SlideShare a Scribd company logo

The evolution of continuous cloud security and compliance - DEM05-S - New York AWS Summit

Amazon Web Services
Amazon Web Services

With the ongoing expansion of cloud transformation, the different stages of cloud adoption become instrumental in achieving successful adoption of cloud infrastructure and services. When considering each stage, it’s important to overlay the proper security framework alongside continuous monitoring to provide the necessary security outcomes for an optimal security posture. In this session, we describe how to deliver outcomes of continuous security and compliance through a security wrapper delivered through infrastructure as code. This presentation is brought to you by AWS partner, Armor Cloud Security.

1 of 30
Download to read offline
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The Evolution of Continuous Security and Compliance Stan Golubchik Head of Alliances Armor Cloud Security D E M 0 5 - S
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda • The Transformative Force of the Cloud • The Challenges of the Modern Cloud CISO • Using the Cloud to your Security Advantage • Secure Cloud Infrastructure-as-Code • CWPP + CSPM + CASB – the Cloud Security Trinity • 3 Major Takeaways
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Digital Disruption Scale DD5: REVOLUTIONIZE DD4: REINVENT DD3: TRANSFORM DD2: EXTEND DD1: ENHANCE 2007 2012 2017 2022 DOMINANCE EXPANSION APPEARANCE ELEMENTS AFFECTED: TECHNOLOGY INDUSTRY BUSINESS SOCIETY
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Marketplace Evolution TIME MSSP MDRs PERFORMANCCE SECaaS CWPP Public cloud adoption will challenge traditional managed services based on on-premise models. Speed to Value Simplicity Flexibility Lower Cost
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T How We’re Evolving ON-PREMISE Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications IaaS Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications PaaS Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications SaaS Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications CSP MANAGESYOU MANAGE
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 3 Major Challenges of Today’s Cloud CISO Talent Shortages in DevOps and Security Vendor, Tool, and Alert Overload How Do I Keep Pace with Rate of Innovation
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Which means, Security in the cloud is not a technology problem but an operations problem…
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendors Should Solve Problems and Stop Pitching Technologies Top Problems of CISOs in Today’s Cloud Era: • Identity and access management • Ever-evolving “network perimeter” in a mobile, SaaS-ified world • Compliance • Hybrid cloud visibility and security policy management
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Infrastructure as Code Terraform Type: "AWS::S3::Bucket" Properties: BucketName: my-secret-phi BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: "AES256" LoggingConfiguration: DestinationBucketName: "my-secret-phi-logs" LogFilePrefix: "phi" VersioningConfiguration: Status: "Enabled"" Tags: - Key: "environment" Value: "production" - Key: "managed-by" Value: "cloudformation" - Key: "owner" Value: "privo" CloudFormation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Collaborating and Expanding • Embrace DevOps with a cloud- native strategy. • Partner with a Solutions Provider for hands-on training and growth. • Start off with ready to scale. • Don’t be afraid to try something new! Terraform CloudFormation
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Auto-Scaling Group Aurora Multi-AZ Availability Zone 1 Availability Zone 2 Private Subnet Secure, Cloud-Native Infrastructure Terraform CloudFormation CloudTrail GuardDuty VPC FlowLogs DNS Queries Config KMS Transit Gateway Route 53CloudFrontWAF Public Subnet Data Subnet Private Link NAT NATELB App Server AWS Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Benefits of Infrastructure and Security-as-Code to Clients Limits complex deployment tasks SIMPLIFICATION & REPEATABILITY OF DEPLOYMENT Ease of sharing and collaboration DISTRIBUTION OF CONFIRMED GOLDEN IMAGE DEPLOYMENTS Start simple and build over time DISASTER RECOVERY Customize resources STANDARDIZATION WITH BENEFITS OF CUSTOMIZABILITY Validated compliance controls OUT OF THE BOX COMPLIANCE
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Development / Production VPC Armor Anywhere S3 Lifecycle Policies to Amazon Glacier Accelerating Cloud Transformation AWS Cloud Users Archive Logs Bucket AvailabilityZoneAvailabilityZone PrivateSubnetPrivateSubnet PrivateSubnet PrivateSubnet Proxies NAT PrivateSubnet Log Collector NAT PrivateSubnet Armor Anywhere us-east-1bus-east-1c Primary DB Secondary DB Flow logs AutoScalingGroupAutoScalingGroup
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The Calendar of Unfortunate Incidents MAY30 JUNE JUNE8 JUNE20 SEPTEMBER SEPTEMBER17 20182017 DOW JONES & COMPANY DEEP ROOT ANALYTIC - RNC NICE SYSTEMS - VERIZON DECEMBER20 FEBRUARY3 FEBRUARY5 FEBRUARY18 AUGUST RECRUITING VENDOR - TIGERSWAN PATIENT HOME MONITORING CORP ACCENTURE ALTERYX - EXPERIAN MBM COMPANY - WALMART BONGO INTERNATIONAL - FEDEX LOCAL BOX - SCRAPED CONTENT GODADDY THE ACCIDENTAL # of records exposed. 386 M # of incidents that involved data exposed via an affiliate, partner or “customer.” 6 OUT OF 11 of incidents involved an unsecured S3 bucket in AWS. 100% were either “concerned or very concerned that in the next 12 months, misconfigured systems, such as server workloads and cloud services, could lead to a successful attack that threatened their infrastructure, data assets, and business operations.*” 57% OF SURVEY RESPONDENTS *Source: Oracle & KPMG
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CSPM tools act as a ‘checks and balances’ on overall adherence to security policy. The Accidental ADHERE TO POLICY DRIFT / RISK DRIFT / RISK
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Characteristics of Cloud Security Posture Management (CSPM) CAPABILITIES Out-of-the-Box Compliance Checks Cloud Native Integrations Continuous Security and Compliance Monitoring Unified Visibility Workload Discovery and Visibility Automated Remediation Policy Management 24/7 Mgmt & Monitoring SECaaS DELIVERY MODEL Simple to Turn Up Fast Turn Up Easily Scalable Pay As You Go Address IT, IT Security & DevOps Needs ANY WORKLOAD (Public and Private Cloud, Virtualized, Servers, Containers)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Managing an increasing attack surface that is fundamentally unfamiliar to many IT and IT Security professionals. The Intentional 681M ATTACKS / 1,200 ORGANIZATIONS BRUTE FORCE WEB APP ATTACKS IOT ATTACKS VULN EXPLOITS
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Characteristics of Cloud Workload Protection (CWPP) CAPABILITIES Host-Based Protections Security Compliance Unified Visibility Containers Native Tools Integration App Control & Whitelist 24/7 Mgmt & Monitoring SECaaS DELIVERY MODEL Simple to Turn Up Fast Turn Up Easily Scalable Pay As You Go Address IT, IT Security & DevOps Needs ANY WORKLOAD (Public and Private Cloud, Virtualized, Servers, Containers)
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Understanding The Rising Demand for CASB 1427 # of distinct cloud services that an average enterprise uses* 36 # of distinct cloud services that an average employee uses at work* 18.1% of file uploads into cloud- based services contained sensitive data* *https://www.skyhighnetworks.com/cloud-security-blog/12-must-know-statistics-on-cloud-usage-in-the-enterprise/
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Characteristics of Cloud Access Security Brokers (CASB) CAPABILITIES Data Security DLP Secure Shadow IT Unified Visibility Insider Threat Detection Native Tools Integration IAM and Integrations 24/7 Mgmt & Monitoring SECaaS DELIVERY MODEL Simple to Turn Up Fast Turn Up Easily Scalable Pay As You Go Address IT, IT Security & DevOps Needs ANY WORKLOAD (Public and Private Cloud, Virtualized, Servers, Containers)
S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 3 Big Takeaways 1. Cloud has changed everything – we must secure our workloads against accidental and intentional threats. 2. The hard part of security is not a technology problem; it’s an operations problem. 3. You can use the cloud to deliver continuous security and compliance.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stan Golubchik @STANGOLUBCHIK

Recommended

Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 

Recommended

Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
Vladimir Jirasek
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
Maganathin Veeraragaloo
 
Cybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architectureCybersecurity roadmap : Global healthcare security architecture
Cybersecurity roadmap : Global healthcare security architecture
Priyanka Aash
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Edureka!
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
Venkatesh Chary
 
Cloud Security: A New Perspective
Cloud Security: A New PerspectiveCloud Security: A New Perspective
Cloud Security: A New Perspective
Wen-Pai Lu
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
SandeshUprety4
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdf
ReZa AdineH
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
SABSAcourses
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Digital banking on AWS
Digital banking on AWSDigital banking on AWS
Digital banking on AWS
Pham Anh Vu
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
Cynthia Hsieh
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Amazon Web Services
 

More Related Content

What's hot

Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
Vandana Verma
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
Splunk
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
Mohit Chhabra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdf
ReZa AdineH
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
Capgemini
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
ParishSummer
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
AWS User Group Bengaluru
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
SABSAcourses
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
Priyanka Aash
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
Digital Bond
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
Ahmed Ayman
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Digital banking on AWS
Digital banking on AWSDigital banking on AWS
Digital banking on AWS
Pham Anh Vu
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
Priyanka Aash
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 

What's hot (20)

Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
Identity & access management
Identity & access managementIdentity & access management
Identity & access management
 
Splunk Phantom SOAR Roundtable
Splunk Phantom SOAR RoundtableSplunk Phantom SOAR Roundtable
Splunk Phantom SOAR Roundtable
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
SIEM POC Assessment.pdf
SIEM POC Assessment.pdfSIEM POC Assessment.pdf
SIEM POC Assessment.pdf
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdfMicrosoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
Microsoft-CISO-Workshop-Security-Strategy-and-Program (1).pdf
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
SABSA - Business Attributes Profiling
SABSA - Business Attributes ProfilingSABSA - Business Attributes Profiling
SABSA - Business Attributes Profiling
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES Cyber security maturity model- IT/ITES
Cyber security maturity model- IT/ITES
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Digital banking on AWS
Digital banking on AWSDigital banking on AWS
Digital banking on AWS
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
Enterprise Security Architecture Design
Enterprise Security Architecture DesignEnterprise Security Architecture Design
Enterprise Security Architecture Design
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 

Similar to The evolution of continuous cloud security and compliance - DEM05-S - New York AWS Summit

Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
Cynthia Hsieh
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
Amazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS Systems
Amazon Web Services
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Amazon Web Services
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Amazon Web Services
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud Adoption
Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Amazon Web Services
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Amazon Web Services
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up Loft
Amazon Web Services
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構
Amazon Web Services
 
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsDesktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Amazon Web Services
 
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Amazon Web Services
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Amazon Web Services
 
AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.
Amazon Web Services
 
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summits
 

Similar to The evolution of continuous cloud security and compliance - DEM05-S - New York AWS Summit (20)

Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Delivering infrastructure, security, and operations as code with AWS - DEM10-...
Delivering infrastructure, security, and operations as code with AWS - DEM10-...
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
Symantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front LinesSymantec Best Practices for Cloud Security: Insights from the Front Lines
Symantec Best Practices for Cloud Security: Insights from the Front Lines
 
Failure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS SystemsFailure is not an Option - Designing Highly Resilient AWS Systems
Failure is not an Option - Designing Highly Resilient AWS Systems
 
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
Infrastructure, security, and operations as code - DEM05-S - Mexico City AWS ...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
 
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS SystemsScale - Failure is not an Option: Designing Highly Resilient AWS Systems
Scale - Failure is not an Option: Designing Highly Resilient AWS Systems
 
Cybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud AdoptionCybersecurity: A Drive Force Behind Cloud Adoption
Cybersecurity: A Drive Force Behind Cloud Adoption
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up Loft
 
以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構以容器技術為基礎的混合雲設計架構
以容器技術為基礎的混合雲設計架構
 
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native DesktopsDesktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
Desktop-as-a-Service: Flexible Application Delivery to Cloud-Native Desktops
 
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
Prepare For The Next Phase of Your AWS Journey With CloudHealth (Session spon...
 
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud AdoptionInnovate - Cybersecurity: A Drive Force Behind Cloud Adoption
Innovate - Cybersecurity: A Drive Force Behind Cloud Adoption
 
AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.AWS PROTECTED - Why This Matters to Australia.
AWS PROTECTED - Why This Matters to Australia.
 
AWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the EnterpriseAWS Summit Singapore 2019 | Transformation in the Enterprise
AWS Summit Singapore 2019 | Transformation in the Enterprise
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

The evolution of continuous cloud security and compliance - DEM05-S - New York AWS Summit

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The Evolution of Continuous Security and Compliance Stan Golubchik Head of Alliances Armor Cloud Security D E M 0 5 - S
  • 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Agenda • The Transformative Force of the Cloud • The Challenges of the Modern Cloud CISO • Using the Cloud to your Security Advantage • Secure Cloud Infrastructure-as-Code • CWPP + CSPM + CASB – the Cloud Security Trinity • 3 Major Takeaways
  • 3. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Digital Disruption Scale DD5: REVOLUTIONIZE DD4: REINVENT DD3: TRANSFORM DD2: EXTEND DD1: ENHANCE 2007 2012 2017 2022 DOMINANCE EXPANSION APPEARANCE ELEMENTS AFFECTED: TECHNOLOGY INDUSTRY BUSINESS SOCIETY
  • 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Marketplace Evolution TIME MSSP MDRs PERFORMANCCE SECaaS CWPP Public cloud adoption will challenge traditional managed services based on on-premise models. Speed to Value Simplicity Flexibility Lower Cost
  • 6. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T How We’re Evolving ON-PREMISE Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications IaaS Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications PaaS Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications SaaS Networking Storage Servers Virtualization O/S Middleware Runtime Data Applications CSP MANAGESYOU MANAGE
  • 8. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 3 Major Challenges of Today’s Cloud CISO Talent Shortages in DevOps and Security Vendor, Tool, and Alert Overload How Do I Keep Pace with Rate of Innovation
  • 10. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Which means, Security in the cloud is not a technology problem but an operations problem…
  • 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Vendors Should Solve Problems and Stop Pitching Technologies Top Problems of CISOs in Today’s Cloud Era: • Identity and access management • Ever-evolving “network perimeter” in a mobile, SaaS-ified world • Compliance • Hybrid cloud visibility and security policy management
  • 12. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 13. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Infrastructure as Code Terraform Type: "AWS::S3::Bucket" Properties: BucketName: my-secret-phi BucketEncryption: ServerSideEncryptionConfiguration: - ServerSideEncryptionByDefault: SSEAlgorithm: "AES256" LoggingConfiguration: DestinationBucketName: "my-secret-phi-logs" LogFilePrefix: "phi" VersioningConfiguration: Status: "Enabled"" Tags: - Key: "environment" Value: "production" - Key: "managed-by" Value: "cloudformation" - Key: "owner" Value: "privo" CloudFormation
  • 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Collaborating and Expanding • Embrace DevOps with a cloud- native strategy. • Partner with a Solutions Provider for hands-on training and growth. • Start off with ready to scale. • Don’t be afraid to try something new! Terraform CloudFormation
  • 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Auto-Scaling Group Aurora Multi-AZ Availability Zone 1 Availability Zone 2 Private Subnet Secure, Cloud-Native Infrastructure Terraform CloudFormation CloudTrail GuardDuty VPC FlowLogs DNS Queries Config KMS Transit Gateway Route 53CloudFrontWAF Public Subnet Data Subnet Private Link NAT NATELB App Server AWS Cloud
  • 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Benefits of Infrastructure and Security-as-Code to Clients Limits complex deployment tasks SIMPLIFICATION & REPEATABILITY OF DEPLOYMENT Ease of sharing and collaboration DISTRIBUTION OF CONFIRMED GOLDEN IMAGE DEPLOYMENTS Start simple and build over time DISASTER RECOVERY Customize resources STANDARDIZATION WITH BENEFITS OF CUSTOMIZABILITY Validated compliance controls OUT OF THE BOX COMPLIANCE
  • 18. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 19. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Development / Production VPC Armor Anywhere S3 Lifecycle Policies to Amazon Glacier Accelerating Cloud Transformation AWS Cloud Users Archive Logs Bucket AvailabilityZoneAvailabilityZone PrivateSubnetPrivateSubnet PrivateSubnet PrivateSubnet Proxies NAT PrivateSubnet Log Collector NAT PrivateSubnet Armor Anywhere us-east-1bus-east-1c Primary DB Secondary DB Flow logs AutoScalingGroupAutoScalingGroup
  • 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T The Calendar of Unfortunate Incidents MAY30 JUNE JUNE8 JUNE20 SEPTEMBER SEPTEMBER17 20182017 DOW JONES & COMPANY DEEP ROOT ANALYTIC - RNC NICE SYSTEMS - VERIZON DECEMBER20 FEBRUARY3 FEBRUARY5 FEBRUARY18 AUGUST RECRUITING VENDOR - TIGERSWAN PATIENT HOME MONITORING CORP ACCENTURE ALTERYX - EXPERIAN MBM COMPANY - WALMART BONGO INTERNATIONAL - FEDEX LOCAL BOX - SCRAPED CONTENT GODADDY THE ACCIDENTAL # of records exposed. 386 M # of incidents that involved data exposed via an affiliate, partner or “customer.” 6 OUT OF 11 of incidents involved an unsecured S3 bucket in AWS. 100% were either “concerned or very concerned that in the next 12 months, misconfigured systems, such as server workloads and cloud services, could lead to a successful attack that threatened their infrastructure, data assets, and business operations.*” 57% OF SURVEY RESPONDENTS *Source: Oracle & KPMG
  • 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T CSPM tools act as a ‘checks and balances’ on overall adherence to security policy. The Accidental ADHERE TO POLICY DRIFT / RISK DRIFT / RISK
  • 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Characteristics of Cloud Security Posture Management (CSPM) CAPABILITIES Out-of-the-Box Compliance Checks Cloud Native Integrations Continuous Security and Compliance Monitoring Unified Visibility Workload Discovery and Visibility Automated Remediation Policy Management 24/7 Mgmt & Monitoring SECaaS DELIVERY MODEL Simple to Turn Up Fast Turn Up Easily Scalable Pay As You Go Address IT, IT Security & DevOps Needs ANY WORKLOAD (Public and Private Cloud, Virtualized, Servers, Containers)
  • 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Managing an increasing attack surface that is fundamentally unfamiliar to many IT and IT Security professionals. The Intentional 681M ATTACKS / 1,200 ORGANIZATIONS BRUTE FORCE WEB APP ATTACKS IOT ATTACKS VULN EXPLOITS
  • 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Characteristics of Cloud Workload Protection (CWPP) CAPABILITIES Host-Based Protections Security Compliance Unified Visibility Containers Native Tools Integration App Control & Whitelist 24/7 Mgmt & Monitoring SECaaS DELIVERY MODEL Simple to Turn Up Fast Turn Up Easily Scalable Pay As You Go Address IT, IT Security & DevOps Needs ANY WORKLOAD (Public and Private Cloud, Virtualized, Servers, Containers)
  • 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Understanding The Rising Demand for CASB 1427 # of distinct cloud services that an average enterprise uses* 36 # of distinct cloud services that an average employee uses at work* 18.1% of file uploads into cloud- based services contained sensitive data* *https://www.skyhighnetworks.com/cloud-security-blog/12-must-know-statistics-on-cloud-usage-in-the-enterprise/
  • 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Key Characteristics of Cloud Access Security Brokers (CASB) CAPABILITIES Data Security DLP Secure Shadow IT Unified Visibility Insider Threat Detection Native Tools Integration IAM and Integrations 24/7 Mgmt & Monitoring SECaaS DELIVERY MODEL Simple to Turn Up Fast Turn Up Easily Scalable Pay As You Go Address IT, IT Security & DevOps Needs ANY WORKLOAD (Public and Private Cloud, Virtualized, Servers, Containers)
  • 28. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T 3 Big Takeaways 1. Cloud has changed everything – we must secure our workloads against accidental and intentional threats. 2. The hard part of security is not a technology problem; it’s an operations problem. 3. You can use the cloud to deliver continuous security and compliance.
  • 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Stan Golubchik @STANGOLUBCHIK