This document discusses security and compliance when using AWS. It covers the shared responsibility model between AWS and customers, where customer data is located, infrastructure security controls, identity and access management, encryption options, configuration management, and partner ecosystems that benefit security. Key services that help customers meet compliance requirements include AWS Config for continuous change monitoring, CloudTrail for auditing API calls, CloudWatch Logs for log management, VPC for virtual networking, KMS for encryption key management, and CloudHSM for dedicated hardware security modules.
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
- Design a workload-centric security architecture
- Improve visibility of AWS-only or hybrid environments
- Stop patching live instances but still prevent exploits
Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro
In this session we will introduce you briefly to Fanatical Support for AWS, before diving into migration strategies for moving your applications to the cloud, which can maximize agility and competitive advantage within your business as part of the migration process. Session sponsored by Rackspace.
2014년 10월 29일에 열린 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다.
강연 요약: 보안은 AWS와 고객 모두에게 매우 중요한 사항입니다. 많은 엔터프라이즈 고객들이 AWS를 신뢰해 금융정보나 개인정보 등의 민감한 정보들을 AWS에 저장하고 있습니다. 이 세션에서는 이러한 엔터프라이즈 고객들이 보안성 있는 애플리케이션을 구축하고 중요 정보를 암호화하는 등 보안을 유지하는 데 사용하는 AWS의 주요 보안 기능에 대해 알아보고, 기존의 보안 정책에 맞게 AWS를 사용할 수 있는 방법에 대해서도 알아보겠습니다. 또한 귀사의 현재 보안 태세를 한층 강화할 수 있도록 보안 프로그램과 절차, 모범 사례 등을 소개할 예정입니다.
During this session we will describe common methods used to create a Hybrid Cloud with Amazon Web Services. We will step through successful operational models, how to get started, and tools to simplify operations. We will explore topics such as networking, directories, DNS, and security. Importantly, we will cover ongoing operational and management practices.
Mark Statham, Senior Cloud Architect - Professional Services, Amazon Web Services, ASEAN
This session is recommended for anyone considering using the AWS cloud to augment their current capabilities. Adoption of cloud computing provides access to the benefits of new deployment models with significant cost and agility benefits. But how can the cloud benefit existing government organizations that have invested large amounts of resources in existing on-premises technologies? This session outlines several key factors to consider from the point of view of the large-scale IT shop stakeholder. Because each organization has its unique set of challenges in cloud adoption, this session compares some of the opportunities and risks of several hybrid cloud use-case models and then helps customers understand the cloud-native and third-party vendor options available that bridge the gap to the cloud for large-scale government environments.
Speaker: Craig Roach, Solutions Architect, Amazon Web Services
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations.
Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet
This document discusses AWS security best practices for the three layers of compute: virtual server instances, container services like ECS and EKS, and serverless services like Lambda. It outlines shared security responsibilities between AWS and customers for each layer and recommends AWS security services to use for infrastructure, containers, and serverless. These include IAM, GuardDuty, Config, and WAF as well as ensuring proper access controls, encryption, monitoring, and backups at the application layer.
This document discusses security and compliance when using AWS. It covers the shared responsibility model between AWS and customers, where customer data is located, infrastructure security controls, identity and access management, encryption options, configuration management, and partner ecosystems that benefit security. Key services that help customers meet compliance requirements include AWS Config for continuous change monitoring, CloudTrail for auditing API calls, CloudWatch Logs for log management, VPC for virtual networking, KMS for encryption key management, and CloudHSM for dedicated hardware security modules.
Session Sponsored by Trend Micro: 3 Secrets to Becoming a Cloud Security Supe...Amazon Web Services
While security is a top concern in every organization these days, it often gets a bad rap. In many minds, security has the reputation of the bothersome villain who attempts to hinder performance or restrain agility. In this session we will outline three strategies to protect your valuable workloads, without falling into traditional security traps. We will walk through three stories of EC2 security superheroes who saved the day by overcoming compliance and design challenges, using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
- Design a workload-centric security architecture
- Improve visibility of AWS-only or hybrid environments
- Stop patching live instances but still prevent exploits
Speaker: Sasha Pavlovic, Director, Cloud & Datacentre Security, Asia Pacific, Trend Micro
In this session we will introduce you briefly to Fanatical Support for AWS, before diving into migration strategies for moving your applications to the cloud, which can maximize agility and competitive advantage within your business as part of the migration process. Session sponsored by Rackspace.
2014년 10월 29일에 열린 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다.
강연 요약: 보안은 AWS와 고객 모두에게 매우 중요한 사항입니다. 많은 엔터프라이즈 고객들이 AWS를 신뢰해 금융정보나 개인정보 등의 민감한 정보들을 AWS에 저장하고 있습니다. 이 세션에서는 이러한 엔터프라이즈 고객들이 보안성 있는 애플리케이션을 구축하고 중요 정보를 암호화하는 등 보안을 유지하는 데 사용하는 AWS의 주요 보안 기능에 대해 알아보고, 기존의 보안 정책에 맞게 AWS를 사용할 수 있는 방법에 대해서도 알아보겠습니다. 또한 귀사의 현재 보안 태세를 한층 강화할 수 있도록 보안 프로그램과 절차, 모범 사례 등을 소개할 예정입니다.
During this session we will describe common methods used to create a Hybrid Cloud with Amazon Web Services. We will step through successful operational models, how to get started, and tools to simplify operations. We will explore topics such as networking, directories, DNS, and security. Importantly, we will cover ongoing operational and management practices.
Mark Statham, Senior Cloud Architect - Professional Services, Amazon Web Services, ASEAN
This session is recommended for anyone considering using the AWS cloud to augment their current capabilities. Adoption of cloud computing provides access to the benefits of new deployment models with significant cost and agility benefits. But how can the cloud benefit existing government organizations that have invested large amounts of resources in existing on-premises technologies? This session outlines several key factors to consider from the point of view of the large-scale IT shop stakeholder. Because each organization has its unique set of challenges in cloud adoption, this session compares some of the opportunities and risks of several hybrid cloud use-case models and then helps customers understand the cloud-native and third-party vendor options available that bridge the gap to the cloud for large-scale government environments.
Speaker: Craig Roach, Solutions Architect, Amazon Web Services
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and explain features for account structuring, user configuration, provisioning, networking and operation automation. The Migration Landing Zone solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and AWS Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations.
Speaker: Koen Biggelaar, Senior Manager, Solutions Architecture, Amazon Web Services and Mahmoud ElZayet
This document discusses AWS security best practices for the three layers of compute: virtual server instances, container services like ECS and EKS, and serverless services like Lambda. It outlines shared security responsibilities between AWS and customers for each layer and recommends AWS security services to use for infrastructure, containers, and serverless. These include IAM, GuardDuty, Config, and WAF as well as ensuring proper access controls, encryption, monitoring, and backups at the application layer.
Successful Cloud Adoption for the Enterprise. Not If. When.Amazon Web Services
Enterprises are turning to AWS to enable innovation and retire technical debt. Cloudreach are delighted to share their extensive experience and knowledge of the Enterprise’s adoption to achieve these principal aims. The aim of the session is to set out how Cloudreach ensures successful Cloud Adoption, covering technical, change management and organizational aspects to create the path towards enabling innovation. Session sponsored by Cloudreach.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
The document discusses security best practices for end user computing on AWS. It provides an overview of the CloudHesive professional services for security assessments, strategies, and implementations. It then discusses topics like ransomware response, security controls, and the NIST Cybersecurity Framework. Specific AWS services are mapped to the framework for identifying assets and risks, protecting systems and data, detecting incidents, and responding to and recovering from incidents. Best practices are outlined for areas like workstation security, CIS benchmarks, workload lifecycles, and organizational frameworks.
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. We'll walk through how Netflix moved its PCI and SOX environments to the cloud and how we were able to leverage the benefits of the cloud and agile development to satisfy both auditors and developers. Topics covered will include shared responsibility, using compartmentalization and microservices for scope control, immutable infrastructure, and continuous security testing.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
El sector de los servicios financieros atrae a algunas de las amenazas de seguridad de la información más hostiles y es una de las industrias más reguladas del mundo. AWS es consciente de estas obligaciones y ha colaborado con las organizaciones de servicios financieros más complejas con el fin de cumplir los requisitos de seguridad y conformidad en cada uno de los pasos de su viaje a la nube. La protección de sus datos es la mayor prioridad de AWS y nuestra infraestructura global está diseñada y administrada de acuerdo con las prácticas recomendadas de seguridad, así como varias normas de conformidad.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
This document provides an overview of security on AWS. It discusses AWS regions and availability zones, the shared responsibility model for security between AWS and customers, and security features available on AWS like network security, access control, monitoring and logging, encryption, IAM, and securing data at rest. It also provides best practices for IAM configuration and using features like roles, MFA, and monitoring for security events.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Pop-up Loft | London - Introduction to AWS Security by Ian Massingham, Chief Evangelist EMEA, 19 April 2016
"Increasing demands to collect, store, and analyze massive amounts of data often means that the same tools and approaches that worked in the past, don't work anymore. That’s why many organizations are shifting to a data lake architecture. A data lake is an architectural approach that allows you to store massive amounts of data into a central location, so it’s readily available to be categorized, processed, analyzed and consumed by diverse groups within an organization. In this tech talk, we introduce key concepts for a data lake and present aspects related to its implementation. We highlight the core components of a data lake, such as storage, compute, analytics, databases, stream processing, data management, and security. We discuss how to choose the right technologies for each component of the data lake, based on criteria such as data structure, query latency, cost, request rate, item size, data volume, durability, and so on. We also provide a reference architecture and recommendations to get started with a data lake implementation on AWS.
Learning Objectives:
• Understand key concepts and architectural components of a data lake architecture
• Describe how and when to use a broad set of analytic and data management tools in a data lake architecture
• Get insights on how to get started with a data lake implementation on AWS"
Running Microsoft Enterprise Workloads on Amazon Web ServicesAmazon Web Services
The cloud is the new norm for organisations of all sizes. In this session you will learn how to create an entire Microsoft Enterprise environment in AWS that includes AWS Active Directory Service, Simple System Management (SSM) service, MS Exchange and SharePoint.
James Saull, Principal Solutions Architect, Amazon Web Services, EMEA
This document discusses security best practices for cloud applications on AWS. It covers key security principles of confidentiality, integrity and availability. It then discusses goals for secure application design including access control, encryption, and independent controls for data and encryption keys. Specific AWS services that can help with security include IAM, KMS, Inspector, Organizations, and security solutions available in the AWS Marketplace. The document emphasizes that security is a shared responsibility between AWS and customers.
This document summarizes a presentation on encryption and key management options when using AWS services. It discusses client-side encryption where users encrypt their own data and manage keys versus server-side encryption where AWS encrypts the data. It also describes the AWS Key Management Service (KMS) for managing encryption keys and the AWS CloudHSM for using hardware security modules to generate and protect keys in AWS.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
Speakers:
Rob Whitmore, AWS Solutions Architect
Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services.
Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
Innovating IAM Protection for AWS. Protecting your IAM users and roles is a priority for security professionals and DevOps teams alike. The challenge becomes more complex when adding multiple AWS accounts, many users, and a growing list of local and cross account roles. By utilizing an innovative IAM protection solution, you can successfully defend your AWS cloud from new threats.
In this 30 min session you will learn:
How to identify and map out potential IAM risk factors and attack vectors.
How to prevent potentially dangerous activities over your AWS accounts directly from your mobile device.
How to defend your AWS investment from compromised credentials and malicious insiders that can impact your business.
Speaker: Patrick Pushor, Chief Technical Evangelist at Dome9
Architecting Security and Governance Across Multi AccountsAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance.
At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
This document discusses strategies for implementing multi-account architectures on AWS. It recommends creating separate AWS accounts for different purposes such as development, testing, production, logging, security tools, and shared services. It also recommends using AWS Organizations to centrally manage these accounts and AWS Control Tower to automate the setup and governance of multi-account environments according to best practices. AWS Control Tower provides features like pre-configured guardrails, identity management with AWS SSO, log aggregation, and self-service provisioning to help customers manage security, compliance and operations at scale across multiple AWS accounts.
Successful Cloud Adoption for the Enterprise. Not If. When.Amazon Web Services
Enterprises are turning to AWS to enable innovation and retire technical debt. Cloudreach are delighted to share their extensive experience and knowledge of the Enterprise’s adoption to achieve these principal aims. The aim of the session is to set out how Cloudreach ensures successful Cloud Adoption, covering technical, change management and organizational aspects to create the path towards enabling innovation. Session sponsored by Cloudreach.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
The document discusses security best practices for end user computing on AWS. It provides an overview of the CloudHesive professional services for security assessments, strategies, and implementations. It then discusses topics like ransomware response, security controls, and the NIST Cybersecurity Framework. Specific AWS services are mapped to the framework for identifying assets and risks, protecting systems and data, detecting incidents, and responding to and recovering from incidents. Best practices are outlined for areas like workstation security, CIS benchmarks, workload lifecycles, and organizational frameworks.
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. We'll walk through how Netflix moved its PCI and SOX environments to the cloud and how we were able to leverage the benefits of the cloud and agile development to satisfy both auditors and developers. Topics covered will include shared responsibility, using compartmentalization and microservices for scope control, immutable infrastructure, and continuous security testing.
AWS offers you the ability to add additional layers of security to your data at rest in the cloud, providing access control as well scalable and efficient encryption features. Flexible key management options allow you to choose whether to have AWS manage the encryption keys or to keep complete control over the keys yourself. In this session, you will learn how to secure data when using AWS services. We will discuss data encryption using Key Management Service, S3 access controls, edge and host access security, and database platform security features.
Amazon Web Services (AWS) approaches security using a shared responsibility model with our customers. We manage and control the components from the host operating system and virtualization layer down to the physical security of the facilities in which the services operate. As part of that model, our customers are responsible for building secure applications. We will provide a complete walkthrough from a blank canvas to a secure architecture from a development perspective. No matter the size of your team, you can implement your IT solutions using industry wide best security practices.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
El sector de los servicios financieros atrae a algunas de las amenazas de seguridad de la información más hostiles y es una de las industrias más reguladas del mundo. AWS es consciente de estas obligaciones y ha colaborado con las organizaciones de servicios financieros más complejas con el fin de cumplir los requisitos de seguridad y conformidad en cada uno de los pasos de su viaje a la nube. La protección de sus datos es la mayor prioridad de AWS y nuestra infraestructura global está diseñada y administrada de acuerdo con las prácticas recomendadas de seguridad, así como varias normas de conformidad.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
Datensicherheit mit AWS - AWS Security Web DayAWS Germany
This document provides an overview of security on AWS. It discusses AWS regions and availability zones, the shared responsibility model for security between AWS and customers, and security features available on AWS like network security, access control, monitoring and logging, encryption, IAM, and securing data at rest. It also provides best practices for IAM configuration and using features like roles, MFA, and monitoring for security events.
For more training on AWS, visit: https://www.qa.com/amazon
AWS Pop-up Loft | London - Introduction to AWS Security by Ian Massingham, Chief Evangelist EMEA, 19 April 2016
"Increasing demands to collect, store, and analyze massive amounts of data often means that the same tools and approaches that worked in the past, don't work anymore. That’s why many organizations are shifting to a data lake architecture. A data lake is an architectural approach that allows you to store massive amounts of data into a central location, so it’s readily available to be categorized, processed, analyzed and consumed by diverse groups within an organization. In this tech talk, we introduce key concepts for a data lake and present aspects related to its implementation. We highlight the core components of a data lake, such as storage, compute, analytics, databases, stream processing, data management, and security. We discuss how to choose the right technologies for each component of the data lake, based on criteria such as data structure, query latency, cost, request rate, item size, data volume, durability, and so on. We also provide a reference architecture and recommendations to get started with a data lake implementation on AWS.
Learning Objectives:
• Understand key concepts and architectural components of a data lake architecture
• Describe how and when to use a broad set of analytic and data management tools in a data lake architecture
• Get insights on how to get started with a data lake implementation on AWS"
Running Microsoft Enterprise Workloads on Amazon Web ServicesAmazon Web Services
The cloud is the new norm for organisations of all sizes. In this session you will learn how to create an entire Microsoft Enterprise environment in AWS that includes AWS Active Directory Service, Simple System Management (SSM) service, MS Exchange and SharePoint.
James Saull, Principal Solutions Architect, Amazon Web Services, EMEA
This document discusses security best practices for cloud applications on AWS. It covers key security principles of confidentiality, integrity and availability. It then discusses goals for secure application design including access control, encryption, and independent controls for data and encryption keys. Specific AWS services that can help with security include IAM, KMS, Inspector, Organizations, and security solutions available in the AWS Marketplace. The document emphasizes that security is a shared responsibility between AWS and customers.
This document summarizes a presentation on encryption and key management options when using AWS services. It discusses client-side encryption where users encrypt their own data and manage keys versus server-side encryption where AWS encrypts the data. It also describes the AWS Key Management Service (KMS) for managing encryption keys and the AWS CloudHSM for using hardware security modules to generate and protect keys in AWS.
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability, and control. You have to know what you have and where it is before you can assess the environment against best practices, internal standards, and compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says that “Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?”. That’s the level of granularity you can choose to implement if you wish. In this session, we’ll cover these topics to provide a practical understanding of the security programs, procedures, and best practices you can use to enhance your current security posture.
Speakers:
Rob Whitmore, AWS Solutions Architect
Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services.
Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
Innovating IAM Protection for AWS. Protecting your IAM users and roles is a priority for security professionals and DevOps teams alike. The challenge becomes more complex when adding multiple AWS accounts, many users, and a growing list of local and cross account roles. By utilizing an innovative IAM protection solution, you can successfully defend your AWS cloud from new threats.
In this 30 min session you will learn:
How to identify and map out potential IAM risk factors and attack vectors.
How to prevent potentially dangerous activities over your AWS accounts directly from your mobile device.
How to defend your AWS investment from compromised credentials and malicious insiders that can impact your business.
Speaker: Patrick Pushor, Chief Technical Evangelist at Dome9
Architecting Security and Governance Across Multi AccountsAmazon Web Services
Whether it is per business unit or per application, many AWS customers use multiple accounts to meet their infrastructure isolation and billing requirements. In this session, we discuss considerations, limitations, and security patterns when building out a multi-account strategy. We explore topics such as identity federation, cross-account roles, consolidated logging, and account governance.
At the end of the session, we present an enterprise-ready, multi-account architecture that you can start leveraging today.
This document discusses strategies for implementing multi-account architectures on AWS. It recommends creating separate AWS accounts for different purposes such as development, testing, production, logging, security tools, and shared services. It also recommends using AWS Organizations to centrally manage these accounts and AWS Control Tower to automate the setup and governance of multi-account environments according to best practices. AWS Control Tower provides features like pre-configured guardrails, identity management with AWS SSO, log aggregation, and self-service provisioning to help customers manage security, compliance and operations at scale across multiple AWS accounts.
AWS Landing Zone - Architecting Security and GovernanceAkesh Patil
This slide deck provides an overview of the AWS Landing Zone, which is a well-architected, multi-account AWS environment designed to be scalable and secure. It serves as a starting point for organizations to quickly launch and deploy workloads and applications on AWS.
The deck explains the key components and capabilities of the AWS Landing Zone, including:
The use of AWS Control Tower, a service that simplifies the setup and governance of a multi-account Landing Zone environment following AWS best practices.
1. The Landing Zone's objectives, such as establishing an account structure, developing a governance framework, implementing centralized identity and access management, and optimizing costs.
2. The technical foundations of the Landing Zone, including Organization Units (OUs), preventive and detective guardrails, and the integration of AWS security services like CloudTrail, Config, GuardDuty, Inspector, and Security Hub.
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
With customers migrating workloads to AWS, we are starting to see a need for the creation of a prescribed landing zone, which uses native AWS capabilities and meets or exceeds customers' security and compliance objectives. In this session, we will describe an AWS landing zone and will cover solutions for account structure, user configuration, provisioning, networking and operation automation. This solution is based on AWS native capabilities such as AWS Service Catalog, AWS Identity and Access Management, AWS Config Rules, AWS CloudTrail and Amazon Lambda. We will provide an overview of AWS Service Catalog and how it be used to provide self-service infrastructure to applications users, including various options for automation. After this session you will be able to configure an AWS landing zone for successful large scale application migrations. Additionally, Philips will explain their cloud journey and how they have applied their guiding principles when building their landing zone.
This document discusses AWS and cloud adoption journeys. It describes typical stages of adoption including project, foundation, migration, and reinvention stages. It recommends initial steps for a cloud journey such as creating a minimum viable product, cloud center of excellence, and discovery workshop. The document provides examples of customer cloud journeys over multiple years and discusses concepts like landing zones, account structure, network setup, identity and access management, and service catalog.
Using AWS Control Tower to govern multi-account AWS environments at scale - G...Amazon Web Services
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...Amazon Web Services
Cloud computing on AWS provides central IT organizations with the ability to control their applications, data and security. This session will detail the processes and controls that CIO organizations can put in place to maintain control while helping their customers to realize the many benefits of cloud computing.
This document discusses governance at scale in AWS environments. It notes that AWS adoption typically starts bottom-up but central IT may also adopt AWS mirroring on-premises architectures. The key to governance at scale is to meet organizational requirements, scale effectively, and allow direct use of AWS services. It recommends adopting a minimally encumbered AWS account approach and automating account provisioning, budget enforcement, and compliance to achieve governance at scale without reducing cloud agility. Specific recommendations include using consolidated admin accounts, IAM roles, AWS Config rules, and integrating security and operations tools into infrastructure provisioning.
This document discusses best practices for creating a secure and optimized landing zone for migrating applications to AWS. It covers recommendations in key areas such as account structure, networking, identity and access management, and service catalog. The goal is to provide a standardized, automated environment where applications can be migrated and operated securely at scale. Specific strategies covered include using separate accounts for production/non-production workloads, implementing VPC designs with private subnets and Direct Connect, controlling access with IAM policies, and providing self-service access to approved services through the service catalog.
This document discusses best practices for migrating to the cloud, including:
1. Assessing cloud migration readiness through financial, regulatory, security, contractual, business, and technical assessments.
2. Estimating costs and savings of migrating to AWS using the AWS TCO calculator and other tools.
3. Taking advantage of AWS pricing categories like reserved instances, pay-as-you-go, and the free tier.
4. Ensuring compliance with regulations using AWS certifications and security controls.
This document provides an overview of AWS security best practices. It recommends taking a prescriptive approach to: understand the AWS security model, build strong compliance foundations through programs like SOC and PCI certifications, integrate identity and access management using IAM, enable detective controls with services like CloudTrail and CloudWatch, establish network security using VPC and security groups, implement data protection with encryption services, optimize change management with Config and CloudFormation, and automate security functions using partners from the AWS Marketplace. The document emphasizes that security is a shared responsibility between AWS and customers and provides resources for security training.
In this session, AWS and CloudHealth Technologies highlight CloudHealth service capabilities that map to AWS's MSP requirements during an AWS MSP Audit. In addition, we demonstrate how CloudHealth helps differentiate themselves, improve margins, and simplify management of their customers.
AWS re:Invent 2016: Reduce Your Blast Radius by Using Multiple AWS Accounts P...Amazon Web Services
This session shows you how to reduce your blast radius by using multiple AWS accounts per region and service, which helps limit the impact of a critical event such as a security breach. Using multiple accounts helps you define boundaries and provides blast-radius isolation. Though managing multiple accounts can be difficult, we will present an upcoming AWS solution that will help automate the process for controlling cross- account access by managing roles across multiple accounts.
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
This document discusses creating a landing zone in AWS for migrating applications from an on-premise data center environment. It covers setting up account structure with separate accounts for production, non-production and centralized services. It also discusses establishing network connectivity with VPC design, identity and access management using IAM, and using AWS Service Catalog for self-service provisioning by cloud consumers. The overall goal is to discuss best practices for creating a secure and governed landing zone in AWS to migrate and operate applications.
Governance @ Scale: Compliance Automation in AWS | AWS Public Sector Summit 2017Amazon Web Services
You did it! You've made the decision to migrate, but governance is slowing you down. Traditionally, IT governance has required long, detailed documents and hours of work, until now. AWS and Trend Micro are helping enterprises today to seamlessly overcome, and automate, the top three barriers you face when scaling governance; Account Management, Cost Enforcement and Compliance Automation. Join this session and get a peek at the inner workings of the AWS & Trend Micro Governance @ scale solution that helps you quickly deliver high-impact controls in an automated, repeatable fashion. Learn More: https://aws.amazon.com/government-education/
Innovate - How AsiaPac is helping Customers to Build a Restricted Cloud Envir...Amazon Web Services
Discover how AsiaPac is helping government, education and nonprofit organizations to architect and migrate their mission-critical applications onto AWS - with secure, high-performing, resilient, and efficient infrastructure. As more organizations move towards cloud, learn how best practices have been implemented on AsiaPac's full-lifecycle services - to provision, run, and support infrastructure, as well as managed services to reduce customer's operation overhead and risks.
OSSCube provides consulting, development, integration and support services for open source technologies. They have expertise in areas such as PHP, CRM, marketing automation, content management, e-commerce, BI and big data. This presentation introduces AWS and discusses why organizations use AWS, common use cases, and how to get started. It describes key AWS services for application and web hosting including EC2, ELB, RDS, ElastiCache, EBS and CloudWatch and how they provide scalability, reliability, flexibility and security for applications deployed in the AWS cloud.
AWS Control Tower is a new AWS service for cloud administrators to set up and govern their secure, compliant, multi-account environments on AWS.
In this session, University of York will discuss their implementation of AWS Landing Zone. We’ll also explain how AWS Control Tower automates AWS Landing Zone creation with best-practice blueprints.
Similar to Secure Cloud governance - AWS landing zone (20)
The importance of sustainable and efficient computational practices in artificial intelligence (AI) and deep learning has become increasingly critical. This webinar focuses on the intersection of sustainability and AI, highlighting the significance of energy-efficient deep learning, innovative randomization techniques in neural networks, the potential of reservoir computing, and the cutting-edge realm of neuromorphic computing. This webinar aims to connect theoretical knowledge with practical applications and provide insights into how these innovative approaches can lead to more robust, efficient, and environmentally conscious AI systems.
Webinar Speaker: Prof. Claudio Gallicchio, Assistant Professor, University of Pisa
Claudio Gallicchio is an Assistant Professor at the Department of Computer Science of the University of Pisa, Italy. His research involves merging concepts from Deep Learning, Dynamical Systems, and Randomized Neural Systems, and he has co-authored over 100 scientific publications on the subject. He is the founder of the IEEE CIS Task Force on Reservoir Computing, and the co-founder and chair of the IEEE Task Force on Randomization-based Neural Networks and Learning Systems. He is an associate editor of IEEE Transactions on Neural Networks and Learning Systems (TNNLS).
This presentation by Katharine Kemp, Associate Professor at the Faculty of Law & Justice at UNSW Sydney, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
XP 2024 presentation: A New Look to Leadershipsamililja
Presentation slides from XP2024 conference, Bolzano IT. The slides describe a new view to leadership and combines it with anthro-complexity (aka cynefin).
This presentation by Professor Alex Robson, Deputy Chair of Australia’s Productivity Commission, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by Professor Giuseppe Colangelo, Jean Monnet Professor of European Innovation Policy, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
• For a full set of 530+ questions. Go to
https://skillcertpro.com/product/servicenow-cis-itsm-exam-questions/
• SkillCertPro offers detailed explanations to each question which helps to understand the concepts better.
• It is recommended to score above 85% in SkillCertPro exams before attempting a real exam.
• SkillCertPro updates exam questions every 2 weeks.
• You will get life time access and life time free updates
• SkillCertPro assures 100% pass guarantee in first attempt.
Carrer goals.pptx and their importance in real lifeartemacademy2
Career goals serve as a roadmap for individuals, guiding them toward achieving long-term professional aspirations and personal fulfillment. Establishing clear career goals enables professionals to focus their efforts on developing specific skills, gaining relevant experience, and making strategic decisions that align with their desired career trajectory. By setting both short-term and long-term objectives, individuals can systematically track their progress, make necessary adjustments, and stay motivated. Short-term goals often include acquiring new qualifications, mastering particular competencies, or securing a specific role, while long-term goals might encompass reaching executive positions, becoming industry experts, or launching entrepreneurial ventures.
Moreover, having well-defined career goals fosters a sense of purpose and direction, enhancing job satisfaction and overall productivity. It encourages continuous learning and adaptation, as professionals remain attuned to industry trends and evolving job market demands. Career goals also facilitate better time management and resource allocation, as individuals prioritize tasks and opportunities that advance their professional growth. In addition, articulating career goals can aid in networking and mentorship, as it allows individuals to communicate their aspirations clearly to potential mentors, colleagues, and employers, thereby opening doors to valuable guidance and support. Ultimately, career goals are integral to personal and professional development, driving individuals toward sustained success and fulfillment in their chosen fields.
This presentation by Thibault Schrepel, Associate Professor of Law at Vrije Universiteit Amsterdam University, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Competition and Regulation in Professions and Occupations” held at the 77th meeting of the OECD Working Party No. 2 on Competition and Regulation on 10 June 2024. More papers and presentations on the topic can be found at oe.cd/crps.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by OECD, OECD Secretariat, was made during the discussion “The Intersection between Competition and Data Privacy” held at the 143rd meeting of the OECD Competition Committee on 13 June 2024. More papers and presentations on the topic can be found at oe.cd/ibcdp.
This presentation was uploaded with the author’s consent.
Why Psychological Safety Matters for Software Teams - ACE 2024 - Ben Linders.pdfBen Linders
Psychological safety in teams is important; team members must feel safe and able to communicate and collaborate effectively to deliver value. It’s also necessary to build long-lasting teams since things will happen and relationships will be strained.
But, how safe is a team? How can we determine if there are any factors that make the team unsafe or have an impact on the team’s culture?
In this mini-workshop, we’ll play games for psychological safety and team culture utilizing a deck of coaching cards, The Psychological Safety Cards. We will learn how to use gamification to gain a better understanding of what’s going on in teams. Individuals share what they have learned from working in teams, what has impacted the team’s safety and culture, and what has led to positive change.
Different game formats will be played in groups in parallel. Examples are an ice-breaker to get people talking about psychological safety, a constellation where people take positions about aspects of psychological safety in their team or organization, and collaborative card games where people work together to create an environment that fosters psychological safety.
1.) Introduction
Our Movement is not new; it is the same as it was for Freedom, Justice, and Equality since we were labeled as slaves. However, this movement at its core must entail economics.
2.) Historical Context
This is the same movement because none of the previous movements, such as boycotts, were ever completed. For some, maybe, but for the most part, it’s just a place to keep your stable until you’re ready to assimilate them into your system. The rest of the crabs are left in the world’s worst parts, begging for scraps.
3.) Economic Empowerment
Our Movement aims to show that it is indeed possible for the less fortunate to establish their economic system. Everyone else – Caucasian, Asian, Mexican, Israeli, Jews, etc. – has their systems, and they all set up and usurp money from the less fortunate. So, the less fortunate buy from every one of them, yet none of them buy from the less fortunate. Moreover, the less fortunate really don’t have anything to sell.
4.) Collaboration with Organizations
Our Movement will demonstrate how organizations such as the National Association for the Advancement of Colored People, National Urban League, Black Lives Matter, and others can assist in creating a much more indestructible Black Wall Street.
5.) Vision for the Future
Our Movement will not settle for less than those who came before us and stopped before the rights were equal. The economy, jobs, healthcare, education, housing, incarceration – everything is unfair, and what isn’t is rigged for the less fortunate to fail, as evidenced in society.
6.) Call to Action
Our movement has started and implemented everything needed for the advancement of the economic system. There are positions for only those who understand the importance of this movement, as failure to address it will continue the degradation of the people deemed less fortunate.
No, this isn’t Noah’s Ark, nor am I a Prophet. I’m just a man who wrote a couple of books, created a magnificent website: http://www.thearkproject.llc, and who truly hopes to try and initiate a truly sustainable economic system for deprived people. We may not all have the same beliefs, but if our methods are tried, tested, and proven, we can come together and help others. My website: http://www.thearkproject.llc is very informative and considerably controversial. Please check it out, and if you are afraid, leave immediately; it’s no place for cowards. The last Prophet said: “Whoever among you sees an evil action, then let him change it with his hand [by taking action]; if he cannot, then with his tongue [by speaking out]; and if he cannot, then, with his heart – and that is the weakest of faith.” [Sahih Muslim] If we all, or even some of us, did this, there would be significant change. We are able to witness it on small and grand scales, for example, from climate control to business partnerships. I encourage, invite, and challenge you all to support me by visiting my website.
This presentation by Yong Lim, Professor of Economic Law at Seoul National University School of Law, was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
This presentation by Juraj Čorba, Chair of OECD Working Party on Artificial Intelligence Governance (AIGO), was made during the discussion “Artificial Intelligence, Data and Competition” held at the 143rd meeting of the OECD Competition Committee on 12 June 2024. More papers and presentations on the topic can be found at oe.cd/aicomp.
This presentation was uploaded with the author’s consent.
3. Tushar Gupta
- 10+ years of experience across Enterprise Datacenter and
Cloud technologies
- Specialized in Cloud Migration and Hybrid Architectures to
onboard customers to AWS Cloud
3x AWS Certifications:
- AWS Certified Advanced Networking Specialty
- AWS Certified Solution Architect- Professional
- AWS Certified Solution Architect- Associate
Connect with me on LinkedIn
5. Agility v/s Control
We want Agility for
innovation and Faster
time to Market
Line of Business Central ITHow to achieve Strong
Business-IT alignment ??
6. Opportunity to achieve Agility & Control
Infrastructure
Templates, Policies
& Best Practices
Governance
and Control
Monitor
and Logging
Automated
Provisioning
▪ Lead time in minutes
▪ Service Catalogue for Landscape
Management
▪ Automated Service Management
8. Governance at AWS
▪ AWS’s focus is to maintain speed and agility
in Cloud
▪ Governance is not a Project
▪ Requires collaboration of other teams
and integrations of different perspectives
of Cloud Adoption Framework
Cloud Governance is one of the key perspectives of AWS Cloud Adoption Framework (CAF)
9. Security
Standardization
Operational
Efficiency
Key Drivers for Cloud Governance
Standardization across multiple accounts for different
business units
Secure and compliant Infrastructure for data protection and
audit purpose
Quick Infrastructure provisioning and service management
for business workloads in Cloud
13. Why one AWS Account is not enough?
Chargeback
Security and Compliance Controls
Isolation
Business Process
Multi-Environment
14. Issues with Multi-Account structure - AWS
• Issue with centralized management
• No standard Security or Account
level Baselines
• Manual Provisioning with high lead
time
• Distributed Service Management
• Cost Management issues
15. AWS Landing Zone - Solution
Configured, Secure & Scalable Multi-account AWS environment
based on AWS best practices
Starting point for customer’s Application Migration journey
Environment that allows for Iteration & Extension
over time
16. AWS Landing Zone - Outcomes
• Framework for creating and baselining a multi-account
environment
• Initial multi-account structure that includes security, audit, and
shared service requirements
Account Management
• User account access managed through AWS SSO federation
• Cross-account roles enable centralized management
Identity & Access
Management
• Multiple accounts enable separation of duties
• Initial account security and AWS Config rules baseline
• Network baseline
Security & Governance
18. AWS Landing Zone Solution
▪ Account provisioning via Account Factory
▪ Standardized account security baselines, AWS
Guardrails
▪ Centralized Logging for AWS CloudTrail or AWS
Config services
▪ Centralized multi-account account authentication
via AWS Single Sign-On (AWS SSO) with an integrated
directory
▪ Simple and interactive Dashboard for Alerts and
Notifications for Compliance Management
20. Account Management
AWS Organizations
▪ Centrally manage multiple AWS
Accounts
▪ Standard account and security
baselines for other AWS Accounts
AWS Service Catalog
▪ Automated Account
provisioning using Account
Factory
Service Control Policies
▪ Access Management and
control at AWS account level
21. Cost Management
AWS Consolidated Billing
▪ Consolidated billing of all AWS
accounts under one Master
account
AWS Budgets
▪ AWS Budgets for Cost
Management across different
AWS accounts
AWS Alerts & Notifications
▪ Automated alerts &
notifications to stakeholders
for potential budget overruns
22. Compliance Automation
AWS Config Rules AWS CloudWatch
▪ Compliance automation at
account and service levels with
AWS Guardrails
▪ Continuous Monitoring for
Compliance rules change and
logs sent to S3 Bucket
Interactive Dashboard
▪ Centralized & Interactive dashboard
for comprehensive view of
compliance status across AWS
accounts