SlideShare a Scribd company logo

Security @ (Cloud) Scale Deep Dive

K
Kristana Kane

Security @ (Cloud) Scale Deep Dive

Technology
1 of 48
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cameron Worrell, Solutions Architect August 17th, 2017 Security @ (Cloud) Scale
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • AWS Controls that You Don’t Need to Worry About • Framework to Help You Adapt the Cloud Faster • AWS Services that You Should be Using • Reference Architectures that You Can Use
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls 2,500+
I wish I was a Solid State Drive in someone else’s Datacenter…
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Your own accreditation Your own certifications Your own external auditsCustomerAWS Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud Adoption Framework • Each Perspective provides guidance for different parts of an organization • Helps YOU adapt existing practices or introduce new practices for cloud computing
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Security Journey to the Cloud Security in the cloud is familiar. The increase in agility and the ability to perform actions faster, at a larger scale and at a lower cost, does not invalidate well- established principles of information security.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The CAF Security Perspective 5 Core Capabilities Identity and Access Management Detective Controls Infrastructure Security Data Protection Incident Response
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling to >1 Million Users RDS DB Instance Active (Multi-AZ) Availability Zone ELB Balancer RDS DB Instance Read Replica RDS DB Instance Read Replica Web Instance Web Instance Web Instance Web Instance Amazon Route 53 User Amazon S3 Amazon CloudFront DynamoDB Amazon SQS ElastiCache Worker Instance Worker Instance Amazon CloudWatch Internal App Instance Internal App Instance Amazon SES Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Already Built In… Security groups are virtual firewalls that control the traffic for one or more resources AWS IAM securely controls access to AWS services and resources for your users.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Already Built In…
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity and Access Management AWS Organizations AWS IAM AWS Security Token Service
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls AWS CloudTrail Amazon CloudWatch AWS Config Amazon Inspector VPC Flow Logs Account Resources Network
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls - VPC Flow Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls - VPC Flow Logs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security AWS Shield AWS WAF Network AWS OpsWorks Resources AWS Trusted Advisor AWS Config Rules Demo @ https://waf.widgetsllc.xyz
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules • Amazon CloudTrail should be enabled… • Is it? • All EBS volumes encrypted… • Are they? • All security groups in attached state should not have unrestricted access to port 22. • Do they?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules • Codify and automate your own practices • Get started with samples in AWS Lambda • Implement guidelines for security best practices and compliance • Use rules from various AWS Partners • View compliance in one dashboard
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection AWS CloudHSM AWS Key Management Service AWS Certificate Manager
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection - Encryption Encryption In-Transit SSL/TLS VPN / IPSEC SSH Encryption At-Rest Object Database Filesystem Disk
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – AWS Certificate Manager • AWS Certificate Manager (AWS ACM) is a service that lets you easily provision, manage, and deploy TLS certificates for use with Amazon Elastic Load Balancer or Amazon CloudFront distribution. • No additional charge for provisioning TLS certificates • Manages the renewal process of TLS certificates • Certificates are verified by Amazon’s certificate authority (CA), Amazon Trust Services (ATS)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – AWS Certificate Manager
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – AWS KMS Data key 1 S3 object EBS volume Amazon Redshift cluster Data key 2 Data key 3 Data key 4 Custom application Customer Master Keys
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response Amazon CloudWatch Amazon Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Lambda Log from __future__ import print_function import json def lambda_handler(event, context): print(json.dumps(event, indent=2))
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Lambda Respond cloudtrail = boto3.client('cloudtrail') trail_arn = event["detail"]["requestParameters"]["name "] ct_response = cloudtrail.start_logging( Name = trail_arn )
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Lambda Notify sns_topic = "arn:aws:sns:us-east-1:123459227412:reporter-topic" subject = 'EVENT: ' + event["detail"]["eventName"] message = "What happened? " + event["detail"]["eventName"] + "n" "What service? " + event["detail"]["eventSource"] + "n" "Where? " + event["detail"]["awsRegion"] + "n" "When? " + event["detail"]["eventTime"] + "n" "Who? " + str(json.dumps(event["detail"]["userIdentity"], indent=2)) sns = boto3.client('sns') sns_response = sns.publish( TopicArn = sns_topic, Message = message, Subject = subject, MessageStructure = 'string' )
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Amazon SNS Notification
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Complete
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling to >1 Million Users RDS DB Instance Active (Multi-AZ) Availability Zone ELB Balancer RDS DB Instance Read Replica RDS DB Instance Read Replica Web Instance Web Instance Web Instance Web Instance Amazon Route 53 User Amazon S3 Amazon CloudFront DynamoDB Amazon SQS ElastiCache Worker Instance Worker Instance Amazon CloudWatch Internal App Instance Internal App Instance Amazon SES Lambda
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling to >1 Million Users RDS DB Instance Active (Multi-AZ) Availability Zone ELB Balancer RDS DB Instance Read Replica RDS DB Instance Read Replica Web Instance Web Instance Web Instance Web Instance Amazon Route 53 User Amazon S3 Amazon CloudFront DynamoDB Amazon SQS ElastiCache Worker Instance Worker Instance Amazon CloudWatch Internal App Instance Internal App Instance Amazon SES Lambda AWS WAF AWS Shield AWS Organizations AWS CloudTrail AWS Config VPC Flow Logs Amazon Inspector AWS OpsWorks
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deploy Faster Wherever You Like 16 Regions – 44 Availability Zones – 82 Edge Locations Region & Number of Availability Zones AWS GovCloud (2) EU Ireland (3) US West Frankfurt (3) Oregon (3) London (2) Northern California (3) Asia Pacific US East Singapore (2) N. Virginia (6), Ohio (3) Sydney (2), Tokyo (3), Seoul (2), Mumbai (2) Canada Central (2) China Beijing (2) South America São Paulo (3)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace Security Partners Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary • AWS Security Benefits: • Integrated Security & Compliance • Global Resilience, Visibility, & Control • Maintain Your Privacy and Data Ownership • Agility Through Security Automation • Security Innovation at Scale • Broad Security Partner & Marketplace Solutions
Thank You!

Recommended

Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWSKristana Kane
 
Deep Dive on Microservices and Docker
Deep Dive on Microservices and DockerDeep Dive on Microservices and Docker
Deep Dive on Microservices and DockerKristana Kane
 
Serverless Big Data Architectures: Serverless Data Analytics
Serverless Big Data Architectures: Serverless Data AnalyticsServerless Big Data Architectures: Serverless Data Analytics
Serverless Big Data Architectures: Serverless Data AnalyticsKristana Kane
 
Microservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliMicroservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliAmazon Web Services
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSKristana Kane
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Running Lean Architectures
Running Lean ArchitecturesRunning Lean Architectures
Running Lean ArchitecturesAmazon Web Services
 

Recommended

Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps Kristana Kane
 
Getting Started with Docker on AWS
Getting Started with Docker on AWSGetting Started with Docker on AWS
Getting Started with Docker on AWSKristana Kane
 
Deep Dive on Microservices and Docker
Deep Dive on Microservices and DockerDeep Dive on Microservices and Docker
Deep Dive on Microservices and DockerKristana Kane
 
Serverless Big Data Architectures: Serverless Data Analytics
Serverless Big Data Architectures: Serverless Data AnalyticsServerless Big Data Architectures: Serverless Data Analytics
Serverless Big Data Architectures: Serverless Data AnalyticsKristana Kane
 
Microservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliMicroservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigliAmazon Web Services
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSKristana Kane
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Running Lean Architectures
Running Lean ArchitecturesRunning Lean Architectures
Running Lean ArchitecturesAmazon Web Services
 
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web ServicesAWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web ServicesAmazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleAmazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Amazon Web Services
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWSAmazon Web Services
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsAmazon Web Services
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...Amazon Web Services
 
Wild Rides Takes off - The Dawn of a New Unicorn
Wild Rides Takes off - The Dawn of a New UnicornWild Rides Takes off - The Dawn of a New Unicorn
Wild Rides Takes off - The Dawn of a New UnicornAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
The Tightrope for K12 IT
The Tightrope for K12 ITThe Tightrope for K12 IT
The Tightrope for K12 ITAmazon Web Services
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
(SEC204) AWS GovCloud (US): Not Just for Govies
(SEC204) AWS GovCloud (US): Not Just for Govies(SEC204) AWS GovCloud (US): Not Just for Govies
(SEC204) AWS GovCloud (US): Not Just for GoviesAmazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Bluesoft @ AWS re:Invent 2017 + AWS 101
Bluesoft @ AWS re:Invent 2017 + AWS 101Bluesoft @ AWS re:Invent 2017 + AWS 101
Bluesoft @ AWS re:Invent 2017 + AWS 101André Faria Gomes
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & ComplianceAmazon Web Services LATAM
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 

More Related Content

What's hot

AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web ServicesAWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web ServicesAmazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Amazon Web Services
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsAmazon Web Services
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsAmazon Web Services
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryAmazon Web Services
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...Amazon Web Services
 
Wild Rides Takes off - The Dawn of a New Unicorn
Wild Rides Takes off - The Dawn of a New UnicornWild Rides Takes off - The Dawn of a New Unicorn
Wild Rides Takes off - The Dawn of a New UnicornAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Amazon Web Services
 
(SEC204) AWS GovCloud (US): Not Just for Govies
(SEC204) AWS GovCloud (US): Not Just for Govies(SEC204) AWS GovCloud (US): Not Just for Govies
(SEC204) AWS GovCloud (US): Not Just for GoviesAmazon Web Services
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...Amazon Web Services
 
Bluesoft @ AWS re:Invent 2017 + AWS 101
Bluesoft @ AWS re:Invent 2017 + AWS 101Bluesoft @ AWS re:Invent 2017 + AWS 101
Bluesoft @ AWS re:Invent 2017 + AWS 101André Faria Gomes
 

What's hot (20)

AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web ServicesAWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
AWS APAC Webinar Week - Introduction to Cloud Computing With Amazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - Madrid
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundations
 
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWSAWS Enterprise Summit Netherlands - Enterprise Applications on AWS
AWS Enterprise Summit Netherlands - Enterprise Applications on AWS
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and RecoveryGetting Started with the Hybrid Cloud: Enterprise Backup and Recovery
Getting Started with the Hybrid Cloud: Enterprise Backup and Recovery
 
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
AWS re:Invent 2016: Industry Opportunities for AWS Partners: Healthcare, Fina...
 
Wild Rides Takes off - The Dawn of a New Unicorn
Wild Rides Takes off - The Dawn of a New UnicornWild Rides Takes off - The Dawn of a New Unicorn
Wild Rides Takes off - The Dawn of a New Unicorn
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
The Tightrope for K12 IT
The Tightrope for K12 ITThe Tightrope for K12 IT
The Tightrope for K12 IT
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
 
(SEC204) AWS GovCloud (US): Not Just for Govies
(SEC204) AWS GovCloud (US): Not Just for Govies(SEC204) AWS GovCloud (US): Not Just for Govies
(SEC204) AWS GovCloud (US): Not Just for Govies
 
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
SEC306 Using Microsoft Active Directory Across On-Premises and AWS Cloud Wind...
 
Bluesoft @ AWS re:Invent 2017 + AWS 101
Bluesoft @ AWS re:Invent 2017 + AWS 101Bluesoft @ AWS re:Invent 2017 + AWS 101
Bluesoft @ AWS re:Invent 2017 + AWS 101
 

Similar to Security @ (Cloud) Scale Deep Dive

Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Amazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Amazon Web Services
 
20180514 _aws data-security_aws.compressed
20180514 _aws data-security_aws.compressed20180514 _aws data-security_aws.compressed
20180514 _aws data-security_aws.compressedSekretariat3A
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesAmazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsBela Sojina MBA, PMP
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...Amazon Web Services
 
Serverless Architecture Patterns
Serverless Architecture PatternsServerless Architecture Patterns
Serverless Architecture PatternsAmazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkAmazon Web Services
 
Introduction to Security and AWS Storage
Introduction to Security and AWS StorageIntroduction to Security and AWS Storage
Introduction to Security and AWS StorageAmazon Web Services
 
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
Journey Towards Scaling Your API to 10 Million Users
Journey Towards Scaling Your API to 10 Million UsersJourney Towards Scaling Your API to 10 Million Users
Journey Towards Scaling Your API to 10 Million UsersAdrian Hornsby
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...Amazon Web Services
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 

Similar to Security @ (Cloud) Scale Deep Dive (20)

AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF) Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through Failure
 
Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017 Security at Scale with AWS - AWS Summit Cape Town 2017
Security at Scale with AWS - AWS Summit Cape Town 2017
 
20180514 _aws data-security_aws.compressed
20180514 _aws data-security_aws.compressed20180514 _aws data-security_aws.compressed
20180514 _aws data-security_aws.compressed
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Intro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on awsIntro to threat_detection_and_remediation on aws
Intro to threat_detection_and_remediation on aws
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
 
Serverless Architecture Patterns
Serverless Architecture PatternsServerless Architecture Patterns
Serverless Architecture Patterns
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
 
Introduction to Security and AWS Storage
Introduction to Security and AWS StorageIntroduction to Security and AWS Storage
Introduction to Security and AWS Storage
 
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
Cloud Adoption Framework: Security Persepctive - Incident Response: Preparing...
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
Journey Towards Scaling Your API to 10 Million Users
Journey Towards Scaling Your API to 10 Million UsersJourney Towards Scaling Your API to 10 Million Users
Journey Towards Scaling Your API to 10 Million Users
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 

More from Kristana Kane

AWS Summit Atlanta Keynote
AWS Summit Atlanta KeynoteAWS Summit Atlanta Keynote
AWS Summit Atlanta KeynoteKristana Kane
 
Getting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless ComputingGetting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless ComputingKristana Kane
 
An Overview to Artificial Intelligence Services at AWS
An Overview to Artificial Intelligence Services at AWSAn Overview to Artificial Intelligence Services at AWS
An Overview to Artificial Intelligence Services at AWSKristana Kane
 
Deep Dive into Apache MXNet on AWS
Deep Dive into Apache MXNet on AWSDeep Dive into Apache MXNet on AWS
Deep Dive into Apache MXNet on AWSKristana Kane
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTKristana Kane
 
VMware and AWS Together - VMware Cloud on AWS
VMware and AWS Together - VMware Cloud on AWSVMware and AWS Together - VMware Cloud on AWS
VMware and AWS Together - VMware Cloud on AWSKristana Kane
 

More from Kristana Kane (7)

AWS Summit Atlanta Keynote
AWS Summit Atlanta KeynoteAWS Summit Atlanta Keynote
AWS Summit Atlanta Keynote
 
Getting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless ComputingGetting Started with AWS Lambda and Serverless Computing
Getting Started with AWS Lambda and Serverless Computing
 
An Overview to Artificial Intelligence Services at AWS
An Overview to Artificial Intelligence Services at AWSAn Overview to Artificial Intelligence Services at AWS
An Overview to Artificial Intelligence Services at AWS
 
AWS IoT Deep Dive
AWS IoT Deep DiveAWS IoT Deep Dive
AWS IoT Deep Dive
 
Deep Dive into Apache MXNet on AWS
Deep Dive into Apache MXNet on AWSDeep Dive into Apache MXNet on AWS
Deep Dive into Apache MXNet on AWS
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
VMware and AWS Together - VMware Cloud on AWS
VMware and AWS Together - VMware Cloud on AWSVMware and AWS Together - VMware Cloud on AWS
VMware and AWS Together - VMware Cloud on AWS
 

Recently uploaded

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 

Recently uploaded (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 

Security @ (Cloud) Scale Deep Dive

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cameron Worrell, Solutions Architect August 17th, 2017 Security @ (Cloud) Scale
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • AWS Controls that You Don’t Need to Worry About • Framework to Help You Adapt the Cloud Faster • AWS Services that You Should be Using • Reference Architectures that You Can Use
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls 2,500+
  • 6. I wish I was a Solid State Drive in someone else’s Datacenter…
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Security Controls AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Your own accreditation Your own certifications Your own external auditsCustomerAWS Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cloud Adoption Framework • Each Perspective provides guidance for different parts of an organization • Helps YOU adapt existing practices or introduce new practices for cloud computing
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Security Journey to the Cloud Security in the cloud is familiar. The increase in agility and the ability to perform actions faster, at a larger scale and at a lower cost, does not invalidate well- established principles of information security.
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The CAF Security Perspective 5 Core Capabilities Identity and Access Management Detective Controls Infrastructure Security Data Protection Incident Response
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling to >1 Million Users RDS DB Instance Active (Multi-AZ) Availability Zone ELB Balancer RDS DB Instance Read Replica RDS DB Instance Read Replica Web Instance Web Instance Web Instance Web Instance Amazon Route 53 User Amazon S3 Amazon CloudFront DynamoDB Amazon SQS ElastiCache Worker Instance Worker Instance Amazon CloudWatch Internal App Instance Internal App Instance Amazon SES Lambda
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Already Built In… Security groups are virtual firewalls that control the traffic for one or more resources AWS IAM securely controls access to AWS services and resources for your users.
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security Already Built In…
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Identity and Access Management AWS Organizations AWS IAM AWS Security Token Service
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls AWS CloudTrail Amazon CloudWatch AWS Config Amazon Inspector VPC Flow Logs Account Resources Network
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls - VPC Flow Logs
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Detective Controls - VPC Flow Logs
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security AWS Shield AWS WAF Network AWS OpsWorks Resources AWS Trusted Advisor AWS Config Rules Demo @ https://waf.widgetsllc.xyz
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules • Amazon CloudTrail should be enabled… • Is it? • All EBS volumes encrypted… • Are they? • All security groups in attached state should not have unrestricted access to port 22. • Do they?
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules • Codify and automate your own practices • Get started with samples in AWS Lambda • Implement guidelines for security best practices and compliance • Use rules from various AWS Partners • View compliance in one dashboard
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security – AWS Config Rules
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection AWS CloudHSM AWS Key Management Service AWS Certificate Manager
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection - Encryption Encryption In-Transit SSL/TLS VPN / IPSEC SSH Encryption At-Rest Object Database Filesystem Disk
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – AWS Certificate Manager • AWS Certificate Manager (AWS ACM) is a service that lets you easily provision, manage, and deploy TLS certificates for use with Amazon Elastic Load Balancer or Amazon CloudFront distribution. • No additional charge for provisioning TLS certificates • Manages the renewal process of TLS certificates • Certificates are verified by Amazon’s certificate authority (CA), Amazon Trust Services (ATS)
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – AWS Certificate Manager
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – AWS KMS Data key 1 S3 object EBS volume Amazon Redshift cluster Data key 2 Data key 3 Data key 4 Custom application Customer Master Keys
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response Amazon CloudWatch Amazon Lambda
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Lambda Log from __future__ import print_function import json def lambda_handler(event, context): print(json.dumps(event, indent=2))
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – AWS CloudWatch Events
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Lambda Respond cloudtrail = boto3.client('cloudtrail') trail_arn = event["detail"]["requestParameters"]["name "] ct_response = cloudtrail.start_logging( Name = trail_arn )
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Lambda Notify sns_topic = "arn:aws:sns:us-east-1:123459227412:reporter-topic" subject = 'EVENT: ' + event["detail"]["eventName"] message = "What happened? " + event["detail"]["eventName"] + "n" "What service? " + event["detail"]["eventSource"] + "n" "Where? " + event["detail"]["awsRegion"] + "n" "When? " + event["detail"]["eventTime"] + "n" "Who? " + str(json.dumps(event["detail"]["userIdentity"], indent=2)) sns = boto3.client('sns') sns_response = sns.publish( TopicArn = sns_topic, Message = message, Subject = subject, MessageStructure = 'string' )
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Amazon SNS Notification
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Incident Response – Complete
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling to >1 Million Users RDS DB Instance Active (Multi-AZ) Availability Zone ELB Balancer RDS DB Instance Read Replica RDS DB Instance Read Replica Web Instance Web Instance Web Instance Web Instance Amazon Route 53 User Amazon S3 Amazon CloudFront DynamoDB Amazon SQS ElastiCache Worker Instance Worker Instance Amazon CloudWatch Internal App Instance Internal App Instance Amazon SES Lambda
  • 44. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scaling to >1 Million Users RDS DB Instance Active (Multi-AZ) Availability Zone ELB Balancer RDS DB Instance Read Replica RDS DB Instance Read Replica Web Instance Web Instance Web Instance Web Instance Amazon Route 53 User Amazon S3 Amazon CloudFront DynamoDB Amazon SQS ElastiCache Worker Instance Worker Instance Amazon CloudWatch Internal App Instance Internal App Instance Amazon SES Lambda AWS WAF AWS Shield AWS Organizations AWS CloudTrail AWS Config VPC Flow Logs Amazon Inspector AWS OpsWorks
  • 45. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Deploy Faster Wherever You Like 16 Regions – 44 Availability Zones – 82 Edge Locations Region & Number of Availability Zones AWS GovCloud (2) EU Ireland (3) US West Frankfurt (3) Oregon (3) London (2) Northern California (3) Asia Pacific US East Singapore (2) N. Virginia (6), Ohio (3) Sydney (2), Tokyo (3), Seoul (2), Mumbai (2) Canada Central (2) China Beijing (2) South America São Paulo (3)
  • 46. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace Security Partners Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection
  • 47. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Summary • AWS Security Benefits: • Integrated Security & Compliance • Global Resilience, Visibility, & Control • Maintain Your Privacy and Data Ownership • Agility Through Security Automation • Security Innovation at Scale • Broad Security Partner & Marketplace Solutions