From the Trenches: Building Comprehensive and Secure Solutions in AWSAlert Logic
The document provides information about Pariveda Solutions, a consulting firm that delivers strategic services and technology solutions using AWS. It includes Sean Beard's biography as a Principal Architect at Pariveda, describes some of Pariveda's clients and solutions developed using AWS, and discusses strategies for building secure and comprehensive solutions in AWS.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
View a recording of the webinar based on this presentation on YouTube here: http://youtu.be/rXPyGDWKHIo
From the Trenches: Building Comprehensive and Secure Solutions in AWSAlert Logic
The document provides information about Pariveda Solutions, a consulting firm that delivers strategic services and technology solutions using AWS. It includes Sean Beard's biography as a Principal Architect at Pariveda, describes some of Pariveda's clients and solutions developed using AWS, and discusses strategies for building secure and comprehensive solutions in AWS.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organization's security and compliance objectives.
View a recording of the webinar based on this presentation on YouTube here: http://youtu.be/rXPyGDWKHIo
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C. Amazon Web Services
The AWS Shared Responsibility Model (SRM) varies somewhat according to the type of AWS service involved, from infrastructure to container to abstracted services. In this session we will move beyond the “hypervisor up/down” summary of the SRM and explore how the SRM works for services beyond EC2.
An examination of how the shared responsibility model for cloud security works in the real world.
Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.
This document discusses shared responsibility for security and compliance on AWS. It outlines that AWS is responsible for security of the cloud, including foundational services, global infrastructure, and data protection capabilities. Customers are responsible for security and compliance of their content and applications in the cloud. The document provides an overview of AWS security features and references resources to help customers deploy securely and meet compliance needs by leveraging AWS services and controls.
The document discusses AWS's shared security model and how it provides security controls that customers don't need to worry about. It outlines AWS services for identity and access management, infrastructure security, data protection, incident response, and how customers can scale to over 1 million users. The document promotes how AWS security benefits include integrated security and compliance, global resilience and control, maintaining privacy and data ownership, security automation for agility, innovation at scale, and broad security partner solutions.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Amazon Web Services
Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.
This session provides real guidance and practical answers to government users’ questions about security and compliance, helping agencies move away from the “worry-based fiction” of the cloud
Speaker: Stephen Squigg, Solutions Architect, Amazon Web Services, APAC
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Cloud Security, Risk and Compliance on AWSKarim Hopper
This document discusses governance, risk, and compliance considerations for using AWS cloud services. It outlines AWS assurance programs that provide regular third-party security evaluations. It also describes the shared responsibility model where AWS is responsible for security of the cloud and customers are responsible for security in the cloud. The document provides examples of how AWS services like CloudTrail, Config, and Key Management Service provide visibility, auditability, and control to help customers meet their security and compliance needs.
This session will provide an update on considerations for FIs around security and controls, with specific focus on the recently published Comprehensive Guidance on Cybersecurity Controls Issued by Securities and Futures Commission (SFC). The session will then conclude with an introduction to compliance concepts in the Cloud Using Security by Design principles.
The document discusses security best practices for AWS workspaces using the NIST Cybersecurity Framework as a guide. It recommends identifying assets and risks, implementing protective controls like security groups and IAM, detecting issues with services like GuardDuty and CloudTrail, responding to incidents by reverting to known good states and rotating credentials, and recovering by identifying and correcting root causes. AWS services can both directly provide security and support an organization's overall security posture.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
This document discusses using a "Security by Design" approach on AWS to help customers modernize their technology governance and continuously comply with regulations. It describes building security into every layer, automating security operations, and using AWS services like Config, GuardDuty, and Inspector to continuously monitor for compliance. The Lunar Way case study shows how they use multiple AWS accounts, security groups, and AWS Config custom rules to meet financial regulations and continuously monitor their AWS infrastructure for compliance.
Transform Your Risk Systems for Greater Agility with Accenture & AWS PPTAmazon Web Services
Financial Institutions are facing ever increasing demands to satisfy regulatory compliance while also reducing costs and growing their business. This is driving institutions to conduct increasingly complex risk calculations, to be completed in a timely manner against ever greater volumes of data, with zero tolerance for failure. In house capabilities for such compute grids are limited and costly.
Accenture’s risk grid solution on AWS allows financial organizations worldwide to be able to scale to respond to the increased compute required, while reducing their overall costs and improving their controls, reliability, availability, flexibility and functionality.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
- The document discusses strategies for both before and after a security breach occurs.
- Before a breach, the key recommendations are to adopt resilient design patterns like limiting credential reuse, isolating applications, and continuously snapshotting configurations. Critical logs should also be collected and stored immutably outside the environment.
- After a breach is discovered, the document advises cutting connections but also considers briefly observing the attacker first to understand the full scope. Isolating compromised infrastructure and practicing incident response drills are also suggested.
AWS Shared Responsibility Model - AWS Symposium 2014 - Washington D.C. Amazon Web Services
The AWS Shared Responsibility Model (SRM) varies somewhat according to the type of AWS service involved, from infrastructure to container to abstracted services. In this session we will move beyond the “hypervisor up/down” summary of the SRM and explore how the SRM works for services beyond EC2.
An examination of how the shared responsibility model for cloud security works in the real world.
Using practical examples, you'll see how security responsibilities are balanced between the consumer (you the user) and the provider.
This document discusses shared responsibility for security and compliance on AWS. It outlines that AWS is responsible for security of the cloud, including foundational services, global infrastructure, and data protection capabilities. Customers are responsible for security and compliance of their content and applications in the cloud. The document provides an overview of AWS security features and references resources to help customers deploy securely and meet compliance needs by leveraging AWS services and controls.
The document discusses AWS's shared security model and how it provides security controls that customers don't need to worry about. It outlines AWS services for identity and access management, infrastructure security, data protection, incident response, and how customers can scale to over 1 million users. The document promotes how AWS security benefits include integrated security and compliance, global resilience and control, maintaining privacy and data ownership, security automation for agility, innovation at scale, and broad security partner solutions.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Amazon Web Services
Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.
This session provides real guidance and practical answers to government users’ questions about security and compliance, helping agencies move away from the “worry-based fiction” of the cloud
Speaker: Stephen Squigg, Solutions Architect, Amazon Web Services, APAC
This session is designed to introduce you to fundamental cloud computing and AWS security concepts that will help you prepare for the Security Week sessions, demos, and workshops. We will also provide an overview of the Security pillar of the AWS Cloud Adoption Framework (CAF) and talk about how AWS keeps humans away from data—and how you can, too.
Cloud Security, Risk and Compliance on AWSKarim Hopper
This document discusses governance, risk, and compliance considerations for using AWS cloud services. It outlines AWS assurance programs that provide regular third-party security evaluations. It also describes the shared responsibility model where AWS is responsible for security of the cloud and customers are responsible for security in the cloud. The document provides examples of how AWS services like CloudTrail, Config, and Key Management Service provide visibility, auditability, and control to help customers meet their security and compliance needs.
This session will provide an update on considerations for FIs around security and controls, with specific focus on the recently published Comprehensive Guidance on Cybersecurity Controls Issued by Securities and Futures Commission (SFC). The session will then conclude with an introduction to compliance concepts in the Cloud Using Security by Design principles.
The document discusses security best practices for AWS workspaces using the NIST Cybersecurity Framework as a guide. It recommends identifying assets and risks, implementing protective controls like security groups and IAM, detecting issues with services like GuardDuty and CloudTrail, responding to incidents by reverting to known good states and rotating credentials, and recovering by identifying and correcting root causes. AWS services can both directly provide security and support an organization's overall security posture.
AWS provides a range of security services and features that AWS customers can use to secure their content and applications and meet their own specific business requirements for security. This presentation focuses on how you can make use of AWS security features to meet your own organisation's security and compliance objectives.
This document discusses using a "Security by Design" approach on AWS to help customers modernize their technology governance and continuously comply with regulations. It describes building security into every layer, automating security operations, and using AWS services like Config, GuardDuty, and Inspector to continuously monitor for compliance. The Lunar Way case study shows how they use multiple AWS accounts, security groups, and AWS Config custom rules to meet financial regulations and continuously monitor their AWS infrastructure for compliance.
Transform Your Risk Systems for Greater Agility with Accenture & AWS PPTAmazon Web Services
Financial Institutions are facing ever increasing demands to satisfy regulatory compliance while also reducing costs and growing their business. This is driving institutions to conduct increasingly complex risk calculations, to be completed in a timely manner against ever greater volumes of data, with zero tolerance for failure. In house capabilities for such compute grids are limited and costly.
Accenture’s risk grid solution on AWS allows financial organizations worldwide to be able to scale to respond to the increased compute required, while reducing their overall costs and improving their controls, reliability, availability, flexibility and functionality.
La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes.
Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise.
https://aws.amazon.com/es/security/
#ALSummit: Cyber Resiliency: Surviving the BreachAlert Logic
- The document discusses strategies for both before and after a security breach occurs.
- Before a breach, the key recommendations are to adopt resilient design patterns like limiting credential reuse, isolating applications, and continuously snapshotting configurations. Critical logs should also be collected and stored immutably outside the environment.
- After a breach is discovered, the document advises cutting connections but also considers briefly observing the attacker first to understand the full scope. Isolating compromised infrastructure and practicing incident response drills are also suggested.
Compliance as Code: Velocity with Security - Fraser Pollock, ChefAlert Logic
This document discusses mapping compliance documents to InSpec controls for auditing infrastructure. It provides an example of mapping a compliance control related to setting the SSH protocol to version 2. It demonstrates implementing this control in InSpec by defining a title, description, and test to check the SSH configuration file. It also shows how to run the InSpec control locally and remotely on infrastructure to automate compliance testing.
Welcome to everything the cloud has to offer. Now, you need to keep your apps and workloads secure, without compromising the speed and flexibility of the cloud. This is the new economics of cloud security.
Learn more: https://www.alertlogic.com/neweconomics
O autor agradece aos colegas de faculdade que o apoiaram ao longo dos últimos dois anos pelo companheirismo, paciência, momentos de descontração e cuidado. Ele diz que a presença deles o motivou a continuar nos momentos difíceis e que sentirá saudades de todos.
Businesses are in the cloud for the long term, with 65 percent of organizations choosing cloud subscriptions lasting one year or more. Click on image to discover more cloud findings from the CSC Cloud Usage Index, developed from a global survey of more than 3,500 IT decision makers who use cloud. http://assets1.csc.com/newsroom/downloads/CSC_Cloud_Usage_Index.pdf
El documento describe el movimiento literario modernista en Hispanoamérica entre 1880-1910. Se caracterizó por una rebelión creativa, refinamiento estético y renovación del lenguaje. Tuvo su origen en Hispanoamérica impulsado por Rubén Darío y se manifestó en el arte, la ciencia, la religión y la política. Dentro del modernismo se destacan la búsqueda de belleza, evocaciones históricas y la expresión de la intimidad personal.
Understand how you can secure your digital assets that are stored in Amazon AWS. Get to know what is the Amazon responsibility of Amazon and what are your responsibility for completing the Shared Security Philosophy. Know what measures Amazon has taken to secure its cloud storage and premises. By insuring security and following the laid guidelines you can too insure the security of your data and instance that is hosted in Amazon cloud services.
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWSAlert Logic
Clarke Rodgers (CISO, SCOR Velogica)'s presentation on SCOR's journey to SOC2/TYPE2 via AWS at the NYC Alert Logic Cloud Security Summit on June 14th, 2016.
#ALSummit: Live Cyber Hack DemonstrationAlert Logic
James Brown (VP Technology Solutions Group, Alert Logic), Stephen Coty (Chief Security Evangelist, Alert Logic), and Paul Fletcher (Security Evangelist, Alert Logic)'s live hack demonstration at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
Silver Lining: An Everyman's Journey to Cloud Security - Sven Skoog, MonotypeAlert Logic
Sven Skoog discusses security challenges facing Monotype, a company with 500-700 employees across 14 offices in 10 countries. As Monotype relies increasingly on cloud computing but also maintains on-premise infrastructure, Skoog examines whether defenses need to differ between local and cloud environments. He then outlines Monotype's existing security tools from Alert Logic that provide sensors and instrumentation to detect threats, forensic logging and consolidation of events, web application inspection, and automated monitoring through a security operations center. Skoog believes the cloud can enable new "meta-insights" through tracking of cloud assets, attack trends over time, and deviations from typical usage profiles.
AWS Summit Manila - Opening Keynote by Dr. Werner Vogels Amazon Web Services
Opening Keynote – Dr. Werner Vogels, Chief Technology Officer, Amazon.com and Customers
Ron Hose, Chief Executive Officer and Founder at CoinsPH.com
Ernest Cu, Chief Executive Officer at Globe Telecom
Robert San Juan, Vice President for Corporate Information Management at Jollibee Foods Corporation
Alfred Lo, Head of Product Engineering at Voyager Innovation
Shared Security Responsibility in the AWS Public CloudAlert Logic
The document discusses security in the AWS public cloud and Alert Logic solutions that are engineered for AWS. It summarizes that in AWS, security is shared between AWS and the customer. Alert Logic provides web security, log management, and threat detection solutions that integrate with AWS and are designed to scale automatically with AWS resources. The solutions provide security monitoring, compliance coverage, and are managed by Alert Logic security analysts.
#ALSummit: Architecting Security into your AWS EnvironmentAlert Logic
Ryan Holland (Cloud Platform Solutions Director, Alert Logic)'s presentation on securing your AWS environment at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaAmazon Web Services
Stephen Schmidt, Vice President and Chief Information Security Officer at AWS, discussed security and privacy in the cloud. He provided an overview of AWS's security model including certifications, physical security of data centers, network security controls, and the shared responsibility model between AWS and customers. Schmidt also discussed virtual private clouds and deployment models that provide logical and physical isolation of customer workloads and data.
In this session, Vice President of AWS Infrastructure Jerry Hunter gives an insider view of some of the innovations that help make the AWS cloud unique. Jerry will show examples of data center, power, and networking innovations used across the AWS platform. Join this session and walk away with a deeper understanding of the underlying innovations powering the cloud.
Ryan Holland (Cloud Platform Solution Director, Alert Logic) and Pat McDowell (Partner Solution Architect, Amazon Web Services)'s presentation on AWS security services like AWS Inspector, AWS WAF, and AWS Config Rules at the NYC Alert Logic Cloud Security Summit on June 14, 2016.
AWS re:Invent 2016: Global Traffic Management with Amazon Route 53 Traffic Fl...Amazon Web Services
This document summarizes a presentation on managing global traffic with Amazon Route 53 Traffic Flow. It introduces concepts for managing global traffic, how to use traffic flow for traffic management, and a case study on how Amazon uses traffic flow for virtual private network (VPN) endpoint selection. Traffic flow allows routing traffic to endpoints based on rules for failover, weighted routing, geolocation, and latency. The case study demonstrates how Amazon implemented geolocation and latency-based rules in a traffic policy to optimize routing of VPN users to the closest regions and servers.
This document discusses the AWS shared security responsibility model. It outlines that AWS is responsible for security of the cloud, including managing regions, availability zones, edge locations, and foundational services. Customers are responsible for security in the cloud, including operating systems, firewalls, encryption of data at rest and in transit, and identity and access management. The document provides examples of how responsibilities are divided for different AWS service types like compute, databases, and object storage. It also discusses security best practices, compliance programs, and resources available to help customers achieve their security goals on AWS.
This document discusses AWS's shared security responsibility model and how it works in practice. It explains that AWS is responsible for security of the cloud, managing over 1,800 security controls. Customers are responsible for security and compliance in the cloud for their specific workloads and data. The level of responsibility varies depending on whether a customer uses infrastructure, container, or abstract services. The document provides examples and resources to help customers understand and achieve compliance when using AWS.
The AWS Shared Responsibility Model in PracticeAlert Logic
The document discusses the AWS shared responsibility model for security. It provides an overview of AWS's global infrastructure footprint and data locality practices. It then explains the shared responsibility model and how responsibilities differ based on the type of AWS service (infrastructure, container, or abstract). The document also discusses how AWS is responsible for security of the cloud through activities like auditing, certifications, and compliance programs to provide a secure baseline for customers.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
This document discusses security management for cloud computing on AWS. It describes AWS regions and availability zones around the world. It then discusses that security cannot block innovation and shows that AWS adds security features faster than other significant features. It outlines that AWS manages security of the cloud while customers are responsible for security in the cloud. Key security services on AWS include identity and access management, encryption options, security groups, and CloudTrail to log API usage.
Shared Responsibility and Setting Up Secure Account StructuresAmazon Web Services
In addition to discussing the AWS Shared Responsibility Model in detail for Infrastructure, Container and Abstract Services, we present a reference architecture for a secure, multi-account enterprise structure, including Mandatory Access Control for logging and separation assurance for different groups and functions within an organisation.
1) The document discusses initial considerations for deploying applications on AWS such as how the service will be accessed, what data is being handled, and compliance needs.
2) It then covers the AWS shared responsibility model and who manages what between AWS and the customer for different types of AWS services.
3) Practical advice is provided on security controls to deploy on AWS, including using Route 53, CloudFront, S3 buckets, application load balancers, and VPC components.
4) The document concludes by recommending several AWS security audit tools including CloudTrail, Config, GuardDuty, and VPC flow logs to ensure deployments are working as planned.
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
Security is a top priority to both AWS and its customers and many enterprises trust us with some of their most sensitive information, including financial, personal and health information. Learn about the key security features of AWS that these enterprise customers are using to build their own secure applications and secure and encrypt their content. We will also share how you can integrate AWS into your existing security policies and how partners like Trend Micro can help you extend this into the AWS Cloud.
At our winter East Midlands Cyber Security Forum event, Dave Walker gave a presentation looking at Amazon’s security approach for their web services, outlining the key tools that are available to ensure a secure deployment.
http://qonex.com/east-midlands-cyber-security-forum/
The document discusses Amazon Web Services (AWS) and its benefits for the oil and gas industry. It provides an overview of AWS, including its global infrastructure, rapid pace of innovation with new services, and use by enterprises. The document outlines key benefits of AWS like agility, cost savings, and security. It discusses AWS platforms and services across compute, storage, database, analytics and more. Finally, it discusses how the oil and gas industry can leverage AWS to boost operations through applications like connected digital oil fields, big data analytics, and 3D seismic visualization.
Hybrid Cloud & the Enterprise
This document discusses how enterprises are extending their infrastructure into the cloud using hybrid cloud solutions. It provides examples of how various companies such as Shell, S&P Capital IQ, and Lionsgate are using Amazon Web Services (AWS) to augment their on-premises infrastructure. The presentation discusses how AWS enables hybrid environments through services like Virtual Private Clouds and identity and access management. It also discusses how enterprises can achieve security, control and governance when building hybrid cloud solutions with AWS and enterprise management platforms from partners like BMC.
The AWS Shared Responsibility Model in PracticeAlert Logic
This document discusses the AWS shared responsibility model and how it divides security responsibilities between AWS and customers. It provides examples of how the responsibilities are divided for different types of AWS services, including infrastructure services, container services, and abstract services. It also promotes the security tools and services available in AWS that can help customers automate security tasks, gain visibility, and protect their infrastructure, data, and applications.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS and its partners offer a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. AWS provides security-specific tools and features across network security, configuration management, access control and data security. In addition, AWS provides monitoring and logging tools to can provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that AWS offers, and the latest security innovations coming from AWS.
AWS Finland User Group Meetup 2017-05-23Rolf Koski
This document discusses how adopting AWS can help customers with security and compliance. It notes that AWS manages over 1,800 security controls to secure the cloud infrastructure, allowing customers to focus on security within their applications. The document outlines key AWS security services like IAM, encryption, firewalls and more that provide automated protections. It also discusses the shared security responsibility model between AWS and customers.
2014년 10월 29일에 열린 AWS Enterprise Summit에서의 발표자료입니다. 아마존 웹서비스의 양승도 솔루션스 아키텍트가 진행한 강연입니다.
강연 요약: 보안은 AWS와 고객 모두에게 매우 중요한 사항입니다. 많은 엔터프라이즈 고객들이 AWS를 신뢰해 금융정보나 개인정보 등의 민감한 정보들을 AWS에 저장하고 있습니다. 이 세션에서는 이러한 엔터프라이즈 고객들이 보안성 있는 애플리케이션을 구축하고 중요 정보를 암호화하는 등 보안을 유지하는 데 사용하는 AWS의 주요 보안 기능에 대해 알아보고, 기존의 보안 정책에 맞게 AWS를 사용할 수 있는 방법에 대해서도 알아보겠습니다. 또한 귀사의 현재 보안 태세를 한층 강화할 수 있도록 보안 프로그램과 절차, 모범 사례 등을 소개할 예정입니다.
In this session, you’ll learn about security on AWS and why logging in the cloud is different than on-premises. We’ll explore AWS Cloudtrail, the logging service built into AWS. We’ll discuss Amazon Cloudwatch, a monitoring service for AWS cloud resources and the applications you run on AWS. We’ll also talk about Amazon Inspector, which is the recently announced application security assessment service from AWS. We’ll examine the AWS Config service and how you can use it to improve security and resource management on AWS. Finally, we will look at how the Splunk App for AWS ties all of these services together into deep insight and useful visualizations.
Similar to The AWS Shared Responsibility Model in Practice - Nirav Kothari, AWS (20)
Managed Threat Detection & Response for AWS ApplicationsAlert Logic
This document provides an overview of Alert Logic's Security-as-a-Service offering. It describes Alert Logic's integrated multi-layer security solution that protects enterprise applications and cloud workloads from web application attacks, server and network activity, and vulnerabilities. It also discusses how Alert Logic assesses risks, blocks threats, detects anomalies, and ensures compliance. Alert Logic provides both security software and services to help secure hybrid and multi-cloud environments.
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
The presentation discusses Alert Logic's Cloud Insight Essentials, which provides automated exposure and vulnerability management for AWS. It integrates with Amazon GuardDuty to provide centralized visibility of AWS assets, identify configuration flaws, and offer immediate remediation advice. Cloud Insight Essentials allows customers to take action sooner on threats in their AWS environments and prevent future compromise through continuous checks and prioritized remediation recommendations with no footprint on AWS. A demo of the product is provided and customers can start a 30-day free trial from the AWS Marketplace.
This document discusses Alert Logic's Security-as-a-Service offering which provides an integrated multi-layer security solution to protect enterprise applications and cloud workloads across hosted data centers and hybrid environments. It protects against web application attacks, server and network activity, and vulnerabilities across software stacks. Alert Logic also provides security experts and services including assessment, blocking, detection, and compliance. The document then discusses best practices for securing an AWS environment including logical network segmentation, access management, configuration management, and understanding the shared responsibility model between cloud providers and customers.
Extending Amazon GuardDuty with Cloud Insight Essentials Alert Logic
This document discusses the importance of detection in security and introduces Alert Logic Cloud Insight Essentials. It notes that it takes companies on average 6 months to detect an intrusion. The essentials of security require continuous monitoring, accurate detection, and centralized management. Cloud Insight Essentials provides automated exposure and vulnerability management for AWS that extends GuardDuty findings. It offers visibility, identifies configuration flaws, and provides remediation advice. Cloud Insight Essentials integrates with AWS APIs for no-touch automation and a REST API for integration. It allows taking action sooner on threats with context and prioritized recommendations.
The document discusses security implications of cloud computing and web application attacks. It notes that web application attacks are now the leading cause of data breaches, but less than 5% of security budgets are spent on application security. There is a wide range of attacks targeting different layers of the application stack. Defending applications and workloads in the cloud is complex due to rapidly changing code, vulnerabilities in third-party tools, and a shortage of cloud security expertise. Perimeter security tools are insufficient for protecting the diverse cloud attack surface. The document also provides an example of a textile company that suffered a data exfiltration attack through vulnerabilities in their PHP login system, costing them $1.8 million.
The document discusses reducing attack surfaces in cloud environments. It notes that understanding your attack surface is critical for deploying proper security controls as attack surfaces differ between cloud and on-premises environments. It also states that web application attacks are now the leading cause of data breaches but less than 5% of security budgets are spent on application security. Common cloud misconfigurations are also discussed as a major risk factor.
This document discusses security in the cloud and recommends best practices. It notes that while AWS provides many security tools, customers are still responsible for 95% of security failures due to human error. It then outlines various attack types like SQL injection and remote code execution that target web applications. The document recommends leveraging machine learning and multiple detection techniques to identify multi-stage attacks. It emphasizes the need to secure the entire attack surface, including on-premises environments, and highlights services like Alert Logic that provide 24/7 monitoring, analytics, and security experts to help detect and respond to threats.
1. As developers have become the driving force behind cloud adoption, there is a need to realign security practices with DevOps workflows and priorities.
2. A blueprint approach to cloud security involves enumerating cloud assets, threat modeling for common workloads, and integrating controls across the full technology stack.
3. With a blueprint model and automated security tools integrated into the development pipeline, security can provide coverage throughout the software development lifecycle without slowing innovation or agility.
This document provides information about Presidio, a digital transformation solutions company. It discusses Presidio's cloud solutions capabilities including consulting, integration services, software practices, DevOps, and managed cloud services. It provides examples of Presidio projects including securing a client's websites on AWS and ensuring HIPAA compliance for medical applications on AWS. The document also outlines Presidio's status as an APN Advanced Consulting Partner and their expertise in cloud migrations, architectures, and ongoing management.
1. DevOps has implications for security as developers now drive cloud adoption for innovation and speed of deployment.
2. A blueprint approach to cloud security involves enumerating cloud assets, threat modeling for blueprints, and integrating controls like monitoring and machine learning to provide full stack security coverage.
3. This blueprint model provides a way to align security with DevOps practices by integrating security into the daily workflow and development pipeline rather than having security as a separate gate.
Rent-A-Center uses Alert Logic's cloud security solutions to secure its complex IT environment spanning traditional data centers, multiple cloud providers, and mobile/e-commerce platforms while maintaining compliance. As Rent-A-Center expands its points of commerce through rapid development methods, Alert Logic helps secure its core and address new cyber risks. The collaboration with Alert Logic's security experts has strengthened Rent-A-Center's security posture and allowed its small internal security team to focus on other initiatives rather than building its own security operations center. Rent-A-Center plans to continue maturing its security program and DevOps culture with Alert Logic's ongoing engagement.
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
- The document discusses reducing attack surfaces, particularly in cloud environments. It notes that understanding your attack surface is critical for deploying proper security controls and that cloud attack surfaces differ from on-premises environments.
- Web application attacks are now the leading cause of data breaches, but less than 5% of security budgets are spent on application security. Various case studies of breaches are presented that resulted from vulnerabilities in web applications and misconfigurations in cloud infrastructure.
- Common issues discussed include vulnerabilities in WordPress, exposed AWS S3 buckets, and credential compromises. The importance of rapidly detecting and eliminating threats is also covered.
This document discusses security in the cloud and provides recommendations. It summarizes that while the cloud provides tools to enhance security, customers are still responsible for 95% of security failures due to human error. It then outlines some key findings: 1) customers must secure their entire attack surface, 2) vulnerabilities can emerge from an organization's code, configurations, and inherited issues, and 3) hybrid environments see more security incidents than public cloud alone. The document recommends that organizations find and fix vulnerabilities across their platforms, block known bad traffic, remain vigilant through monitoring, and achieve compliance as an outcome rather than a box-checking exercise. It positions Alert Logic as a partner that can help with these recommendations through anomaly detection, leveraging multiple detection
1. As developers drive cloud adoption for innovation, security must align with DevOps practices and integrate into their workflows.
2. A blueprint approach identifies common cloud assets and threats across full stacks to implement targeted controls.
3. Alert Logic provides integrated controls that offer broad pre-compromise and post-compromise coverage for common workloads through a combination of detection, blocking, and investigation capabilities.
B&G Foods was constantly under attack on their brand websites hosted with a managed services provider. They decided to re-architect to AWS with Presidio as the partner. Alert Logic Cloud Defender was implemented for cyber threat mitigation including log management, IDS, and passive WAF. Presidio provides comprehensive AWS partnerships, engineering skills for planning, designing, optimizing, and managing cloud migrations, and leverages their financial scale for clients.
This document discusses security implications of cloud computing and web application attacks. It begins by showing statistics that web application attacks are now the leading cause of data breaches, but less than 5% of security budgets are spent on application security. There is a wide range of attacks targeting different layers of the application stack. Defending web applications and workloads in the cloud is complex due to rapidly changing code, vulnerabilities in third-party tools, and a lack of security expertise. Perimeter security tools are insufficient for protecting the cloud attack surface. The document advocates taking a layered approach to classify applications and workloads as known good, known bad, or requiring further review in order to address security risks in the cloud. It then provides an example of
Reducing Your Attack Surface & Your Role in Cloud Workload ProtectionAlert Logic
- Understanding your attack surface is critical to deploying the right security controls. The attack surface in cloud environments differs significantly from on-premises environments.
- Web application attacks are now the leading cause of data breaches. However, less than 5% of data center security budgets are spent on application security.
- Common cloud misconfigurations expose organizations to attacks. The most frequent misconfigurations relate to EC2 instances, S3 object storage, and IAM user policies.
The document discusses security challenges in cloud computing environments, noting that while cloud platforms provide robust security tools, many security incidents are still caused by human errors or vulnerabilities in customer applications and configurations. It also examines trends in common attack types like web application attacks and how adversaries are increasingly chaining together vulnerabilities using techniques like machine learning. The author advocates for best practices like ongoing vulnerability scanning, web application firewalls, compliance monitoring, and leveraging a security operations center for detection, response and guidance.
The document contains a series of questions and statements about cybersecurity statistics. Some key facts presented include that 400,000 Facebook accounts are compromised by hackers every day; the September 2016 Yahoo breach affected 500 million user accounts; and the average time to detect a malicious attack is 170 minutes. The document is a collection of cybersecurity trivia intended to highlight important statistics about threats, breaches, and vulnerabilities.
The AWS Shared Responsibility Model in PracticeAlert Logic
The document discusses security in the cloud with Amazon Web Services (AWS). It highlights that AWS provides tools to automate security, inherit global controls, and scale with visibility and control. It also discusses the shared responsibility model where AWS manages security of the cloud infrastructure and customers manage security in the cloud. Finally, it provides examples of AWS security services for identity and access management, detective controls, infrastructure security, data protection, and incident response.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
AI 101: An Introduction to the Basics and Impact of Artificial IntelligenceIndexBug
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
3. AWS Global Footprint
US West (N.California)
US West (Oregon)
GovCloud
US East (Virginia)
EU West (Ireland)
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
China (Beijing)
São Paulo
EU Central (Frankfurt)
Asia Pacific (Seoul)
4. AWS Global Footprint
US West (N.California)
US West (Oregon)
GovCloud
US East (Virginia)
EU West (Ireland)
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
São Paulo
EU Central (Frankfurt)
Asia Pacific (Tokyo)
China (Beijing)
Asia Pacific (Seoul)
Region
An independent collection of AWS
resources in a defined geography
A solid foundation for meeting location-
dependent privacy and compliance
requirements
5. AWS Global Footprint
US West (N.California)
US West (Oregon)
GovCloud
US East (Virginia)
EU West (Ireland)
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
China (Beijing)
São Paulo
EU Central (Frankfurt)
Asia Pacific (Seoul)
6. AWS Global Footprint
US West (N.California)
US West (Oregon)
GovCloud
US East (Virginia)
EU West (Ireland)
Asia Pacific (Tokyo)
Asia Pacific (Singapore)
Asia Pacific (Sydney)
China (Beijing)
São Paulo
EU Central (Frankfurt)
Asia Pacific (Seoul)
Availability Zone
Designed as independent failure zones
Physically separated within a typical
metropolitan region
10. AWS Global Footprint
16 Regions
42 Availability Zones
63 Edge locations
Over 1 million active customers
Every day, AWS adds enough new server
capacity to support Amazon.com when it was a
$7 billion global enterprise.
11. Data Locality
Customer chooses where to place data
AWS regions are geographically isolated by
design
Data is not replicated to other AWS regions
and doesn’t move unless you choose to move it
12. Data Locality in practice
Block level storage
Instance Storage (Elastic Cloud Compute - EC2)
Elastic Block Storage (EBS)
Object level storage
Simple Storage Service (S3)
Database storage
Relational Database Service (RDS)
NoSQL (DynamoDB)
Columnar (Redshift)
Caching (Elasticache)
14. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Client-side Data
Encryption
Server-side Data
Encryption
Network Traffic
Protection
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall Configuration
Customer content
Customers
AWS Shared Responsibility Model
Customers are
responsible for
their security and
compliance IN
the Cloud
AWS is
responsible for
the security OF
the Cloud
15. AWS Shared Responsibility Model – Deep Dive
Will one model work for all services?
Infrastructure
Services
Container
Services
Abstract
Services
16. Network Traffic Protection
Encryption / Integrity / Identity
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Optional – Opaque data: 1’s and 0’s (in transit/at rest)
Platform & Applications Management
Customer content
Customers
AWS Shared Responsibility Model:
for Infrastructure Services
Managed by
Managed by
Client-Side Data encryption
& Data Integrity Authentication
AWSIAMCustomerIAM
Operating System, Network & Firewall Configuration
Server-Side Encryption
Fire System and/or Data
APIEndpoints
17. Infrastructure Service
Example – EC2
• Foundation Services — Networking, Compute, Storage
• AWS Global Infrastructure
• AWS API Endpoints
AWS
• Customer Data
• Customer Application
• Operating System
• Network & Firewall
• Customer IAM (Corporate Directory
Service)
• High Availability, Scaling
• Instance Management
• Data Protection (Transit, Rest, Backup)
• AWS IAM (Users, Groups, Roles,
Policies)
Customers
RESPONSIBILITIES
18. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Optional – Opaque data: 1’s and 0’s (in transit/at rest)
Firewall
Configuration
Platform & Applications Management
Operating System, Network Configuration
Customer content
Customers
AWS Shared Responsibility Model:
for Container Services Managed by
Managed by
Client-Side Data encryption
& Data Integrity Authentication
Network Traffic Protection
Encryption / Integrity / Identity
AWSIAMCustomerIAM
APIEndpoints
19. Container Service
Example – RDS
• Foundational Services –
Networking, Compute, Storage
• AWS Global Infrastructure
• AWS API Endpoints
• Operating System
• Platform / Application
AWS
• Customer Data
• Firewall (VPC)
• Customer IAM (DB Users, Table
Permissions)
• AWS IAM (Users, Groups, Roles,
Policies)
• High Availability
• Data Protection (Transit, Rest,
Backup)
• Scaling
Customers
RESPONSIBILITIES
20. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Platform & Applications Management
Operating System, Network & Firewall Configuration
Customer content
Customers
AWS Shared Responsibility Model:
for Abstract Services
Managed by
Managed by
Data Protection by the Platform
Protection of Data at Rest
Network Traffic Protection by the Platform
Protection of Data at in Transit
(optional)
Opaque Data: 1’s and 0’s
(in flight / at rest)
Client-Side Data Encryption
& Data Integrity Authentication
APIEndpoints
AWSIAM
21. • Foundational Services
• AWS Global Infrastructure
• AWS API Endpoints
• Operating System
• Platform / Application
• Data Protection (Rest - SSE, Transit)
• High Availability / Scaling
AWS
• Customer Data
• Data Protection (Rest – CSE)
• AWS IAM (Users, Groups, Roles, Policies)
Customers
Abstract Service
Example – S3
22. Summary of Customer Responsibility in the Cloud
Customer IAM
AWS IAM
Firewall
Data
AWS IAM
Data
Applications
Operating System
Networking/Firewall
Data
Customer IAM
AWS IAM
Infrastructure
Services
Container
Services
Abstract
Services
24. Security Shared Responsibility Model
AWS is responsible
for the security OF
the cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
25. Auditing - Comparison
on-prem vs on AWS
Start with bare concrete
Functionally optional – you can build a secure
system without it
Audits done by an in-house team
Accountable to yourself
Typically check once a year
Workload-specific compliance checks
Must keep pace and invest in security innovation
on-prem
Start on base of accredited services
Functionally necessary – high watermark of
requirements
Audits done by third party experts
Accountable to everyone
Continuous monitoring
Compliance approach based on all workload
scenarios
Security innovation drives broad compliance
on AWS
26. What this means
You benefit from an environment built for the most security
sensitive organizations
AWS manages 1,800+ security controls so you don’t have to
You get to define the right security controls for your workload
sensitivity
You always have full ownership and control of your data
28. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Meet your own security objectives
Customer scope and
effort is reduced
Better results through
focused efforts
Built on AWS
consistent baseline
controls
Your own
external audits
Customers
Your own
accreditation
Your own
certifications