SlideShare a Scribd company logo

Security and Compliance in the Cloud

Amazon Web Services
Amazon Web Services

This session provides real guidance and practical answers to government users’ questions about security and compliance, helping agencies move away from the “worry-based fiction” of the cloud Speaker: Stephen Squigg, Solutions Architect, Amazon Web Services, APAC

Technology
1 of 71
AWS Government, Education, & Nonprofits Symposium Canberra, Australia | May 6, 2015 Stephen Quigg Principal Solutions Architect, APAC Amazon Web Services Security and Compliance in the Cloud
SECURITY IS JOB ZERO
Security is Job Zero Network Security Physical Security Platform Security People & Procedures
HOW DOES AWS PRACTICE SECURITY?
The practice of security at AWS is different, but the outcome is familiar: So what does your security team look like? • Operations • Engineering • Application Security • Compliance
Measure constantly, report regularly, and hold senior executives accountable for security – have them drive the right culture Our Culture:
Our Culture: Test, CONSTANTLY • Inside/outside • Privileged/unprivileged • Black-box/white-box • Vendor/self
Simple Security Controls
 Easy to Get Right
 Easy to Audit

This To This
SECURITY IS SHARED
Build everything on a constantly improving security baseline GxP ISO 13485 AS9100 ISO/TS 16949 AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations AWS is responsible for the security OF the Cloud
AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud Security is shared between AWS and its customers Customers
AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers get their own solutions and configurations assessed The AWS platform has been iRAP assessed and certified AWS is certified by the ASD for unclassified DLM Customers
AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Meet your own individual departmental needs We have many Government customers in Australia AWS  Foundation  Services Customers The AWS platform has been iRAP assessed and certified
SECURITY IS FAMILIAR
Security is Familiar • We strive to make security at AWS as familiar as what you are doing right now – Visibility – Auditability – Controllability – Agility
VISIBILITY
VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIRONMENT RIGHT NOW?
Trusted Advisor checks your account
Security is Visible • Who is accessing the resources? • Who took what action? – When? – From where? – What did they do? – Logs Logs Logs
You are making API calls... On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL Redshift AWS CloudFormation AWS Elastic Beanstalk
AWS Config tells you
 what has changed AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.
Continuous ChangeRecordingChanging Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
Use cases enabled by Config • Security Analysis: Am I safe? • Audit Compliance: Where is the evidence? • Change Management: What will this change affect? • Troubleshooting: What has changed?
What will this change affect? • When your resources are created, updated, or deleted, these configuration changes are streamed to Amazon SNS • Relationships between resources are understood, so that you can proactively assess change impact
What changed? • It is critical to be able to quickly answer “What has changed?” • You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files
Integrated Support from Our Partner Ecosystem
CONTROL
CONTROL OF YOUR DATA
You are in control of privacy Choose geographic location and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content Control content lifecycle and disposal Customers retain full ownership and control of their content
US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Your data stays where you put it 11 AWS Regions
US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Build resilience and durability everywhere 26 Availability Zones
Cache content close to your customers 53 CloudFront Edge locations
transit AWS region AWS edge AWS edge AWS edgetransit transit Route 53 CloudFront Exploit the resilience of an AWS Region
First class security and compliance starts (but doesn’t end!) with encryption Automatic encryption with managed keys Bring your own keys Dedicated hardware security modules
AWS Key Management Service One-click Encryption Centralized key management (create, delete, view, set policies) Enforced, automatic key rotation Visibility into any changes via CloudTrail Encryption key management and compliance made easy
Available, durable, and integrated with AWS Services Keys stored in HSMs Integrated with AWS Services Highly Available and durable
AWS Key Management Service
 Integrated with AWS IAM Console
AWS Key Management Service
 Integrated with Amazon EBS
AWS Key Management Service
 Integrated with Amazon S3
AWS Key Management Service
 Integrated with Amazon Redshift
• SafeNet Luna SA managed and monitored by AWS, but you fully control and manage the keys • Increase performance for applications that use HSMs for key storage or encryption • Comply with stringent requirements for key protection • You can also use your own HSMs in your own facilities EC2 Instance AWS CloudHSM AWS CloudHSM You can also store your Encryption Keys in AWS CloudHSM
CONTROL OF YOUR INFRASTRUCTURE
Create your own private, isolated section of the AWS cloud AvailabilityZoneA AvailabilityZoneB AWS Virtual Private Cloud • Provision a logically isolated section of the AWS cloud • You choose a private IP range for your VPC • Segment this into subnets to deploy your compute instances AWS network security • AWS network will prevent spoofing and other common layer 2 attacks • You cannot sniff anything but your own EC2 host network interface • Control all external routing and connectivity
Segregate your VPC into subnets to create your architecture Web App DBWeb
Each subnet has directional network access control lists App DBWeb Web Allow Deny all traffic Allow Allow
Each EC2 instance has five stateful security group firewalls App DB Port 3306 Web Web Port 443 Port 443 Port 443 Port 443 Port443
Control which subnets can route to the Internet or 
 on-premise App DBWeb Web PUBLIC PRIVATE PRIVATE REPLICATE ON-PREM
ApplicationServices You can securely share resources between VPCs Digital WebsitesBig Data Analytics Enterprise Apps Route traffic between VPCs in private and peer specific subnets between each VPC Even between AWS accounts Common Services Security Services AWS VPC Peering
You can connect resiliently and in private to your own datacentres YOUR AWS ENVIRONMENT AWS Direct Connect YOUR PREMISES Digital Websites Big Data Analytics Dev and Test Enterprise Apps AWS Internet VPN
Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like You get to apply your existing security policy Create or import your own ‘gold’ images • Import existing VMs to AWS or save your own custom images Choose how to build your standard host security environment Apply your existing host controls and configurations
SECURITY THROUGH AGILITY
As AWS innovates you get to innovate
Security is about how quickly you can protect DevOps isn’t just for coders • Make security be architecture rather than operations • Automate security patch deployment • When new patch released • Understand if you need it (software manifest) • Build and deploy patch in test environment • Automatically test the system still works • Promote to live environment == Patched as quickly as possible
Security is about detecting signs of an incident
 Cloudwatch Logs lets you grab everything and monitor activity • When storage is cheap you might as well collect and keep your logs • Cloudwatch Logs makes it easy to capture any log and store it in a durable manner • Integration with Cloudwatch Metrics and Alarms means you can continually scan for events you know might be suspicious IF (detect web attacker > 10 in a 1 minute period) ALARM == TRUE == INCIDENT IN PROGRESS!
Security is about how quickly you can react
 The first response should be your automation • Trigger workflow to act - automating the first line of response can markedly improve customers time to react during incidents • If == bad limit functionality whilst investigating, e.g. go read only or deny more user registration • If badness > really bad shut off internet connectivity until CERT can investigate
AUDIT EVERYTHING
Innovations Are For Auditors Too Auditing-centric services and features • New: AWS Config • New: AWS Key Management Service (AWS KMS) • AWS Trusted Advisor checks • Last AWS sign in • AWS CloudTrail • IAM Credential Reports • Policies
Step 1: Get an AWS User Account
Geographic data locality Control over regional replication Policies, resource level permissions, temporary credentials Fine-grained access control In-depth logging AWS CloudTrail and Config Fine-grained visibility and control for accounts, resources, data Visibility into resources and usage Service Describe* APIs and 
 AWS CloudWatch Control over deployment AWS CloudFormation Step 2: Get transparent governance
Step 3: Get evidence you can audit • Many compliance audits require access to the state of your systems at arbitrary times (i.e. PCI, HIPAA) • A complete inventory of all resources and their configuration attributes is available for any point in time
Ways to Inventory Assets
Last AWS Sign In
AWS CloudTrail
IAM Credential Reports
Policies
Security is Job Zero YOU ARE BETTER OFF IN AWS THAN YOU ARE IN YOUR OWN ENVIRONMENT – “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers.” -Tom Soderstrom, CTO, NASA JPL – Nearly 60% of organizations agreed that CSPs [cloud service providers] provide better security than their own IT organizations. Source: IDC 2013 U.S. Cloud Security Survey, doc #242836, September 2013
Resources for You • aws.amazon.com/compliance • Self-paced labs (Qwiklabs) https://run.qwiklab.com/ – Auditing Your AWS Security Architecture • aws.amazon.com/security – Special Australian Government iRAP guidance coming soon! – Best practices and operational checklists – Architectural guidance – Detailed security information about the AWS services
Thank You

Recommended

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost Management
Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Amazon Web Services
 

Recommended

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Access Control for the Cloud: AWS Identity and Access Management (IAM) (SEC20...
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
Introduction to AWS Cost Management
Introduction to AWS Cost ManagementIntroduction to AWS Cost Management
Introduction to AWS Cost Management
Amazon Web Services
 
AWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets ManagerAWS Security Week: AWS Secrets Manager
AWS Security Week: AWS Secrets Manager
Amazon Web Services
 
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and FargateDeep Dive on Amazon Elastic Container Service (ECS) and Fargate
Deep Dive on Amazon Elastic Container Service (ECS) and Fargate
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
Amazon Web Services
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
Amazon Web Services
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
Amazon Web Services
 
AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected Framework
Henrique Mecking
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Nicholas Vossburg
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Teri Radichel
 
AWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationAWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customization
Dhaval Soni
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
John Varghese
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Amazon Web Services
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 
Leveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer EngagementLeveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer Engagement
Amazon Web Services
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise Support
Amazon Web Services
 

More Related Content

What's hot

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Amazon Web Services
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
Amazon Web Services
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
Amazon Web Services
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
Amazon Web Services
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
Amazon Web Services
 
AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected Framework
Henrique Mecking
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
Amazon Web Services
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
Scott Arveseth
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Nicholas Vossburg
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Teri Radichel
 
AWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationAWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customization
Dhaval Soni
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
John Varghese
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Amazon Web Services
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
Nagesh Ramamoorthy
 

What's hot (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
Monitor All Your Things: Amazon CloudWatch in Action with BBC (DEV302) - AWS ...
 
AWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design PatternsAWS Security Best Practices and Design Patterns
AWS Security Best Practices and Design Patterns
 
Deep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems ManagerDeep Dive on Amazon EC2 Systems Manager
Deep Dive on Amazon EC2 Systems Manager
 
Cost Optimisation on AWS
Cost Optimisation on AWSCost Optimisation on AWS
Cost Optimisation on AWS
 
Deep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep DiveDeep dive ECS & Fargate Deep Dive
Deep dive ECS & Fargate Deep Dive
 
AWS Well-Architected Framework
AWS Well-Architected FrameworkAWS Well-Architected Framework
AWS Well-Architected Framework
 
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
(DVO315) Log, Monitor and Analyze your IT with Amazon CloudWatch
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
 
Become an AWS IAM Policy Ninja
Become an AWS IAM Policy NinjaBecome an AWS IAM Policy Ninja
Become an AWS IAM Policy Ninja
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance ConversationMicrosoft Cloud Adoption Framework for Azure: Governance Conversation
Microsoft Cloud Adoption Framework for Azure: Governance Conversation
 
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
Underrated AWS Security Controls ~ AWS Atlanta Summit 2022
 
AWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customizationAWS Control Tower introduces Terraform account provisioning and customization
AWS Control Tower introduces Terraform account provisioning and customization
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
AWS Systems manager 2019
AWS Systems manager 2019AWS Systems manager 2019
AWS Systems manager 2019
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
Enterprise Governance: Build Your AWS Landing Zone (ENT351-R1) - AWS re:Inven...
 
AWS solution Architect Associate study material
AWS solution Architect Associate study materialAWS solution Architect Associate study material
AWS solution Architect Associate study material
 

Viewers also liked

Leveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer EngagementLeveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer Engagement
Amazon Web Services
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise Support
Amazon Web Services
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
Amazon Web Services
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - Keynote
Amazon Web Services
 
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
Amazon Web Services
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudHassan EL ALLOUSSI
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
Amazon Web Services
 
Neev cloud services with AWS
Neev cloud services with AWSNeev cloud services with AWS
Neev cloud services with AWS
Neev Technologies
 
RDP Support escalation matrix
RDP Support escalation matrixRDP Support escalation matrix
RDP Support escalation matrix
RDP Workstations Pvt Ltd
 
Flex pod spring2013-slideshare
Flex pod spring2013-slideshareFlex pod spring2013-slideshare
Flex pod spring2013-slideshareMichael Harding
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
veena venugopal
 
Building Social Proficiency Across The Organization
Building Social Proficiency Across The OrganizationBuilding Social Proficiency Across The Organization
Building Social Proficiency Across The Organization
Michael Brito | Zeno Group
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
TriNimbus
 
Azure App Service
Azure App ServiceAzure App Service
Azure App Service
BizTalk360
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
Amazon Web Services
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAmazon Web Services
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Amazon Web Services
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
Legal Services National Technology Assistance Project (LSNTAP)
 

Viewers also liked (20)

Leveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer EngagementLeveraging AWS Support for Customer Engagement
Leveraging AWS Support for Customer Engagement
 
Introduction to AWS Enterprise Support
Introduction to AWS Enterprise SupportIntroduction to AWS Enterprise Support
Introduction to AWS Enterprise Support
 
Security Best Practices on AWS
Security Best Practices on AWSSecurity Best Practices on AWS
Security Best Practices on AWS
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - Keynote
 
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
AWS Summit 2013 | India - AWS Support - Optimizing your Costs and Infrastruct...
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
Presentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloudPresentation Pci-dss compliance on the cloud
Presentation Pci-dss compliance on the cloud
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
AMRO C.V
AMRO C.VAMRO C.V
AMRO C.V
 
Neev cloud services with AWS
Neev cloud services with AWSNeev cloud services with AWS
Neev cloud services with AWS
 
RDP Support escalation matrix
RDP Support escalation matrixRDP Support escalation matrix
RDP Support escalation matrix
 
Flex pod spring2013-slideshare
Flex pod spring2013-slideshareFlex pod spring2013-slideshare
Flex pod spring2013-slideshare
 
Security in cloud computing
Security in cloud computingSecurity in cloud computing
Security in cloud computing
 
Building Social Proficiency Across The Organization
Building Social Proficiency Across The OrganizationBuilding Social Proficiency Across The Organization
Building Social Proficiency Across The Organization
 
Staying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave MillierStaying Secure When Moving to the Cloud - Dave Millier
Staying Secure When Moving to the Cloud - Dave Millier
 
Azure App Service
Azure App ServiceAzure App Service
Azure App Service
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
 
AWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best PracticesAWS Summit 2011: Application Security Best Practices
AWS Summit 2011: Application Security Best Practices
 
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
Building a Cloud Culture at Yelp (BDT305) | AWS re:Invent 2013
 
Introduction to Cloud Security
Introduction to Cloud SecurityIntroduction to Cloud Security
Introduction to Cloud Security
 

Similar to Security and Compliance in the Cloud

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
Amazon Web Services Korea
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
Amazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
Helen Rogers
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
Amazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
Amazon Web Services LATAM
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
Amazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
Amazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
Amazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
Shiva Narayanaswamy
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
Amazon Web Services
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in Practice
Alert Logic
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 

Similar to Security and Compliance in the Cloud (20)

AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
 
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
AWS Public Sector Symposium 2014 Canberra | Security as an Enabler: Improving...
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in Practice
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Segurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWSSegurança de Ponta a Ponta na AWS
Segurança de Ponta a Ponta na AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 

Security and Compliance in the Cloud

  • 1. AWS Government, Education, & Nonprofits Symposium Canberra, Australia | May 6, 2015 Stephen Quigg Principal Solutions Architect, APAC Amazon Web Services Security and Compliance in the Cloud
  • 3. Security is Job Zero Network Security Physical Security Platform Security People & Procedures
  • 4. HOW DOES AWS PRACTICE SECURITY?
  • 5. The practice of security at AWS is different, but the outcome is familiar: So what does your security team look like? • Operations • Engineering • Application Security • Compliance
  • 6. Measure constantly, report regularly, and hold senior executives accountable for security – have them drive the right culture Our Culture:
  • 7. Our Culture: Test, CONSTANTLY • Inside/outside • Privileged/unprivileged • Black-box/white-box • Vendor/self
  • 8. Simple Security Controls
 Easy to Get Right
 Easy to Audit

  • 11. Build everything on a constantly improving security baseline GxP ISO 13485 AS9100 ISO/TS 16949 AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations AWS is responsible for the security OF the Cloud
  • 12. AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers have their choice of security configurations IN the Cloud AWS is responsible for the security OF the Cloud Security is shared between AWS and its customers Customers
  • 13. AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Client-­‐side  Data   Encryption Server-­‐side  Data   Encryption Network  Traffic   Protection Platform,  Applications,  Identity  &  Access  Management Operating  System,  Network,  &  Firewall  Configuration Customer  applications  &  content Customers get their own solutions and configurations assessed The AWS platform has been iRAP assessed and certified AWS is certified by the ASD for unclassified DLM Customers
  • 14. AWS  Foundation  Services Compute Storage Database Networking AWS  Global   Infrastructure Regions Availability  Zones Edge  Locations Meet your own individual departmental needs We have many Government customers in Australia AWS  Foundation  Services Customers The AWS platform has been iRAP assessed and certified
  • 16. Security is Familiar • We strive to make security at AWS as familiar as what you are doing right now – Visibility – Auditability – Controllability – Agility
  • 18. VISIBILITY HOW OFTEN DO YOU MAP YOUR NETWORK? WHAT’S IN YOUR ENVIRONMENT RIGHT NOW?
  • 19.
  • 20.
  • 21. Trusted Advisor checks your account
  • 22. Security is Visible • Who is accessing the resources? • Who took what action? – When? – From where? – What did they do? – Logs Logs Logs
  • 23. You are making API calls... On a growing set of services around the world… AWS CloudTrail is continuously recording API calls… And delivering log files to you AWS CLOUDTRAIL Redshift AWS CloudFormation AWS Elastic Beanstalk
  • 24. AWS Config tells you
 what has changed AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.
  • 25. Continuous ChangeRecordingChanging Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
  • 26. Use cases enabled by Config • Security Analysis: Am I safe? • Audit Compliance: Where is the evidence? • Change Management: What will this change affect? • Troubleshooting: What has changed?
  • 27. What will this change affect? • When your resources are created, updated, or deleted, these configuration changes are streamed to Amazon SNS • Relationships between resources are understood, so that you can proactively assess change impact
  • 28. What changed? • It is critical to be able to quickly answer “What has changed?” • You can quickly identify the recent configuration changes to your resources by using the console or by building custom integrations with the regularly exported resource history files
  • 29. Integrated Support from Our Partner Ecosystem
  • 32. You are in control of privacy Choose geographic location and AWS will not replicate it elsewhere unless you choose to do so Control format, accuracy and encryption any way that you choose Control who can access content Control content lifecycle and disposal Customers retain full ownership and control of their content
  • 33. US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Your data stays where you put it 11 AWS Regions
  • 34. US-WEST (Oregon) EU-WEST (Ireland) ASIA PAC (Tokyo) US-WEST (N. California) SOUTH AMERICA (Sao Paulo) US-EAST (Virginia) AWS GovCloud (US) ASIA PAC (Sydney) ASIA PAC (Singapore) CHINA (Beijing) EU-CENTRAL (Frankfurt) Build resilience and durability everywhere 26 Availability Zones
  • 35. Cache content close to your customers 53 CloudFront Edge locations
  • 37. First class security and compliance starts (but doesn’t end!) with encryption Automatic encryption with managed keys Bring your own keys Dedicated hardware security modules
  • 38. AWS Key Management Service One-click Encryption Centralized key management (create, delete, view, set policies) Enforced, automatic key rotation Visibility into any changes via CloudTrail Encryption key management and compliance made easy
  • 39. Available, durable, and integrated with AWS Services Keys stored in HSMs Integrated with AWS Services Highly Available and durable
  • 40. AWS Key Management Service
 Integrated with AWS IAM Console
  • 41. AWS Key Management Service
 Integrated with Amazon EBS
  • 42. AWS Key Management Service
 Integrated with Amazon S3
  • 43. AWS Key Management Service
 Integrated with Amazon Redshift
  • 44. • SafeNet Luna SA managed and monitored by AWS, but you fully control and manage the keys • Increase performance for applications that use HSMs for key storage or encryption • Comply with stringent requirements for key protection • You can also use your own HSMs in your own facilities EC2 Instance AWS CloudHSM AWS CloudHSM You can also store your Encryption Keys in AWS CloudHSM
  • 45. CONTROL OF YOUR INFRASTRUCTURE
  • 46. Create your own private, isolated section of the AWS cloud AvailabilityZoneA AvailabilityZoneB AWS Virtual Private Cloud • Provision a logically isolated section of the AWS cloud • You choose a private IP range for your VPC • Segment this into subnets to deploy your compute instances AWS network security • AWS network will prevent spoofing and other common layer 2 attacks • You cannot sniff anything but your own EC2 host network interface • Control all external routing and connectivity
  • 47. Segregate your VPC into subnets to create your architecture Web App DBWeb
  • 48. Each subnet has directional network access control lists App DBWeb Web Allow Deny all traffic Allow Allow
  • 49. Each EC2 instance has five stateful security group firewalls App DB Port 3306 Web Web Port 443 Port 443 Port 443 Port 443 Port443
  • 50. Control which subnets can route to the Internet or 
 on-premise App DBWeb Web PUBLIC PRIVATE PRIVATE REPLICATE ON-PREM
  • 51. ApplicationServices You can securely share resources between VPCs Digital WebsitesBig Data Analytics Enterprise Apps Route traffic between VPCs in private and peer specific subnets between each VPC Even between AWS accounts Common Services Security Services AWS VPC Peering
  • 52. You can connect resiliently and in private to your own datacentres YOUR AWS ENVIRONMENT AWS Direct Connect YOUR PREMISES Digital Websites Big Data Analytics Dev and Test Enterprise Apps AWS Internet VPN
  • 53. Launch instance EC2 AMI catalogue Running instance Your instance Hardening and configuration Audit and logging Vulnerability management Malware and IPS Whitelisting and integrity User administration Operating system Configure instance Configure your environment as you like You get to apply your existing security policy Create or import your own ‘gold’ images • Import existing VMs to AWS or save your own custom images Choose how to build your standard host security environment Apply your existing host controls and configurations
  • 55. As AWS innovates you get to innovate
  • 56. Security is about how quickly you can protect DevOps isn’t just for coders • Make security be architecture rather than operations • Automate security patch deployment • When new patch released • Understand if you need it (software manifest) • Build and deploy patch in test environment • Automatically test the system still works • Promote to live environment == Patched as quickly as possible
  • 57. Security is about detecting signs of an incident
 Cloudwatch Logs lets you grab everything and monitor activity • When storage is cheap you might as well collect and keep your logs • Cloudwatch Logs makes it easy to capture any log and store it in a durable manner • Integration with Cloudwatch Metrics and Alarms means you can continually scan for events you know might be suspicious IF (detect web attacker > 10 in a 1 minute period) ALARM == TRUE == INCIDENT IN PROGRESS!
  • 58. Security is about how quickly you can react
 The first response should be your automation • Trigger workflow to act - automating the first line of response can markedly improve customers time to react during incidents • If == bad limit functionality whilst investigating, e.g. go read only or deny more user registration • If badness > really bad shut off internet connectivity until CERT can investigate
  • 60. Innovations Are For Auditors Too Auditing-centric services and features • New: AWS Config • New: AWS Key Management Service (AWS KMS) • AWS Trusted Advisor checks • Last AWS sign in • AWS CloudTrail • IAM Credential Reports • Policies
  • 61. Step 1: Get an AWS User Account
  • 62. Geographic data locality Control over regional replication Policies, resource level permissions, temporary credentials Fine-grained access control In-depth logging AWS CloudTrail and Config Fine-grained visibility and control for accounts, resources, data Visibility into resources and usage Service Describe* APIs and 
 AWS CloudWatch Control over deployment AWS CloudFormation Step 2: Get transparent governance
  • 63. Step 3: Get evidence you can audit • Many compliance audits require access to the state of your systems at arbitrary times (i.e. PCI, HIPAA) • A complete inventory of all resources and their configuration attributes is available for any point in time
  • 69. Security is Job Zero YOU ARE BETTER OFF IN AWS THAN YOU ARE IN YOUR OWN ENVIRONMENT – “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers.” -Tom Soderstrom, CTO, NASA JPL – Nearly 60% of organizations agreed that CSPs [cloud service providers] provide better security than their own IT organizations. Source: IDC 2013 U.S. Cloud Security Survey, doc #242836, September 2013
  • 70. Resources for You • aws.amazon.com/compliance • Self-paced labs (Qwiklabs) https://run.qwiklab.com/ – Auditing Your AWS Security Architecture • aws.amazon.com/security – Special Australian Government iRAP guidance coming soon! – Best practices and operational checklists – Architectural guidance – Detailed security information about the AWS services