SlideShare a Scribd company logo

Why You Are Secure in the AWS Cloud

Amazon Web Services
Amazon Web Services

This session will cover how operating on the AWS cloud helps you manage risk and remain competitive in an ever changing landscape. We will review how to manage confidentiality, integrity, compliance and availability on AWS. Speaker: David Kaplan, Security Specialist, Amazon Web Services

Technology
1 of 58
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. David Kaplan Security Specialist, Amazon Web Services Level 200 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why You Are More Secure in the AWS Cloud
Agenda • Introduction – What’s the Story, Success. • Cloud Risk Management • Cloud Security to Exceed Requirements of: – Confidentiality – Integrity – Availability – Compliance • Conclusion & Next Steps
Introduction • Why Are You Here • Who Are We • What is the Required Outcome – What does Security, Risk & Compliance success look like
The Story – We’ll Get Back to this in a Moment… A famous author once said all good stories need a beginning, a middle & a twist • The story is of a customer journey to running securely @ peak efficiency on the cloud, meeting all requirements: – Risk Management – Confidentiality, Integrity, Availability (CIA) – Compliance
Success Strategy Confidence in Cloud Service Provider Technology Risk Adaption Methodology AWS Artifact AWS Service Catalog
Success – Automate Out the Weakest Links http://1funny.com/weakest-link /
Source: http://www.laingorourke.com/our-projects/all-projects/lawrence-hargrave-drive.aspx Success – Implement Guardrails not Gates
Success – Implement Guardrails not Gates
Success Security is Job Zero Network Security Physical Security Platform Security People & Procedures
Success AWS Security & Compliance – Every Customer benefits AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations AWS is responsible for the security OF the Cloud
Success • AWS Cloud Adoption Framework (CAF) Security Epics • Enables you to move fast while being secure!
The Story / The Players A famous author once said all good stories need a beginning, a middle & a twist • The story is of a customer journey to running securely @ peak efficiency on the cloud, meeting all requirements: – Risk Management – Confidentiality, Integrity, Availability (CIA) – Compliance • The twists: – You’ll likely have some objections to handle – Treat everything as Code and automate your way to security success
The Story / The Players The Players • Regulators. Two examples: – Government – ASD / ISM via IRAP – FSI - APRA • Security • Information Technology (Not security focused) • DevOps • Traditional Operations - TradOps
Regulator – Risk & Compliance Requirements • Regulated customer: “Can I audit your DC?” • Which services are certified to what level? • Controls, Documents, Controls effectiveness • How will your organisations risk profile change & how will you manage risk?
Security • “It used to require multiple separate people (from > 2 orgs) to open a connection to the internet ...” • Why should I / how can trust the AWS? Do all the certs add up to... • The API driven platform is biggest advantage but also biggest risk. Must get tooling right. Abuse looks normal, mistake can be amplified.
Information Technology (Not security focused) • Aren’t you just another DC? • People and cultural changes needed?
DevOps – Get out of the Way… • I want to use all the toys... Now! Side Note: DevSecOps or is SecDevOps or DevOpsSec
Traditional (Security) Operations • Where’s my GUI? • I’ve lost control / visibility? • How do I ...?
The Elephant(s) in the Room • What’s the MOST secure network? • Secure & Competitive (speed & cost)? • After you handle objections Why You Are More Secure in the AWS Cloud Source: New Yorker Cartoon By: Leo Cullum Item #: 8545100
When You Follow Best Practices! Why You Are More Secure in the AWS Cloud The Elephant(s) in the Room Source: New Yorker Cartoon By: Leo Cullum Item #: 8545100
So Everything’s Changed… Right? • Well… not everything • Change Management is key • Technology risk adoptions process… to deal with ~3 changes per day! Source: https://m.isaca.org/Knowledge-Center/BMIS/Pages/Business-Model-for-Information-Security.aspx
Cloud Risk Management
Cloud Risk Management • There is no single standard / framework • Applicable guidance: – ISO – PCI – CSA – ASD – APRA – NIST – Others, see references
• Monoliths / Legacy • Long development cycles • Big releases • Complexity • Low / No Automation • CI / CD / DevOps • Infrastructure is easier and more accessible • High Automation • Self-service, empowerment • Everything as Code Old Way New Way
Preventative Controls Detective / Corrective Controls Two Sides of Managing Risk • Risk guardrails to contain blast radius • Preventive control & automated testing / validation • Training and services to help teams operate cloud infrastructure • Hyper-Visibility • Real-time assurance of risk policies • Automated corrective action with fast response
Success; CAF Security Epics
Security as Code / CI/CD / DevSecOps Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Everything as Code • Secure coding and testing • Secure CI/CD Pipeline; changes → Code repo  Security  Not Sec  DevOps  TradOps AWS CloudFormation AWS Organizations AWS CodeCommit AWS CodeDeploy AWS CodePipeline AWS CodeBuild  Provably Secure  Confidentiality  Integrity  Availability  Compliance
DevSecOps Pipeline
Identity & Access Management Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Accounts for segmentation • Temporary credentials • Federations • Least Privilege, SoD  Security  Not Sec  DevOps  TradOps  Confidentiality  Integrity  Availability  ComplianceAWS Organizations IAM AWS Directory Service AWS STS
AWS Native Tools and 3rd Party Innovation IAM Access Advisor NetFlix Repoman
Logging & Monitoring Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Platform, OS and Apps • Central, secure access • Aggregate, alerting, enrichment, search platform, visualisation, • Search, visualise, workflow & ticketing for closed-loop response  Security  Not Sec  DevOps  TradOps  Integrity  Availability  ComplianceAmazon S3 AWS CloudTrail Amazon CloudWatch Logs & Events Amazon SNS
Visibility via Support API / Trusted Advisor
Cloud Security Information & Event Mgt (SIEM) VPC subnet Availability Zone Security group VPC subnet Availability Zone Security group Virtual Gateway Corporate data centre Users Data centre router Update Servers Connectivity CloudTrail CloudWatch SIEM Aggregator
Infrastructure Security Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Threat Prevention Layer with DDoS Mitigation • Segmentation; Account, Network, Firewall (SG) • Severless, Patch & Replace, Vulnerability Management  Security  Not Sec  DevOps  TradOps  Integrity  Availability  ComplianceAWS Organizations AWS WAF AWS Shield Amazon VPC VPC flow logs Amazon CloudFront AWS Lambda Amazon Inspector
https://www.example.com AWS Edge Locations AWS WAFAmazon Route 53 Amazon CloudFront AWS Shield Advanced CloudTrail us-east-1a us-east-1bProxies NAT RDS DB DMZSubnet PrivateSubnet PrivateSubnet Proxies Bastion RDS DB AWS Config CloudWatch Alarms Archive Logs Bucket S3 Lifecycle Policies to Glacier PrivateSubnet PrivateSubnet AWS Account Virtual Private Cloud (VPC) Infrastructure Security Well-Architected via a NIST High Quick Start
Data Protection Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Classify • Encrypt in Transit • Encrypt at Rest • Audit, Automate detection or better still enforcement  Security  Not Sec  DevOps  TradOps  Confidentiality  Integrity  Availability  Compliance AWS KMS AWS CloudHSM IAM AWS Certificate Manager AWS CloudTrail AWS Config
Ubiquitous Encryption EBS RDS Amazon Redshift S3 Amazon Glacier Encrypted in transit Fully auditable Restricted access and at rest Fully managed keys in KMS Your KMIturn it on
Incident Response Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Review & cloud optimise; Preparation • Detection & Analysis • Containment, Eradication and Recovery (Response) • Post-Incident Activity  Security  Not Sec  DevOps  TradOps  Confidentiality  Integrity  Availability  Compliance Amazon S3 AWS CloudTrail Amazon CloudWatch Logs & Events Amazon EBS snapshot VPC
Incident Response as a Service (IR-aaS)
Compliance • … is not security • Proving above • Process • Automation of … more • Examples: – ISM – APRA
Challenges for Compliance • Multiple complex documentation requirements • One off or Periodic surveys • Few truly automated controls • Sample testing • Lack of repeatability And now to architect for compliance in the Cloud
Build on a Solid Foundation Certification provides assurance that AWS has in place the applicable controls of the ASD’s ISM (Australian Signals Directorate’s Information Security Manual) and is the immediate precursor in accrediting AWS for Australian government workloads.
Australian Prudential Regulatory Authority • OUTSOURCING INVOLVING SHAREDCOMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015 • Prudential Standard SPS/CPS 231: – Board approved Policy, material systems, (viability, stock value), systems of record (single source of truth), business activities sufficient monitoring & binding contract, consult with and notify APRA – Articulate how changes affect risk posture and how risk will be managed
Leverage Best Practices and Automate • Compliance Quick Starts • CAF Security perspective • Growing Security services and feature portfolio
Leverage Best Practices from Accenture & AWS: The Accenture Security Framework for AWS provides a mechanism for FSIs to: • Adopt AWS services and use them in a manner that helps organisations address the technology-compliant controls described within the APRA guidelines. • Secure both sensitive and non-sensitive data as setup and classified pertaining to CPG 235 – “Managing Data Risk,” while leveraging the flexibility, agility and cost savings of the cloud.
Re-cap the Story / Players  Regulators:  Government – ASD / ISM via IRAP  FSI - APRA  Security  Information Technology (Not security focused)  DevOps  Traditional Operations
Conclusions & Call to Action •      • Do the right things; Just turn on the capabilities – Demonstratively more secure, less errors and effort • Trusted Advisor • Cloud Adoption Framework • Well-Architected Framework • Enjoy the rest of the event; further information other security sessions follows turn it on
Resources AWS Cloud Adoption Framework http://bit.ly/AWS-CAF AWS Well Architected Framework http://bit.ly/WellArchF AWS Quick Start Guides http://bit.ly/AWSQSG Code 01 = ZW1haWwg
Further Reading and References AWS Compliance: http://amzn.to/2nYbDvO AWS Security: http://amzn.to/2ol0QYC ISACA Cloud RM: http://bit.ly/2nKBKpC ASD: http://bit.ly/2n0AF9r APRA: http://bit.ly/2nY6sZA CIS *2: http://bit.ly/2obIl90 and http://bit.ly/AWSCIS NIST: http://bit.ly/2obVQFO
Related Sessions Today: 1445 – 1515: DDoS Protection/Edge Services 1530 – 1600: Wrangling Multiple AWS Accounts from Security to Finance 1630 – 1700: Ubiquitous Encryption on AWS 1715 – 1745: Implementing DevSecOps Tomorrow: 1215 – 1300: Well-Architected for Security: Advanced Session 1445 – 1515: Serverless Authentication and Authorisation 1530 – 1600: Best Practices for Security at Scale 1630 – 1700: A Serverless Approach to Operational Log Visualisation and Analytics 1715 – 1745: Securing your Containers on AWS
Thank you!

Recommended

Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?
Amazon Web Services
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights Forum
Amazon Web Services
 
Future of Enterprise IT
Future of Enterprise IT Future of Enterprise IT
Future of Enterprise IT
Amazon Web Services
 
Building Your Cloud Strategy AWS Summit SG 2017
Building Your Cloud Strategy AWS Summit SG 2017Building Your Cloud Strategy AWS Summit SG 2017
Building Your Cloud Strategy AWS Summit SG 2017
Amazon Web Services
 
The Amazon Web Services Cloud Adoption Framework
The Amazon Web Services Cloud Adoption FrameworkThe Amazon Web Services Cloud Adoption Framework
The Amazon Web Services Cloud Adoption Framework
Amazon Web Services
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Amazon Web Services
 
Creating an Enterprise Cloud Centre of Excellence
Creating an Enterprise Cloud Centre of ExcellenceCreating an Enterprise Cloud Centre of Excellence
Creating an Enterprise Cloud Centre of Excellence
Amazon Web Services
 
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
Amazon Web Services
 

Recommended

Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?
Amazon Web Services
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights Forum
Amazon Web Services
 
Future of Enterprise IT
Future of Enterprise IT Future of Enterprise IT
Future of Enterprise IT
Amazon Web Services
 
Building Your Cloud Strategy AWS Summit SG 2017
Building Your Cloud Strategy AWS Summit SG 2017Building Your Cloud Strategy AWS Summit SG 2017
Building Your Cloud Strategy AWS Summit SG 2017
Amazon Web Services
 
The Amazon Web Services Cloud Adoption Framework
The Amazon Web Services Cloud Adoption FrameworkThe Amazon Web Services Cloud Adoption Framework
The Amazon Web Services Cloud Adoption Framework
Amazon Web Services
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Amazon Web Services
 
Creating an Enterprise Cloud Centre of Excellence
Creating an Enterprise Cloud Centre of ExcellenceCreating an Enterprise Cloud Centre of Excellence
Creating an Enterprise Cloud Centre of Excellence
Amazon Web Services
 
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
Amazon Web Services
 
Transforming Your IT with AWS
Transforming Your IT with AWSTransforming Your IT with AWS
Transforming Your IT with AWSAmazon Web Services
 
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Busting the Myths to AWS Cloud Adoption_Liam CaskieBusting the Myths to AWS Cloud Adoption_Liam Caskie
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Helen Rogers
 
Building your Cloud Strategy
Building your Cloud StrategyBuilding your Cloud Strategy
Building your Cloud Strategy
Amazon Web Services
 
Career Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergCareer Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunberg
Helen Rogers
 
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
Amazon Web Services
 
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
Amazon Web Services
 
Cloud Adoption Framework - AWS Innovate Toronto
Cloud Adoption Framework - AWS Innovate TorontoCloud Adoption Framework - AWS Innovate Toronto
Cloud Adoption Framework - AWS Innovate Toronto
Amazon Web Services
 
Start Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessStart Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - Business
Amazon Web Services
 
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Amazon Web Services
 
AWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session TwoAWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session Two
Tom Laszewski
 
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
Amazon Web Services
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting Practice
Amazon Web Services
 
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa: Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Amazon Web Services
 
The Economics of Innovation_Andrew Phillips_AWS
The Economics of Innovation_Andrew Phillips_AWSThe Economics of Innovation_Andrew Phillips_AWS
The Economics of Innovation_Andrew Phillips_AWS
Helen Rogers
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
Amazon Web Services
 
A Public Sector Guide to AWS_ Avi Lewin
A Public Sector Guide to AWS_ Avi LewinA Public Sector Guide to AWS_ Avi Lewin
A Public Sector Guide to AWS_ Avi Lewin
Helen Rogers
 
AWS Cloud Adoption Framework_Liam Caskie
AWS Cloud Adoption Framework_Liam CaskieAWS Cloud Adoption Framework_Liam Caskie
AWS Cloud Adoption Framework_Liam Caskie
Helen Rogers
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
Amazon Web Services
 
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech TalksAn Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
Amazon Web Services
 
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
Amazon Web Services
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
Amazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
Amazon Web Services
 

More Related Content

What's hot

Busting the Myths to AWS Cloud Adoption_Liam Caskie
Busting the Myths to AWS Cloud Adoption_Liam CaskieBusting the Myths to AWS Cloud Adoption_Liam Caskie
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Helen Rogers
 
Building your Cloud Strategy
Building your Cloud StrategyBuilding your Cloud Strategy
Building your Cloud Strategy
Amazon Web Services
 
Career Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergCareer Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunberg
Helen Rogers
 
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
Amazon Web Services
 
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
Amazon Web Services
 
Cloud Adoption Framework - AWS Innovate Toronto
Cloud Adoption Framework - AWS Innovate TorontoCloud Adoption Framework - AWS Innovate Toronto
Cloud Adoption Framework - AWS Innovate Toronto
Amazon Web Services
 
Start Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessStart Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - Business
Amazon Web Services
 
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Amazon Web Services
 
AWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session TwoAWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session Two
Tom Laszewski
 
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
Amazon Web Services
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting Practice
Amazon Web Services
 
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa: Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Amazon Web Services
 
The Economics of Innovation_Andrew Phillips_AWS
The Economics of Innovation_Andrew Phillips_AWSThe Economics of Innovation_Andrew Phillips_AWS
The Economics of Innovation_Andrew Phillips_AWS
Helen Rogers
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
Amazon Web Services
 
A Public Sector Guide to AWS_ Avi Lewin
A Public Sector Guide to AWS_ Avi LewinA Public Sector Guide to AWS_ Avi Lewin
A Public Sector Guide to AWS_ Avi Lewin
Helen Rogers
 
AWS Cloud Adoption Framework_Liam Caskie
AWS Cloud Adoption Framework_Liam CaskieAWS Cloud Adoption Framework_Liam Caskie
AWS Cloud Adoption Framework_Liam Caskie
Helen Rogers
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
Amazon Web Services
 
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech TalksAn Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
Amazon Web Services
 
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
Amazon Web Services
 

What's hot (20)

Transforming Your IT with AWS
Transforming Your IT with AWSTransforming Your IT with AWS
Transforming Your IT with AWS
 
Busting the Myths to AWS Cloud Adoption_Liam Caskie
Busting the Myths to AWS Cloud Adoption_Liam CaskieBusting the Myths to AWS Cloud Adoption_Liam Caskie
Busting the Myths to AWS Cloud Adoption_Liam Caskie
 
Building your Cloud Strategy
Building your Cloud StrategyBuilding your Cloud Strategy
Building your Cloud Strategy
 
Career Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergCareer Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunberg
 
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results(ISM305) Framework: Create Cloud Strategy & Accelerate Results
(ISM305) Framework: Create Cloud Strategy & Accelerate Results
 
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016The People Model and Cloud Transformation | AWS Public Sector Summit 2016
The People Model and Cloud Transformation | AWS Public Sector Summit 2016
 
Cloud Adoption Framework - AWS Innovate Toronto
Cloud Adoption Framework - AWS Innovate TorontoCloud Adoption Framework - AWS Innovate Toronto
Cloud Adoption Framework - AWS Innovate Toronto
 
Start Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessStart Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - Business
 
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
Cost Optimisation at Scale: How Best Practice Cloud Management Changed with S...
 
AWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session TwoAWS Technical Due Diligence Workshop Session Two
AWS Technical Due Diligence Workshop Session Two
 
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
AWS re:Invent 2016: Salesforce: Helping Developers Deliver Innovations Faster...
 
How to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting PracticeHow to Build a Successful AWS Consulting Practice
How to Build a Successful AWS Consulting Practice
 
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa: Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
Key Considerations for Cloud Procurement - AWS Innovate Ottawa:
 
The Economics of Innovation_Andrew Phillips_AWS
The Economics of Innovation_Andrew Phillips_AWSThe Economics of Innovation_Andrew Phillips_AWS
The Economics of Innovation_Andrew Phillips_AWS
 
Enterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - BusinessEnterprise Adoption – Patterns for Success with AWS - Business
Enterprise Adoption – Patterns for Success with AWS - Business
 
A Public Sector Guide to AWS_ Avi Lewin
A Public Sector Guide to AWS_ Avi LewinA Public Sector Guide to AWS_ Avi Lewin
A Public Sector Guide to AWS_ Avi Lewin
 
AWS Cloud Adoption Framework_Liam Caskie
AWS Cloud Adoption Framework_Liam CaskieAWS Cloud Adoption Framework_Liam Caskie
AWS Cloud Adoption Framework_Liam Caskie
 
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
DevOps at Scale: How Datadog is using AWS and PagerDuty to Keep Pace with Gr...
 
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech TalksAn Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
An Overview of Best Practices of Large-Scale Migrations - AWS Online Tech Talks
 
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
AWS re:Invent 2016: Building Enterprise Cloud Operations As a Service with T-...
 

Similar to Why You Are Secure in the AWS Cloud

AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
Amazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
Amazon Web Services
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
Amazon Web Services
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
East Midlands Cyber Security Forum
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60
PolarSeven Pty Ltd
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
Rolf Koski
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
Amazon Web Services
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
Faiza Mehar
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
Amazon Web Services
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About Security
Amazon Web Services
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
Amazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
Amazon Web Services
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
Akash Mahajan
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
CloudHesive
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
Amazon Web Services
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
PECB
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
Amazon Web Services
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24
 

Similar to Why You Are Secure in the AWS Cloud (20)

AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60AWS User Group Sydney - Meetup #60
AWS User Group Sydney - Meetup #60
 
AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23AWS Finland User Group Meetup 2017-05-23
AWS Finland User Group Meetup 2017-05-23
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
How We Should Think About Security
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About Security
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 

Recently uploaded (20)

Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 

Why You Are Secure in the AWS Cloud

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. David Kaplan Security Specialist, Amazon Web Services Level 200 © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Why You Are More Secure in the AWS Cloud
  • 2. Agenda • Introduction – What’s the Story, Success. • Cloud Risk Management • Cloud Security to Exceed Requirements of: – Confidentiality – Integrity – Availability – Compliance • Conclusion & Next Steps
  • 3. Introduction • Why Are You Here • Who Are We • What is the Required Outcome – What does Security, Risk & Compliance success look like
  • 4. The Story – We’ll Get Back to this in a Moment… A famous author once said all good stories need a beginning, a middle & a twist • The story is of a customer journey to running securely @ peak efficiency on the cloud, meeting all requirements: – Risk Management – Confidentiality, Integrity, Availability (CIA) – Compliance
  • 5. Success Strategy Confidence in Cloud Service Provider Technology Risk Adaption Methodology AWS Artifact AWS Service Catalog
  • 6. Success – Automate Out the Weakest Links http://1funny.com/weakest-link /
  • 8. Success – Implement Guardrails not Gates
  • 9. Success Security is Job Zero Network Security Physical Security Platform Security People & Procedures
  • 10. Success AWS Security & Compliance – Every Customer benefits AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations AWS is responsible for the security OF the Cloud
  • 11. Success • AWS Cloud Adoption Framework (CAF) Security Epics • Enables you to move fast while being secure!
  • 12. The Story / The Players A famous author once said all good stories need a beginning, a middle & a twist • The story is of a customer journey to running securely @ peak efficiency on the cloud, meeting all requirements: – Risk Management – Confidentiality, Integrity, Availability (CIA) – Compliance • The twists: – You’ll likely have some objections to handle – Treat everything as Code and automate your way to security success
  • 13. The Story / The Players The Players • Regulators. Two examples: – Government – ASD / ISM via IRAP – FSI - APRA • Security • Information Technology (Not security focused) • DevOps • Traditional Operations - TradOps
  • 14. Regulator – Risk & Compliance Requirements • Regulated customer: “Can I audit your DC?” • Which services are certified to what level? • Controls, Documents, Controls effectiveness • How will your organisations risk profile change & how will you manage risk?
  • 15. Security • “It used to require multiple separate people (from > 2 orgs) to open a connection to the internet ...” • Why should I / how can trust the AWS? Do all the certs add up to... • The API driven platform is biggest advantage but also biggest risk. Must get tooling right. Abuse looks normal, mistake can be amplified.
  • 16. Information Technology (Not security focused) • Aren’t you just another DC? • People and cultural changes needed?
  • 17. DevOps – Get out of the Way… • I want to use all the toys... Now! Side Note: DevSecOps or is SecDevOps or DevOpsSec
  • 18. Traditional (Security) Operations • Where’s my GUI? • I’ve lost control / visibility? • How do I ...?
  • 19. The Elephant(s) in the Room • What’s the MOST secure network? • Secure & Competitive (speed & cost)? • After you handle objections Why You Are More Secure in the AWS Cloud Source: New Yorker Cartoon By: Leo Cullum Item #: 8545100
  • 20. When You Follow Best Practices! Why You Are More Secure in the AWS Cloud The Elephant(s) in the Room Source: New Yorker Cartoon By: Leo Cullum Item #: 8545100
  • 21. So Everything’s Changed… Right? • Well… not everything • Change Management is key • Technology risk adoptions process… to deal with ~3 changes per day! Source: https://m.isaca.org/Knowledge-Center/BMIS/Pages/Business-Model-for-Information-Security.aspx
  • 23. Cloud Risk Management • There is no single standard / framework • Applicable guidance: – ISO – PCI – CSA – ASD – APRA – NIST – Others, see references
  • 24. • Monoliths / Legacy • Long development cycles • Big releases • Complexity • Low / No Automation • CI / CD / DevOps • Infrastructure is easier and more accessible • High Automation • Self-service, empowerment • Everything as Code Old Way New Way
  • 25. Preventative Controls Detective / Corrective Controls Two Sides of Managing Risk • Risk guardrails to contain blast radius • Preventive control & automated testing / validation • Training and services to help teams operate cloud infrastructure • Hyper-Visibility • Real-time assurance of risk policies • Automated corrective action with fast response
  • 27.
  • 28. Security as Code / CI/CD / DevSecOps Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Everything as Code • Secure coding and testing • Secure CI/CD Pipeline; changes → Code repo  Security  Not Sec  DevOps  TradOps AWS CloudFormation AWS Organizations AWS CodeCommit AWS CodeDeploy AWS CodePipeline AWS CodeBuild  Provably Secure  Confidentiality  Integrity  Availability  Compliance
  • 30.
  • 31. Identity & Access Management Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Accounts for segmentation • Temporary credentials • Federations • Least Privilege, SoD  Security  Not Sec  DevOps  TradOps  Confidentiality  Integrity  Availability  ComplianceAWS Organizations IAM AWS Directory Service AWS STS
  • 32. AWS Native Tools and 3rd Party Innovation IAM Access Advisor NetFlix Repoman
  • 33.
  • 34. Logging & Monitoring Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Platform, OS and Apps • Central, secure access • Aggregate, alerting, enrichment, search platform, visualisation, • Search, visualise, workflow & ticketing for closed-loop response  Security  Not Sec  DevOps  TradOps  Integrity  Availability  ComplianceAmazon S3 AWS CloudTrail Amazon CloudWatch Logs & Events Amazon SNS
  • 35. Visibility via Support API / Trusted Advisor
  • 36. Cloud Security Information & Event Mgt (SIEM) VPC subnet Availability Zone Security group VPC subnet Availability Zone Security group Virtual Gateway Corporate data centre Users Data centre router Update Servers Connectivity CloudTrail CloudWatch SIEM Aggregator
  • 37.
  • 38. Infrastructure Security Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Threat Prevention Layer with DDoS Mitigation • Segmentation; Account, Network, Firewall (SG) • Severless, Patch & Replace, Vulnerability Management  Security  Not Sec  DevOps  TradOps  Integrity  Availability  ComplianceAWS Organizations AWS WAF AWS Shield Amazon VPC VPC flow logs Amazon CloudFront AWS Lambda Amazon Inspector
  • 39. https://www.example.com AWS Edge Locations AWS WAFAmazon Route 53 Amazon CloudFront AWS Shield Advanced CloudTrail us-east-1a us-east-1bProxies NAT RDS DB DMZSubnet PrivateSubnet PrivateSubnet Proxies Bastion RDS DB AWS Config CloudWatch Alarms Archive Logs Bucket S3 Lifecycle Policies to Glacier PrivateSubnet PrivateSubnet AWS Account Virtual Private Cloud (VPC) Infrastructure Security Well-Architected via a NIST High Quick Start
  • 40.
  • 41. Data Protection Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Classify • Encrypt in Transit • Encrypt at Rest • Audit, Automate detection or better still enforcement  Security  Not Sec  DevOps  TradOps  Confidentiality  Integrity  Availability  Compliance AWS KMS AWS CloudHSM IAM AWS Certificate Manager AWS CloudTrail AWS Config
  • 42. Ubiquitous Encryption EBS RDS Amazon Redshift S3 Amazon Glacier Encrypted in transit Fully auditable Restricted access and at rest Fully managed keys in KMS Your KMIturn it on
  • 43.
  • 44. Incident Response Best Practices/Turn On/Use Services/Tools Outcomes  Regulators • Review & cloud optimise; Preparation • Detection & Analysis • Containment, Eradication and Recovery (Response) • Post-Incident Activity  Security  Not Sec  DevOps  TradOps  Confidentiality  Integrity  Availability  Compliance Amazon S3 AWS CloudTrail Amazon CloudWatch Logs & Events Amazon EBS snapshot VPC
  • 45. Incident Response as a Service (IR-aaS)
  • 46.
  • 47. Compliance • … is not security • Proving above • Process • Automation of … more • Examples: – ISM – APRA
  • 48. Challenges for Compliance • Multiple complex documentation requirements • One off or Periodic surveys • Few truly automated controls • Sample testing • Lack of repeatability And now to architect for compliance in the Cloud
  • 49. Build on a Solid Foundation Certification provides assurance that AWS has in place the applicable controls of the ASD’s ISM (Australian Signals Directorate’s Information Security Manual) and is the immediate precursor in accrediting AWS for Australian government workloads.
  • 50. Australian Prudential Regulatory Authority • OUTSOURCING INVOLVING SHAREDCOMPUTING SERVICES (INCLUDING CLOUD) 6 July 2015 • Prudential Standard SPS/CPS 231: – Board approved Policy, material systems, (viability, stock value), systems of record (single source of truth), business activities sufficient monitoring & binding contract, consult with and notify APRA – Articulate how changes affect risk posture and how risk will be managed
  • 51. Leverage Best Practices and Automate • Compliance Quick Starts • CAF Security perspective • Growing Security services and feature portfolio
  • 52. Leverage Best Practices from Accenture & AWS: The Accenture Security Framework for AWS provides a mechanism for FSIs to: • Adopt AWS services and use them in a manner that helps organisations address the technology-compliant controls described within the APRA guidelines. • Secure both sensitive and non-sensitive data as setup and classified pertaining to CPG 235 – “Managing Data Risk,” while leveraging the flexibility, agility and cost savings of the cloud.
  • 53. Re-cap the Story / Players  Regulators:  Government – ASD / ISM via IRAP  FSI - APRA  Security  Information Technology (Not security focused)  DevOps  Traditional Operations
  • 54. Conclusions & Call to Action •      • Do the right things; Just turn on the capabilities – Demonstratively more secure, less errors and effort • Trusted Advisor • Cloud Adoption Framework • Well-Architected Framework • Enjoy the rest of the event; further information other security sessions follows turn it on
  • 55. Resources AWS Cloud Adoption Framework http://bit.ly/AWS-CAF AWS Well Architected Framework http://bit.ly/WellArchF AWS Quick Start Guides http://bit.ly/AWSQSG Code 01 = ZW1haWwg
  • 56. Further Reading and References AWS Compliance: http://amzn.to/2nYbDvO AWS Security: http://amzn.to/2ol0QYC ISACA Cloud RM: http://bit.ly/2nKBKpC ASD: http://bit.ly/2n0AF9r APRA: http://bit.ly/2nY6sZA CIS *2: http://bit.ly/2obIl90 and http://bit.ly/AWSCIS NIST: http://bit.ly/2obVQFO
  • 57. Related Sessions Today: 1445 – 1515: DDoS Protection/Edge Services 1530 – 1600: Wrangling Multiple AWS Accounts from Security to Finance 1630 – 1700: Ubiquitous Encryption on AWS 1715 – 1745: Implementing DevSecOps Tomorrow: 1215 – 1300: Well-Architected for Security: Advanced Session 1445 – 1515: Serverless Authentication and Authorisation 1530 – 1600: Best Practices for Security at Scale 1630 – 1700: A Serverless Approach to Operational Log Visualisation and Analytics 1715 – 1745: Securing your Containers on AWS