Mykhailo Hryhorash: Архітектура IT-рішень (Частина 2) (UA) Lemberg Delivery Manager School Website – https://lembs.com/dmschool Youtube – https://www.youtube.com/startuplviv FB – https://www.facebook.com/pmdayconference

1. Cloud Computing and Security
Session #11
Delivery Management School

2. 2
Agenda
Let’s get to know each other
01
Cloud computing overview
02
Types of clouds and deployment strategies
03
AWS services overview
04
Software security fundamentals
05

3. 01 Let’s get to know each other

4. 4
Mykhailo Hryhorash
• 20 years in IT
• AWS certified cloud practitioner
• Passed AWS solution architect associate and AWS
Data analytics specialty learning
• https://www.linkedin.com/in/mykhailo-hryhorash-7960
0263/
• https://www.facebook.com/fattestmike
Delivery Director at Levi9

5. My goal for today
Give an overview of cloud computing, AWS
services and basic security practices
5

6. 02 Cloud computing overview

7. When it all begun?
In 1961, John McCarthy gave a speech at the Massachusetts
Institute of Technology stating that "Computing power can
be sold as a service, like water or electricity."
7

8. The Big 3
8
Mar 2006 Feb 2010 Dec 2011

9. When it all begun?
9

10. 10
Scalability Performance
Speed & Agility Security
10
Advantages
Cost efficiency
Services & Solutions

11. Types of cloud services

12. 12
1. Infrastructure as a Service (IaaS)
Provides virtualized computing resources over the
internet. It is the most basic category of cloud
computing services.
Use cases:
Website and application hosting, storage, backup,
and recovery.

13. 2. Platform as a Service (PaaS)
Supplies an on-demand environment for developing,
testing, delivering, and managing software
applications. PaaS is designed to make it easier for
developers to create web or mobile apps.
Use cases:
Development frameworks, analytics, business
intelligence.

14. 3. Software as a Service (SaaS)
Delivers software applications over the internet, on a
subscription basis. SaaS applications are also known
as web-based software, on-demand software, or
hosted software.
Use cases:
Email, customer relationship management (CRM),
collaboration tools.

15. Deployment strategies

16. 16
1. Public Cloud
Services are delivered over the public internet and
shared across organizations
Advantages:
Cost-effective, scalable, reliable, easily accessible, tons of
ready services
Disadvantages:
Might become too costly for high workloads, “vendor lock”

17. 17
2. Private Cloud (on-premises)
Cloud computing resources are used exclusively by one
business or organization. It can be physically located at
your organization’s on-site datacenter or hosted by a
third-party service provider
Advantages:
Offers more control and security
Disadvantages:
Costly to launch, difficult to build and configure

18. 18
3. Multi Cloud
The use of multiple cloud
computing services in a single
heterogeneous architecture
Advantages:
Avoids vendor lock-in, enhances
redundancy and reliability, some
services are cheaper
Disadvantages:
Difficult to configure, need to
manage both cloud environments,
double payment in some cases

19. 19
4. Hybrid Cloud
Combines public and private clouds, allowing
data and applications to be shared between
them
Advantages:
Provides greater flexibility and more deployment
options. You can use on-premises hardware for a
steady workload and cloud as a flexible layer for
peak loads
Disadvantages:
Difficult to configure and maintain, complex
architecture and networking

20. AWS Services Overview

21. AWS Services
21

22. 22
Compute
AWS EC2
Provides scalable virtual servers in
the cloud.
Use case: The main tool for
hosting applications and
websites.
Runs code in response to events
without provisioning servers.
Use case: Short repetitive
computing tasks, like real-time file
processing.
Big data computing distributed
on a cluster of managed
machines
Use case: Big data processing,
analytics, cloud implementation
of Hadoop, Spark
AWS Lambda EMR

23. 23
Storage
Elastic Block Store (EBS)
Block storage service for use with
Amazon EC2.
Use case: Persistent storage for
EC2 instances.
Object storage service with high
scalability, data availability, and
security.
Use case: Storing and retrieving
any amount of data.
S3 EFS/NFS
Persistent network storage to
share files across many virtual
machines
Use case: Common file storage
system for many servers

24. 24
Databases
RDS / Aurora
Managed relational database
service supporting multiple
database engines.
Use case: Running SQL
databases, OLTP applications.
Fully managed highly scalable
and high-performing NoSQL
database service.
Use case: Applications requiring
low-latency data access.
DynamoDB Elasticache
In-memory caching data storage
to deliver frequent queried in real
time
Use case: Cloud implementation
of Redis and Memcached

25. 25
Integrations
Simple Queue Service (SQS)
A queuing service to decouple
microservices, distributed systems,
serverless applications.
Use case: Reliable communication
between application components by
sending, storing, and receiving
messages between software
components at any volume
A managed service that provides
message delivery from publishers to
subscribers using a publish-subscribe
(pub/sub) model
Use case: Sending notifications to
multiple endpoints such as email, SMS,
and HTTP/S, enabling real-time updates
and alerts
Simple Notification Service (SNS) Simple Workflow (SWF)
A service for building, running, and
scaling background jobs, coordinating
work across distributed components
Use case: Managing complex workflows
such as media processing, business
process workflows, and analytics
pipelines

26. 26
Performance and scaling
Application Load Balancer (ALB)
Distributes incoming application traffic
across multiple targets and ensures the
underlying servers health.
Use case: Improving fault tolerance and
availability
Automatically adjusts server capacity to
maintain steady performance.
Use case: Ensuring applications run
smoothly during demand spikes
Auto Scaling Group (ASG) Cloudfront
A content delivery network (CDN) that
securely delivers data, videos,
applications globally with low latency
and high transfer speeds.
Use case: Accelerating the delivery of
static and dynamic web content,
primarily files, to users worldwide

27. 27
Account and access management
Identity and Access Manager (IAM)
A web service that helps you securely
control access to AWS services and
resources for your users.
Use case: Managing permissions and
access policies for users and groups to
ensure secure access to AWS resources.
A service that enables you to
consolidate multiple AWS accounts into
an organization that you create and
centrally manage.
Use case: Simplifying billing, access
control, and compliance across multiple
AWS accounts within an organization.
AWS Organizations

28. 28
Security
Web Application Firewall (WAF)
A firewall that helps protect your web
applications from common web
exploits and vulnerabilities.
Use case: Enhancing security by
filtering and monitoring HTTP and
HTTPS requests to your web
applications.
A managed service that makes it easy
to create and control the encryption
keys used to encrypt your data.
Use case: Securing sensitive data by
managing encryption keys for
applications and services.
Key Management Service (KMS) Inspector
An automated security assessment
service that helps improve the security
and compliance of applications
deployed on AWS.
Use case: Identifying vulnerabilities and
deviations from best practices in your
AWS environment to enhance security
posture.

29. 29
DevOps
Cloudformation
A service that helps you model and set
up your AWS resources in an
automated way, using Infrastructure as
Code approach.
Use case: Automating the provisioning
and updating of infrastructure through
infrastructure as code (IaC).
A fully managed source control service
that makes it easy for teams to host
secure and scalable Git repositories.
Use case: Storing and managing source
code, binaries, and other assets in a
secure and scalable manner.
Code Commit Code Deploy
A service that automates code
deployments to any instance, including
Amazon EC2 and on-premises servers.
Use case: Automating the deployment
of applications to ensure consistent
and reliable updates across various
environments.

30. 30
Networking
Virtual Private Cloud (VPC)
A service that lets you provision an
isolated section of the AWS cloud where
you can launch AWS resources in a
virtual network that you define.
Use case: Enhancing security of your
network environment by creating a
private, isolated section of AWS cloud.
A scalable and highly available Domain
Name System (DNS) web service.
Use case: Managing domain names
and routing end-user requests to
internet applications, ensuring high
availability and reliability.
Route53 Direct Connect
A cloud service solution that makes it
easy to establish a dedicated network
connection from your premises to AWS.
Use case: Improving network
performance and reducing bandwidth
costs by establishing a dedicated
connection to AWS.

31. 31
Monitoring
CloudWatch
A monitoring and observability service
built for DevOps engineers, developers,
SREs and IT managers.
Use case: Collecting and tracking
metrics, monitoring log files, and
setting alarms to keep your
applications and infrastructure running
smoothly.
A service that enables governance,
compliance, and operational and risk
auditing of your AWS account.
Use case: Logging and monitoring
account activity across your AWS
infrastructure to ensure compliance
and enhance security.
CloudTrail Config
A service that enables you to assess,
audit, and evaluate the configurations
of your AWS resources.
Use case: Monitoring and recording
configurations of your AWS resources
and evaluating them against desired
configurations to ensure compliance.

32. 32
Big Data
Kinesis
A platform on AWS to collect, process,
and analyze real-time, streaming data.
Use case: Building real-time
applications such as log and event data
collection, real-time analytics, and
machine learning.
A fully managed data warehouse that
makes it simple and cost-effective to
analyze data using standard SQL and
existing business intelligence (BI) tools.
Use case: Performing complex queries
and analytics on large datasets to gain
business insights.
Redshift Glue
A fully managed extract, transform, and
load (ETL) service that makes it easy to
prepare and load data for analytics.
Use case: Simplifying the process of
moving data between data stores and
preparing it for analysis.

33. AWS Global Infrastructure
33

34. Amazon Well Architected Framework
34

35. 35
Start simple Right-size tools for
your project specifics
Apply monitoring Analyse costs
35
Advise for cloud architecture
Use ready solutions
vs. self-built
Don’t shy away from
well-architected review

36. AWS Certification Path
36

37. 03 Software security fundamentals

38. Cyber security
38
Cyber security often being ignored until
an incident which might be financially
and reputationally costly

39. GRC
39
Cyber security governance, risk,
and compliance (GRC) involves
establishing policies, procedures,
and controls to manage and
mitigate security risks, ensure
regulatory compliance, and align
security initiatives with business
objectives.

40. Compliance and regulatory requirements
40
Regulatory requirements such
as GDPR, HIPAA, and PCI-DSS
mandate data protection,
privacy, and security measures.
Implementing robust data
encryption, regular audits, and
comprehensive access controls
are essential best practices for
maintaining compliance with
these regulations and
protecting organizational data.

41. OWASP
41
OWASP (Open Web Application Security Project) is a nonprofit organization focused on improving the security of software
through community-led open-source projects, tools, and resources. One of its most well-known contributions is the
OWASP Top Ten, a regularly updated list highlighting the most critical web application security risks.

42. Secure development lifecycle (SDLC)
42
The Secure Software
Development Lifecycle
(SDLC) integrates
security practices into
each phase of
software development
to ensure that security
is considered and
implemented from the
initial design through
to deployment and
maintenance.

43. Threat Modelling
43
Threat modeling is a structured approach to identifying, assessing, and mitigating security threats and vulnerabilities in a
system or application.

44. Secure coding principles
44

45. Penetration testing
45
Penetration testing, also known as ethical
hacking, involves simulating cyberattacks
on a system, network, or application to
identify and exploit vulnerabilities before
malicious attackers can. The main goal is to
assess the security posture, uncover
weaknesses, and provide actionable
recommendations to enhance overall
security.

46. Attack simulation
46
A red team/blue team security
exercise involves a simulated
attack (red team) and defense
(blue team) scenario to evaluate
and improve an organization's
security posture through real-
world adversarial testing and
response.

47. Technical solutions are good, but
47

48. Security awareness practices
48

49. 05 Recommendations

50. 50
To read
AWS
The complete beginner’s
guide to mastering AWS
by Stephen Baron
AWS tutorials
https://aws.amazon.com/getting-started/hands-on/

51. 51
To watch
AWS Certified Cloud
Practitioner course by
Stephane Maarek

52. 52
To talk to
Experienced developers
in your surrounding who
work with cloud and
security

53. Questions
THANK YOU!

54. Hometask

55. Hometask
1. Analyze the technical setup of your current
project
2. Propose how it could be set up in cloud and/or
cyber security improvements
55