AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss Key Management Service, S3, access controls, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
Speaker: Nathan Case - Sr. Solutions Architect, AWS
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
This session will discuss the options available for encrypting data at rest and key management in AWS. It will focus on two primary scenarios: (1) AWS manages encryption keys on behalf of the customer to provide automated server-side encryption; (2) the customer manages their own encryption keys using partner solutions and/or AWS CloudHSM. Real-world customer examples will be presented to demonstrate adoption drivers of specific encryption technologies in AWS. Netflix Jason Chan will provide an overview of how NetFlix uses CloudHSM for secure key storage.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
In this session, we share best practices and easily-leveraged solutions for enacting autonomous systems in the face of subversion. From gag orders to warrantless searches and seizures, learn about specific tactics to protect and exercise data privacy, both for partners and customers.
Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to release enhancements to encryption-specific services and expand encryption capabilities in new services to make security easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.
Speaker: Dr. John Hildebrandt - Principle Solutions Architect, AWS
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
Speakers:
Rob Whitmore, AWS Solutions Architect
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn:
• Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals.
Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Educate customers in the types of problems CloudHSM solves for them
- Build customer trust in the ability of CloudHSM to secure their workloads and data
- Energize customers to try out the service and use it to transfer and/or modernize workloads in AWS
AWS Summit 2014 Melbourne - Breakout 3
The AWS Cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Presenter: Stephen Quigg, Solutions Architect, APAC, Amazon Web Services
AWS provides a range of Compute Services – Amazon EC2, Amazon ECS and AWS Lambda. We will provide an intro level overview of these services and highlight suitable use cases. Amazon Elastic Compute Cloud (Amazon EC2) itself provides a broad selection of instance types to accommodate a diverse mix of workloads. Going a bit deeper on EC2 we will provide background on the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current-generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances, both from a performance and cost perspective.
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture and service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
In this session, we share best practices and easily-leveraged solutions for enacting autonomous systems in the face of subversion. From gag orders to warrantless searches and seizures, learn about specific tactics to protect and exercise data privacy, both for partners and customers.
Powerful encryption capabilities are available in the core services of the AWS cloud. AWS continues to release enhancements to encryption-specific services and expand encryption capabilities in new services to make security easy for everyone. Learn how to take advantage of these services and features to protect and secure your data in the cloud.
Speaker: Dr. John Hildebrandt - Principle Solutions Architect, AWS
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
Speakers:
Rob Whitmore, AWS Solutions Architect
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn:
• Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals.
Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
Protecting sensitive data in the cloud typically requires encryption. Managing the keys used for encryption can be challenging as your sensitive data passes between services and applications. AWS offers several options for using encryption and managing keys to help simplify the protection of your data at rest. This session will help you understand which features are available and how to use them, with emphasis on AWS Key Management Service and AWS CloudHSM. Adobe Systems Incorporated will present their experience using AWS encryption services to solve data security needs.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
Learning Objectives:
- Educate customers in the types of problems CloudHSM solves for them
- Build customer trust in the ability of CloudHSM to secure their workloads and data
- Energize customers to try out the service and use it to transfer and/or modernize workloads in AWS
AWS Summit 2014 Melbourne - Breakout 3
The AWS Cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. In this session, we’ll provide a practical understanding of the assurance programs that AWS provides; such as HIPAA, FedRAMP(SM), PCI DSS Level 1, MPAA, and many others. We’ll also address the types of business solutions that these certifications enable you to deploy on the AWS Cloud, as well as the tools and services AWS makes available to customers to secure and manage their resources.
Presenter: Stephen Quigg, Solutions Architect, APAC, Amazon Web Services
AWS provides a range of Compute Services – Amazon EC2, Amazon ECS and AWS Lambda. We will provide an intro level overview of these services and highlight suitable use cases. Amazon Elastic Compute Cloud (Amazon EC2) itself provides a broad selection of instance types to accommodate a diverse mix of workloads. Going a bit deeper on EC2 we will provide background on the Amazon EC2 instance platform, key platform features, and the concept of instance generations. We dive into the current-generation design choices of the different instance families, including the General Purpose, Compute Optimized, Storage Optimized, Memory Optimized, and GPU instance families. We also detail best practices and share performance tips for getting the most out of your Amazon EC2 instances, both from a performance and cost perspective.
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
This session tells the story of how security-minded enterprises provide end-to-end protection of their sensitive data in AWS. Learn about the enterprise security architecture decisions made by Fortune 500 organizations during actual sensitive workload deployments as told by the AWS professional service security, risk, and compliance team members who lived them. In this technical walkthrough, we share lessons learned from the development of enterprise security strategy, security use-case development, end-to-end security architecture & service composition, security configuration decisions, and the creation of AWS security operations playbooks to support the architecture.
Come learn about new and existing Amazon S3 features that can help you better protect your data, save on cost, and improve usability, security, and performance. We will cover a wide variety of Amazon S3 features and go into depth on several newer features with configuration and code snippets, so you can apply the learnings on your object storage workloads.
Amazon S3 hosts trillions of objects and is used for storing a wide range of data, from system backups to digital media. This presentation from the Amazon S3 Masterclass webinar we explain the features of Amazon S3 from static website hosting, through server side encryption to Amazon Glacier integration. This webinar will dive deep into the feature sets of Amazon S3 to give a rounded overview of its capabilities, looking at common use cases, APIs and best practice.
See a recording of this video here on YouTube: http://youtu.be/VC0k-noNwOU
Check out future webinars in the Masterclass series here: http://aws.amazon.com/campaigns/emea/masterclass/
View the Journey Through the Cloud webinar series here: http://aws.amazon.com/campaigns/emea/journey/
This is a slidedeck from my presentation at WordCamp Portland 2008. I used it to share what my need for an ecosystem is, why I'm using WordPress, and some info about ecosystems I'm working on.
Before you start, always ask the kids what a greenhouse is. I kid you not! This presentation is simple, a bit too wordy, but effective nevertheless. I've included some blank slides so you can do your own thing. Enjoy and thank you.
il mio intervento al convegno : "Cosa fareste con 300Mbps di Banda Larga?" presso il VEGA, Parco Scientifico Tecnologico di Venezia, il 26 Dicembre 2010
Francesca Bosco, Cybercrime e cybersecurity. Profili internazionaliAndrea Rossetti
Primo incontro del ciclo: Cybercrime, Digital Evidence e Digital Forensics - webminario organizzato da Giuseppe Vaciago per la cattedra di Informatica giuridica della Bicocca.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
AWS June Webinar Series - Deep Dive: Protecting Your Data with AWS EncryptionAmazon Web Services
How do you protect your private information and customer PII in the cloud when you don’t control all the hardware or software components that might access that information? AWS allows you to offload many management and data-handling tasks, but how do you evaluate the risks to your data as it passes through these services? AWS offers many options for using encryption to protect your data in transit and at rest. A variety of features let you determine how much control you want over your encryption keys in order to meet your security goals. This webinar will help you understand which AWS encryption features are available, when to use them, and how to integrate them in your workloads. In this webinar, you will learn:
• Learn how to think about using encryption to protect your private information in the cloud • Learn how to evaluate key management architectures to determine whether they meet your needs • Learn how to use AWS encryption features to accomplish your data security goals
Who Should Attend: • Developers, DevOps Engineers, and IT Security Administrators
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
With a minimum security baseline in place, you’re now ready to host data—which means Data Protection is required. Here we will discuss defining encryption strategy and selecting native AWS (KMS, CloudHSM) or third party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
AWS re:Invent re:Cap 행사에서 발표된 강연 자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 발표한 내용입니다. 새로 발표된 AWS의 보안 및 접근권한 관리 관련 서비스를 이용해 아키텍처를 구축하는 방법에 대해 초점이 맞춰져 있습니다.
내용 요약: AWS 클라우드의 인프라는 현존하는 클라우드 컴퓨팅 환경 중 가장 유연하고 안전하게 작동할 수 있도록 설계되어 고도의 확장성과 안정성을 지닌 플랫폼으로 기능하고 있으며, 고객들은 이를 활용해 애플리케이션과 데이터를 빠르고 안전하게 배포할 수 있습니다. 이번 세션에서는 현존하는 AWS의 보안 및 컴플라이언스 도구들 외에 이번 re:Invent에서 추가된 AWS Key Management Service, AWS Config, 그리고 AWS Service Catalog를 활용해 커스텀 키 관리 및 암호화, 리소스 사용의 가시성 확보와 감사, 표준화된 리소스 할당을 가능하게 하는 법에 대해 알아보겠습니다.
by Eric Rose, Sr. Security Consultant, AWS
With a minimum security baseline in place, you can host data—which means data protection is required. In this session, we discuss defining an encryption strategy and selecting native AWS tools (AWS KMS, AWS CloudHSM) or third-party tools; defining key rotation and key protection mechanisms; and defining data at rest and data in transit protection requirements.
AWS re:Invent 2016: Get the Most from AWS KMS: Architecting Applications for ...Amazon Web Services
AWS Key Management Service provides an easy and cost-effective way to secure your data in AWS. In this session, you learn about leveraging the latest features of the service to minimize risk for your data. We also review the recently released Import Key feature that gives you more control over the encryption process by letting you bring your own keys to AWS.
(SEC301) Encryption and Key Management in AWS | AWS re:Invent 2014Amazon Web Services
Sensitive customer data needs to be protected throughout AWS. This session discusses the options available for encrypting data at rest in AWS. It focuses on several scenarios, including transparent AWS management of encryption keys on behalf of the customer to provide automated server-side encryption and customer key management using partner solutions or AWS CloudHSM. This session is helpful for anyone interested in protecting data stored in AWS.
This presentation intends to introduce users to AWS KMS service and describes couple of design patterns to implement AWS KMS services in multi-account landing zone. This presentation also covers various KMS keys and how these keys can be used for various encryption operations.
Data protection using encryption in AWS - SEC201 - Santa Clara AWS SummitAmazon Web Services
Encryption is an essential tool for protecting data, and your key management practices provide the means to control access to sensitive and regulated information. In this session, we provide an overview of AWS Key Management Service (AWS KMS) and show you how it integrates with encryption capabilities across AWS. We describe how customers can use AWS KMS features to gain additional control over their keys and satisfy compliance requirements. Representatives from Slack join us to describe how the company used AWS KMS to give its customers increased control and visibility over the data that Slack protects on their behalf.
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
Il Forecasting è un processo importante per tantissime aziende e viene utilizzato in vari ambiti per cercare di prevedere in modo accurato la crescita e distribuzione di un prodotto, l’utilizzo delle risorse necessarie nelle linee produttive, presentazioni finanziarie e tanto altro. Amazon utilizza delle tecniche avanzate di forecasting, in parte questi servizi sono stati messi a disposizione di tutti i clienti AWS.
In questa sessione illustreremo come pre-processare i dati che contengono una componente temporale e successivamente utilizzare un algoritmo che a partire dal tipo di dato analizzato produce un forecasting accurato.
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
La varietà e la quantità di dati che si crea ogni giorno accelera sempre più velocemente e rappresenta una opportunità irripetibile per innovare e creare nuove startup.
Tuttavia gestire grandi quantità di dati può apparire complesso: creare cluster Big Data su larga scala sembra essere un investimento accessibile solo ad aziende consolidate. Ma l’elasticità del Cloud e, in particolare, i servizi Serverless ci permettono di rompere questi limiti.
Vediamo quindi come è possibile sviluppare applicazioni Big Data rapidamente, senza preoccuparci dell’infrastruttura, ma dedicando tutte le risorse allo sviluppo delle nostre le nostre idee per creare prodotti innovativi.
Ora puoi utilizzare Amazon Elastic Kubernetes Service (EKS) per eseguire pod Kubernetes su AWS Fargate, il motore di elaborazione serverless creato per container su AWS. Questo rende più semplice che mai costruire ed eseguire le tue applicazioni Kubernetes nel cloud AWS.In questa sessione presenteremo le caratteristiche principali del servizio e come distribuire la tua applicazione in pochi passaggi
Vent'anni fa Amazon ha attraversato una trasformazione radicale con l'obiettivo di aumentare il ritmo dell'innovazione. In questo periodo abbiamo imparato come cambiare il nostro approccio allo sviluppo delle applicazioni ci ha permesso di aumentare notevolmente l'agilità, la velocità di rilascio e, in definitiva, ci ha consentito di creare applicazioni più affidabili e scalabili. In questa sessione illustreremo come definiamo le applicazioni moderne e come la creazione di app moderne influisce non solo sull'architettura dell'applicazione, ma sulla struttura organizzativa, sulle pipeline di rilascio dello sviluppo e persino sul modello operativo. Descriveremo anche approcci comuni alla modernizzazione, compreso l'approccio utilizzato dalla stessa Amazon.com.
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
L’utilizzo dei container è in continua crescita.
Se correttamente disegnate, le applicazioni basate su Container sono molto spesso stateless e flessibili.
I servizi AWS ECS, EKS e Kubernetes su EC2 possono sfruttare le istanze Spot, portando ad un risparmio medio del 70% rispetto alle istanze On Demand. In questa sessione scopriremo insieme quali sono le caratteristiche delle istanze Spot e come possono essere utilizzate facilmente su AWS. Impareremo inoltre come Spreaker sfrutta le istanze spot per eseguire applicazioni di diverso tipo, in produzione, ad una frazione del costo on-demand!
In recent months, many customers have been asking us the question – how to monetise Open APIs, simplify Fintech integrations and accelerate adoption of various Open Banking business models. Therefore, AWS and FinConecta would like to invite you to Open Finance marketplace presentation on October 20th.
Event Agenda :
Open banking so far (short recap)
• PSD2, OB UK, OB Australia, OB LATAM, OB Israel
Intro to Open Finance marketplace
• Scope
• Features
• Tech overview and Demo
The role of the Cloud
The Future of APIs
• Complying with regulation
• Monetizing data / APIs
• Business models
• Time to market
One platform for all: a Strategic approach
Q&A
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
Per creare valore e costruire una propria offerta differenziante e riconoscibile, le startup di successo sanno come combinare tecnologie consolidate con componenti innovativi creati ad hoc.
AWS fornisce servizi pronti all'utilizzo e, allo stesso tempo, permette di personalizzare e creare gli elementi differenzianti della propria offerta.
Concentrandoci sulle tecnologie di Machine Learning, vedremo come selezionare i servizi di intelligenza artificiale offerti da AWS e, anche attraverso una demo, come costruire modelli di Machine Learning personalizzati utilizzando SageMaker Studio.
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
Con l'approccio tradizionale al mondo IT per molti anni è stato difficile implementare tecniche di DevOps, che finora spesso hanno previsto attività manuali portando di tanto in tanto a dei downtime degli applicativi interrompendo l'operatività dell'utente. Con l'avvento del cloud, le tecniche di DevOps sono ormai a portata di tutti a basso costo per qualsiasi genere di workload, garantendo maggiore affidabilità del sistema e risultando in dei significativi miglioramenti della business continuity.
AWS mette a disposizione AWS OpsWork come strumento di Configuration Management che mira ad automatizzare e semplificare la gestione e i deployment delle istanze EC2 per mezzo di workload Chef e Puppet.
Scopri come sfruttare AWS OpsWork a garanzia e affidabilità del tuo applicativo installato su Instanze EC2.
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
Vuoi conoscere le opzioni per eseguire Microsoft Active Directory su AWS? Quando si spostano carichi di lavoro Microsoft in AWS, è importante considerare come distribuire Microsoft Active Directory per supportare la gestione, l'autenticazione e l'autorizzazione dei criteri di gruppo. In questa sessione, discuteremo le opzioni per la distribuzione di Microsoft Active Directory su AWS, incluso AWS Directory Service per Microsoft Active Directory e la distribuzione di Active Directory su Windows su Amazon Elastic Compute Cloud (Amazon EC2). Trattiamo argomenti quali l'integrazione del tuo ambiente Microsoft Active Directory locale nel cloud e l'utilizzo di applicazioni SaaS, come Office 365, con AWS Single Sign-On.
Dal riconoscimento facciale al riconoscimento di frodi o difetti di fabbricazione, l'analisi di immagini e video che sfruttano tecniche di intelligenza artificiale, si stanno evolvendo e raffinando a ritmi elevati. In questo webinar esploreremo le possibilità messe a disposizione dai servizi AWS per applicare lo stato dell'arte delle tecniche di computer vision a scenari reali.
Amazon Web Services e VMware organizzano un evento virtuale gratuito il prossimo mercoledì 14 Ottobre dalle 12:00 alle 13:00 dedicato a VMware Cloud ™ on AWS, il servizio on demand che consente di eseguire applicazioni in ambienti cloud basati su VMware vSphere® e di accedere ad una vasta gamma di servizi AWS, sfruttando a pieno le potenzialità del cloud AWS e tutelando gli investimenti VMware esistenti.
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
Molte aziende oggi, costruiscono applicazioni con funzionalità di tipo ledger ad esempio per verificare lo storico di accrediti o addebiti nelle transazioni bancarie o ancora per tenere traccia del flusso supply chain dei propri prodotti.
Alla base di queste soluzioni ci sono i database ledger che permettono di avere un log delle transazioni trasparente, immutabile e crittograficamente verificabile, ma sono strumenti complessi e onerosi da gestire.
Amazon QLDB elimina la necessità di costruire sistemi personalizzati e complessi fornendo un database ledger serverless completamente gestito.
In questa sessione scopriremo come realizzare un'applicazione serverless completa che utilizzi le funzionalità di QLDB.
Con l’ascesa delle architetture di microservizi e delle ricche applicazioni mobili e Web, le API sono più importanti che mai per offrire agli utenti finali una user experience eccezionale. In questa sessione impareremo come affrontare le moderne sfide di progettazione delle API con GraphQL, un linguaggio di query API open source utilizzato da Facebook, Amazon e altro e come utilizzare AWS AppSync, un servizio GraphQL serverless gestito su AWS. Approfondiremo diversi scenari, comprendendo come AppSync può aiutare a risolvere questi casi d’uso creando API moderne con funzionalità di aggiornamento dati in tempo reale e offline.
Inoltre, impareremo come Sky Italia utilizza AWS AppSync per fornire aggiornamenti sportivi in tempo reale agli utenti del proprio portale web.
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
Molte organizzazioni sfruttano i vantaggi del cloud migrando i propri carichi di lavoro Oracle e assicurandosi notevoli vantaggi in termini di agilità ed efficienza dei costi.
La migrazione di questi carichi di lavoro, può creare complessità durante la modernizzazione e il refactoring delle applicazioni e a questo si possono aggiungere rischi di prestazione che possono essere introdotti quando si spostano le applicazioni dai data center locali.
In queste slide, gli esperti AWS e VMware presentano semplici e pratici accorgimenti per facilitare e semplificare la migrazione dei carichi di lavoro Oracle accelerando la trasformazione verso il cloud, approfondiranno l’architettura e dimostreranno come sfruttare a pieno le potenzialità di VMware Cloud ™ on AWS.
Amazon Elastic Container Service (Amazon ECS) è un servizio di gestione dei container altamente scalabile, che semplifica la gestione dei contenitori Docker attraverso un layer di orchestrazione per il controllo del deployment e del relativo lifecycle. In questa sessione presenteremo le principali caratteristiche del servizio, le architetture di riferimento per i differenti carichi di lavoro e i semplici passi necessari per poter velocemente migrare uno o più dei tuo container.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
2. Encrypting Data in AWS
AWS Key Management Service, CloudHSM and other options
3. What to expect from this session
• Understand your options for protecting your data with encryption
in AWS
• Understand how AWS Key Management Service (KMS) can
simplify encryption
• Understand alternatives such as AWS CloudHSM and partner
solutions
4. TLS
TLS is used with every AWS API and is also available
directly to customers of many AWS services including
Elastic Load Balancing (ELB), AWS Elastic Beanstalk,
Amazon CloudFront, Amazon S3, Amazon RDS, and
Amazon SES.
5. s2n is a TLS library that has been designed by AWS to be
small, fast, with simplicity as a priority. s2n avoids
implementing rarely used options and extensions, and
today is just more than 6,000 lines of code.
https://github.com/awslabs/s2n
6. Authenticating AWS Requests Sigv4
The signature version 4 signing specification describes
how to add authentication information to AWS requests
As a security measure, most requests to AWS must be
signed using an access key (access key ID and secret
access key)
7. EC2 VPC VPN
The VPN running in the AWS Cloud (also known as a VPN
gateway or VGW) communicates with a customer gateway
(CGW) on your network or in your data center
Supports NAT Traversal: NAT-T allows you to create IP
connections that originate on-premises and connect to an
EC2 instance (or vice versa) using addresses that have
been translated.
9. Where are keys stored?
• Hardware you own?
• Hardware the cloud provider owns?
Where are keys used?
• Client software you control?
• Server software the cloud provider controls?
Who can use the keys?
• Users and applications that have permissions?
• Cloud provider applications you give permissions?
What assurances are there for proper security around keys?
“Key” questions to consider with any solution
10. Client-side encryption
• You encrypt your data before data submitted to service
• You supply encryption keys OR use keys in your AWS account
• Available clients:
• Amazon S3, Amazon EMR File System (EMRFS), Amazon DynamoDB
Server-side encryption
• AWS encrypts data on your behalf after data is received by service
• Integrated services:
• S3, Amazon EBS, Amazon RDS, Amazon Redshift, Amazon WorkMail/WorkSpaces, AWS
CloudTrail, Amazon Simple Email Service, Amazon Elastic Transcoder, AWS Import/Export
Snowball, Amazon Kinesis Firehose
Options for using encryption in AWS
11. Your
applications
in your data
center
Your key
management
infrastructure in EC2
Your encryption
client application
Your key management
infrastructure Your application
in EC2
Your encrypted data in select AWS services
Client-side encryption in AWS
S3/EMRFS and DynamoDB encryption clients in AWS SDKs
12. Amazon S3 Web
Server
HTTPS
Customer
Data
Amazon S3
Storage Fleet
Key is used at S3 web server, and then deleted.
Customer must provide same key when
downloading to allow S3 to decrypt data.
Customer-
provided key
Server-side encryption in AWS
S3 server-side encryption with customer-provided encryption keys (SSE-C)
Plaintext
Data
Encrypted
Data
Customer-
provided key
14. AWS Key Management Service (KMS)
• Managed service that simplifies creation, control, rotation, and use
of encryption keys in your applications
• Integrated with AWS server-side encryption
• S3, EBS, RDS, Amazon Aurora, Amazon Redshift, WorkMail,
Amazon WorkSpaces, CloudTrail, and Amazon Elastic Transcoder
• Integrated with AWS client-side encryption
• AWS SDKs, S3 encryption client, EMRFS client, and DynamoDB
encryption client
• Integrated with CloudTrail to provide auditable logs of key usage for
regulatory and compliance activities
• Available in all commercial regions except China
16. How clients and AWS services typically integrate with KMS
Two-tiered key hierarchy using envelope
encryption
• Unique data key encrypts customer data
• KMS master keys encrypt data keys
Benefits
• Limits risk of compromised data key
• Better performance for encrypting large
data
• Easier to manage small number of
master keys than millions of data keys
• Centralized access and audit of key
activity
Customer master
keys
Data key 1
S3 object EBS
volume
Amazon
Redshift
cluster
Data key 2 Data key 3 Data key 4
Custom
application
KMS
17. Your application or
AWS service
+
Data key Encrypted data key
Encrypted
data
Master keys in
customer’s account
KMS
How AWS services use your KMS keys
1. Client calls kms:GenerateDataKey by passing the ID of the KMS master key in your
account.
2. Client request is authenticated based on permissions set on both the user and the key.
3. A unique data encryption key is created and encrypted under the KMS master key.
4. The plaintext and encrypted data key is returned to the client.
5. The plaintext data key is used to encrypt data and is then deleted when practical.
6. The encrypted data key is stored; it’s sent back to KMS when needed for data decryption.
19. You control how and when your KMS keys can
be used and by whom
Sample permissions on a key:
• Can only be used for encryption and decryption by <these users and
roles> in <this account>
• Can only be used by application A to encrypt data, but only used by
application B to decrypt data
• Can only be used to decrypt data if the service resource is active and
additional parameters about the resource are passed in the call
• Can be managed only by this set of administrator users or roles
Fully integrated with AWS Identity and Access Management
20. Rotating keys in KMS
What key rotation means:
• A new version of a master key is created, but mapped to the same
key ID or alias
• All new encryption requests use the new version
• All previous versions of keys are kept to perform decryption on
older ciphertexts
There is nothing users/applications need to do after a rotation –
the same keyID or alias just works
AWS CLI
enable-key-rotation --key-id <value>
Console (Key Summary Page)
21. Auditability of KMS key usage through
AWS CloudTrail
"EventName":"DecryptResult", This KMS API was called…
"EventTiime":"2014-08-18T18:13:07Z", ….at this 5me
"RequestParameters":
"{"keyId":"2b42x363-1911-4e3a-8321-6b67329025ex”}”, …in reference to this key
“EncrypPonContext":"volumeid-12345", …to protect this AWS resource
"SourceIPAddress":"42.23.141.114 ", …from this IP address
"UserIdenPty":
“{"arn":"arn:aws:iam::957737256530:user/User123“} …by this AWS user in this account
22. KMS APIs to build your own applications
Example management APIs
• CreateKey, CreateAlias
• DisableKey
• EnableKeyRotation
• PutKeyPolicy
• ListKeys, DescribeKey
Example data APIs
• Encrypt
• Decrypt
• ReEncrypt
• GenerateDataKey
26 APIs and growing
http://docs.aws.amazon.com/kms/latest/APIReference/Welcome.html
23. KMS assurances
Why should you trust AWS with your keys?
• There are no tools in place to access your physical key material.
• Your plaintext keys are never stored in nonvolatile memory.
• You control who has permissions to use your keys.
• Separation of duties between systems that use master keys and
ones that use data keys.
• Multiparty controls for all maintenance of KMS systems that use
your master keys.
• Third-party evidence of these controls:
• Service Organization Control (SOC 1)
• PCI-DSS
• See AWS Compliance packages for details
24. Pricing for KMS
$1/key version/month
$0.03 per 10,000 API requests
• 20,000 free requests per month
25. Alternatives to KMS
In order to have different controls over the security of your keys
1. AWS CloudHSM
2. AWS Partner Solutions
3. Do it yourself
26. AWS CloudHSM
• You receive dedicated access to HSM
appliances
• HSMs located in AWS data centers
• Managed and monitored by AWS
• Only you have access to your keys and
operations on the keys
• HSMs are inside your Amazon VPC –
isolated from the rest of the network
• Uses SafeNet Luna SA HSM appliances
CloudHSM
AWS administrator –
Manages the appliance
You – Control keys and
crypto operations
Amazon Virtual Private Cloud
27. AWS CloudHSM
Available in seven regions worldwide
• US East (N. Virginia), US West (Oregon), EU (Ireland), EU (Frankfurt)
and Asia Pacific (Sydney, Tokyo, Singapore)
Compliance
• Included in AWS PCI DSS and SOC-1 compliance packages
• FIPS 140-2 level 2 (maintained by Gemalto/SafeNet)
Typical use cases
• Use with Redshift, RDS for Oracle
• Integrate with third-party software (Oracle, SQL Server, Apache,
SafeNet)
• Build your own custom applications
28. SafeNet ProtectV manager
and Virtual KeySecure
in EC2
EBS volume encryption with CloudHSM and
SafeNet Software
SafeNet ProtectV with Virtual KeySecure
CloudHSM stores the master key
SafeNet
ProtectV
client
CloudHSM
Your encrypted data
in EBS
Your applications
in EC2
ProtectV client
• Encrypts I/O from
EC2 instances to EBS
volumes
• Includes preboot
authentication
29. Pricing for CloudHSM
HSM provisioned in any region has a $5,000 one-time charge
Starting at $1.88/hour metered charge after setup
• Hourly rate varies by region
As low as $21,500 in year one; $16,500 in subsequent years
Requests not billed; limited only by the device capacity
• Varies depending on algorithm and key size
30. Comparing CloudHSM with KMS
CloudHSM
• Dedicated access to one or more HSM
devices that complies with government
standards (e.g., FIPS 140-2, Common
Criteria)
• You control all access to your keys and
the application software that uses them
• Supported applications:
• Your custom software
• Third-party software
• AWS services: Redshift, RDS for Oracle
KMS
• Highly available and durable key storage,
management, and auditable service
• Easily encrypt your data across AWS
services and within your own applications
based on policies you define
• Supported applications:
• Your custom software built with AWS SDKs/CLI
• AWS services (S3, EBS, RDS, Aurora, Redshift,
WorkMail, WorkSpaces, CloudTrail, Elastic
Transcoder)
31. Partner solutions in AWS Marketplace
• Browse, test, and buy encryption and key management solutions
• Pay-by-the-hour, monthly, or annual
• Software fees added to AWS bill
• Bring Your Own License
32. Your encryption
client application
Your key management
infrastructure
Your
applications
in your data
center
Your application
in EC2
Your key
management
infrastructure in EC2
Your encrypted data in AWS services
…
DIY key management in AWS
Encrypt data client-side and send ciphertext to AWS storage services
33. KMS AWS CloudHSM
AWS Marketplace
Partner Solutions
DIY
Where keys are
generated and stored
AWS In AWS, on an HSM
that you control
Your network or in
AWS
Your network or in
AWS
Where keys are used AWS services or your
applications
AWS or your
applications
Your network or your
EC2 instance
Your network or your
EC2 instance
How to control key use Policy you define;
enforced by AWS
Customer code +
SafeNet APIs
Vendor-specific
management
Config files, vendor-
specific management
Responsibility for
performance/scale
AWS You You You
Integration with AWS
services?
Yes Limited Limited Limited
Pricing model Per key/usage Per hour Per hour/per year Variable
Comparison of key management options
34. KMS CloudHSM
AWS Marketplace
Partner Solutions
DIY
Where keys are
generated and stored
AWS In AWS, on an HSM
that you control
Your network or in
AWS
Your network or in
AWS
Where keys are used AWS services or your
applications
AWS or your
applications
Your network or your
EC2 instance
Your network or your
EC2 instance
How to control key use Policy you define;
enforced by AWS
Customer code +
SafeNet APIs
Vendor-specific
management
Config files, vendor-
specific management
Responsibility for
performance/scale
AWS You You You
Integration with AWS
services?
Yes Limited Limited Limited
Pricing model Per key/usage Per hour Per hour/per year Variable
Comparison of key management options
35. KMS CloudHSM
AWS Marketplace
Partner Solutions
DIY
Where keys are
generated and stored
AWS In AWS, on an HSM
that you control
Your network or in
AWS
Your network or in
AWS
Where keys are used AWS services or your
applications
AWS or your
applications
Your network or your
EC2 instance
Your network or your
EC2 instance
How to control key use Policy you define;
enforced by AWS
Customer code +
SafeNet APIs
Vendor-specific
management
Config files, vendor-
specific management
Responsibility for
performance/scale
AWS You You You
Integration with AWS
services?
Yes Limited Limited Limited
Pricing model Per key/usage Per hour Per hour/per year Variable
Comparison of key management options
36. Comparison of key management options
KMS CloudHSM
AWS Marketplace
Partner Solutions
DIY
Where keys are
generated and stored
AWS In AWS, on an HSM
that you control
Your network or in
AWS
Your network or in
AWS
Where keys are used AWS services or your
applications
AWS or your
applications
Your network or your
EC2 instance
Your network or your
EC2 instance
How to control key use Policy you define;
enforced by AWS
Customer code +
SafeNet APIs
Vendor-specific
management
Config files, vendor-
specific management
Responsibility for
performance/scale
AWS You You You
Integration with AWS
services?
Yes Limited Limited Limited
Pricing model Per key/usage Per hour Per hour/per year Variable
38. Resource-based Policy
• Ideal for cross-account
permissions, supports all
S3 actions
Bucket Policies
Control API calls to S3
• Integrate with STS for
programmatic access by
applications
• User-/Group-/Role-based
access policy
IAM Policies
S3 Access Logging
CloudTrail Integration
Logging
S3 Access Control & Auditing
Resource-based Policy
• Object-level ACL for very
specific object-level grants
and access policy
management
• Bucket-level ACL for Log
Delivery
ACLs
39. Remote replicas managed
by separate AWS accounts
Secure
Distribute data to regional
customers
Lower Latency
Store hundreds of
miles apart
Compliance
Amazon S3 cross-region replication
Automated, fast, and reliable asynchronous replication of data across AWS regions
40. • Usual charges for
storage, requests, and
inter-region data transfer
for the replicated copy of
data
• Replicate into Standard-IA
or Amazon Glacier
Cost
HEAD operation on a source
object to determine replication
status
• Replicated objects will not be
re-replicated
• Use Amazon S3 COPY to
replicate existing objects
Replication status
DELETE without object
version ID
• Marker replicated
DELETE specific object
version ID
• Marker NOT replicated
Delete operation
Cross-region replication: Details
Object ACL updates are
replicated
• Objects with Amazon
managed encryption key
replicated
• KMS encryption not
replicated
Access control
41. Versioning with cross-region replication
A
B
file1- v2
file1- v1
Key: A/file1 Key: B/file1
file1- v2
file1- v1
file1- v4
file1- v3
43. Why choose Amazon data services?
Schema design
Query construction
Query optimization
High availability
Backup and recovery
Isolation and security
Industry compliance
Push-button scaling
Automated patching
Advanced monitoring
Routine maintenance
Amazon data platforms take care of your time-consuming database
security management tasks, freeing you to focus on your applications
and business
You
AWS
44. High availability with Multi-AZ deployments
Enterprise-grade fault tolerance solution for production databases
§ An Availability Zone is a physically distinct, independent infrastructure
§ Your database is synchronously replicated to another AZ in the same AWS region
§ Failover occurs automatically in response to the most important failure scenarios
45. Choose cross-region snapshot copy for even greater
durability, ease of migration
Copy a database snapshot or replicate data
to a different AWS Region
Warm standby for disaster recovery
…or use it as a base for migration to a different region
46. AWS Data Platforms & Encryption at Rest
Server-side encryption with KMS
RDS MySQL
RDS Postgres
RDS Microsoft SQL
RDS Oracle
RDS MariaDB
Amazon Redshift
CloudHSM Integration
Amazon Redshift
Oracle TDE
Microsoft SQL TDE
Client-side encryption
DynamoDB encryption client
47. AWS Data Platforms – IAM & CloudTrail
API Permissions
Enforce separation of duties
Resource-based permissions
Use tags by environment
Integrated with CloudTrail
Alert on key management activities
48. Whitepapers
Securing Data at Rest with Encryption:
https://aws.amazon.com/whitepapers/encrypting-data-at-rest/
AWS Key Management Service Cryptographic Details:
https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf