(ISM206) Modern IT Governance Through Transparency and AutomationAmazon Web Services
As information technology increasingly becomes strategic to more enterprises and government agencies, and as the threat landscape evolves and becomes more challenging, governance, risk management, and compliance (GRC) increasingly become c-suite issues. In this session, we examine how the AWS cloud platform, through APIs and automation, enables advances and the implementation of best practices in governance and compliance. Learn how AWS can help senior leadership confidently answer key governance questions, such as: What do I have? How it is performing? Who controls it? Is it secure and compliant? Are we using the right processes and protections when we make changes? What is it costing me?
GIS on AWS Deep Dive - AWS Symposium 2014 - Washington D.C. Amazon Web Services
This session will highlight how to run OGC compliant mapping services on top of a shared authoritative source. You will gain insight into how everyone can look at the same map data.
Security Features of AWS Services in AWS GovCloud (US) - AWS Symposium 2014 -...Amazon Web Services
Description: The Government faces the paramount challenge of building sensitive IT systems in the Cloud while maintaining stringent security requirements. Learn from the experts about using integrated security features available in AWS GovCloud (US) to make your mission workloads more secure and robust.
Big Open Data Transformation Through Public Data Sets - AWS Washington D.C. S...Amazon Web Services
In this conversation, AWS and government thought leaders will discuss ways to encourage public private partnership to solve societal problems thru open data. Ariel Gold, Program Manager, AWS and Tsengdar Lee of NASA will shares insight on NASA NEX.
How Amazon.com Uses AWS Analytics: Data Analytics Week SFAmazon Web Services
Data Analytics Week at the San Francisco Loft
How Amazon.com Uses AWS Analytics
An inside look at how a global e-commerce firm uses AWS technologies to build a scalable environment for data and analytics. We'll look at how Amazon is evolving the world of data warehousing with a combination of a data lake and parallel scalable compute engines including Amazon EMR and Amazon Redshift.
Speakers:
Saurabh Shrivastava - Partner Solutions Architect, AWS
Andre Hass - Specialist Technical Account Manager (Redshift), AWS
From the Amazon Web Services Singapore & Malaysia Summits 2015 Track 2 Breakout, 'Big Data and Analytics' Presented by Russell Nash – AWS Solutions Architect
AWS offers everything you need to deploy a secure and flexible data lake in the cloud. Discover how services like Amazon Simple Storage Service (Amazon S3) and Amazon Redshift can be used together to build and manage your own data lake, and how AWS Lake Formation makes it possible to set up a data lake in days. We walk through an example architecture together, covering everything from data storage to data analytics.
AWS-powered services for analytics can handle the scale, agility, and flexibility required to combine different types of data and analytics approaches that will allow you to transform your data into a valuable corporate asset. In this session, AWS will provide an overview of the different AWS services available for your data analytics needs. You can combine these blocks to build data flows that will extend your organization’s agility, ability to derive more insights and value from its data, and capability to adopt more sophisticated analytics tools and processes as your needs evolve. In the second part of the session, Paddy Power Betfair’s Data team will discuss the adoption and large scale operation of a broad range of AWS services that make up PPB’s scalable, mixed workload, multi-brand data platform. The data capabilities developed by PPB and powered by AWS were implemented to enable low-latency, high-volume and near real-time advanced analytics use cases, in the highly regulated and fast-paced betting industry. This was only possible through a focus on automation, innovation and continuous improvement.
With 2015 just around the corner, the Pivotal Data Science team has been challenged to point its predictive inclinations toward spotting emerging trends in Data Science. With a global team of 30, doing innovative work in almost every vertical market, Pivotal’s data scientists have a rich view into the underlying trends and shifts impacting their craft.
– Annika Jimenez, Kaushik Das and Hulya Farinas – share their insights on the key Data Science industry trends for the coming year. Every angle of Data Science is fair game:
New use cases at the vertical level
Analytical tool usage trends
Implications of the shift in focus to model operationalization
Meta observations about maturity of the craft
Ethics evolution in Data Science
Venture capital activity
To watch the on-demand webinar, visit http://www.pivotal.io/agile/top-data-science-trends-for-2015-webinar
(ISM206) Modern IT Governance Through Transparency and AutomationAmazon Web Services
As information technology increasingly becomes strategic to more enterprises and government agencies, and as the threat landscape evolves and becomes more challenging, governance, risk management, and compliance (GRC) increasingly become c-suite issues. In this session, we examine how the AWS cloud platform, through APIs and automation, enables advances and the implementation of best practices in governance and compliance. Learn how AWS can help senior leadership confidently answer key governance questions, such as: What do I have? How it is performing? Who controls it? Is it secure and compliant? Are we using the right processes and protections when we make changes? What is it costing me?
GIS on AWS Deep Dive - AWS Symposium 2014 - Washington D.C. Amazon Web Services
This session will highlight how to run OGC compliant mapping services on top of a shared authoritative source. You will gain insight into how everyone can look at the same map data.
Security Features of AWS Services in AWS GovCloud (US) - AWS Symposium 2014 -...Amazon Web Services
Description: The Government faces the paramount challenge of building sensitive IT systems in the Cloud while maintaining stringent security requirements. Learn from the experts about using integrated security features available in AWS GovCloud (US) to make your mission workloads more secure and robust.
Big Open Data Transformation Through Public Data Sets - AWS Washington D.C. S...Amazon Web Services
In this conversation, AWS and government thought leaders will discuss ways to encourage public private partnership to solve societal problems thru open data. Ariel Gold, Program Manager, AWS and Tsengdar Lee of NASA will shares insight on NASA NEX.
How Amazon.com Uses AWS Analytics: Data Analytics Week SFAmazon Web Services
Data Analytics Week at the San Francisco Loft
How Amazon.com Uses AWS Analytics
An inside look at how a global e-commerce firm uses AWS technologies to build a scalable environment for data and analytics. We'll look at how Amazon is evolving the world of data warehousing with a combination of a data lake and parallel scalable compute engines including Amazon EMR and Amazon Redshift.
Speakers:
Saurabh Shrivastava - Partner Solutions Architect, AWS
Andre Hass - Specialist Technical Account Manager (Redshift), AWS
From the Amazon Web Services Singapore & Malaysia Summits 2015 Track 2 Breakout, 'Big Data and Analytics' Presented by Russell Nash – AWS Solutions Architect
AWS offers everything you need to deploy a secure and flexible data lake in the cloud. Discover how services like Amazon Simple Storage Service (Amazon S3) and Amazon Redshift can be used together to build and manage your own data lake, and how AWS Lake Formation makes it possible to set up a data lake in days. We walk through an example architecture together, covering everything from data storage to data analytics.
AWS-powered services for analytics can handle the scale, agility, and flexibility required to combine different types of data and analytics approaches that will allow you to transform your data into a valuable corporate asset. In this session, AWS will provide an overview of the different AWS services available for your data analytics needs. You can combine these blocks to build data flows that will extend your organization’s agility, ability to derive more insights and value from its data, and capability to adopt more sophisticated analytics tools and processes as your needs evolve. In the second part of the session, Paddy Power Betfair’s Data team will discuss the adoption and large scale operation of a broad range of AWS services that make up PPB’s scalable, mixed workload, multi-brand data platform. The data capabilities developed by PPB and powered by AWS were implemented to enable low-latency, high-volume and near real-time advanced analytics use cases, in the highly regulated and fast-paced betting industry. This was only possible through a focus on automation, innovation and continuous improvement.
With 2015 just around the corner, the Pivotal Data Science team has been challenged to point its predictive inclinations toward spotting emerging trends in Data Science. With a global team of 30, doing innovative work in almost every vertical market, Pivotal’s data scientists have a rich view into the underlying trends and shifts impacting their craft.
– Annika Jimenez, Kaushik Das and Hulya Farinas – share their insights on the key Data Science industry trends for the coming year. Every angle of Data Science is fair game:
New use cases at the vertical level
Analytical tool usage trends
Implications of the shift in focus to model operationalization
Meta observations about maturity of the craft
Ethics evolution in Data Science
Venture capital activity
To watch the on-demand webinar, visit http://www.pivotal.io/agile/top-data-science-trends-for-2015-webinar
Data Science ATL Meetup - Risk I/O Security Data ScienceMichael Roytman
This is a talk about data science operations and the applications of Risk I/Os insights to the security industry - how we went about mining insights from our large dataset
Data Science in the Real World: Making a Difference Srinath Perera
We use the terms “Big Data” and “Data Science” for use of data processing to make sense of the world around us. Spanning many fields, Big Data brings together technologies like Distributed Systems, Machine Learning, Statistics, and Internet of Things together. It is a multi-billion-dollar industry including use cases like targeted advertising, fraud detection, product recommendations, and market surveys. With new technologies like Internet of Things (IoT), these use cases are expanding to scenarios like Smart Cities, Smart health, and Smart Agriculture.
These usecases use basic analytics, advanced statistical methods, and predictive technologies like Machine Learning. However, it is not just about crunching the data. Some usecases like Urban Planning can be slow, and there is enough time to process the data. However, with use cases like traffic, patient monitoring, surveillance the the value of results degrades much faster with time and needs results within milliseconds to seconds. Collecting data from many sources, cleaning them up, processing them using computation clusters, and doing all these fast is a major challenge.
This talk will discuss motivation behind big data and data science and how it can make a difference. Then it will discuss the challenges, systems, and methodologies for implementing and sustaining a data science pipeline.
Pivotal Digital Transformation Forum: Becoming a Data Driven EnterpriseVMware Tanzu
Next Steps in Your Digital Transformation
This session brings together all the lessons learnt throughout the day and shares with you practical advice on how to get started with, or accelerate, your journey to become a digital business.
Malware detection within enterprise networks is a critical component of an effective information security strategy. Instances of malware attacks are increasing – making them especially important to detect – and data science can help. This presentation outlines data science driven approaches to finding domains that have time and user-based co-occurrence relationships. It also includes a demonstration of a scalable and operationalizable framework to detect domain associations by analyzing the web traffic of users in any organization.
Additional information:
http://www.datasciencecentral.com/video/dsc-webinar-series-data-science-driven-approaches-to-malware
The Science of a Great Career in Data ScienceKate Matsudaira
A data scientist's job is all about details, but a data scientist's career path is much more ambiguous. When you're working in a hot, brand new field, the traditional career ladder just doesn't apply.
So how do you succeed when there is no clear path for success? How can you be amazing at your job when "amazing" is still being defined? It starts with knowing exactly why your job is so different from others (there are no right answers), and learning how to explain your complicated work in an uncomplicated way.
In this talk, you'll learn how to achieve success by leveraging your unique role to create the career you really want.
In this talk, we introduce the Data Scientist role , differentiate investigative and operational analytics, and demonstrate a complete Data Science process using Python ecosystem tools, like IPython Notebook, Pandas, Matplotlib, NumPy, SciPy and Scikit-learn. We also touch the usage of Python in Big Data context, using Hadoop and Spark.
Intro to Data Science for Non-Data ScientistsSri Ambati
Erin LeDell and Chen Huang's presentations from the Intro to Data Science for Non-Data Scientists Meetup at H2O HQ on 08.20.15
- Powered by the open source machine learning software H2O.ai. Contributors welcome at: https://github.com/h2oai
- To view videos on H2O open source machine learning software, go to: https://www.youtube.com/user/0xdata
Supporting open research - how to help your researchers - Vitae15Kevin Ashley
A talk given at a Vitae event in Leeds, 2015-12-01, on how universities and other research organisations can help their researchers practice open research, with a special focus on the training resources provided by FOSTER.
Linked Data Love: research representation, discovery, and assessment
#ALAAC15
The explosion of linked data platforms and data stores over the last five years has been profound – both in terms of quantity of data as well as its potential impact. Research information systems such as VIVO (www.vivoweb.org) play a significant role in enabling this work. VIVO is an open source, Semantic Web-based application that provides an integrated, searchable view of the scholarly activities of an organization. The uniform semantic structure of VIVO-ISF data enables a new class of tools to advance science. This presentation will provide a brief introduction and update to VIVO and present ways that this semantically-rich data can enable visualizations, reporting and assessment, next-generation collaboration and team building, and enhanced multi-site search. Libraries are uniquely positioned to facilitate the open representation of research information and its subsequent use to spur collaboration, discovery, and assessment. The talk will conclude with a description of ways librarians are engaged in this work – including visioning, metadata and ontology creation, policy creation, data curation and management, technical, and engagement activities.
Kristi Holmes, PhD
Director, Galter Health Sciences Library
Director of Evaluation, NUCATS
Associate Professor, Preventive Medicine-Health and Biomedical Informatics
Northwestern University Feinberg School of Medicine
AWS Public Sector Summit 2014 Talk - Science as a Service using AWSRavi Madduri
We present our work on creating sustainable science services using Globus, Amazon Web Services and Galaxy framework. We focus on Globus Genomics as successful usecase
Can’t Pay, Won’t Pay, Don’t Pay: Delivering open science, a Digital Research...Carole Goble
Invited talk, PHIL_OS, March 30-31 2023, Exeter
https://opensciencestudies.eu/whither-open-science. Includes hidden slides.
FAIR and Open Science needs Digital Research Infrastructure, which is a federated system of systems and needs funding models that are fit for purpose
Culture change needed for paying for Open Science’s infrastructure and funding support for data driven research needs more reality and less rhetoric
Changing trends in citation analysis and challenges in API measurementMunesh Kumar
Changing trends in citation analysis and challenges in API measurement article focused on the changing theme of citation analysis and evaluation of Altmetrics, and issues in academic performance Indicator (API).
Data Harmonization for a Molecularly Driven Health SystemWarren Kibbe
Seminar for Dr. Min Zhang's Purdue Bioinformatics Seminar Series. Touched on learning health systems, the Gen3 Data Commons, the NCI Genomic Data Commons, Data Harmonization, FAIR, and open science.
Time to Science, Time to Results: Accelerating Research with AWS - AWS Sympos...Amazon Web Services
This session demonstrates how the Cloud can accelerate breakthroughs in scientific research by providing on-demand access to powerful computing. The Session will feature scientific researchers making use of the Cloud to increase speed to results.
Open access and open data: international trends and strategic contextCybera Inc.
Governments around the world fund billions of dollars in research every year. Ensuring that the results of research are available to the public, other researchers and industry has become an important underlying value in order to maximize the impact of our publicly funded research. This session will discuss what’s driving the trend towards greater openness and provide an overview of international developments that will help put Canada’s activities into context.
Similar to Perspectives from the NIH Associate Director for Data Science (ADDS) Office (20)
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Welcome to the first live UiPath Community Day Dubai! Join us for this unique occasion to meet our local and global UiPath Community and leaders. You will get a full view of the MEA region's automation landscape and the AI Powered automation technology capabilities of UiPath. Also, hosted by our local partners Marc Ellis, you will enjoy a half-day packed with industry insights and automation peers networking.
📕 Curious on our agenda? Wait no more!
10:00 Welcome note - UiPath Community in Dubai
Lovely Sinha, UiPath Community Chapter Leader, UiPath MVPx3, Hyper-automation Consultant, First Abu Dhabi Bank
10:20 A UiPath cross-region MEA overview
Ashraf El Zarka, VP and Managing Director MEA, UiPath
10:35: Customer Success Journey
Deepthi Deepak, Head of Intelligent Automation CoE, First Abu Dhabi Bank
11:15 The UiPath approach to GenAI with our three principles: improve accuracy, supercharge productivity, and automate more
Boris Krumrey, Global VP, Automation Innovation, UiPath
12:15 To discover how Marc Ellis leverages tech-driven solutions in recruitment and managed services.
Brendan Lingam, Director of Sales and Business Development, Marc Ellis
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Perspectives from the NIH Associate Director for Data Science (ADDS) Office
1. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Perspectives from the
NIH Associate Director for Data
Science (ADDS) Office
Vivien Bonazzi, Ph.D.
Senior Advisor for Data Science Technologies & Innovation
NIH Office of the Associate Director for Data Science (ADDS)
7. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
NIH Addresses Big Data
• In response to the
incredible growth of
large biomedical
(digital) datasets, the
Director of NIH
established a special
Data and Informatics
Working Group (DIWG).
Volume
Velocity
Variety
Veracity
8. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
US Government Memo Increasing Access to the
Results of Federally Funded Scientific Research
In Feb 2013 the US OSTP issued a memo calling for all Federal
Agencies to make digital assets from federally funded research
available.
Each agency’s public access plan shall:
Maximize access, by the general public and without charge, to digitally formatted scientific
data created with Federal funds while:
i) protecting confidentiality and personal privacy,
ii) recognizing proprietary interests, business confidential information, and intellectual property rights and avoiding significant negative impact on intellectual property
rights, innovation, and U.S. competitiveness, and
iii) preserving the balance between the relative value of long-term preservation and access and the associated cost and administrative burden.
Provide for the assessment of long-term needs for the preservation of scientific data and
outline options for developing and sustaining repositories for scientific data in digital
formats.
9. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Federal Science Policy Changes
• NIH and other Federal Agencies are working to make digital assets from
federally funded research available.
• Public Access to Data Memo:
http://www.whitehouse.gov/sites/default/files/microsites/ostp/ostp_public_access_memo_2013.pdf
• Applies to publications and digital scientific data
• Develop a strategy for:
– leveraging existing archives (where appropriate)
– fostering public-private partnerships with scientific journals relevant to the
agency’s research
10. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
NIH Response
Establish new data science research and training
programs:
Big Data to Knowledge (BD2K) - 2013
http://datascience.nih.gov/bd2k
Establish a new position:
NIH Associate Director of Data Science(ADDS)
Dr. Phil Bourne - 2014
11. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Future of Open Data
• The nature of the scientific enterprise is evolving.
• Must transform into a digital enterprise
(as have other industries: music, financial, advertising)
• To enable biomedical research as a digital
enterprise through which new discoveries are made
and knowledge generated by maximizing community
engagement and productivity.
12. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
ADDS Mission Statement
To use data science
to foster an
open digital ecosystem
that will accelerate
efficient, cost-effective
biomedical research
to enhance health, lengthen
life, and reduce illness and
disability
13. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
ADDS Strategy
• Discovery and Innovation
Enabling major scientific discovery and innovation through the BD2K Initiative
• Workforce development
Strengthen the ability of a diverse biomedical workforce to develop and benefit from data science
• Policy and process
Contribute to policies & processes involving data that further the NIH mission
• Leadership
Further visibility of NIH leadership in data science by the public, DHHS, USG at large, and
international funders
• Sustainability
To foster a sustainable, efficient, and productive data science ecosystem
Sustainability
Workforce
Development
Discovery &
Innovation
Policy &
Process
Leadership
14. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
ADDS Strategy
• Discovery and Innovation
Enabling major scientific discovery and innovation through the BD2K Initiative
• Workforce development
Strengthen the ability of a diverse biomedical workforce to develop and benefit from data science
• Policy and process
Contribute to policies & processes involving data that further the NIH mission
• Leadership
Further visibility of NIH leadership in data science by the public, DHHS, USG at large, and
international funders
• Sustainability
To foster a sustainable, efficient, and productive data science
ecosystem: The Commons
Sustainability
Workforce
Development
Discovery &
Innovation
Policy &
Process
Leadership
15. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons
enabling the digital enterprise
16. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
What is The Commons?
• Treats products of research – data, methods, papers
etc. as digital objects
• These digital objects exist in a shared virtual space
• Digital objects conform to FAIR principles:
– Findable
– Accessible (and usable)
– Interoperable
– Reusable
17. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
• A shared virtual space where scientists can:
– Find
– Deposit
– Manage
– Share and
– Reuse data, software, metadata and workflows
• An environment to find and catalyze the use of shared
digital research objects
What is The Commons?
18. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: Components
• Computing environment
– cloud and/or HPC
– supports access, utilization, sharing and storage of digital objects.
• Methods for Interoperability
– enables connectivity, shareability and interoperability between digital objects.
– APIs, Containers (docker etc)
• Digital object compliance model
– describes the properties of digital objects that enables them to be discoverable and
shareable
– Metadata, UIDs, Clear access controls (human subject data)
• Indexing
– Means to find and catalog digital objects
19. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: Components
20. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Computing Environment: Cloud
The ability to store, share and compute on digital
research objects
Especially useful for large data sets that are not easily computed
locally
Scalable and Elastic
Pay per use - Cost effective
An environment that fosters collaboration
21. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: Cloud
Commercial
AWS, Google, Microsoft, IBM
Others
Academic
OSC (Open Science Cloud)
iDASH (HIPAA compliant)
The Broad
Others
22. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: HPC
• Supercomputing Centers in the US
– Supported by DOE and NSF
• NERSC (San Francisco)
• ORNL (Oak Ridge)
• TACC (Texas)
• SDSC (San Diego)
• Argonne (Urbana- Champaign)
• Optimized, high performance systems with IT support
23. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: Interoperability
24. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: Interoperability
• Software that supports connectivity and
interoperability between digital (data) objects
– API (Application Programing Interfaces)
• Expose and and provide direct access to data
• Enable data to be passed to analysis tools or pipelines
– Containers
• Package and deploy software tools and pipelines to the cloud
25. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: Digital Object Compliance
26. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons
Digital Object Compliance: FAIR
• Attributes of digital objects in the Commons
• Initial Phase
• Unique digital object identifiers of some type
• A minimal set of searchable metadata
• Physically available in a cloud based Commons provider
• Clear access rules (especially important for human subjects data)
• An entry (with metadata) in one or more indices
– Future Phases
• Standard, community based unique digital object identifiers
• Conform to community approved standard metadata for enhanced searching
• Digital objects accessible via open standard APIs
• Are physically and logical available to the commons
27. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
The Commons: PI Perspective
The Commons
(infrastructure)Cloud Provider
A
Cloud Provider
B
Cloud Provider
C
Investigator
Enables Search
Discovery Index
Indexes
PI
1. Efficiency
Digital object Compliance
Interoperability SW
28. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Commons Pilot Projects
29. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Commons Pilot Projects
• Evaluating Commons Framework & Populating the
Commons
– NIH funded Large Resource groups BD2K groups (cloud)
– HMP Data and tools available in the cloud (AWS)
• https://aws.amazon.com/datasets/1903160021374413
– NCI Cloud Pilots & Genomic Data Commons (AWS, Google)
• The Cloud Credits - business model for using cloud
resources
30. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Commons Credits (business model)
The Commons
(infrastructure)Cloud Provider
A
Cloud Provider
B
Cloud Provider
C
Investigator
NIH
Provides credits Enables Search
Discovery Index
Uses credits in
the Commons IndexesOption:
Direct Funding
31. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
• Cost effective - Only pay for IT support used
• Drives competition – Better services at lower cost
• Supports data access and sharing by driving science into the Commons
• Can help determine metrics of data object usage
• Facilitates public-private partnership
• Never been tried, so we don’t have data about likelihood of success
• Cost Models: Predicated prices among providers
• Service Providers: Predicated on service providers willing to make the
investment to become conformant
• Persistence: The model is ‘Pay As You Go’ which means if you stop paying it
stops going
Cloud Credits: Pros and Cons
32. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Thank You.
This presentation will be loaded to SlideShare the week following the Symposium.
http://www.slideshare.net/AmazonWebServices
AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Vivien Bonazzi: vivien.bonazzi@mail.nih.gov
George Komatsoulis: george.komatsoulis@mail.nih.gov
34. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Shared responsibility model
35. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Facilities
Physical security
Compute infrastructure
Storage infrastructure
Network infrastructure
Virtualization layer
(Amazon EC2)
Hardened service endpoints
Rich AWS Identity & Access
Management (IAM)
capabilities
Applications
Auth & acct management
Authorization policies
Proper service configuration
Network configuration
Security groups
OS firewalls
Operating systems
+ =
• Re-focus your security professionals on a subset of the problem
• Partners can further reduce that burden
• Take advantage of high levels of uniformity and automation
The shared responsibility model
AuditedCustomer + Partner
36. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Genomics Data Security
37. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Store and analyze restricted-access genomics on AWS
bit.ly/aws-dbgap
38. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
NIH security best practices
• Physical security
– Data center access and remote administrator access
• Electronic security
– User account security (for example, passwords)
– Use of access control lists (ACLs)
– Secure networking
– Encryption of data in transit and at rest
– OS and software patching
• Data access security
– Authorization of access to data
– Tracking copies; cleaning up after use
39. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Enterprise
Applications
Virtual
Desktops
Collaboration and Sharing
Platform
Services
Databases
Caching
Relational
NoSQL
Analytics
Hadoop
Real-time
Data
Workflows
Data
Warehouse
App Services
Queuing
Orchestration
App Streaming
Transcoding
Email
Search
Deployment & Management
Containers
DevOps Tools
Resource Templates
Usage Tracking
Monitoring and Logs
Mobile Services
Identity
Sync
Mobile Analytics
Notifications
Foundation
Services
Compute
(VMs, Auto Scaling
and Load Balancing)
Storage
(Object, Block,
and Archive)
Security &
Access Control
Networking
Infrastructure Regions CDN and Points of PresenceAvailability Zones
40. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Amazon Virtual Private Cloud
(Amazon VPC)
Create secure
network
configurations for
working with
sensitive data
EC2
10.0.2.12
AWS region – VPC network isolation
AZ A AZ B
VPC 10.0.0.0/16
SN 10.0.1.0/24 (DMZ) SN 10.0.2.0/24 (Private)
(23.20.103.11)
Internet
EC2
10.0.1.11
Internet GW Service
Virtual Gateway
41. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Enterprise
Applications
Virtual
Desktops
Collaboration and Sharing
Platform
Services
Databases
Caching
Relational
NoSQL
Analytics
Hadoop
Real-time
Data
Workflows
Data
Warehouse
App Services
Queuing
Orchestration
App Streaming
Transcoding
Email
Search
Deployment & Management
Containers
DevOps Tools
Resource Templates
Usage Tracking
Monitoring and Logs
Mobile Services
Identity
Sync
Mobile Analytics
Notifications
Foundation
Services
Compute
(VMs, Auto Scaling
and Load Balancing)
Storage
(Object, Block,
and Archive)
Security &
Access Control
Networking
Infrastructure Regions CDN and Points of PresenceAvailability Zones
42. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Encrypt your data prior to sending to AWS
Your applications in your
data center
Your applications in
Amazon EC2Encrypted
data
AWS Services
Amazon
S3
Amazon
Glacier
Amazon
Redshift
Amazon Elastic
Block Store
43. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Encryption: a brief primer
Plaintext
PHI
Hardware/
Software
Encrypted
PHI
Symmetric
Data Key
Encrypted
Data Key
Master KeySymmetric
Data Key
?
Encrypted
Data in Storage
Key Hierarchy
?
44. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Encryption of AWS storage services
Amazon EBS
Amazon S3
• HTTPS
• AES-256 server-side encryption
• AWS or customer-provided or customer-managed keys
• Each object gets its own key
• End-to-end secure network traffic
• Whole volume encryption
• AWS or customer-managed keys
• Encrypted incremental snapshots
• Minimal performance overhead (uses Intel AES-NI)
45. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
S3 server encryption with AWS fully-managed keys
Plaintext
PHI
Encrypted
PHI
Symmetric
Data KeyS3 Web Server
HTTPS
Customer
PHI
Encrypted
Data Key
Master KeySymmetric
Data Key
S3 Storage
Fleet
A master key managed by S3 and protected by
systems internal to AWS in a distinct system
46. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
AWS Key Management Service
A service that enables you to provision and use encryption keys to protect
your data
Allows you to create, use, and manage encryption keys from within…
Your own applications via the AWS SDK
Supported AWS services (Amazon S3, Amazon EBS, Amazon Redshift)
Available in all commercial regions
Can be used in a key hierarchy to secure data encryption keys protecting
PHI
47. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
AWS services integrate with AWS KMS
• 2-tiered key hierarchy using envelope encryption
• Data keys encrypt customer data
• AWS KMS customer master keys encrypt data
keys
• Benefits:
• Limits blast radius of compromised resources and
their keys
• Better performance
• Easier to manage a small number of master keys
than billions of resource keys
Master Key(s)
Data Key 1
S3 Object EBS Volume Amazon RDS
Instance
Amazon
Redshift
Cluster
Data Key 2 Data Key 3 Data Key 4 Data Key 5
Your
Application
Keys encrypted
Data encrypted
KMS
48. AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Thank You.
This presentation will be loaded to SlideShare the week following the Symposium.
http://www.slideshare.net/AmazonWebServices
AWS Government, Education, and Nonprofit Symposium
Washington, DC I June 25-26, 2015
Editor's Notes
OSTP Office of Science and Technology Policy
https://www.whitehouse.gov/sites/default/files/microsites/ostp/ostp_public_access_memo_2013.pdf
Here Phil address the broader issues of the scientific enterprise
Cloud computing implies data and the software are maintained together and accessible from any device at any time. Unlike a web server hidden in an academic institution, NIH can monitor activity in the cloud and better understand usage patterns etc. For the first time we will be able to take a better accounting of supply vs demand.
Digital object = data or analytics software
This says nothing about interoperability and commons /object compliance
This MUST be shown or its just part of the picture
There’s a shared responsibility to accomplish security and compliance objectives in AWS cloud. There are some elements that AWS takes responsibility for, and others that the customer must address. The outcome of the collaborative approach is positive results seen by customers around the world.
Include MFA in here.
Before we discuss specific encryption and key management functions in AWS, let’s review how data encryption and key management is typically implemented.
A symmetric data key is generated from either software or hardware. Symmetric keys are preferable to asymmetric keys when you want to encryption data of an arbitrary size and have it be fast.
The key is used along with an encryption algorithm (like AES) and the resulting ciphertext is stored.
But what about the symmetric key you just used? You can’t store it with the encrypted data, that’s called “encraption”. You have to protect that key somehow.
The best practice is to encrypt the data key with yet another key, called a key-encrypting key. This key can be symmetric or asymmetric, but it needs to be derived and stored in a separate system than the one you’re processing your data in.
After you encrypt the data key with the key-encrypting key, you can then store the resulting ciphertext along with the encrypted data.
But what about the key-encrypting key? How do you protect that? You can iterate on the process of enveloping this key with additional keys as many times as you want; creating a key hierarchy. At some point, you’re going to need to be able to access a plaintext key that starts the “unwrapping” process to be able to derive the final data key to decrypt the data. The location and access controls around this key should be distinct from the ones used with the original data.
Intel® AES New Instructions (AES-NI): Intel AES-NI encryption instruction set improves upon the original Advanced Encryption Standard (AES) algorithm to provide faster data protection and greater security.
Refer back to DNAnexus implementation of encryption for S3 for data, EBS for metadata.