SlideShare a Scribd company logo

How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207) | AWS re:Invent 2013

Amazon Web Services
Amazon Web Services

This document summarizes the key steps taken by the Federal Home Loan Bank of Chicago in moving infrastructure to AWS cloud services. It outlines communicating the transition within the organization, conducting a proof of concept to test services, evaluating AWS controls using their framework, considering costs beyond just compute hours, implementing infrastructure and security monitoring, and developing disaster recovery plans. The overall message is that due diligence across these areas is necessary to successfully adopt cloud services while maintaining control.

TechnologyEconomy & Finance
1 of 14
Download to read offline
How Federal Home Loan Bank of Chicago Maintains Control in the Cloud Eric Geiger, Federal Home Loan Bank of Chicago © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
Federal Home Loan Banks • Created by Congress in 1932 • Each is a cooperative owned by members in its district • Members include banks, thrifts, credit unions, insurance companies, and housing finance institutions • As of September 30, 2013, almost 7,500 members in the FHLBank System • Each FHLBank is registered with the SEC • Each FHLBank is governed by a separate board of directors, but regulated by a single regulator, Federal Housing Finance Agency
Why Did FHLBC Start Using AWS • Exploring infrastructure options – – – Faster server provisioning Required options and flexibility to replace existing hardware Wanted to reduce hardware expense • What brought us to Amazon – – – – Leader in the space Vast array of options Easy entry into the services Quickly observable results • Our initial concerns – – – Security Performance Reliability/durability/availability
Due Diligence is Key Communicate Before Proof of Concept Framework Cost Security After Monitoring Disaster Planning CONTINUOUS
Communicate with Your Organization • We had many preconceived notions – – • Amazon is just a bookstore, isn’t it? The “cloud” isn’t secure! Get educated – Read the whitepapers • • • • – Review the AWS security and compliance sites • • • • • http://aws.amazon.com/whitepapers “Overview of Amazon Web Services” “AWS Risk and Compliance” whitepaper “Auditing Security Checklist for Use of AWS” http://aws.amazon.com/security http://aws.amazon.com/compliance This is more than simply moving infrastructure Is there guidance from governance bodies Ensure business buy-in early
Try a Small POC • Level set your expectations • What are you planning to use AWS for – Only web services – Core infrastructure – Data and database services • Explore the service options • Important basics to consider – Pick a region/zone that’s close – Set up a VPC – Test your network connectivity and see if it’s sufficient
Evaluate with a Framework • AWS has many certifications and accreditations: HIPPA, SOC 1, SOC 2, SOC 3, PCI, ISO 27001, FISMA, FedRAMP, ITAR, FIPS 140-2 • How do the certifications pertain to you? – – Certification need to be mapped back to your own compliance and control framework The bank used the Cloud Security Alliance framework as our starting point • https://cloudsecurityalliance.org/ • Time-consuming process to map associations – – Will draw attention to areas your own control framework needs revision Should be done by multiple areas in your organization • • • IT security IT operations Internal audit
Aligning Your Framework to AWS Our example using the Security Guidance for Critical Areas of Focus in Cloud Computing • Alignment with Industry Control Frameworks Architectural Relevance Team Comments Internal Risk Rating Alignment of AWS with Internal Controls Internal Controls
Consider All of Your Costs • • • We definitely saw a reduction in expense The cost equation is not simply instances*hours*price Your AWS instance usage needs monitoring – – – • You still need to support your AWS infrastructure – • Standard infrastructure jobs still apply: provisioning, patching, software installs, backups, anti-virus and tools Moving can generate new workloads for additional costs – • Elastic provisioning makes it easy to generate instance creep increasing cost Reserved might be cheaper over time On-demand instances need to be reviewed regularly for conversion to reserved Managing client side IDS and firewalls Useful considerations – – – Auto start/stop can save considerable money Amazon CloudWatch can be configured to report on spending thresholds AWS Trusted Advisor can find significant cost savings based on usage stats
Infrastructure Monitoring • CloudWatch is your first resource – Pay for “Detailed Monitoring” – Set up CloudWatch alarms on basic thresholds: CPU, network, disk usage, spend • Monitor your events – Watch for unexpected instance reboots and maintenance – Use the AWS API to automate event monitor when possible • Expand CloudWatch with your existing third-party monitoring – CloudWatch will not replace your existing tool set – You can run your agents on the AWS instances • Can allow you to recycle existing scripts and code • Monitor OS-level activity, events, services, logs, etc
Security Monitoring • • AWS security works best when you are building apps to leverage AWS services AWS has some limitations for traditional security monitoring – – – • Limited Inspection and auditing of your traffic Limited traditional integration with third-party vendor products Better (targeted) service offerings to support “traditional” application environments You can do some things to mitigate certain limitations – Always use VPCs when possible to help control traffic • – – – • Separate dev/test, prod and Internet apps to their own VPCs Consider host-based firewalls and IDS All traffic flows through your traditional data center when possible Terminate AWS Direct Connect at firewalls to assist with traffic inspection Locked-down AWS console – – – Multifactor authentication Permission restrictions Limited access
Disaster Planning • Consider your real uptime need – Amazon SLA is 99.95% availability for EC2 infrastructure each month – That’s 3.6 hours per month of downtime • Your zone will be degraded • Quick recovery and redundancy can be architected – Create an AMI (Amazon machine image) of your working, patched server on a regular basis – Take snapshots of your instances on a regular basis – Use Amazon S3 service to keep images and snapshots available in multiple regions and zones
Thank You • Questions?
Please give us your feedback on this presentation ENT207 As a thank you, we will select prize winners daily for completed surveys!

Recommended

Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
Lahav Savir
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Amazon Web Services
 
Hybrid cloud monitoring - Mumbai seminar
Hybrid cloud monitoring - Mumbai seminarHybrid cloud monitoring - Mumbai seminar
Hybrid cloud monitoring - Mumbai seminar
ManageEngine, Zoho Corporation
 
Optimize application performance - Mumbai Seminar
Optimize application performance - Mumbai Seminar Optimize application performance - Mumbai Seminar
Optimize application performance - Mumbai Seminar
ManageEngine, Zoho Corporation
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...
Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...
Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...
APNIC
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1
ManageEngine, Zoho Corporation
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
Lahav Savir
 

Recommended

Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
Lahav Savir
 
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS AdoptionYour First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Your First Hour on AWS: Building the Foundation for Large Scale AWS Adoption
Amazon Web Services
 
Hybrid cloud monitoring - Mumbai seminar
Hybrid cloud monitoring - Mumbai seminarHybrid cloud monitoring - Mumbai seminar
Hybrid cloud monitoring - Mumbai seminar
ManageEngine, Zoho Corporation
 
Optimize application performance - Mumbai Seminar
Optimize application performance - Mumbai Seminar Optimize application performance - Mumbai Seminar
Optimize application performance - Mumbai Seminar
ManageEngine, Zoho Corporation
 
Network Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai SeminarNetwork Bandwidth management - Mumbai Seminar
Network Bandwidth management - Mumbai Seminar
ManageEngine, Zoho Corporation
 
Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...
Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...
Democratizing Insecurity: Bringing security weaknesses to the tech masses, by...
APNIC
 
Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1Applications Performance Monitoring with Applications Manager part 1
Applications Performance Monitoring with Applications Manager part 1
ManageEngine, Zoho Corporation
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
Lahav Savir
 
Jsm computer solutions
Jsm computer solutionsJsm computer solutions
Jsm computer solutions
Jason Mast
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Maytal Levi
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2
ManageEngine, Zoho Corporation
 
Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...
Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...
Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...
Amazon Web Services
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.
Splunk
 
Migrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWSMigrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWS
AlgoSec
 
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Alibaba Cloud
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application Security
Alibaba Cloud
 
Putting the Sec into DevOps
Putting the Sec into DevOpsPutting the Sec into DevOps
Putting the Sec into DevOps
Maytal Levi
 
Siebel Monitoring Tools
Siebel Monitoring ToolsSiebel Monitoring Tools
Siebel Monitoring Tools
Alceu Rodrigues de Freitas Junior
 
Enterprise Beacon Object Hive - Siebel Version Control
Enterprise Beacon Object Hive - Siebel Version ControlEnterprise Beacon Object Hive - Siebel Version Control
Enterprise Beacon Object Hive - Siebel Version Control
Milind Waikul
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Demystifying Azure App Service Networking
Demystifying Azure App Service NetworkingDemystifying Azure App Service Networking
Demystifying Azure App Service Networking
Mohamed Wali
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 
Finding application problems before they impact users
Finding application problems before they impact usersFinding application problems before they impact users
Finding application problems before they impact users
CA Application Performance Management (APM)
 
AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC
Amazon Web Services
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
CloudPassage
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
Jason Chan
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
Akshay Mathur
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
Kimberly Macias
 

More Related Content

What's hot

Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Maytal Levi
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
Maytal Levi
 
Migrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWSMigrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWS
AlgoSec
 
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Alibaba Cloud
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application Security
Alibaba Cloud
 
Putting the Sec into DevOps
Putting the Sec into DevOpsPutting the Sec into DevOps
Putting the Sec into DevOps
Maytal Levi
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
Jason Chan
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
shira koper
 

What's hot (20)

Jsm computer solutions
Jsm computer solutionsJsm computer solutions
Jsm computer solutions
 
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solutionAlgosec 5 more_things_you_can_do_with_a_security_policy_management_solution
Algosec 5 more_things_you_can_do_with_a_security_policy_management_solution
 
Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2Server and application monitoring webinars [Applications Manager] - Part 2
Server and application monitoring webinars [Applications Manager] - Part 2
 
Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...
Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...
Too Many Tools? How AWS Systems Manager Bridges Operational Models - AWS Summ...
 
AlgoSec Application Migration Webinar
AlgoSec Application Migration WebinarAlgoSec Application Migration Webinar
AlgoSec Application Migration Webinar
 
AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.AWS security monitoring and compliance validation from Adobe.
AWS security monitoring and compliance validation from Adobe.
 
Migrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWSMigrating Application Connectivity and Network Security to AWS
Migrating Application Connectivity and Network Security to AWS
 
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
Cyber Security Compliance Solutions for Foreign Companies in China - Alibaba ...
 
Introduction to WAF and Network Application Security
Introduction to WAF and Network Application SecurityIntroduction to WAF and Network Application Security
Introduction to WAF and Network Application Security
 
Putting the Sec into DevOps
Putting the Sec into DevOpsPutting the Sec into DevOps
Putting the Sec into DevOps
 
Siebel Monitoring Tools
Siebel Monitoring ToolsSiebel Monitoring Tools
Siebel Monitoring Tools
 
Enterprise Beacon Object Hive - Siebel Version Control
Enterprise Beacon Object Hive - Siebel Version ControlEnterprise Beacon Object Hive - Siebel Version Control
Enterprise Beacon Object Hive - Siebel Version Control
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Demystifying Azure App Service Networking
Demystifying Azure App Service NetworkingDemystifying Azure App Service Networking
Demystifying Azure App Service Networking
 
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application ConnectivityMovin' On Up to the Cloud: How to Migrate your Application Connectivity
Movin' On Up to the Cloud: How to Migrate your Application Connectivity
 
Finding application problems before they impact users
Finding application problems before they impact usersFinding application problems before they impact users
Finding application problems before they impact users
 
AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC AWS Webinar Using AWS OpsWorks and Amazon VPC
AWS Webinar Using AWS OpsWorks and Amazon VPC
 
Rethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure EffectRethinking Security: The Cloud Infrastructure Effect
Rethinking Security: The Cloud Infrastructure Effect
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
 
Cloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADSCloud Bursting with A10 Lightning ADS
Cloud Bursting with A10 Lightning ADS
 

Similar to How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207) | AWS re:Invent 2013

AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
Amazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Amazon Web Services
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Amazon Web Services
 
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Amazon Web Services
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
Amazon Web Services
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security Keynote
Amazon Web Services
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Amazon Web Services
 
How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...
How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...
How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...
Amazon Web Services
 

Similar to How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207) | AWS re:Invent 2013 (20)

AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
 
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit SydneyPragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
Pragmatic Container Security (Sponsored by Trend Micro) - AWS Summit Sydney
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large Enterprises
 
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
Enterprise Management for the AWS Cloud (DMG209) | AWS re:Invent 2013
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
 
AWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security KeynoteAWS Summit Nordics - Security Keynote
AWS Summit Nordics - Security Keynote
 
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
Hackproof Your Gov Cloud: Mitigating Risks for 2017 and Beyond | AWS Public S...
 
Enterprise Management for the AWS Cloud
Enterprise Management for the AWS CloudEnterprise Management for the AWS Cloud
Enterprise Management for the AWS Cloud
 
How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...
How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...
How Retail Insights, LLC Used Alert Logic to Meet Compliance Mandates and Enh...
 
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container SecurityAWS Community Day - Vitaliy Shtym - Pragmatic Container Security
AWS Community Day - Vitaliy Shtym - Pragmatic Container Security
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
AWS Webcast - Sumo Logic
AWS Webcast - Sumo LogicAWS Webcast - Sumo Logic
AWS Webcast - Sumo Logic
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
AWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve SchmidtAWS Summit Berlin 2013 - Keynote Steve Schmidt
AWS Summit Berlin 2013 - Keynote Steve Schmidt
 
Barracuda, AWS & Securosis: Application Security for the Cloud
Barracuda, AWS & Securosis: Application Security for the CloudBarracuda, AWS & Securosis: Application Security for the Cloud
Barracuda, AWS & Securosis: Application Security for the Cloud
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Recently uploaded (20)

MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

How Federal Home Loan Bank of Chicago Maintains Control in the Cloud (ENT207) | AWS re:Invent 2013

  • 1. How Federal Home Loan Bank of Chicago Maintains Control in the Cloud Eric Geiger, Federal Home Loan Bank of Chicago © 2013 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified, or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 2. Federal Home Loan Banks • Created by Congress in 1932 • Each is a cooperative owned by members in its district • Members include banks, thrifts, credit unions, insurance companies, and housing finance institutions • As of September 30, 2013, almost 7,500 members in the FHLBank System • Each FHLBank is registered with the SEC • Each FHLBank is governed by a separate board of directors, but regulated by a single regulator, Federal Housing Finance Agency
  • 3. Why Did FHLBC Start Using AWS • Exploring infrastructure options – – – Faster server provisioning Required options and flexibility to replace existing hardware Wanted to reduce hardware expense • What brought us to Amazon – – – – Leader in the space Vast array of options Easy entry into the services Quickly observable results • Our initial concerns – – – Security Performance Reliability/durability/availability
  • 4. Due Diligence is Key Communicate Before Proof of Concept Framework Cost Security After Monitoring Disaster Planning CONTINUOUS
  • 5. Communicate with Your Organization • We had many preconceived notions – – • Amazon is just a bookstore, isn’t it? The “cloud” isn’t secure! Get educated – Read the whitepapers • • • • – Review the AWS security and compliance sites • • • • • http://aws.amazon.com/whitepapers “Overview of Amazon Web Services” “AWS Risk and Compliance” whitepaper “Auditing Security Checklist for Use of AWS” http://aws.amazon.com/security http://aws.amazon.com/compliance This is more than simply moving infrastructure Is there guidance from governance bodies Ensure business buy-in early
  • 6. Try a Small POC • Level set your expectations • What are you planning to use AWS for – Only web services – Core infrastructure – Data and database services • Explore the service options • Important basics to consider – Pick a region/zone that’s close – Set up a VPC – Test your network connectivity and see if it’s sufficient
  • 7. Evaluate with a Framework • AWS has many certifications and accreditations: HIPPA, SOC 1, SOC 2, SOC 3, PCI, ISO 27001, FISMA, FedRAMP, ITAR, FIPS 140-2 • How do the certifications pertain to you? – – Certification need to be mapped back to your own compliance and control framework The bank used the Cloud Security Alliance framework as our starting point • https://cloudsecurityalliance.org/ • Time-consuming process to map associations – – Will draw attention to areas your own control framework needs revision Should be done by multiple areas in your organization • • • IT security IT operations Internal audit
  • 8. Aligning Your Framework to AWS Our example using the Security Guidance for Critical Areas of Focus in Cloud Computing • Alignment with Industry Control Frameworks Architectural Relevance Team Comments Internal Risk Rating Alignment of AWS with Internal Controls Internal Controls
  • 9. Consider All of Your Costs • • • We definitely saw a reduction in expense The cost equation is not simply instances*hours*price Your AWS instance usage needs monitoring – – – • You still need to support your AWS infrastructure – • Standard infrastructure jobs still apply: provisioning, patching, software installs, backups, anti-virus and tools Moving can generate new workloads for additional costs – • Elastic provisioning makes it easy to generate instance creep increasing cost Reserved might be cheaper over time On-demand instances need to be reviewed regularly for conversion to reserved Managing client side IDS and firewalls Useful considerations – – – Auto start/stop can save considerable money Amazon CloudWatch can be configured to report on spending thresholds AWS Trusted Advisor can find significant cost savings based on usage stats
  • 10. Infrastructure Monitoring • CloudWatch is your first resource – Pay for “Detailed Monitoring” – Set up CloudWatch alarms on basic thresholds: CPU, network, disk usage, spend • Monitor your events – Watch for unexpected instance reboots and maintenance – Use the AWS API to automate event monitor when possible • Expand CloudWatch with your existing third-party monitoring – CloudWatch will not replace your existing tool set – You can run your agents on the AWS instances • Can allow you to recycle existing scripts and code • Monitor OS-level activity, events, services, logs, etc
  • 11. Security Monitoring • • AWS security works best when you are building apps to leverage AWS services AWS has some limitations for traditional security monitoring – – – • Limited Inspection and auditing of your traffic Limited traditional integration with third-party vendor products Better (targeted) service offerings to support “traditional” application environments You can do some things to mitigate certain limitations – Always use VPCs when possible to help control traffic • – – – • Separate dev/test, prod and Internet apps to their own VPCs Consider host-based firewalls and IDS All traffic flows through your traditional data center when possible Terminate AWS Direct Connect at firewalls to assist with traffic inspection Locked-down AWS console – – – Multifactor authentication Permission restrictions Limited access
  • 12. Disaster Planning • Consider your real uptime need – Amazon SLA is 99.95% availability for EC2 infrastructure each month – That’s 3.6 hours per month of downtime • Your zone will be degraded • Quick recovery and redundancy can be architected – Create an AMI (Amazon machine image) of your working, patched server on a regular basis – Take snapshots of your instances on a regular basis – Use Amazon S3 service to keep images and snapshots available in multiple regions and zones
  • 14. Please give us your feedback on this presentation ENT207 As a thank you, we will select prize winners daily for completed surveys!