Architecting for Greater Security on AWS

•

3 likes•871 views

This document discusses how AWS can help enterprises improve security by providing secure defaults, visibility into operations, tools to ensure compliance, capabilities to keep up with innovation, enabling smaller and faster changes, reducing the impact of failures, improving automation, and making security actionable. Specifically, it highlights AWS services that provide access management, network controls, auditing and logging, tagging, compliance certifications, encryption, key management, infrastructure as code, auto-recovery, identity federation, and tools for continuous integration/deployment and rollbacks. Using AWS allows enterprises to improve security visibility, trust, and autonomy while accelerating change.

Technology

©2015, Amazon Web Services, Inc. or its aﬃliates. All rights reserved
Architecting for Greater Security
in AWS
Bill Shinn
Principal Security Solutions Architect

1) Why does security come first in enterprise cloud
adoption?
AWS Job Zero New Territory Enterprise Security
is Traditionally
Hard

2) Why is enterprise security traditionally so hard?
So much planning Slows down feature flow

3) Why so much planning which takes so long?
So many processes So many hand-offs Built-in pauses

4) Why so many processes?
Processes detect
unwanted change
Visibility, control and
quality are
essential
Reduce impact of failure

5) Why are change detection and low-risk changes
so difficult?
Lack of visibility No stimulus+response Low degree of automation

So where does AWS come in?
AWS makes security faster Lets you move fast but stay safe

1) Secure, Sensible Defaults - Access
IAM Users, Groups, Roles
Managed and inline policies
Versioned IAM policies
Multi-factor authentication
Workforce lifecycle management (SAML Federation, Connected Directory)

1) Secure, Sensible Defaults - Network
Virtual Private Cloud
DirectConnect & Virtual Private Gateway
Routing control – private and public subnets
IAM policies limit who can launch instances by trust zone
Security Groups

2) Improve Trust & Accountability with Better
Visibility
AWS CloudTrail
AWS CloudWatch Logs
AWS Config
Tagging
Asset Management

3) Inherit compliance and controls
Map AWS certifications into your enterprise GRC
Recognized industry audit standards
Jurisdiction
Regulatory and contractual options (FedRAMP, HIPAA Business Associate Addendum,
EU DPD Data Protection Addendum, PCI Attestation of Compliance)

4) Ride the pace of innovation
Find projects in your 3-year strategy where we innovating and let us do it
Most companies do not encrypt content internally
Encryption is built into EBS, S3, RDS, RedShift, Glacier, Elastic MapReduce, etc.
Key Management Service give you more control and visibility at cloud prices
We launched ~190 security-related features last year

5) Much Smaller Batch, Faster Changes
CloudFormation
Infrastructure as code, checked into source code control
Route53 or ELB cutover in deployments
Elastic Beanstalk application versions
Integrate teams across functions - less hand-offs between teams, but far greater
awareness and control of lower-risk changes

6) Reduce the impact of failure
Multi-Availability Zone deployments
Use multiple regions
Replicate data – S3, EBS, RDS
Lifecycle policies
Auto-scaling
Auto-recovery

7) Further improve automation
Access and deployments are no longer performed by people
EC2 Instance Profiles and service roles (Security Token Service)
AWS CodeDeploy
Continuous Integration & Deployment
Extends to on-premises workloads

8) Make security actionable
Review what matters
-  Internet Gateway
-  Identity and Access Management
-  VPC – Subnet and NACL changes
-  Security Groups
Shut things down automatically
Scan what change
Roll-back automatically
Use Lambda

Benefits of Enterprise Security on AWS
Higher degree of visibility, transparency and accountability (secure and can prove it)
Higher degree of trust and autonomy
Significant reductions in long-term, privileged access
Focus a greater proportion of limited security resources on application security
Have a much higher rate of successful change and changes are delivered more quickly

This session is recommended for technical users who want to know how the day-to-day work of securing their on-premise workloads should changes when moving to the cloud. Learn how to increase the effectiveness of your security operations as you move to the cloud. We will discuss how your current incident response, forensic investigations, monitoring, and audit response tactics have to change in the cloud. Pulling from experiences helping clients move to the cloud, industry research, and the school of hard knocks, this talk will help provide practical advice you can apply today.

Security As A Service

George Fares

2021 01-27 reducing risk of ransomware webinar

AlgoSec

Micro-segmentation protects your network by limiting the lateral movement of ransomware and other threats in your network. Yet successfully implementing a defense-in-depth strategy using micro-segmentation may be complicated. In this second webinar in a series of two webinars about ransomware, Yitzy Tannenbaum, Product Marketing Manager from AlgoSec and Jan Heijdra, Cisco Security Specialist, will provide a blueprint to implementing micro-segmentation using Cisco Secure Workload (formerly Cisco Tetration) and AlgoSec Network Security Policy Management. Join our live webinar to learn: • Why micro-segmentation is critical to fighting ransomware • Understand your business applications to create your micro-segmentation policy • Validate your micro-segmentation policy is accurate • Enforce these granular policies on workloads and summarized policies across your infrastructure • Use risk and vulnerability analysis to tighten your workload and network security • Identify and manage security risk and compliance in your micro-segmented environment

#ALSummit: Amazon Web Services: Understanding the Shared Security Model

Alert Logic

AWS Summit Auckland Sponsor Presentation - Intel

Amazon Web Services

Get ahead of cloud network security trends and practices in 2020

Cynthia Hsieh

Enterprises today cannot get by without a clear strategy for cloud security. Whether the organization’s adoption of cloud environments (private, public or hybrid) is mandated by business strategy or by unsanctioned employee use, CISOs and their security teams need to be prepared for this inevitable infrastructure shift. Attend and learn how to build a cloud security strategy that makes your CISO successful. Join Rich Mogull, lead analyst at Securosis, and Nick Piagentini, Solution Architect at CloudPassage as they discuss the following topics: -Cloud is Different, But Not the Way You Think -Adapting Security for Cloud Computing Principles -Getting Started: Practical Applications -CISO Cloud Security Checklist

CipherGraph Cloud VPNCipherGraph Networks

#ALSummit: Alert Logic & AWS - AWS Security Services

Alert Logic

Cloud university intel securityIngram Micro Cloud

AWS Summit Singapore - Next Generation Security

Amazon Web Services

Myles Hosford, Security Solution Architect, APAC, AWS James Wilkins, Lead of the Cloud Task Force, Association of Banks Singapore (ABS) In this session we will explore the current financial regulatory landscape and future compliance trends. We will dive deep on to how to leverage AWS services to implement next generation security and compliance at scale. The session will be delivered by Myles Hosford, APAC Security Solution Architect, and James Wilkins, Lead of the Cloud Task Force for the Association of Banks Singapore (ABS).

Trust No One - Zero Trust on the Akamai Platform

Elisabeth Bitsch-Christensen

Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment

AlgoSec

Enterprises are not only migrating applications to the cloud from on-premise data centers, but they are developing multi-cloud strategies to take advantage of availability and cost structures as well as to avoid vendor lock-in. In fact, IDC has predicted that more than 85% of IT organizations will commit to multi-cloud architectures already by the end of this year. In complex, multi-cloud and hybrid environments, security teams need to understand which network flows and security controls impact application connectivity, including cloud-specific security controls (Network ACL and security groups) as well as virtual and physical firewalls that protect cloud resources. They need to manage policies that maintain their compliance posture across multiple clouds and hybrid environments. In this webinar, Yitzy Tannenbaum, Product Marketing Manager at AlgoSec, will illuminate security-policy issues in multi-cloud and hybrid environments and show you how to achieve: • Visibility across the multi-cloud network topology to ensure deployment of security controls that support network-segmentation architecture • Uniform security policy across complex multi-cloud and hybrid environments • Automatic monitoring of multi-cloud and hybrid network-security configuration changes to analyze and assess risk and to avoid compliance violations • Instant generation of audit-ready reports for major regulations, including PCI, HIPAA, SOX and NERC, in the context of multi-cloud environments • Automatic provisioning of application connectivity flows across a variety of security controls in hybrid environments

#ALSummit: Realities of Security in the Cloud

Alert Logic

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

Moshe Ferber

In the presentation, we plan to announce the full version of a new open source tool called "Cloudefigo" and explain how it enables accelerated security lifecycle. We demonstrate how to launch a pre-configured, already patched instance into an encrypted storage environment automatically while evaluating their security and mitigating them automatically if a vulnerability is found. In the live demo, we leverage Amazon Web Services EC2 Cloud-Init scripts and object storage for provisioning automated security configuration, integrating encryption, including secure encryption key repositories for secure server's communication. The result of those techniques is cloud servers that are resilient, automatically configured, with the reduced attack surface.

Multi cloud governance best practices - AWS, Azure, GCP

Faiza Mehar

CipherGraph Networks: IntroductionCipherGraph Networks

Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar

AlgoSec

Many enterprises are moving to Cisco’s next generation firewall, Firepower, which offers unique capabilities - including Next Gen IPS powered by Snort and Advanced Malware Protection (AMP). However, migrating current security policy to Cisco Firepower is often complex, time-consuming and prone to errors. A single mistake could, potentially, cause outages, compliance violations and security gaps.

Network Security Automation_Solution Brief

AppViewX

The AppViewX Platform helps Enterprise IT manage, automate and orchestrate multi-vendor network security services. Our Network Security Automation Solution provides an application-centric view into the state of the network security infrastructure running in multi-cloud environments. Application, network, and security engineers may self-service and initiate automation workflows that deliver compliance and true business agility.

Microsegmentation from strategy to execution

AlgoSec

Organizations heavily invest in security solutions to keep their networks safe, but still struggle to close the security gaps. Micro-segmentation helps protect against the lateral movement of malware and minimizes the risk of insider threats. Micro-segmentation has received lots of attention as a possible solution, but many IT security professionals aren’t sure where to begin or what approach to take. In this practical webinar, Prof. Avishai Wool, AlgoSec’s CTO and co-founder will guide you through each stage of a micro-segmentation project – from developing the correct micro-segmentation strategy to effectively implementing it and continually maintaining your micro-segmented network. Register now for this live webinar and get a practical blueprint to creating your micro-segmentation policy: What is micro-segmentation. Common pitfalls in micro-segmentation projects and how to avoid them. The stages of a successful micro-segmentation project. The role of policy change management and automation in micro-segmentation.

Cisco amp for meraki

Cisco Canada

Workshop on CASB Part 2

Priyanka Aash

TechWiseTV Workshop: Cisco CloudCenter (CliQr)

Robb Boyd

Cisco Connect Ottawa 2018 data centre security

Cisco Canada

Collaboration d’équipe de nouvelle génération (Partie 1 de 2)

Cisco Canada

F5 ASM HEALTH CHECKS

Marco Essomba

Security today is everything. The F5 BIG -IP ASM provides the ultimate line of defense again web application attacks. At AMPS GLOBAL, we have hands-on experience in designing, implementing, and managing complex ASM policies to protect against real-life threats. Our engineers are certified and have experience in deploying ASM policies that can demonstrate a tangible improvement to the company online security posture. Our ASM Health Check Service is designed to improve the Web Application Firewall that guards your critical online business apps.

Van gogh, quadresTania Perales Martínez

Loch Skene Glaciated Landscape

Alan Doherty

What's hot

Cloud Security: Make Your CISO Successful

CloudPassage

CipherGraph Cloud VPNCipherGraph Networks

#ALSummit: Alert Logic & AWS - AWS Security Services

Alert Logic

Cloud university intel securityIngram Micro Cloud

AWS Summit Singapore - Next Generation Security

Amazon Web Services

Trust No One - Zero Trust on the Akamai Platform

Elisabeth Bitsch-Christensen

Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment

AlgoSec

#ALSummit: Realities of Security in the Cloud

Alert Logic

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

Moshe Ferber

Multi cloud governance best practices - AWS, Azure, GCP

Faiza Mehar

CipherGraph Networks: IntroductionCipherGraph Networks

Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar

AlgoSec

Network Security Automation_Solution Brief

AppViewX

Microsegmentation from strategy to execution

AlgoSec

Cisco amp for meraki

Cisco Canada

Workshop on CASB Part 2

Priyanka Aash

TechWiseTV Workshop: Cisco CloudCenter (CliQr)

Robb Boyd

Cisco Connect Ottawa 2018 data centre security

Cisco Canada

Collaboration d’équipe de nouvelle génération (Partie 1 de 2)

Cisco Canada

F5 ASM HEALTH CHECKS

Marco Essomba

What's hot (20)

Cloud Security: Make Your CISO Successful

CipherGraph Cloud VPN

#ALSummit: Alert Logic & AWS - AWS Security Services

Cloud university intel security

AWS Summit Singapore - Next Generation Security

Trust No One - Zero Trust on the Akamai Platform

Managing Effective Security Policies Across Hybrid and Multi-Cloud Environment

#ALSummit: Realities of Security in the Cloud

Defcon23 from zero to secure in 1 minute - nir valtman and moshe ferber

Multi cloud governance best practices - AWS, Azure, GCP

CipherGraph Networks: Introduction

Cisco Firepower Migration | Cisco and AlgoSec Joint Webinar

Network Security Automation_Solution Brief

Microsegmentation from strategy to execution

Cisco amp for meraki

Workshop on CASB Part 2

TechWiseTV Workshop: Cisco CloudCenter (CliQr)

Cisco Connect Ottawa 2018 data centre security

Collaboration d’équipe de nouvelle génération (Partie 1 de 2)

F5 ASM HEALTH CHECKS

Viewers also liked

Van gogh, quadresTania Perales Martínez

Loch Skene Glaciated Landscape

Alan Doherty

MC396 Presentation

somethingtochewon

GreeNet Conceptual Design Presentation - 2minutes madness

jin.fan

Intro to AWS: Security

Amazon Web Services

The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that "Tom is the only person who can access this data object that I store with Amazon, and he can do so only from his corporate desktop on the corporate network, from Monday–Friday 9–5, and when he uses MFA?" That's the level of granularity you can choose to implement if you wish. In this session, we'll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.

TV Hackday - Opportunities

Bertram Gugel

ケーズデンキの企業行動とパフォーマンス　～サービス差別化戦略の成功～

Hikaru GOTO

TV Distribution reloaded

Bertram Gugel

The Power Of Pervasive Performance Management: Aligning All Employees to Corp...

Callidus Software

Melbourne storm 2011Eugene Koh

Project overview

jexxon

Customer driven marketing

jexxon

Le novita informaticogiuridiche del CADAndrea Rossetti

Cometegiusnico

Atia 2014 final

rickweinberg

Catriel SheGabriela Cifuentes Gonzalez

SheGabriela Cifuentes Gonzalez

Geographical Issues Unit 3

Alan Doherty

Regional Development

jexxon

Conchiglie giusnico

Viewers also liked (20)

Van gogh, quadres

Loch Skene Glaciated Landscape

MC396 Presentation

GreeNet Conceptual Design Presentation - 2minutes madness

Intro to AWS: Security

TV Hackday - Opportunities

ケーズデンキの企業行動とパフォーマンス　～サービス差別化戦略の成功～

TV Distribution reloaded

The Power Of Pervasive Performance Management: Aligning All Employees to Corp...

Melbourne storm 2011

Project overview

Customer driven marketing

Le novita informaticogiuridiche del CAD

Comete

Atia 2014 final

Catriel She

She

Geographical Issues Unit 3

Regional Development

Conchiglie

Similar to Architecting for Greater Security on AWS

Security and Compliance

Amazon Web Services

AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...

Amazon Web Services

The cloud is accelerating the pace at which companies innovate and has shifted the focus on how to approach technology governance and compliance. AWS elects to have a variety of security assessments performed and provides several built-in security features to help meet your security and compliance objectives. In this open roundtable session, we look at how AWS attestations and governance automation can reduce scope to drive security, compliance, and audit assertions across customers organizations. Come and join a discussion with AWS security and compliance Solutions Architects.

(SEC201) How Should We All Think About Security?

Amazon Web Services

Security must be at the forefront for any online business. At AWS, security is priority number one. Stephen Schmidt, Vice President and Chief Information Security Officer, shares his insights into cloud security and how AWS meets customers' demanding security and compliance requirements—and in many cases helps them improve their security posture. Stephen, with his background with the FBI and his work with AWS customers in the government, space exploration, research, and financial services organizations, shares an industry perspective that's unique and invaluable for today's IT decision makers.

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...

Amazon Web Services

Does moving core business applications to AWS make sense for your organization? This session covers key business and IT considerations gathered from industry experts and real-world enterprise customers who have chosen to move their mission critical ERP applications to the AWS cloud, resulting in lower costs and better service. This session covers the following: - Insights from industry experts and analysts, who explain how the cloud affects costs from three angles: launch, operations, and long-term infrastructure expense - Review of how time-to-value and cloud launch processes differ from on-premises infrastructure - How AWS offers increased security and reliability over what some enterprises can afford on their own Sponsored by Infor

(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...

Amazon Web Services

This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture design decisions made by Fortune 500 organizations during actual sensitive workload deployments, as told by the AWS security solution architects and professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)Glenn Ambler

FS-ISAC 2017 Amazon Web Services & Cloud Security

Amazon Web Services

AWS provides enterprises numerous ways to migrate to the cloud, based on your business needs. Because AWS was built with the most data-sensitive, regulated industries in mind, enterprises have access to the most robust networking and security controls to safeguard a protected and seamless migration. In this session, AWS security professionals provide an overview of what security essentials you need to consider when migrating to the cloud. We will also provide a compliance update on what you need to consider in relation to regulatory issues.

Compliance In The Cloud Using Security By Design

Amazon Web Services

How We Should Think About Security

Amazon Web Services

Fintech Pace Security on AWS: The Customer Perspective

Amazon Web Services

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speakers: Myles Hosford, Security Solutions Architect APAC, AWS Anthony Hodge, Head, Cloud Engineering and Delivery, Standard Chartered Bank

AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned

AWS Summits

Speaker: Jonathan Allen, Enterprise Strategist, AWS Hear why customers adopt, how you can follow and the positive impact of Financial Services customers choosing to use AWS Cloud. This session will be presented by Jonathan Allen – AWS Enterprise Strategist and Evangelist. Sharing some of his experience and lessons learned when he was the CTO of Capital One UK, across the paradigms of People, Process and Technology and leveraging first-hand knowledge of the AWS Cloud Adoption Framework and Mass Migration best practices.

Spca2014 navigating clouds sp_con14_mackieNCCOMMS

An Evolving Security Landscape – Security Patterns in the Cloud

Amazon Web Services

Availability of cloud computing is helping Financial Services organizations realize accelerated go-to-market speeds, global scalability, and cost efficiencies. This new world forces considerations for security programs – what is different in the cloud and what do I do differently? AWS Security Architects will share protocols that need to be considered in the cloud, on premises, or in a hybrid model. They will also share best practices, lessons learned, efficiencies, and design patterns and architectures unique to cloud.

AWS Security Overview and “What’s New”

Amazon Web Services

AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.

Compliance in the Cloud Using Security by Design

Amazon Web Services

Up-front design of your AWS account can be done in a way that creates a reliably secure and controlled environment no matter how the AWS resources are used. This session will focus on "Secure by Design" principles and show how an AWS environment can be configured to provide a reliable operational security control capability to meet the compliance needs across multiple industry verticals (e.g. HIPAA, FISMA, PCI, etc.). This will include operational reporting through the use of AWS services (e.g. Config/Config Rules, CloudTrail, Inspector, etc.) as well as partner integration capabilities with partner solutions such as Splunk and Allgress for real-time governance, risk, and compliance reporting. Key takeaways from this session include: learning AWS Security best practices and automation capabilities for securing your environment, Automation accelerators for configuration, compliance, and audit reporting using CloudFormation, Config/Config Rules, CloudTrail, Inspector, etc., and ISV integration for real-time notification and reporting for security, compliance, and auditing in the cloud.

Agile Integration Architecture: A Containerized and Decentralized Approach to...

Kim Clark

Microservices principles are revolutionizing the way applications are built, by enabling a more decoupled and decentralized approach to implementation, creating greater agility, scalability and resilience. These applications still need to be connected to one another, and to existing systems of record. Agile integration architecture brings the benefits of cloud-ready containerization to the integration space. It provides the opportunity to move from the heavily centralized ESB pattern to integration within more empowered and autonomous application teams. We look at the architectural differences in this approach compared to traditional integration, and also at how it enables more decentralized organizational structure better suited to digital transformation. You can read a more detailed paper on this approach at http://ibm.biz/AgileIntegArchPaper. This presentation was recorded for Integration Developer News (http://www.idevnews.com/) and is available here: http://ibm.biz/AgileIntegArchWebinar

Advancing Cloud Initiatives and Removing Barriers to Adoption

RightScale

RightScale User Conference NYC 2011 - Michael Crandell - CEO, RightScale Brian Adler - Solutions Architect, RightScale Cloud misconceptions and corporate inertia often surface as the greatest inhibitors of enterprise cloud adoption. In this session, we'll share successful enterprise use cases and give you practical tips on addressing legitimate concerns to accelerate cloud adoption within your organization. We'll discuss specific issues that enterprises often encounter when using cloud-based resource pools, such as managing security, visibility, and control through infrastructure audits.

AWS Security Week: Why Your Customers Care About Compliance

Amazon Web Services

ISV Integrations

BlueFish

Layer 7: Enterprise Service Governance with SecureSpan

CA API Management

Similar to Architecting for Greater Security on AWS (20)

Security and Compliance

AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...

(SEC201) How Should We All Think About Security?

(ENT202) Four Critical Things to Consider When Moving Your Core Business Appl...

(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...

glenn_amblercloud_security_ncc_event_22-may-2012_v1 (9)

FS-ISAC 2017 Amazon Web Services & Cloud Security

Compliance In The Cloud Using Security By Design

How We Should Think About Security

Fintech Pace Security on AWS: The Customer Perspective

AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned

Spca2014 navigating clouds sp_con14_mackie

An Evolving Security Landscape – Security Patterns in the Cloud

AWS Security Overview and “What’s New”

Compliance in the Cloud Using Security by Design

Agile Integration Architecture: A Containerized and Decentralized Approach to...

Advancing Cloud Initiatives and Removing Barriers to Adoption

AWS Security Week: Why Your Customers Care About Compliance

ISV Integrations

Layer 7: Enterprise Service Governance with SecureSpan

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Amazon Web Services

Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS. In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Amazon Web Services

La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup. Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti. Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.

Esegui pod serverless con Amazon EKS e AWS Fargate

Amazon Web Services

Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi

Costruire Applicazioni Moderne con AWS

Amazon Web Services

Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.

Come spendere fino al 90% in meno con i container e le istanze spot

Amazon Web Services

L’utilizzo dei container è in continua crescita. Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili. I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!

Open banking as a service

Amazon Web Services

In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th. Event Agenda : Open banking so far (short recap) • PSD2, OB UK, OB Australia, OB LATAM, OB Israel Intro to Open Finance marketplace • Scope • Features • Tech overview and Demo The role of the Cloud The Future of APIs • Complying with regulation • Monetizing data / APIs • Business models • Time to market One platform for all: a Strategic approach Q&A

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

Amazon Web Services

Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc. AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta. Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Amazon Web Services

Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity. AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet. Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Amazon Web Services

Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.

Computer Vision con AWS

Amazon Web Services

Database Oracle e VMware Cloud on AWS i miti da sfatare

Amazon Web Services

Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti. Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

Amazon Web Services

Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti. Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire. Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito. In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.

API moderne real-time per applicazioni mobili e web

Amazon Web Services

Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline. Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Amazon Web Services

Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi. La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali. In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.

Tools for building your MVP on AWSAmazon Web Services

How to Build a Winning Pitch DeckAmazon Web Services

Building a web application without serversAmazon Web Services

Fundraising EssentialsAmazon Web Services

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services

Introduzione a Amazon Elastic Container Service

Amazon Web Services

Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...

Big Data per le Startup: come creare applicazioni Big Data in modalità Server...

Esegui pod serverless con Amazon EKS e AWS Fargate

Costruire Applicazioni Moderne con AWS

Come spendere fino al 90% in meno con i container e le istanze spot

Open banking as a service

Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...

OpsWorks Configuration Management: automatizza la gestione e i deployment del...

Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads

Computer Vision con AWS

Database Oracle e VMware Cloud on AWS i miti da sfatare

Crea la tua prima serverless ledger-based app con QLDB e NodeJS

API moderne real-time per applicazioni mobili e web

Database Oracle e VMware Cloud™ on AWS: i miti da sfatare

Tools for building your MVP on AWS

How to Build a Winning Pitch Deck

Building a web application without servers

Fundraising Essentials

AWS_HK_StartupDay_Building Interactive websites while automating for efficien...

Introduzione a Amazon Elastic Container Service

Recently uploaded

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

Product School

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

Bits & Pixels using AI for Good.........

Alison B. Lowndes

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Thierry Lestable

Knowledge engineering: from people to machines and back

Elena Simperl

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Inflectra

In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring. Learn about: • The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks. • Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective. • Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification. • Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process. Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Recently uploaded (20)

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

The Art of the Pitch: WordPress Relationships and Sales

Epistemic Interaction - tuning interfaces to provide information for AI support

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

Designing Great Products: The Power of Design and Leadership by Chief Designe...

De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...

FIDO Alliance Osaka Seminar: Overview.pdf

Bits & Pixels using AI for Good.........

Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...

Knowledge engineering: from people to machines and back

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

UiPath Test Automation using UiPath Test Suite series, part 3

Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality

Essentials of Automations: Optimizing FME Workflows with Parameters

UiPath Test Automation using UiPath Test Suite series, part 4

When stars align: studies in data quality, knowledge graphs, and machine lear...

PHP Frameworks: I want to break free (IPC Berlin 2024)

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Architecting for Greater Security on AWS

2. 1) Why does security come first in enterprise cloud adoption? AWS Job Zero New Territory Enterprise Security is Traditionally Hard

3. 2) Why is enterprise security traditionally so hard? So much planning Slows down feature flow

4. 3) Why so much planning which takes so long? So many processes So many hand-offs Built-in pauses

5. 4) Why so many processes? Processes detect unwanted change Visibility, control and quality are essential Reduce impact of failure

6. 5) Why are change detection and low-risk changes so difficult? Lack of visibility No stimulus+response Low degree of automation

7. So where does AWS come in? AWS makes security faster Lets you move fast but stay safe

8. 1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)

10.

11.

12.

13.

14. 1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)

15. 1) Secure, Sensible Defaults - Network Virtual Private Cloud DirectConnect & Virtual Private Gateway Routing control – private and public subnets IAM policies limit who can launch instances by trust zone Security Groups

16.

17.

18.

19.

20. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

21.

22.

23.

24.

25. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

26.

27.

28.

29. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management

30.

31. 3) Inherit compliance and controls Map AWS certifications into your enterprise GRC Recognized industry audit standards Jurisdiction Regulatory and contractual options (FedRAMP, HIPAA Business Associate Addendum, EU DPD Data Protection Addendum, PCI Attestation of Compliance)

32. 4) Ride the pace of innovation Find projects in your 3-year strategy where we innovating and let us do it Most companies do not encrypt content internally Encryption is built into EBS, S3, RDS, RedShift, Glacier, Elastic MapReduce, etc. Key Management Service give you more control and visibility at cloud prices We launched ~190 security-related features last year

33. 5) Much Smaller Batch, Faster Changes CloudFormation Infrastructure as code, checked into source code control Route53 or ELB cutover in deployments Elastic Beanstalk application versions Integrate teams across functions - less hand-offs between teams, but far greater awareness and control of lower-risk changes

34.

35.

36. 6) Reduce the impact of failure Multi-Availability Zone deployments Use multiple regions Replicate data – S3, EBS, RDS Lifecycle policies Auto-scaling Auto-recovery

37. 7) Further improve automation Access and deployments are no longer performed by people EC2 Instance Profiles and service roles (Security Token Service) AWS CodeDeploy Continuous Integration & Deployment Extends to on-premises workloads

38. 8) Make security actionable Review what matters -  Internet Gateway -  Identity and Access Management -  VPC – Subnet and NACL changes -  Security Groups Shut things down automatically Scan what change Roll-back automatically Use Lambda

39. Benefits of Enterprise Security on AWS Higher degree of visibility, transparency and accountability (secure and can prove it) Higher degree of trust and autonomy Significant reductions in long-term, privileged access Focus a greater proportion of limited security resources on application security Have a much higher rate of successful change and changes are delivered more quickly

40. Thank you!

Architecting for Greater Security on AWS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Architecting for Greater Security on AWS

Similar to Architecting for Greater Security on AWS (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Recently uploaded

Recently uploaded (20)

Architecting for Greater Security on AWS