translate lessons learned in the simulation into real-life examples and practical advice for your team.
Iolaire Mckinnon, Senior Consultant, Security, Risk & Compliance, AWS
A Deep Dive into the best practice guidelines for securing your workloads in AWS cloud.
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
As with everything in life there is an easy way and a hard way when it comes to adopting security framework recommendations. Featuring the AWS Well-Architected and Cloud Adoption Frameworks, we will walk you through a complete security journey. We'll start with identification of requirements, then move through a series of how-tos from classifying your data, automating controls, to running fun incident response game days. There will be code giveaways and more!
AWS Security, Identity, & Compliance - An Overview: AWS Security Week at the San Francisco Loft
Presenter: William Reid, CISM, FIP
Head of Security and Compliance Solution Architecture, AWS
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops.
Speaker: Bill Reid - Sr Mgr, Solutions Architecture, AWS
The practice of cloud security and compliance now enables enterprises to innovate both quickly and securely. Many enterprises moving to the cloud may find that some aspects of the cloud security model differ from the model used in their traditional on-premises infrastructure. At AWS, security is our top priority, and this session provides an overview of our security model and best practices to help your organization innovate quickly while maintaining enterprise-level security in the cloud.
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
Securing your workload in alignment with best practices is necessary to protect information, systems and assets while delivering business value through risk assessments and mitigation strategies. In this tech talk, we’ll walk you through how to secure your workload using AWS Identity & Access Management, AWS CloudTrail, Amazon GuardDuty and AWS Config services.
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Amazon Web Services
Securing your data platforms in job zero. Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to innovate and release enhancements to encryption-specific services, and expand the encryption capabilities in new services to make encryption easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
In addition to the security of our environment, we make a wide range of security tools and features available to you our customers. Depending on the security of the application or the content you choose to deploy, AWS and its partners offer over 700 tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. This means that you can deploy a wide range of security controls in your AWS environment without the capital outlay. Also, many AWS security features are free, and those you do pay for you only pay for exactly what you need, when you need it. This means you can do this at a much lower cost than similar controls in an on-premises environment. AWS provides security-specific tools and features across Network Security, Server Security, Access Control and Data Security. Also AWS provides oversight and monitoring tools so that you can detect problems quickly and remediate them before they impact the business.
AWS as a common control framework, with thousands of controls; this control framework is used to meet all security requirements, then from a compliance standpoint, we map the internal controls to the compliance requirement.
This is a key approach to compliance, which can be adopted by customers as well, and a useful starting point when discussing local laws and regulations – as we will cover later in the presentation.
It is also worth remembering that, as per the shared responsibility model, by using AWS, you are not automatically compliant with tall the regulations AWS complies with XYZ; but you do inherit some controls such as physical security and you can fulfil the requirements of other controls quite easily.
At AWS, we classify services slightly different from the traditional IaaS, Paas, SaaS but the underlying principles are the same.
We call them Infrastructure, Container, and Abstract Services respectively.
The more you move up the stack, the more AWS does (container and abstract services) but Customers always retain ownership and responsibilities for data protection.
With these services, you can architect and build a cloud infrastructure using technologies similar to and largely compatible with on-premises solutions. You control the operating system, and you configure and operate any identity management system that provides access to the user layer of the virtualization stack.
For certain compliance requirements, you might require an additional layer of protection between the services from AWS and your operating systems and platforms, where your applications and data reside. You can impose additional controls, such as protection of data at rest and protection of data in transit, or introduce a layer of opacity between services from AWS and your platform. The opacity layer can include data encryption, data integrity authentication, software- and data-signing, secure time-stamping, and more.
For AWS container services, AWS manages the underlying infrastructure and foundation services, the operating system and the application platform. For example, Amazon RDS for Oracle is a managed database service in which AWS manages all the layers of the container, up to and including the Oracle database platform. For services such as Amazon RDS, the AWS platform provides data backup and recovery tools; but it is your responsibility to configure and use tools in relation to your business continuity and disaster recovery (BC/DR) policy.
It is important to note that, for services falling into this category, users may not have root access to the instances, the underlying operating system, or the application platform.
For AWS container services, AWS manages the underlying infrastructure and foundation services, the operating system and the application platform. For example, Amazon RDS for Oracle is a managed database service in which AWS manages all the layers of the container, up to and including the Oracle database platform. For services such as Amazon RDS, the AWS platform provides data backup and recovery tools; but it is your responsibility to configure and use tools in relation to your business continuity and disaster recovery (BC/DR) policy.
It is important to note that, for services falling into this category, users may not have root access to the instances, the underlying operating system, or the application platform.
Building serverless applications means that your developers can focus on their core product instead of worrying about managing and operating servers or runtimes, either in the cloud or on-premises. This reduced overhead lets developers reclaim time and energy that can be spent on developing great products which scale and that are reliable.
Taken from: https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
Taken from: https://aws.amazon.com/compliance/pci-data-privacy-protection-hipaa-soc-fedramp-faqs/
ISO 27018, standard specific to personal information protection
AWS, recently joined CISPE, which is a coalition of cloud computing leaders aimed at ensuring that cloud infrastructure provider are using appropriate data protection standards in line with Europe’s current and future European data protection directives.
In read on this slides you can see all the privacy and data security regulations we comply with.
Also, in terms of security controls implementation, they all benefit from the many other assurance programs such as ISO, SOC, etc. and the AWS controls framework. Whenever you need to comply with a regional regulation that is not in the list yet, all you need to do is to map the requirements to the controls objective provided by, or that you can implement in AWS. And we are always available to help you with this.
If you are building an ISO-compliant environment on AWS, you can leverage 17 inherited controls related to physical and communication security, and resiliency.
For more details on ISO 27001, see:
https://aws.amazon.com/compliance/iso-27001-faqs/
https://en.wikipedia.org/wiki/ISO/IEC_27001:2013
Here is a list of security-related services and features.
Networking
[COVER THIS ONE] Amazon VPC: Amazon Virtual Private Cloud lets you provision a logically isolated section of the AWS Cloud where you can launch resources in a virtual network that you define. You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. Importantly, you can make the AWS Cloud a seamless extension of your existing on-premises resources.
AWS WAF: AWS Web Application Firewall is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. It gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.
Encryption
[COVER THIS ONE] AWS KMS: AWS Key Management Service is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data, and uses Hardware Security Modules (HSMs) to protect the security of your keys. AWS KMS is integrated with several other AWS services to help you protect the data you store with these services and is also integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
AWS CloudHSM: The AWS CloudHSM service helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) appliances within the AWS data centers. With CloudHSM, you control the encryption keys and cryptographic operations performed by the HSM. AWS personnel have no access to the device.
Server-side Encryption: AWS allows data to be encrypted with AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys. We also make the AWS Encyption SDK freely available to help developers correctly generate and use encryption keys, as well as protect a key after it has been used.
Identity
[COVER THIS ONE] AWS IAM: AWS Identity and Access Management enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM is designed to allow for extremely fine-grained control of access rights to ensure that you have control over each user in what they can access, when they can access it, where they can access, and how they can use it in minute detail.
SAML Federation: AWS IAM supports SAML 2.0 to allow identity integration with most major identity management solutions. [http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_saml_3rd-party.html]
AWS Directory Service: AWS Directory Service makes it easy to setup and run Microsoft Active Directory (AD) in the AWS Cloud, or connect your AWS resources with an existing on-premises Microsoft Active Directory. Once your directory is created, you can use it to manage users and groups, provide single sign-on to applications and services, create and apply group policy, domain join Amazon EC2 instances, as well as simplify the deployment and management of cloud-based Linux and Microsoft Windows workloads.
Compliance
[COVER THIS ONE] AWS Service Catalog: AWS Service Catalog allows your organization to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures. It allows you to centrally manage commonly deployed IT services, and helps you achieve consistent governance and meet your compliance requirements, while enabling users to quickly deploy only the approved IT services they need.
[COVER THIS ONE] AWS Config: AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. With AWS Config, you can discover existing and deleted AWS resources, determine your overall compliance against your unique rules, and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.
AWS CloudTrail: AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation). The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
Amazon Inspector: Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Inspector automatically assesses applications for vulnerabilities or deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity.
CMDB is a real possibility, finally.
Every resource gets their own unique identifier (IP addresses and DNS names change, the AWS ARN doesn’t)
Tagging, for data classification, security zones and domains identification….plus all other uses for billing, ownership, etc.
Mention AWS Service catalog and Systems manager
Every instance is protected by a stateful firewall
NACL (stateless rules, second level of protection at network level)
As mentioned earlier, customers need to think about security from the design phase; in doing that, they can also start realizing how easy can be to implement security governance in AWS.
By utilizing Security by Design CloudFormation templates, AWS security services and constraining services in the cloud through complaint design.
Also, as mentioned earlier, in addition to the services displayed here, new services such as AWS Service Catalog, EC2 System Manager, AWS Organisations can significantly help in the design of secure architectures from the ground up
And it’s not just about design but also secure operations. Once again, AWS gives you many tools you can use to implement secure operations.
Enables the ability to bring up an entire environment automatically.
Deploy servers, configure networking, assign storage.
Manage configuration and access.
Track and maintain different versions of the code.
Audit changes.
Technologist know well the advantages of APIs from an application standpoint. A standardised, controlled, secure way for all application communication.
With AWS, you have the same benefits for all your infrastructure and services, from common authoritative interfaces; which are our Console, CLI, SDK.
Spend a reasonable amount of time on this, since it underpins a lot of the rest of the workshop.
Walk through the key concepts of CloudWatch Events. Don’t spend too long on the events section since there is more detailed coverage on the next slide.
Cover briefly, and highlight the use case of multi-account environments.
Deploy a centralized logging solution using AWS CloudFormation. The CloudFormation template will automatically launch and configure the components necessary to upload log files from multiple accounts and AWS Regions to Amazon ES for analysis and visualization in a customizable, user-friendly dashboard.
Extend your logging capabilities beyond default AWS service logs. This flexible solution includes examples for capturing host-level log files and VPC flow logs, and is design to scale with your growing business.
Control access to your dashboards using an Nginx proxy to simplify authentication to Amazon ES, as well as user credentials for an extra layer of protection.
Simplify data visualization using built-in Amazon ES support for Kibana, including a default set of preconfigured dashboards that give you a first glimpse into the customization capabilities of Kibana.
Amazon CloudWatch Events delivers a near real-time stream of system events that describe AWS resource changes
Amazon Lambda lets you run code without provisioning or managing servers
Incident Response should NOT just be a manual process! Lets walk through how to quickly respond to someone disabling CloudTrail without ANY human interaction.
Incident Response should NOT just be a manual process!
Incident Response should NOT just be a manual process!
Incident Response should NOT just be a manual process!
Incident Response should NOT just be a manual process!
Incident Response should NOT just be a manual process!
Incident Response should NOT just be a manual process!
Simple lambda function that logs events
Incident Response should NOT just be a manual process!
Incident Response should NOT just be a manual process!
Many of the current concerns that surround data sovereignty relate to enforcing privacy regulations and preventing data that is stored in a foreign country from being subpoenaed by the host country’s government. We already discussed how we can address this using AWS regions and the data protection features offered by AWS.
For any in-depth and up to date information, you can always refer to our website following the link at the bottom of the slide.
The EU Article 29 Working Party has found that the AWS Data Processing Agreement meets the requirements of the EU Data Protection Directive with respect to Model Clauses. This means that AWS customers that collect and store personal information in the Cloud are Data Controllers in the sense of Directive 95/46/EC and they can use a data processor that, from a legal entity standpoint, is outside the EU.
Regarding GDRP, AWS recently released a new set of resources whilst confirming that all AWS services will comply with the GDPR when it becomes enforceable on May 25, 2018.
Focus on the differences between AWS service events and CloudTrail API events.