SlideShare a Scribd company logo
1 of 30
Download to read offline
SHARED RESponsibility
in action
@marknca
Mark Nunnikhoven
Vice President, Cloud & Emerging Technologies
Trend Micro
@marknca
Modelling security on AWS
TRADITIONAL ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization
SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Config
More info on the model is available at h‫מּ‬p://aws.amazon.com/security
SHARED ResponsibilitY
Physical Operating System
Infrastructure Application
Network Data
Virtualization Security Groups
Network Config
Verify
Compliance information available at h‫מּ‬p://aws.amazon.com/compliance
Physical
Network
Virtualization
Operation System
Application
Data
DIY SaaSIaaS PaaS
*you
BETTER SERVICE TYPES
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Infrastructure
Abstract
Container
SERVICE Examples
Fantastic reference by AWS’ Mark Ryland at h‫מּ‬p://4mn.ca/ZZeDbA
Service Type *aaS
SQS, S3, Route53 Abstract SaaS
RDS, EMR, OpsWorks Container PaaS
EC2, EBS, VPC Infrastructure IaaS
Less responsibilities
More responsibilities
Less responsibilities
Options : Responsibilities
Re:Boot
Critical embargoed bug discovered in Xen, details at h‫מּ‬p://4mn.ca/1rcXTTN
A small percentage on instances scheduled for a reboot
ACTIONS TO TAKE
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Nothing for cloud-native architectures
Manage availability
For EC2
Nothing for Multi-AZ instances
Standard maintenance window for
single instances
For RDS
POODLE
CVE-2014-3566 : Padding Oracle On Downgraded Legacy Encryption
A‫מּ‬ack forces an older cipher choice. Details at h‫מּ‬p://4mn.ca/1EYfBEA
ACTIONS TO TAKE
From AWS’ Mark Ryland talk at h‫מּ‬p://4mn.ca/ZZeDbA
Select a non-affected cipher suite
For ELB
Enable TLS_FALLBACK_SCSV
Disable support for SSL 3.0*
For Web Servers
Shellshock
More info on bash is available at h‫מּ‬p://www.gnu.org/soﬞware/bash/
10/10 vulnerability. Widespread & easy to exploit
(){}; attacka:() { b; } | a‫מּ‬ack;
ACTIONS TO TAKE
Update bash
Use an intrusion prevent system
For EC2
Applied at the boundary
Majority of security controls are traditionally applied at the boundary
Same controls applied in the AWS Cloud, now to each instance
Applied to each instance
Options : Responsibilities
@marknca
Thank you.Learn more at testdrive.trendmicro.com

More Related Content

What's hot

What's hot (20)

CSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in PracticeCSS17: Dallas - The AWS Shared Responsibility Model in Practice
CSS17: Dallas - The AWS Shared Responsibility Model in Practice
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
AWS Enterprise Summit - AWS로 IT 운영 및 관리 재편하기 - 양승도
AWS Enterprise Summit -  AWS로 IT 운영 및 관리 재편하기 - 양승도AWS Enterprise Summit -  AWS로 IT 운영 및 관리 재편하기 - 양승도
AWS Enterprise Summit - AWS로 IT 운영 및 관리 재편하기 - 양승도
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Einführung „Compliance mit AWS" - AWS Security Web Day
Einführung „Compliance mit AWS" - AWS Security Web DayEinführung „Compliance mit AWS" - AWS Security Web Day
Einführung „Compliance mit AWS" - AWS Security Web Day
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
CSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in PracticeCSS17: DC - The AWS Shared Responsibility Model in Practice
CSS17: DC - The AWS Shared Responsibility Model in Practice
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud
 
Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin
Navigating the AWS Compliance Framework | AWS Security Roadshow DublinNavigating the AWS Compliance Framework | AWS Security Roadshow Dublin
Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin
 
From the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWSFrom the Trenches: Building Comprehensive and Secure Solutions in AWS
From the Trenches: Building Comprehensive and Secure Solutions in AWS
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS security
 

Viewers also liked

Viewers also liked (16)

In Depth: AWS Shared Security Model
In Depth: AWS Shared Security ModelIn Depth: AWS Shared Security Model
In Depth: AWS Shared Security Model
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Cloudsolutionday 2016: DevOps workflow with Docker on AWS
Cloudsolutionday 2016: DevOps workflow with Docker on AWSCloudsolutionday 2016: DevOps workflow with Docker on AWS
Cloudsolutionday 2016: DevOps workflow with Docker on AWS
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Getting Started with AWS Security
 Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
Introduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar SeriesIntroduction to Three AWS Security Services - November 2016 Webinar Series
Introduction to Three AWS Security Services - November 2016 Webinar Series
 
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer ToolsDevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools
 
Shared Responsibility in Accountability
Shared Responsibility in Accountability Shared Responsibility in Accountability
Shared Responsibility in Accountability
 
The AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in PracticeThe AWS Shared Security Responsibility Model in Practice
The AWS Shared Security Responsibility Model in Practice
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
ClearScale: Continuous Automation with Docker on AWS
ClearScale: Continuous Automation with Docker on AWSClearScale: Continuous Automation with Docker on AWS
ClearScale: Continuous Automation with Docker on AWS
 
Shared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account StructuresShared Responsibility and Setting Up Secure Account Structures
Shared Responsibility and Setting Up Secure Account Structures
 
Architecting for Greater Security on AWS
Architecting for Greater Security on AWSArchitecting for Greater Security on AWS
Architecting for Greater Security on AWS
 
AWS Security
AWS SecurityAWS Security
AWS Security
 
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
 

Similar to Shared Responsibility In Action

Power Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the CloudPower Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the Cloud
Mark Nunnikhoven
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
Amazon Web Services
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
STO STRATEGY
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
STO STRATEGY
 

Similar to Shared Responsibility In Action (20)

Security OF The Cloud
Security OF The CloudSecurity OF The Cloud
Security OF The Cloud
 
Power Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the CloudPower Struggle: Balancing Relationships & Responsibility in the Cloud
Power Struggle: Balancing Relationships & Responsibility in the Cloud
 
Cloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack OverviewCloud Security Alliance's GRC Stack Overview
Cloud Security Alliance's GRC Stack Overview
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis
Simplify Cloud Migration  to  AWS with RISC Network’s Complete App AnalysisSimplify Cloud Migration  to  AWS with RISC Network’s Complete App Analysis
Simplify Cloud Migration to AWS with RISC Network’s Complete App Analysis
 
Simplify Migration with RISC Network’s Complete App Analysis
Simplify Migration with RISC Network’s Complete App AnalysisSimplify Migration with RISC Network’s Complete App Analysis
Simplify Migration with RISC Network’s Complete App Analysis
 
Cloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 FoundationCloud Reference Architecture - Part 1 Foundation
Cloud Reference Architecture - Part 1 Foundation
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
 Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
Cloud Security (AWS)
Cloud Security (AWS)Cloud Security (AWS)
Cloud Security (AWS)
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar SeriesAutomating Compliance Defense in the Cloud - September 2016 Webinar Series
Automating Compliance Defense in the Cloud - September 2016 Webinar Series
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
Staying Secure in the Cloud
Staying Secure in the CloudStaying Secure in the Cloud
Staying Secure in the Cloud
 
The Trouble with Saas and Hybrid Cloud
The Trouble with Saas and Hybrid CloudThe Trouble with Saas and Hybrid Cloud
The Trouble with Saas and Hybrid Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
(ENT401) Hybrid Infrastructure Integration | AWS re:Invent 2014
 
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
Gestire la sicurezza nel Cloud: come iniziare ad implementare un processo Dev...
 
(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013(Pdf) yury chemerkin ita_2013
(Pdf) yury chemerkin ita_2013
 
(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013(Pdf) yury chemerkin intelligence_sec_2013
(Pdf) yury chemerkin intelligence_sec_2013
 

More from Mark Nunnikhoven

Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The Cloud
Mark Nunnikhoven
 

More from Mark Nunnikhoven (10)

Advanced Security Automation Made Simple
Advanced Security Automation Made SimpleAdvanced Security Automation Made Simple
Advanced Security Automation Made Simple
 
AWS re:Invent 2017 re:View
AWS re:Invent 2017 re:ViewAWS re:Invent 2017 re:View
AWS re:Invent 2017 re:View
 
Security Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud WorldSecurity Teams & Tech In A Cloud World
Security Teams & Tech In A Cloud World
 
Defending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep securityDefending your workloads with aws waf and deep security
Defending your workloads with aws waf and deep security
 
AWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:CapAWS re:Invent 2015 re:Cap
AWS re:Invent 2015 re:Cap
 
Whodunit, The Mechanics of Attack Attribution
Whodunit, The Mechanics of Attack AttributionWhodunit, The Mechanics of Attack Attribution
Whodunit, The Mechanics of Attack Attribution
 
Infrastructure as (Secure) Code
Infrastructure as (Secure) CodeInfrastructure as (Secure) Code
Infrastructure as (Secure) Code
 
Updating Security Operations For The Cloud
Updating Security Operations For The CloudUpdating Security Operations For The Cloud
Updating Security Operations For The Cloud
 
The Most Common Failure With Today's Defences
The Most Common Failure With Today's DefencesThe Most Common Failure With Today's Defences
The Most Common Failure With Today's Defences
 
Is That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The CheapIs That Normal? Behaviour Modelling On The Cheap
Is That Normal? Behaviour Modelling On The Cheap
 

Recently uploaded

Recently uploaded (20)

architecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdfarchitecting-ai-in-the-enterprise-apis-and-applications.pdf
architecting-ai-in-the-enterprise-apis-and-applications.pdf
 
IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024IT Software Development Resume, Vaibhav jha 2024
IT Software Development Resume, Vaibhav jha 2024
 
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
A Python-based approach to data loading in TM1 - Using Airflow as an ETL for TM1
 
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...
 
Naer Toolbar Redesign - Usability Research Synthesis
Naer Toolbar Redesign - Usability Research SynthesisNaer Toolbar Redesign - Usability Research Synthesis
Naer Toolbar Redesign - Usability Research Synthesis
 
how-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdfhow-to-download-files-safely-from-the-internet.pdf
how-to-download-files-safely-from-the-internet.pdf
 
Lessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdfLessons Learned from Building a Serverless Notifications System.pdf
Lessons Learned from Building a Serverless Notifications System.pdf
 
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdfMicrosoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
Microsoft 365 Copilot; An AI tool changing the world of work _PDF.pdf
 
Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024Modern binary build systems - PyCon 2024
Modern binary build systems - PyCon 2024
 
AI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning FrameworkAI/ML Infra Meetup | Perspective on Deep Learning Framework
AI/ML Infra Meetup | Perspective on Deep Learning Framework
 
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdfImplementing KPIs and Right Metrics for Agile Delivery Teams.pdf
Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf
 
Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024Secure Software Ecosystem Teqnation 2024
Secure Software Ecosystem Teqnation 2024
 
Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024Top Mobile App Development Companies 2024
Top Mobile App Development Companies 2024
 
Microsoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdfMicrosoft365_Dev_Security_2024_05_16.pdf
Microsoft365_Dev_Security_2024_05_16.pdf
 
Malaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptxMalaysia E-Invoice digital signature docpptx
Malaysia E-Invoice digital signature docpptx
 
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdfThe Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
The Evolution of Web App Testing_ An Ultimate Guide to Future Trends.pdf
 
CompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdfCompTIA Security+ (Study Notes) for cs.pdf
CompTIA Security+ (Study Notes) for cs.pdf
 
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...
 
OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024OpenChain @ LF Japan Executive Briefing - May 2024
OpenChain @ LF Japan Executive Briefing - May 2024
 
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
COMPUTER AND ITS COMPONENTS PPT.by naitik sharma Class 9th A mittal internati...
 

Shared Responsibility In Action