The document discusses governance strategies for technology disruptions using AWS. It provides an overview of AWS services and frameworks that can help with governance, risk and compliance (GRC) challenges posed by disruptive technologies. These include the Cloud Adoption Framework, Well Architected Framework, and security services like GuardDuty, Inspector and Macie. It recommends starting simple on AWS and iterating architectures over time using available guidance.
Operating and Managing Hybrid Cloud on AWSTom Laszewski
Operating in a hybrid architecture is a necessary component of an enterprise cloud adoption journey. Security, provisioning, change management, and monitoring are all key aspects of managing any hybrid cloud environment. This session will cover the AWS Services, open source tools, and AWS partners that can provide enterprises with a secure, well-governed, performant, reliable, and well-operated hybrid cloud environment. Infrastructure and application continuous delivery and improvement solutions, along with best practices to automate hybrid cloud provisioning and operations activities will be covered.
Intended for customers who have (or will have) thousands of instances on AWS, this session is about reducing the complexity of managing costs for these large fleets so they run efficiently. Attendees will learn about common roadblocks that prevent large customers from cost optimizing, tools they can use to efficiently remove those roadblocks, and techniques to monitor their rate of cost optimization. The session will include a case study that will talk in detail about the millions of dollars saved using these techniques. Customers will learn about a range of templates they can use to quickly implement these techniques, and also partners who can help them implement these templates.
Understanding AWS Managed Databases and Analytic Services - AWS Innovate Otta...Amazon Web Services
• Overview of database services to elevate your applications, analytic services to engage your data, and migration services to help you reach database freedom.
• Survey of how Canadian and other organizations are using the cloud to make data scalable, reliable, and secure.
Operating and Managing Hybrid Cloud on AWSTom Laszewski
Operating in a hybrid architecture is a necessary component of an enterprise cloud adoption journey. Security, provisioning, change management, and monitoring are all key aspects of managing any hybrid cloud environment. This session will cover the AWS Services, open source tools, and AWS partners that can provide enterprises with a secure, well-governed, performant, reliable, and well-operated hybrid cloud environment. Infrastructure and application continuous delivery and improvement solutions, along with best practices to automate hybrid cloud provisioning and operations activities will be covered.
Intended for customers who have (or will have) thousands of instances on AWS, this session is about reducing the complexity of managing costs for these large fleets so they run efficiently. Attendees will learn about common roadblocks that prevent large customers from cost optimizing, tools they can use to efficiently remove those roadblocks, and techniques to monitor their rate of cost optimization. The session will include a case study that will talk in detail about the millions of dollars saved using these techniques. Customers will learn about a range of templates they can use to quickly implement these techniques, and also partners who can help them implement these templates.
Understanding AWS Managed Databases and Analytic Services - AWS Innovate Otta...Amazon Web Services
• Overview of database services to elevate your applications, analytic services to engage your data, and migration services to help you reach database freedom.
• Survey of how Canadian and other organizations are using the cloud to make data scalable, reliable, and secure.
• Understand how cloud adoption transforms an organization and the way people work
• Identify critical stakeholders of a cloud transformation
• Bring exposure to key decisions points
• Help recognize cross-organizational dependencies
• Real life customer situations and lessons learned will be addressed
This session provides a framework that can be used to build a Cloud Strategy tailor-made for your organization. The framework helps organisations consider changes from the perspective of their Business, People, Governance, Security, Platform and Operations. By taking a multi-faceted approach in the development of a Cloud Strategy, organisations can de-risk their cloud adoption program, avoid a stall, and position themselves to take advantage of the benefits of cloud that stretch beyond mere cost savings.
AWS Webcast - The Business Value of Running SAP Solutions on the AWS Cloud (D...Amazon Web Services
AWS has seen a dramatic acceleration of SAP customers running their mission-critical SAP software on the AWS Cloud. Join us to learn what these customers already know: how the running of key SAP enterprise solutions, such as SAP Business Suite, SAP All in One, and SAP HANA, in production on the AWS cloud, drive business agility and innovation into your business, and dramatically reduce the TCO of running SAP.
Please join us this webcast, where AWS will articulate the benefits and business case for running SAP solutions on the AWS Cloud. We will also highlight several customer success stories, where to find test drives or trials now available, and how to engage with AWS or an AWS partner on next steps. After the presentation, you will have an opportunity to listen to a moderated Q&A discussion with AWS team members.
Presenters: Peter Mauel, AWS Global Alliance Leader and Bill Timm, AWS SAP Solution Architect
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
When migrating applications to the AWS Cloud, it’s important to architect cloud environments that are efficient, secure, and compliant. Companies depend on critical enterprise applications to run their business. In this session, learn about the compute, storage, and networking services that AWS offers to help you build, run, and scale your business-critical applications more quickly, securely, and cost-efficiently. We also cover the AWS services and partners that are available to help you modernize and migrate your business-critical applications to the cloud.
From Monolithic to Modern Apps: Best PracticesTom Laszewski
We are a lean team consisting of developers, lead architects, business analysts, and a project manager. To scale our applications and optimize costs, we need to reduce the amount of undifferentiated heavy lifting (e.g., patching, server management) from our projects. We have identified AWS serverless services that we will use. However, we need approval from a security and cost perspective. We need to build a business case to justify this paradigm shift for our entire technology organization. In this session, we learn to migrate existing applications and build a strategy and financial model to lay the foundation to build everything in a truly serverless way on AWS.
AWS Technical Due Diligence Workshop Session TwoTom Laszewski
First session in the one day Technical Due Diligence workshop. Overview the of AWS offerings, mechanisms, tools, and services that can be leveraged during a TDD. Review the AWS playbooks and runbooks.
Expanding Your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
Hybrid IT strategies is a common practice for enterprise company. In this session we will introduce some Hybrid IT scenarios and best practices for cloud adoption.
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Tom Laszewski
How do I provision infrastructure and applications, manage systems, and operate and monitor a Hybrid Cloud on AWS is one of the first questions I get from enterprise customers as they start their cloud adoption journey. This presentations covers the tools, technologies, and AWS Services that can be used to manage, operate, and monitor a hybrid cloud. It also covers CI/CD in a hybrid cloud environment.
Application Modernization using the Strangler PatternTom Laszewski
Modernization of applications on mainframe and UNIX servers can be challenging because the applications and databases are highly integrated and interdependent. Utilizing the strangler pattern, organizations can break free of legacy debt on mainframe and UNIX systems. This presentations discusses the strangler pattern, and how enterprise customers utilized the pattern to move to AWS serverless services and cloud native architectures.
AWS Enterprise Day | Running Critical Business Applications on AWSAmazon Web Services
The Cloud Journey for many enterprise customers starts with an initial migration of websites and mobile applications to AWS, followed by deployment of their critical business services. These services, such as SAP and Oracle, are typically more complex and underpin many business processes in the customer's organisation and may be deployed as hybrid solutions, integrated closely with other internal and external services. To do this, customers need to have fast and reliable connectivity to existing on-premise networks, as we covered in the previous session. Let's look at how we can now build on that to help you understand the benefits that many customers have achieved when they moved their business applications to AWS.
AWS Summit Stockholm 2014 – B3 – Integrating on-premises workloads with AWSAmazon Web Services
"Configure once, deploy anywhere" is one of the most sought-after enterprise operations requirements. Large-scale IT shops want to keep the flexibility of using on-premises and cloud environments simultaneously while maintaining the monolithic custom, complex deployment workflows and operations. This session brings together several hybrid enterprise requirements and compares orchestration and deployment models in depth without a vendor pitch or a bias. This session outlines several key factors to consider from the point of view of a large-scale real IT shop executive. Since each IT shop is unique, this session compares strengths, weaknesses, opportunities, and the risks of each model and then helps participants create new hybrid orchestration and deployment options for the hybrid enterprise environments.
AWS Summit 2014 Perth - Breakout 4
The Cloud future and why Datacom, a billion dollar company has chosen to partner with AWS.
The Cloud landscape is evolving at a dizzying pace. New offerings are being released weekly with diverse pricing and commercial frameworks. In this rapidly changing environment how do you ensure that you select the correct platform that best suits your organisation’s requirements, while also navigating the issues of data security, data sovereignty and business continuity?
Attend this session to hear why the best solution for your business may be to adopt a multi-cloud approach.
During the session we will cover:
- What choosing the right cloud for the right workload really means for business today.
- Challenges and issues you need to consider when selecting a cloud platform.
- Real world scenarios and our experience implementing Cloud solutions – what works, what doesn't.
- The "shift right" trend in Cloud and business technology management.
Presenter: Steven Crockett, Senior Cloud Solutions Specialist, Datacom Systems Australia
• Understand how cloud adoption transforms an organization and the way people work
• Identify critical stakeholders of a cloud transformation
• Bring exposure to key decisions points
• Help recognize cross-organizational dependencies
• Real life customer situations and lessons learned will be addressed
This session provides a framework that can be used to build a Cloud Strategy tailor-made for your organization. The framework helps organisations consider changes from the perspective of their Business, People, Governance, Security, Platform and Operations. By taking a multi-faceted approach in the development of a Cloud Strategy, organisations can de-risk their cloud adoption program, avoid a stall, and position themselves to take advantage of the benefits of cloud that stretch beyond mere cost savings.
AWS Webcast - The Business Value of Running SAP Solutions on the AWS Cloud (D...Amazon Web Services
AWS has seen a dramatic acceleration of SAP customers running their mission-critical SAP software on the AWS Cloud. Join us to learn what these customers already know: how the running of key SAP enterprise solutions, such as SAP Business Suite, SAP All in One, and SAP HANA, in production on the AWS cloud, drive business agility and innovation into your business, and dramatically reduce the TCO of running SAP.
Please join us this webcast, where AWS will articulate the benefits and business case for running SAP solutions on the AWS Cloud. We will also highlight several customer success stories, where to find test drives or trials now available, and how to engage with AWS or an AWS partner on next steps. After the presentation, you will have an opportunity to listen to a moderated Q&A discussion with AWS team members.
Presenters: Peter Mauel, AWS Global Alliance Leader and Bill Timm, AWS SAP Solution Architect
Cloud adoption requires that fundamental changes are considered across the entire organization, and that stakeholders across all organizational units are engaged in these changes. This session will introduce participants to the AWS Cloud Adoption Framework (AWS CAF) to help organizations take an accelerated path to successful cloud adoption. Participants will be exposed to consideration, guidance, and best practices that can be used to help their organizations develop an efficient and effective plan to realize measurable business benefits from cloud adoption faster and with less risk.
When migrating applications to the AWS Cloud, it’s important to architect cloud environments that are efficient, secure, and compliant. Companies depend on critical enterprise applications to run their business. In this session, learn about the compute, storage, and networking services that AWS offers to help you build, run, and scale your business-critical applications more quickly, securely, and cost-efficiently. We also cover the AWS services and partners that are available to help you modernize and migrate your business-critical applications to the cloud.
From Monolithic to Modern Apps: Best PracticesTom Laszewski
We are a lean team consisting of developers, lead architects, business analysts, and a project manager. To scale our applications and optimize costs, we need to reduce the amount of undifferentiated heavy lifting (e.g., patching, server management) from our projects. We have identified AWS serverless services that we will use. However, we need approval from a security and cost perspective. We need to build a business case to justify this paradigm shift for our entire technology organization. In this session, we learn to migrate existing applications and build a strategy and financial model to lay the foundation to build everything in a truly serverless way on AWS.
AWS Technical Due Diligence Workshop Session TwoTom Laszewski
First session in the one day Technical Due Diligence workshop. Overview the of AWS offerings, mechanisms, tools, and services that can be leveraged during a TDD. Review the AWS playbooks and runbooks.
Expanding Your Data Center with Hybrid Cloud InfrastructureAmazon Web Services
Hybrid IT strategies is a common practice for enterprise company. In this session we will introduce some Hybrid IT scenarios and best practices for cloud adoption.
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Tom Laszewski
How do I provision infrastructure and applications, manage systems, and operate and monitor a Hybrid Cloud on AWS is one of the first questions I get from enterprise customers as they start their cloud adoption journey. This presentations covers the tools, technologies, and AWS Services that can be used to manage, operate, and monitor a hybrid cloud. It also covers CI/CD in a hybrid cloud environment.
Application Modernization using the Strangler PatternTom Laszewski
Modernization of applications on mainframe and UNIX servers can be challenging because the applications and databases are highly integrated and interdependent. Utilizing the strangler pattern, organizations can break free of legacy debt on mainframe and UNIX systems. This presentations discusses the strangler pattern, and how enterprise customers utilized the pattern to move to AWS serverless services and cloud native architectures.
AWS Enterprise Day | Running Critical Business Applications on AWSAmazon Web Services
The Cloud Journey for many enterprise customers starts with an initial migration of websites and mobile applications to AWS, followed by deployment of their critical business services. These services, such as SAP and Oracle, are typically more complex and underpin many business processes in the customer's organisation and may be deployed as hybrid solutions, integrated closely with other internal and external services. To do this, customers need to have fast and reliable connectivity to existing on-premise networks, as we covered in the previous session. Let's look at how we can now build on that to help you understand the benefits that many customers have achieved when they moved their business applications to AWS.
AWS Summit Stockholm 2014 – B3 – Integrating on-premises workloads with AWSAmazon Web Services
"Configure once, deploy anywhere" is one of the most sought-after enterprise operations requirements. Large-scale IT shops want to keep the flexibility of using on-premises and cloud environments simultaneously while maintaining the monolithic custom, complex deployment workflows and operations. This session brings together several hybrid enterprise requirements and compares orchestration and deployment models in depth without a vendor pitch or a bias. This session outlines several key factors to consider from the point of view of a large-scale real IT shop executive. Since each IT shop is unique, this session compares strengths, weaknesses, opportunities, and the risks of each model and then helps participants create new hybrid orchestration and deployment options for the hybrid enterprise environments.
AWS Summit 2014 Perth - Breakout 4
The Cloud future and why Datacom, a billion dollar company has chosen to partner with AWS.
The Cloud landscape is evolving at a dizzying pace. New offerings are being released weekly with diverse pricing and commercial frameworks. In this rapidly changing environment how do you ensure that you select the correct platform that best suits your organisation’s requirements, while also navigating the issues of data security, data sovereignty and business continuity?
Attend this session to hear why the best solution for your business may be to adopt a multi-cloud approach.
During the session we will cover:
- What choosing the right cloud for the right workload really means for business today.
- Challenges and issues you need to consider when selecting a cloud platform.
- Real world scenarios and our experience implementing Cloud solutions – what works, what doesn't.
- The "shift right" trend in Cloud and business technology management.
Presenter: Steven Crockett, Senior Cloud Solutions Specialist, Datacom Systems Australia
SecureKloud offering Digital Transformtion involving Infrastructure modernisation, Application modernisation, Infrastructure modernisation through Identity first platform with security baked in ground up.
Enterprise DevOps is different then DevOps in startups and smaller companies. This session how AWS/CSC address this. How AWS IaaS level automation via CloudFormation, UserData, Console, APIS and some PaaS OpsWorks/Beanstalk is complimented by CSC Agility Platform. CSC Agility adds application compliance and security to the AWS infrastructure compliance and security. CSC Agility allows for the creation of architecture blueprints for predefined application offerings.
Outpost24 webinar: cloud providers ate hosting companies' lunch, what's next?...Outpost24
AWS, Azure and Google Cloud have disrupted the traditional infrastructure market. After realizing that security is a major roadblock to cloud adoption, they are putting money and effort to built-in security features. But hybrid setups remain a challenge for companies and there is a learning curve for security teams to be proficient on cloud. Find out how to choose the best toolset to secure your data in the cloud.
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014Amazon Web Services
The US government has built hundreds of applications that must be refactored to task advantage of modern distributed systems. This session discusses EzBake, an open-source, secure big data platform deployed on top of Amazon EC2 and using Amazon S3 and Amazon RDS. This solution has helped speed the US government to the cloud and make big data easy. Furthermore this session discusses critical architecture design decisions through the creation of the platform in order to add additional security, leverage future AWS offerings, and cut total operations and maintenance costs.
Sponsored by CSC
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
If you are looking for complete instructions on how to build your own Cloud governance process and control then view our recorded webinar on our youtube channel. We take you step by step on what is governance for the cloud and a focus area for security governance.
This session will cover how operating on the AWS cloud helps you manage risk and remain competitive in an ever changing landscape. We will review how to manage confidentiality, integrity, compliance and availability on AWS.
Speaker: David Kaplan, Security Specialist, Amazon Web Services
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Winning Governance Strategies for the Technology Disruptions of our Time
1. Winning Governance Strategies for the Technology Disruptions of our
Time
ISACA South Florida Annual GRC Conference
June 22, 2018
Patrick Hannah, VP of Engineering, CloudHesive
3. About CloudHesive
• Professional Services
– Assessment (Current environment, datacenter or cloud footprint)
– Strategy (Getting to the future state)
– Migration (Environment-to-cloud, Datacenter-to-cloud)
– Implementation (Point solutions)
– Support (Break/fix and ongoing enhancement)
• DevOps Services
– Assessment
– Strategy
– Implementation (Point solutions)
– Management (Supporting infrastructure, solutions or ongoing
enhancement)
– Support (Break/fix and ongoing enhancement)
• Managed Security Services (SecOps)
– Encryption as a Service (EaaS) – encryption at rest and in flight
– End Point Security as a Service
– Threat Management
– SOC II Type 2 Validated
• Next Generation Managed Services
– Leveraging our Professional, DevOps and Managed Security Services
– Single payer billing
– Intelligent operations and automation
– AWS Audited
4. Agenda
• Disruptive technology history
• Challenges faced in GRC by disruptive technologies
• Brief introduction to AWS
• Introduction of Shared Responsibility models, specifically around Cloud Computing and AWS
• Overview of AWS Frameworks that can be leveraged by Security and Compliance teams for GRC with
technology disruptors
• Overview of AWS Services that can be leveraged to support GRC on AWS
• Overview of AWS Reference Architectures that align to a number of Frameworks and leverage the previously
referenced AWS Services
• Conclusion
5. Disruptive Technology History
• Then
– Storage
– Communications
– Computing
– Transportation
– Manufacturing
– Discreet Components
• Now
– Social
– Mobile
– Analytics/Big Data/AI
– Cloud
– Smart Things/IoT
– Blockchain
6. Challenges faced in GRC by disruptive technologies
• Endpoints
– From a single, non network connected computing device to multiple (desktops, laptops, tablets, mobile
phones), mixed platforms
– Smart Appliances (Kitchen, TV, etc.), Consumer IoT (Smart Home, Alexa, Dash, etc.),
Commercial/Industrial IoT (Environmental, Manufacturing, etc.), also mixed platforms
• Data
– Wider breadth of sources, formats, and technologies to ingest, process, store, retrieve, analyze and
display
– Growth in the four v’s (volume, variety, velocity and veracity)
• Policy
– Attempting to apply legacy policies to disruptive technologies
– Looked at as not agile/slow to adopt disruptive technologies/slow to apply to disruptive technologies
• Shadow IT
– The nature of disruptive technologies supports the adoption of them by non IT users
– Disruptive technologies tend to be enablers to avoid traditional methods of acquisition
7. Who is using AWS (US and Abroad)?
• Federal Government
• Government-Sponsored Enterprise
• State
• Local
• Higher Education
• K-12
• Non-Profit
• Private Sector
8. GovCloud
• Additional Assurance Programs Above and Beyond other AWS Regions
– ITAR
– FedRAMP ATO (High for GovCloud, Medium for us-east/west)
– DoD SRG (2,4,5 for GovCloud, 2 for us-east/west)
• General
– Separate Endpoints (utilize FIPS 140-2 approved cryptographic modules)
– Separate Namespace
– Separate Authentication (Tied to a non-GovCloud account for billing purposes - no Root
Account)
– 46 of the 127 AWS Services Available (EC2 Classic not Available)
– US Citizen only Access
• Physical Location
– Northwestern US
– Eastern US (forthcoming)
12. General Design Principles
• Stop guessing your capacity needs
• Test systems at production scale
• Automate to make architectural experimentation easier
• Allow for evolutionary architectures
• Drive architectures using data
• Improve through game days
13. Operational Excellence
• Design Principles
– Perform operations as code
– Annotate documentation
– Make frequent, small, reversible changes
– Refine operations procedures frequently
– Anticipate failure
– Learn from all operational failures
• Best Practices
– Prepare
– Operate
– Evolve
14. Security
• Design Principles
– Implement a strong identity foundation
– Enable traceability
– Apply security at all layers
– Automate security best practices
– Protect data in transit and at rest
– Prepare for security events
• Best Practices
– Identity and Access Management
– Detective Controls
– Infrastructure Protection
– Data Protection
– Incident Response
15. Reliability
• Design Principles
– Test recovery procedures
– Automatically recover from failure
– Scale horizontally to increase aggregate system availability
– Stop guessing capacity
– Manage change in automation
• Best Practices
– Foundations
– Change Management
– Failure Management
16. Performance Efficiency
• Design Principles
– Democratize advanced technologies
– Go global in minutes
– Use serverless architectures
– Experiment more often
– Mechanical sympathy
• Best Practices
– Selection
– Review
– Monitoring
– Tradeoffs
17. Cost Optimization
• Design Principles
– Adopt a consumption model
– Measure overall efficiency
– Stop spending money on data center operations
– Analyze and attribute expenditure
– Use managed services to reduce cost of ownership
• Best Practices
– Cost-Effective Resources
– Matching Supply and Demand
– Expenditure Awareness
– Optimizing Over Time
18. Sample Implementation
• “NIST Quickstart”
• Based on Cybersecurity
Framework, SP 800-53, SP 800-37
• Corresponding Guide + Controls
Matrix
• CIS and PCI Variants Available
• Good starting point
19. Supporting Services
• VPC: Security Groups (Stateful Firewall) + NACLs (Stateless Firewall)
• VPC: Flow Logs (NetFlow)
• VPC: VGW (Point to Point and IPSEC Connectivity) + Peering (VPC to VPC Connectivity) +
Endpoints (Private Connectivity to AWS Services)
• VPC: NAT Gateway (Private to Public IP Address NAT’ing)
• EC2: Patch Manager (OS and above patching + auditing)
• EC2: Parameter Store (Secure Storage of Service Accounts)
20. Supporting Services
• S3/Glacier: File based storage with AAA, versioning, secure delete + policy based retention
• Code Commit/ECS: Secure Application and Artifact Repository
• Code Deploy/Run Command: “Hands off” OS and configuration management + application
deployment
• CloudWatch Logs: OS and above log management
• CloudWatch Events + Lambda: Event triggered code
• CloudTrail: Audit Trail, Exportable as JSON to idempotent storage
21. Supporting Services
• Config: Point in time snapshots of configuration items, Exportable as JSON to idempotent
storage
• OpsWorks + Elastic Beanstalk: “Hands off” infrastructure management
• CloudFormation: Infrastructure automation described as JSON/YAML, Version Controllable
• IAM + Directory Service + SSO: Standalone and Federated AAA
• KMS: FIPS 140-2 Certified cryptographic module with integration to various AWS services,
provides expiration and ability to provide self-generated cryptographic material
• CloudHSM: FIPS 140-2 Certified cryptographic module with PKCS11 and JCE Interfaces
22. Supporting Services
• Certificate Manager: Secure Certificate Store
• Workspaces: Secure Bastion
• WAF: Layer 7 WAF
• Shield + AutoScaling + ELB + Cloud Front: DoS/DDoS Protection
• Artifact: AWS Audit Reports available on demand
• Tags: Built-in asset + inventory marking and tracking on configuration items
• Service Catalog: Predefined configurations available to end users, can be integrated to ITSM
system
24. Conclusion
• AWS provides a number of services to support your frameworks + controls, in addition to
core infrastructure (server + storage) capabilities.
• AWS provides guidance (in the form of the CAF and WAF) for organizations which do not
have an existing framework to base their cloud adoption model on.
• Getting started on AWS is easy; with the free tier, you can experiment with a number of
services without incurring significant cost.
• Adoption of AWS in your organization can be as easy or as hard as you want to make it; start
simple and iterate.
25. Recommended Reading
• AWS Well Architected Framework
– https://aws.amazon.com/architecture/well-architected/
• AWS Cloud Adoption Framework
– https://aws.amazon.com/professional-services/CAF/
• AWS Cloud Transformation Maturity Model
– https://d0.awsstatic.com/whitepapers/AWS-Cloud-Transformation-Maturity-Model.pdf
• Shared Responsibility Model
– https://aws.amazon.com/compliance/shared-responsibility-model/
• Operational Checklists for AWS
– https://d1.awsstatic.com/whitepapers/aws-operational-checklists.pdf
• Introduction to Auditing the Use of AWS
– https://d1.awsstatic.com/whitepapers/compliance/AWS_Auditing_Security_Checklist.pdf
26. Further Learning
• Getting Started: https://aws.amazon.com/getting-started
• General Reference: http://docs.aws.amazon.com/general/latest/gr
• Global Infrastructure: https://aws.amazon.com/about-aws/global-infrastructure/
• FAQs: https://aws.amazon.com/faqs
• Documentation: https://aws.amazon.com/documentation/
• Architecture: https://aws.amazon.com/architecture
• Whitepapers: https://aws.amazon.com/whitepapers
• Security: https://aws.amazon.com/security
• Blog: https://aws.amazon.com/blogs
• Service Specific Pages: https://aws.amazon.com/service
• AWS Answers: https://aws.amazon.com/answers/
• AWS Knowledge Center: https://aws.amazon.com/premiumsupport/knowledge-center/
• SlideShare: http://www.slideshare.net/AmazonWebServices
• Github: https://github.com/aws and https://github.com/awslabs
Certifications in CCSK, CCSP, ITIL
Experience with AWS, GovCloud, FedRAMP, specifically
From Wiki: Disruptive innovation is an innovation that creates a new market and value network and eventually disrupts an existing market and value network, displacing established market-leading firms, products, and alliances
AWS Public Sector Summit – June 20-21, 2018, Walter E. Washington Convention Center
https://aws.amazon.com/about-aws/global-infrastructure/regional-product-services/
https://aws.amazon.com/compliance/services-in-scope/
See also C2S and Secret Region: https://aws.amazon.com/federal/us-intelligence-community/
https://aws.amazon.com/quickstart/architecture/accelerator-nist/
NIST – Cybersecurity Framework, SP 800-53, SP 800-37
CIS – Benchmarks
CSA – CCM + CAIQ
Basic AWS Identity and Access Management (IAM) configuration with custom (IAM) policies, with associated groups, roles, and instance profiles.
Standard, external-facing Amazon Virtual Private Cloud (Amazon VPC) Multi-AZ architecture with separate subnets for different application tiers and private (back-end) subnets for application and database. The Multi-AZ architecture helps ensure high availability.
Amazon Simple Storage Service (Amazon S3) buckets for encrypted web content, logging, and backup data.
Standard Amazon VPC security groups for Amazon Elastic Compute Cloud (Amazon EC2) instances and load balancers used in the sample application stack. The security groups limit access to only necessary services.
Three-tier Linux web application using Auto Scaling and Elastic Load Balancing, which can be modified and/or bootstrapped with customer application.
A secured bastion login host to facilitate command-line Secure Shell (SSH) access to Amazon EC2 instances for troubleshooting and systems administration activities.
Encrypted, Multi-AZ Amazon Relational Database Service (Amazon RDS) MySQL database.
Logging, monitoring, and alerts using AWS CloudTrail, Amazon CloudWatch, and AWS Config rules (where available).
The next few slides I will detail some of the supporting services; a number of the AWS published matrices detail the alignment of these services to specific controls, rather than read through a matrix, I thought it would help to explain what these services are and how they can help
