SlideShare a Scribd company logo

Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018

Amazon Web Services
Amazon Web Services

How can you ensure your environment is Secure? How can you implement an effective governance model in your organization? The AWS Cloud Adoption Framework (CAF) and its Security Perspective provide a structured approach to make risk based decisions, build security guardrails and meet your compliance goals as you migrate to AWS. The Security perspective of the CAF provides a set of 5 core themes designed to help you structure your selection and implementation of controls that are right for your business: IAM, Detective Controls, Infrastructure Security, Data Protection and Incident response. In this session you will learn what it takes to lead a Secure Cloud Journey for your organization and make key strategic decisions.

1 of 34
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Gili Lev Cloud Executive Security Advisor AWS Professional Services Global Security, Risk & Compliance Security, Risk & Compliance of Your Cloud Journey SESSION LS203
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved My Cloud Journey Story
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Your AWS Cloud Journey
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Cloud Adoption Framework (AWS CAF) The AWS CAF helps organizations understand how cloud adoption transforms the way they work, by identifying the stakeholders that are critical to cloud adoption and groups them into six Perspectives
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS CAF Security Perspective Security Perspective Directive Preventative Detective Responsive
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Enterprise Stages of AWS Adoption Project Foundation Migration Reinvention Discovery Targeted At Scale ClientValue Cloud Adoption Over Time
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Stages of Cloud Adoption CUSTOMER CLOUD CENTER OF EXCELLENCE (CCOE) PROJECT FOUNDATION MIGRATION REINVENTION INNOVATION RETIRE TECH DEBT Value Time DISCOVERY AWS CLOUD ADOPTION FRAMEWORK
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Enterprise Governance for Cloud Adoption • Develop Cloud Governance Program • Review Data Classification • Review Company policies • Build Security Standards Control Framework • Develop a Cloud Security Strategy Ø Get executive buy-in Ø Communicate and educate
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Don’t plan for Everything… before doing Something Classify your application portfolio to understand your total cloud opportunity Hardware appliance Already virtualized x86 Horizontally scalable Microservices architecture Non-x86 workload Well-defined application boundaries Leverages services (e.g. SOA, API’s, etc.) “API- first” design Non-cloud friendly licensing model Cloud-friendly licensing model “12 factor” applications Fault tolerance built in Location-specific or latency intolerant on- premise dependency Known dependencies on applications & data Software vendor- provided cloud image (AMI, CloudFormation) Bundled metrics & proactive failure testing Not Cloud Now Eligible Friendly SaaS/ Native
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Shared Responsibility Model
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Security is a Shared Responsibility AWS foundation services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, identity and access management Operating system, network, and firewall configuration Customer content AWS is responsible for the security OF the cloud Customers are responsible for their security and compliance IN the cloud
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Infrastructure Services Customer Content Platform and application management Operating system, network, and firewall configuration Client-side data encryption and data integrity authentication Network traffic protection encryption/ integrity/identity Server-side encryption file system and/or data Optional – Opaque data: 0’s and 1’s (in transit/at rest) CustomerIAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Container Services Customer Content Client-side data encryption and data integrity authentication Network traffic protection encryption/integrity/identity Optional—opaque data: 0’s and 1’s (in transit/at rest) Customer IAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by Platform and application management Firewall configuration Operating system and network configuration
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Abstracted Services Customer Content Client-side data encryption and data integrity authentication AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by Optional—opaque data: 0’s and 1’s (in transit/at rest) Data protection provided by the platform for data at rest Network traffic protection provided by the platform protection of data in transit Platform and application management Operating system, network, and firewall configuration
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Security Epics Program
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Security Epics Frequent iteration via sprints lead to increased maturity while retaining flexibility to adapt to business pace and demand. First sprint example Define the account structure and implement the core set of best practices Second sprint example Implement federation Third sprint example Expand account management to cater to multiple accounts
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS CAF Security Perspective CORE 5 • IAM • Detective Controls • Infs. Security • Data Protection • Incident Response Increase agility and ability to perform actions faster, at a larger scale while validating information security principles and ensuring your environment maintains strong security footing:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Identity and Access Management (IAM) The CORE 5:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Account Governance & Ownership AWS Organizations AWS Identity & Access Management Policy-based management for multiple AWS accounts with security and automation settings Securely control access to AWS services and resources for your users Amazon Cognito Mobile Sign- up, sign-in and access control with various IDPs via SAML 2.0 ü MFA ü Root ü Federation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detective Controls The CORE 5:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Audit & Visibility AWS CloudTrail AWS Config Amazon CloudWatch VPC Flow logs Record AWS API calls Enable Governance, Compliance & Auditing Monitor resources & your applications on AWS. Collect metrics, set alarms, and automatically react to changes Resource inventory, configuration history, and configuration change notifications to enable security and governance Capture information about the IP traffic going to and from network interfaces in your VPC Account Resources Network Amazon GuardDuty Intelligent threat detection & continuous monitoring to protect your AWS accounts and workloads
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Infrastructure Security The CORE 5:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Infrastructure Protection Amazon VPC AWS CloudFormation Security Groups AWS WAF AWS Shield Stateful host based firewalls for explicit traffic control Provision your resources in a safe, predictable manner. Infrastructure as code is your source of truth Provision a logically isolated section of AWS cloud where you can launch AWS resources in a virtual network that you define Managed DDoS protection service that safeguards web applications running on AWS Protects your web applications from common web exploits ensuring availability and security R e s o u r c e s N e t w o r k Amazon Inspector Automatically assesses applications for vulnerabilities or deviations from best practices
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Data Protection The CORE 5:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Data Protection • Deep integration with AWS Services • CloudTrail • AWS SDK for application encryption AWS KMSAmazon CloudHSM V2 • Tamper resistant secure key storage for cryptographic operations • Standards-compliant • FIPS 140-2 Level 3 AWS Certificate Manager • Provision, manage, and deploy TLS certificates • Use with Amazon ELB or Amazon CloudFront distribution Amazon Macie Machine learning- powered security service to discover, classify, and protect sensitive data
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Incident Response The CORE 5:
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Auditability AWS Config rule AWS Trusted Advisor Create rules that automatically take action in response to changes in your environment Real time guidance to provision your resources following AWS best practices. - reduce cost - increase performance - improve security AWS Lambda Serverless compute service that runs code so you can scale your programmed, automated response to incidents
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Pace of Innovation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved 2011 82 722 1,430 280 2013 2015 2017 AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 90 services that range from compute, storage, networking, database, analytics, application services, deployment, management, developer, mobile, Internet of Things (IoT), Artificial Intelligence (AI), security, hybrid and enterprise applications. AWS has launched a total of total of 4,343 new features and/or services since inception in 2006. AWS Pace of Innovation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Security Team Operations Application Security Engineering Aligned for agility
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AND Move Fast Stay Secure
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Getting to cloud is a journey. Your journey will be unique.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Thank you!

Recommended

Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Boaz Ziniman
 
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Amazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Riyadh User Group
 
Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...
Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...
Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...
Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
Amazon Web Services
 
Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops
Amazon Web Services
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Amazon Web Services
 

Recommended

Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Boaz Ziniman
 
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Your road to a Well Architected solution in the Cloud - Tel Aviv Summit 2018
Amazon Web Services
 
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Optimizing Costs as You Scale on AWS (ENT302) - AWS re:Invent 2018
Amazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Riyadh User Group
 
Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...
Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...
Leadership Session: Using DevOps, Microservices, and Serverless to Accelerate...
Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
Amazon Web Services
 
Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops Hitchhiker's Guide to Cloud Ops
Hitchhiker's Guide to Cloud Ops
Amazon Web Services
 
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Operationalizing Microsoft Workloads (WIN320) - AWS re:Invent 2018
Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
Amazon Web Services
 
Introducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech TalksIntroducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech Talks
Amazon Web Services
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
Amazon Web Services
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Amazon Web Services
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate
Amazon Web Services
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
Amazon Web Services
 
Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Connected Product Development - Secure Cloud & Local Connectivity for Microco...Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Amazon Web Services
 
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
Amazon Web Services
 
Running Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSRunning Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWS
Amazon Web Services
 
AWSome Day Online Conference 2018 Module 1.pdf
AWSome Day Online Conference 2018 Module 1.pdfAWSome Day Online Conference 2018 Module 1.pdf
AWSome Day Online Conference 2018 Module 1.pdf
Amazon Web Services
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Amazon Web Services
 
Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018
Amazon Web Services
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Amazon Web Services
 
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Amazon Web Services
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech TalksThe Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
Amazon Web Services
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
 

More Related Content

What's hot

Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
Amazon Web Services
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
Amazon Web Services
 
Introducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech TalksIntroducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech Talks
Amazon Web Services
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
Amazon Web Services
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Amazon Web Services
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate
Amazon Web Services
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
Amazon Web Services
 
Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Connected Product Development - Secure Cloud & Local Connectivity for Microco...Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Amazon Web Services
 
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
Amazon Web Services
 
Running Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSRunning Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWS
Amazon Web Services
 
AWSome Day Online Conference 2018 Module 1.pdf
AWSome Day Online Conference 2018 Module 1.pdfAWSome Day Online Conference 2018 Module 1.pdf
AWSome Day Online Conference 2018 Module 1.pdf
Amazon Web Services
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Amazon Web Services
 
Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018
Amazon Web Services
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Amazon Web Services
 
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Amazon Web Services
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech TalksThe Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
Amazon Web Services
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
Amazon Web Services
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
Amazon Web Services
 

What's hot (20)

Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
Multi-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica HiveMulti-Account Strategy and Security with Centrica Hive
Multi-Account Strategy and Security with Centrica Hive
 
Introducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech TalksIntroducing AWS Firewall Manager - AWS Online Tech Talks
Introducing AWS Firewall Manager - AWS Online Tech Talks
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
 
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
Best Practices for Centrally Monitoring Resource Configuration & Compliance (...
 
Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate Develop Containerized Apps with AWS Fargate
Develop Containerized Apps with AWS Fargate
 
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
A Practitioner's Guide to Securing Your Cloud (Like an Expert) (SEC203-R1) - ...
 
Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Connected Product Development - Secure Cloud & Local Connectivity for Microco...Connected Product Development - Secure Cloud & Local Connectivity for Microco...
Connected Product Development - Secure Cloud & Local Connectivity for Microco...
 
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
SPEKE-ing of Content Protection & DRM (MAE302) - AWS re:Invent 2018
 
Running Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWSRunning Mission Critical Workloads on AWS
Running Mission Critical Workloads on AWS
 
AWSome Day Online Conference 2018 Module 1.pdf
AWSome Day Online Conference 2018 Module 1.pdfAWSome Day Online Conference 2018 Module 1.pdf
AWSome Day Online Conference 2018 Module 1.pdf
 
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
Optimizing Storage for Enterprise Workloads and Migrations (STG202) - AWS re:...
 
Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018Module 5 - AWSome Day Online Conference 2018
Module 5 - AWSome Day Online Conference 2018
 
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
Autonomous DevSecOps: Five Steps to a Self-Driving Cloud (ENT214-S) - AWS re:...
 
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
Media Processing Workflows at High Velocity and Scale using AI and ML - AWS O...
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
 
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech TalksThe Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
The Evolution of Identity and Access Management on AWS - AWS Online Tech Talks
 
SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps SRV315 Building Enterprise-Grade Serverless Apps
SRV315 Building Enterprise-Grade Serverless Apps
 
Serverless Architectural Patterns
Serverless Architectural PatternsServerless Architectural Patterns
Serverless Architectural Patterns
 

Similar to Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018

Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
Amazon Web Services
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
Vladimir Simek
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Amazon Web Services
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloud
Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Amazon Web Services
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
Amazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
Amazon Web Services
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
Amazon Web Services
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
Amazon Web Services
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
Amazon Web Services
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
Kristana Kane
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
Amazon Web Services
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Amazon Web Services
 

Similar to Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018 (20)

Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
Introduction to the Security Perspective of the Cloud Adoption Framework (CAF)
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloud
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Introduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption FrameworkIntroduction to the Security Perspective of the Cloud Adoption Framework
Introduction to the Security Perspective of the Cloud Adoption Framework
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
 
SEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) ScaleSEC301 Security @ (Cloud) Scale
SEC301 Security @ (Cloud) Scale
 
Security @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep DiveSecurity @ (Cloud) Scale Deep Dive
Security @ (Cloud) Scale Deep Dive
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
Living on the Edge, It’s Safer Than You Think! Building Strong with Amazon Cl...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Gili Lev Cloud Executive Security Advisor AWS Professional Services Global Security, Risk & Compliance Security, Risk & Compliance of Your Cloud Journey SESSION LS203
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved My Cloud Journey Story
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Your AWS Cloud Journey
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Cloud Adoption Framework (AWS CAF) The AWS CAF helps organizations understand how cloud adoption transforms the way they work, by identifying the stakeholders that are critical to cloud adoption and groups them into six Perspectives
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS CAF Security Perspective Security Perspective Directive Preventative Detective Responsive
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Enterprise Stages of AWS Adoption Project Foundation Migration Reinvention Discovery Targeted At Scale ClientValue Cloud Adoption Over Time
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Stages of Cloud Adoption CUSTOMER CLOUD CENTER OF EXCELLENCE (CCOE) PROJECT FOUNDATION MIGRATION REINVENTION INNOVATION RETIRE TECH DEBT Value Time DISCOVERY AWS CLOUD ADOPTION FRAMEWORK
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Enterprise Governance for Cloud Adoption • Develop Cloud Governance Program • Review Data Classification • Review Company policies • Build Security Standards Control Framework • Develop a Cloud Security Strategy Ø Get executive buy-in Ø Communicate and educate
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Don’t plan for Everything… before doing Something Classify your application portfolio to understand your total cloud opportunity Hardware appliance Already virtualized x86 Horizontally scalable Microservices architecture Non-x86 workload Well-defined application boundaries Leverages services (e.g. SOA, API’s, etc.) “API- first” design Non-cloud friendly licensing model Cloud-friendly licensing model “12 factor” applications Fault tolerance built in Location-specific or latency intolerant on- premise dependency Known dependencies on applications & data Software vendor- provided cloud image (AMI, CloudFormation) Bundled metrics & proactive failure testing Not Cloud Now Eligible Friendly SaaS/ Native
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Shared Responsibility Model
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Security is a Shared Responsibility AWS foundation services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, identity and access management Operating system, network, and firewall configuration Customer content AWS is responsible for the security OF the cloud Customers are responsible for their security and compliance IN the cloud
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Infrastructure Services Customer Content Platform and application management Operating system, network, and firewall configuration Client-side data encryption and data integrity authentication Network traffic protection encryption/ integrity/identity Server-side encryption file system and/or data Optional – Opaque data: 0’s and 1’s (in transit/at rest) CustomerIAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Container Services Customer Content Client-side data encryption and data integrity authentication Network traffic protection encryption/integrity/identity Optional—opaque data: 0’s and 1’s (in transit/at rest) Customer IAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by Platform and application management Firewall configuration Operating system and network configuration
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Abstracted Services Customer Content Client-side data encryption and data integrity authentication AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by Optional—opaque data: 0’s and 1’s (in transit/at rest) Data protection provided by the platform for data at rest Network traffic protection provided by the platform protection of data in transit Platform and application management Operating system, network, and firewall configuration
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Security Epics Program
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Security Epics Frequent iteration via sprints lead to increased maturity while retaining flexibility to adapt to business pace and demand. First sprint example Define the account structure and implement the core set of best practices Second sprint example Implement federation Third sprint example Expand account management to cater to multiple accounts
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS CAF Security Perspective CORE 5 • IAM • Detective Controls • Infs. Security • Data Protection • Incident Response Increase agility and ability to perform actions faster, at a larger scale while validating information security principles and ensuring your environment maintains strong security footing:
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Identity and Access Management (IAM) The CORE 5:
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Account Governance & Ownership AWS Organizations AWS Identity & Access Management Policy-based management for multiple AWS accounts with security and automation settings Securely control access to AWS services and resources for your users Amazon Cognito Mobile Sign- up, sign-in and access control with various IDPs via SAML 2.0 ü MFA ü Root ü Federation
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Detective Controls The CORE 5:
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Audit & Visibility AWS CloudTrail AWS Config Amazon CloudWatch VPC Flow logs Record AWS API calls Enable Governance, Compliance & Auditing Monitor resources & your applications on AWS. Collect metrics, set alarms, and automatically react to changes Resource inventory, configuration history, and configuration change notifications to enable security and governance Capture information about the IP traffic going to and from network interfaces in your VPC Account Resources Network Amazon GuardDuty Intelligent threat detection & continuous monitoring to protect your AWS accounts and workloads
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Infrastructure Security The CORE 5:
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Infrastructure Protection Amazon VPC AWS CloudFormation Security Groups AWS WAF AWS Shield Stateful host based firewalls for explicit traffic control Provision your resources in a safe, predictable manner. Infrastructure as code is your source of truth Provision a logically isolated section of AWS cloud where you can launch AWS resources in a virtual network that you define Managed DDoS protection service that safeguards web applications running on AWS Protects your web applications from common web exploits ensuring availability and security R e s o u r c e s N e t w o r k Amazon Inspector Automatically assesses applications for vulnerabilities or deviations from best practices
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Data Protection The CORE 5:
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Data Protection • Deep integration with AWS Services • CloudTrail • AWS SDK for application encryption AWS KMSAmazon CloudHSM V2 • Tamper resistant secure key storage for cryptographic operations • Standards-compliant • FIPS 140-2 Level 3 AWS Certificate Manager • Provision, manage, and deploy TLS certificates • Use with Amazon ELB or Amazon CloudFront distribution Amazon Macie Machine learning- powered security service to discover, classify, and protect sensitive data
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. Incident Response The CORE 5:
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Auditability AWS Config rule AWS Trusted Advisor Create rules that automatically take action in response to changes in your environment Real time guidance to provision your resources following AWS best practices. - reduce cost - increase performance - improve security AWS Lambda Serverless compute service that runs code so you can scale your programmed, automated response to incidents
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS Pace of Innovation
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved 2011 82 722 1,430 280 2013 2015 2017 AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 90 services that range from compute, storage, networking, database, analytics, application services, deployment, management, developer, mobile, Internet of Things (IoT), Artificial Intelligence (AI), security, hybrid and enterprise applications. AWS has launched a total of total of 4,343 new features and/or services since inception in 2006. AWS Pace of Innovation
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AWS Security Team Operations Application Security Engineering Aligned for agility
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved AND Move Fast Stay Secure
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Getting to cloud is a journey. Your journey will be unique.
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved Thank you!