SlideShare a Scribd company logo

AWS Webcast - Security Best Practices on AWS

Amazon Web Services
Amazon Web Services

Amazon Web Services (AWS) delivers a highly scalable cloud computing platform with high availability and reliability, and the flexibility to enable customers to build a wide range of applications. In order to provide end-to-end security and end-to-end privacy, AWS builds services in accordance with security best practices, provides appropriate security features in those services, and documents how to use those features. In addition, AWS customers must use those features and best practices to architect an appropriately secure application environment. Join this webcast to learn more.

TechnologyBusiness
1 of 37
Download to read offline
Security Best Practices on AWS Understanding AWS Security, the Shared Responsibility Model, and some security best practices © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Cloud Security is: © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Every Customer Has Access to the Same Security Capabilities And gets to choose what’s right for their business needs • • • • • • • • Governments Financial Sector Pharmaceuticals Entertainment Start-ups Social Media Home Users Retail © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Visible Cloud Security This Or This? © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Auditable Cloud Security © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Transparent Cloud Security http://aws.amazon.com/compliance/ © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
ISO 27001 Certification Covers the AWS Information Security Management System Follows ISO 27002 best practice guidance Includes all Regions Certification in the standard requires: • • • • Systematic evaluation of information security risks Evaluate the impact of company threats and vulnerabilities Design and implement comprehensive information security controls Adopt an overarching management process to ensure that the information security controls meet the information security needs on an ongoing basis © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Service Organization Controls American Institute of Certified Public Accountants report What it contains Who uses it SOC 1 Attests that the AWS internal controls for financial reporting are appropriately designed and the controls are operating effectively User auditors & users’ controller’s office. Shared under NDA by AWS. SOC 2 Expanded evaluation of controls to include AICPA Trust Services Principles Management, regulators & others. Shared under NDA by AWS. SOC 3 Summary of SOC 2 and provides AICPA SysTrust Security Seal. Management, regulators & others. Publicly available. © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
PCI DSS Level 1 Service Provider PCI DSS 2.0 compliant Covers core infrastructure & services • EC2, EBS, VPC, ELB, DirectConnect, S3, Glacier, RDS, DynamoDB, SimpleDB, EMR, RedShift, CloudHSM, and IAM Use services normally, no special configuration Leverage the work of our QSA AWS will work with merchants and designated Qualified Incident Response Assessors (QIRA) • can support forensic investigations Certified in all regions © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
FedRAMP (FISMA) Moderate U.S. Civilian Government Agency Specific FedRAMP Approval To Operate (ATO) FISMA Moderate (NIST 800-53) • Much more stringent than other commercial standards • 205 high-level controls spanning 18 domains • Access Control, Awareness & Training, Audit & Accountability, Security Assessment & Authorization, Configuration Management, Contingency Planning, ID & Authentication, Incident Response, Maintenance, Media Protection, Physical & Environment Protection, Planning, Personnel Security, Risk Assessment, System & Services Acquisition, System & Communications Protections, System & Information Integrity, Program Management © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Shared Assessments SIG Standard Information Gathering (“SIG”) Questionnaire shared under NDA • www.sharedassessments.org Robust, easy to use set of questions to gather and assess • Information Technology • Operating and Security Risks (and corresponding controls) Based on referenced industry standards • Including, but not limited to, FFIEC, ISO, COBIT and PCI Excel format with AWS provided answers Updated periodically to stay current © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Additional Initiatives U.S. Health Insurance Portability and Accountability Act (HIPAA) • AWS enables covered entities and their business associates subject to the U.S. HIPAA to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers. Cloud Security Alliance (CSA) Questionnaire • Answers in the Risk and Compliance Whitepaper Motion Picture Association of America (MPAA) • Answers in the Risk and Compliance Whitepaper • Best practices for storing, processing and delivering protected media & content © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Security & Compliance Control Objectives Control Objective 1: Control Objective 2: Control Objective 3: Control Objective 4: Control Objective 5: Safeguards Control Objective 6: Control Objective 7: Control Objective 8: Security Organization Amazon User Access Logical Security Secure Data Handling Physical Security and Environmental Change Management Data Integrity, Availability and Redundancy Incident Handling © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Security & Compliance Control Objectives (cont’d) Control Objective 1: Security Organization • Who we are • Proper control & access within the organization Control Objective 2: Amazon User Access • How we vet our staff • Minimization of access © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Security & Compliance Control Objectives (cont’d) Control Objective 3: Logical Security • • • • Our staff start with no system access Need-based access grants Rigorous system separation System access grants regularly evaluated & automatically revoked © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Security & Compliance Control Objectives (cont’d) Control Objective 4: Secure Data Handling • Storage media destroyed before being permitted outside our datacenters • Media destruction consistent with US Dept. of Defense Directive 5220.22 Control Objective 5: Physical Security and Environmental Safeguards • Keeping our facilities safe • Maintaining the physical operating parameters of our datacenters © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Security & Compliance Control Objectives (cont’d) Control Objective 6: Change Management • Continuous operation Control Objective 7: Data Integrity, Availability and Redundancy • Ensuring your data remains safe, intact, & available Control Objective 8: Incident Handling • Process & procedures for mitigating and managing potential issues © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Shared Responsibility AWS • • • • • Customer Facilities Physical Security Physical Infrastructure Network Infrastructure Virtualization Infrastructure • Choice of Guest OS • Application Configuration Options • Account Management Flexibility • Security Groups • Network ACLs • Network Configuration Control © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
You Decide Where Applications and Data Reside © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Network Security © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Amazon EC2 Security Host operating system (AWS controlled) • • Individual SSH keyed logins via bastion host for AWS admins All accesses logged and audited Guest operating system (Customer controlled) • • AWS admins cannot log in Customer-generated keypairs Stateful firewall • • Mandatory inbound firewall, default deny mode Customer controls configuration via Security Groups Signed API calls • Require customer’s secret AWS key © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Customer 1 Customer 2 … Customer n Hypervisor Virtual interfaces Customer 1 Security groups Customer 2 Security groups … Customer n Security groups Firewall Physical interfaces © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Tiering Security Groups © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Web (HTTP) Tiering Security Groups Firewall Dynamically created rules based on Security Group membership Effectively create tiered network architectures “Web” Security Group: TCP 80 0.0.0.0/0 TCP 22 “Mgmt” “App” Security Group: TCP 8080 “Web” TCP 22 “Mgmt” “DB” Security Group: TCP 3306 “App” TCP 22 “Mgmt” “Mgmt” Security Group: TCP 22 163.128.25.32/32 Web Server 22 Firewall 808 0 App Server 22 Firewall 330 6 DB Server 22 Firewall Bastion Host © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Amazon VPC Architecture Customer’s isolated AWS resources NA T Internet Subnets Secure VPN connection over the Internet Customer’s network Router AWS Direct Connect – Dedicated Path/Bandwi dth Amazon Web Services cloud © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Amazon VPC Network Security Controls © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
VPC - Dedicated Instances Option to ensure physical hosts are not shared with other customers $2/hr flat fee per region + small hourly charge Can identify specific Instances as dedicated Optionally configure entire VPC as dedicated © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
AWS Deployment Models Logical Server and Application Isolation Granular Information Access Policy Logical Network Isolation Physical server Isolation Commercial Cloud   Virtual Private Cloud (VPC)     AWS GovCloud (US)     Government Only Physical Network and Facility Isolation ITAR Compliant (US Persons Only) Sample Workloads Public-facing apps, web sites, dev, test, etc. Datacenter extension, TIC environment, email, FISMA low and Moderate   US Persons Compliant and Government Specific Apps © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
The Importance of Access Control One of customers’ top considerations when moving to the cloud CONTROL Why do we want control? • • • • Appropriate access to do appropriate actions I want to implement security best practices I want to be at least as secure as on premise I must comply with certain industry specific security regulations © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
AWS Identity and Access Management (IAM) • • • • • • Users and Groups within Accounts Unique security credentials • Access keys • AWS Management Console Login/Password • Enforce password complexity • Optional MFA device Policies control access to AWS APIs All API calls must be signed by secret key Resource level integration into many Services • EC2: tags control access to resources • S3: policies on objects and buckets Not for Operating Systems or Applications • Use LDAP, Active Directory/ADFS, etc... © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Authentication Methods CLI • Access + Secret Keys for REST calls • SSH Keys for access to EC2 instances API • Access + Secret Keys • Optional multifactor authentication Web UI • Username + Password • Optional multifactor authentication © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Multi-Factor Authentication (MFA) Extra level of security Works with • AWS root account • IAM users xxxxxxxxxxxxxxxxxxxxxxxxxxx Multiple form factors • Virtual MFA on your phone • Hardware MFA key fobs No additional cost! • Except for the cost of the hardware key fob © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
AWS CloudHSM Secure Key Storage • • • Dedicated access to tamper-resistant HSM appliances (SafeNet® Luna SA) Designed to comply with Common Criteria EAL4+ and NIST FIPS 140-2 You retain full control of your keys and cryptographic operations Contractual and Regulatory Compliance • Helps comply with the most stringent regulatory and contractual requirements for key protection. Reliable and Durable Key Storage • Available in multiple AZs and Regions Simple and Secure Connectivity • • Connected to your VPC Improved Application Performance between EC2 and HSM © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Premium Support Trusted Advisor Security Checks • • • Security Group Rules (Hosts & Ports) IAM Use S3 Policies Fault Tolerance Checks • • • Snapshots Multi-AZ VPN Tunnel Redundancy © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Enable Root Account MFA! If you don’t see: Go to: http://blogs.aws.amazon.com/security/post/Tx1KJ4H6H5 R80UD/Securing-access-to-AWS-using-MFA-Part-1 © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
AWS Security, Compliance, & Architecture Resources http://aws.amazon.com/security/ Security whitepaper Security best practices Security bulletins Customer security testing process http://aws.amazon.com/compliance/ Risk and compliance whitepaper http://aws.amazon.com/architecture/ Reference Architectures Whitepapers Webinars http://blogs.aws.amazon.com/security/ Stay up to date on security and compliance in AWS Feedback is always welcome! © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
Thank You!!! awsmax@amazon.com Any questions? © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.

Recommended

Security best practices on AWS cloud
Security best practices on AWS cloudSecurity best practices on AWS cloud
Security best practices on AWS cloudMartin Yan
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals2nd Watch
 
AWS CSA Associate 06-07
AWS CSA Associate 06-07AWS CSA Associate 06-07
AWS CSA Associate 06-07Heitor Vital
 
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Amazon Web Services
 
Journey Through The Cloud Webinar Program - What is AWS?
Journey Through The Cloud Webinar Program - What is AWS?Journey Through The Cloud Webinar Program - What is AWS?
Journey Through The Cloud Webinar Program - What is AWS?Amazon Web Services
 
AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...
AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...
AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...Amazon Web Services
 
AWSome Day Manila - Opening Keynote, Feb 25 2014
AWSome Day Manila - Opening Keynote, Feb 25 2014AWSome Day Manila - Opening Keynote, Feb 25 2014
AWSome Day Manila - Opening Keynote, Feb 25 2014Amazon Web Services
 
AWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWS
AWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWSAWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWS
AWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWSAmazon Web Services
 

Recommended

Security best practices on AWS cloud
Security best practices on AWS cloudSecurity best practices on AWS cloud
Security best practices on AWS cloudMartin Yan
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals2nd Watch
 
AWS CSA Associate 06-07
AWS CSA Associate 06-07AWS CSA Associate 06-07
AWS CSA Associate 06-07Heitor Vital
 
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014...Amazon Web Services
 
Journey Through The Cloud Webinar Program - What is AWS?
Journey Through The Cloud Webinar Program - What is AWS?Journey Through The Cloud Webinar Program - What is AWS?
Journey Through The Cloud Webinar Program - What is AWS?Amazon Web Services
 
AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...
AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...
AWS Summit Auckland 2014 | Effective Security Response in the Cloud - Session...Amazon Web Services
 
AWSome Day Manila - Opening Keynote, Feb 25 2014
AWSome Day Manila - Opening Keynote, Feb 25 2014AWSome Day Manila - Opening Keynote, Feb 25 2014
AWSome Day Manila - Opening Keynote, Feb 25 2014Amazon Web Services
 
AWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWS
AWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWSAWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWS
AWS Canberra WWPS Summit 2013 - Become an Innovation Enterprise with AWSAmazon Web Services
 
Delivering Search for Today's Local, Social, and Mobile Applications
Delivering Search for Today's Local, Social, and Mobile ApplicationsDelivering Search for Today's Local, Social, and Mobile Applications
Delivering Search for Today's Local, Social, and Mobile ApplicationsAmazon Web Services
 
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...Amazon Web Services
 
Understanding Database Options
Understanding Database OptionsUnderstanding Database Options
Understanding Database OptionsAmazon Web Services
 
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...Amazon Web Services
 
Content Management and Running your Website on AWS
Content Management and Running your Website on AWSContent Management and Running your Website on AWS
Content Management and Running your Website on AWSAmazon Web Services
 
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...Amazon Web Services
 
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley WoodAWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley WoodAmazon Web Services
 
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13Amazon Web Services
 
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...Amazon Web Services
 
Scalable Media Workflows on the Cloud
Scalable Media Workflows on the Cloud Scalable Media Workflows on the Cloud
Scalable Media Workflows on the Cloud Amazon Web Services
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAmazon Web Services
 
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4 AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4 Amazon Web Services
 
Empowering Publishers - Hosting Provider Selection Process - May-15-2013
Empowering Publishers - Hosting Provider Selection Process - May-15-2013Empowering Publishers - Hosting Provider Selection Process - May-15-2013
Empowering Publishers - Hosting Provider Selection Process - May-15-2013Amazon Web Services
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWSAmazon Web Services
 
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku LepistoCOSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku LepistoAmazon Web Services
 
AWS APAC Webinar Series: How to Reduce Your Spend on AWS
AWS APAC Webinar Series: How to Reduce Your Spend on AWSAWS APAC Webinar Series: How to Reduce Your Spend on AWS
AWS APAC Webinar Series: How to Reduce Your Spend on AWSAmazon Web Services
 
AWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
AWS Summit 2013 | India - Big Data Analytics, Abhishek SinhaAWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
AWS Summit 2013 | India - Big Data Analytics, Abhishek SinhaAmazon Web Services
 
AWS Webcast - Total Cost of (Non) Ownership
AWS Webcast - Total Cost of (Non) Ownership AWS Webcast - Total Cost of (Non) Ownership
AWS Webcast - Total Cost of (Non) Ownership Amazon Web Services
 
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2Amazon Web Services
 
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...Amazon Web Services
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 

More Related Content

Viewers also liked

Delivering Search for Today's Local, Social, and Mobile Applications
Delivering Search for Today's Local, Social, and Mobile ApplicationsDelivering Search for Today's Local, Social, and Mobile Applications
Delivering Search for Today's Local, Social, and Mobile ApplicationsAmazon Web Services
 
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...Amazon Web Services
 
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...Amazon Web Services
 
Content Management and Running your Website on AWS
Content Management and Running your Website on AWSContent Management and Running your Website on AWS
Content Management and Running your Website on AWSAmazon Web Services
 
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...Amazon Web Services
 
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley WoodAWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley WoodAmazon Web Services
 
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13Amazon Web Services
 
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...Amazon Web Services
 
Scalable Media Workflows on the Cloud
Scalable Media Workflows on the Cloud Scalable Media Workflows on the Cloud
Scalable Media Workflows on the Cloud Amazon Web Services
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAmazon Web Services
 
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4 AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4 Amazon Web Services
 
Empowering Publishers - Hosting Provider Selection Process - May-15-2013
Empowering Publishers - Hosting Provider Selection Process - May-15-2013Empowering Publishers - Hosting Provider Selection Process - May-15-2013
Empowering Publishers - Hosting Provider Selection Process - May-15-2013Amazon Web Services
 
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku LepistoCOSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku LepistoAmazon Web Services
 
AWS APAC Webinar Series: How to Reduce Your Spend on AWS
AWS APAC Webinar Series: How to Reduce Your Spend on AWSAWS APAC Webinar Series: How to Reduce Your Spend on AWS
AWS APAC Webinar Series: How to Reduce Your Spend on AWSAmazon Web Services
 
AWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
AWS Summit 2013 | India - Big Data Analytics, Abhishek SinhaAWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
AWS Summit 2013 | India - Big Data Analytics, Abhishek SinhaAmazon Web Services
 
AWS Webcast - Total Cost of (Non) Ownership
AWS Webcast - Total Cost of (Non) Ownership AWS Webcast - Total Cost of (Non) Ownership
AWS Webcast - Total Cost of (Non) Ownership Amazon Web Services
 
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2Amazon Web Services
 
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...Amazon Web Services
 

Viewers also liked (20)

Delivering Search for Today's Local, Social, and Mobile Applications
Delivering Search for Today's Local, Social, and Mobile ApplicationsDelivering Search for Today's Local, Social, and Mobile Applications
Delivering Search for Today's Local, Social, and Mobile Applications
 
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
AWS Summit 2013 | Auckland - Continuous Deployment Practices, with Production...
 
Understanding Database Options
Understanding Database OptionsUnderstanding Database Options
Understanding Database Options
 
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
AWS Summit Sydney 2014 | Continuous Integration and Deployment Best Practices...
 
Content Management and Running your Website on AWS
Content Management and Running your Website on AWSContent Management and Running your Website on AWS
Content Management and Running your Website on AWS
 
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
AWS Summit 2013 | Auckland - Technical Lessons on How to Do Backup and Disast...
 
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley WoodAWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
AWS Summit 2013 | India - Web, Mobile and Social Apps on AWS, Kingsley Wood
 
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
AWS "Game On" Event - Social Gaming in the AWS Cloud - 19 June13
 
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
AWS Summit 2013 | Singapore - Design for Success: Defining & Delivering your ...
 
Scalable Media Workflows on the Cloud
Scalable Media Workflows on the Cloud Scalable Media Workflows on the Cloud
Scalable Media Workflows on the Cloud
 
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWSAWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
AWS Enterprise Summit London 2013 - Stephen Schmidt - AWS
 
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4 AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
AWS Enterprise Summit London 2013 - Bob Harris - Channel 4
 
Empowering Publishers - Hosting Provider Selection Process - May-15-2013
Empowering Publishers - Hosting Provider Selection Process - May-15-2013Empowering Publishers - Hosting Provider Selection Process - May-15-2013
Empowering Publishers - Hosting Provider Selection Process - May-15-2013
 
Getting started with AWS
Getting started with AWSGetting started with AWS
Getting started with AWS
 
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku LepistoCOSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
COSCUP - Open Source Engines Providing Big Data in the Cloud, Markku Lepisto
 
AWS APAC Webinar Series: How to Reduce Your Spend on AWS
AWS APAC Webinar Series: How to Reduce Your Spend on AWSAWS APAC Webinar Series: How to Reduce Your Spend on AWS
AWS APAC Webinar Series: How to Reduce Your Spend on AWS
 
AWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
AWS Summit 2013 | India - Big Data Analytics, Abhishek SinhaAWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
AWS Summit 2013 | India - Big Data Analytics, Abhishek Sinha
 
AWS Webcast - Total Cost of (Non) Ownership
AWS Webcast - Total Cost of (Non) Ownership AWS Webcast - Total Cost of (Non) Ownership
AWS Webcast - Total Cost of (Non) Ownership
 
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
AWS Summit 2013 | Singapore - Your First Week with Amazon EC2
 
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
AWS Webcast - Using Amazon CloudFront-Accelerate Your Static, Dynamic, Intera...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...amber724300
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...itnewsafrica
 

Recently uploaded (20)

Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
JET Technology Labs White Paper for Virtualized Security and Encryption Techn...
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
Irene Moetsana-Moeng: Stakeholders in Cybersecurity: Collaborative Defence fo...
 

AWS Webcast - Security Best Practices on AWS

  • 1. Security Best Practices on AWS Understanding AWS Security, the Shared Responsibility Model, and some security best practices © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 2. Cloud Security is: © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 3. Every Customer Has Access to the Same Security Capabilities And gets to choose what’s right for their business needs • • • • • • • • Governments Financial Sector Pharmaceuticals Entertainment Start-ups Social Media Home Users Retail © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 4. Visible Cloud Security This Or This? © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 5. Auditable Cloud Security © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 6. Transparent Cloud Security http://aws.amazon.com/compliance/ © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 7. ISO 27001 Certification Covers the AWS Information Security Management System Follows ISO 27002 best practice guidance Includes all Regions Certification in the standard requires: • • • • Systematic evaluation of information security risks Evaluate the impact of company threats and vulnerabilities Design and implement comprehensive information security controls Adopt an overarching management process to ensure that the information security controls meet the information security needs on an ongoing basis © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 8. Service Organization Controls American Institute of Certified Public Accountants report What it contains Who uses it SOC 1 Attests that the AWS internal controls for financial reporting are appropriately designed and the controls are operating effectively User auditors & users’ controller’s office. Shared under NDA by AWS. SOC 2 Expanded evaluation of controls to include AICPA Trust Services Principles Management, regulators & others. Shared under NDA by AWS. SOC 3 Summary of SOC 2 and provides AICPA SysTrust Security Seal. Management, regulators & others. Publicly available. © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 9. PCI DSS Level 1 Service Provider PCI DSS 2.0 compliant Covers core infrastructure & services • EC2, EBS, VPC, ELB, DirectConnect, S3, Glacier, RDS, DynamoDB, SimpleDB, EMR, RedShift, CloudHSM, and IAM Use services normally, no special configuration Leverage the work of our QSA AWS will work with merchants and designated Qualified Incident Response Assessors (QIRA) • can support forensic investigations Certified in all regions © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 10. FedRAMP (FISMA) Moderate U.S. Civilian Government Agency Specific FedRAMP Approval To Operate (ATO) FISMA Moderate (NIST 800-53) • Much more stringent than other commercial standards • 205 high-level controls spanning 18 domains • Access Control, Awareness & Training, Audit & Accountability, Security Assessment & Authorization, Configuration Management, Contingency Planning, ID & Authentication, Incident Response, Maintenance, Media Protection, Physical & Environment Protection, Planning, Personnel Security, Risk Assessment, System & Services Acquisition, System & Communications Protections, System & Information Integrity, Program Management © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 11. Shared Assessments SIG Standard Information Gathering (“SIG”) Questionnaire shared under NDA • www.sharedassessments.org Robust, easy to use set of questions to gather and assess • Information Technology • Operating and Security Risks (and corresponding controls) Based on referenced industry standards • Including, but not limited to, FFIEC, ISO, COBIT and PCI Excel format with AWS provided answers Updated periodically to stay current © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 12. Additional Initiatives U.S. Health Insurance Portability and Accountability Act (HIPAA) • AWS enables covered entities and their business associates subject to the U.S. HIPAA to leverage the secure AWS environment to process, maintain, and store protected health information and AWS will be signing business associate agreements with such customers. Cloud Security Alliance (CSA) Questionnaire • Answers in the Risk and Compliance Whitepaper Motion Picture Association of America (MPAA) • Answers in the Risk and Compliance Whitepaper • Best practices for storing, processing and delivering protected media & content © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 13. Security & Compliance Control Objectives Control Objective 1: Control Objective 2: Control Objective 3: Control Objective 4: Control Objective 5: Safeguards Control Objective 6: Control Objective 7: Control Objective 8: Security Organization Amazon User Access Logical Security Secure Data Handling Physical Security and Environmental Change Management Data Integrity, Availability and Redundancy Incident Handling © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 14. Security & Compliance Control Objectives (cont’d) Control Objective 1: Security Organization • Who we are • Proper control & access within the organization Control Objective 2: Amazon User Access • How we vet our staff • Minimization of access © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 15. Security & Compliance Control Objectives (cont’d) Control Objective 3: Logical Security • • • • Our staff start with no system access Need-based access grants Rigorous system separation System access grants regularly evaluated & automatically revoked © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 16. Security & Compliance Control Objectives (cont’d) Control Objective 4: Secure Data Handling • Storage media destroyed before being permitted outside our datacenters • Media destruction consistent with US Dept. of Defense Directive 5220.22 Control Objective 5: Physical Security and Environmental Safeguards • Keeping our facilities safe • Maintaining the physical operating parameters of our datacenters © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 17. Security & Compliance Control Objectives (cont’d) Control Objective 6: Change Management • Continuous operation Control Objective 7: Data Integrity, Availability and Redundancy • Ensuring your data remains safe, intact, & available Control Objective 8: Incident Handling • Process & procedures for mitigating and managing potential issues © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 18. Shared Responsibility AWS • • • • • Customer Facilities Physical Security Physical Infrastructure Network Infrastructure Virtualization Infrastructure • Choice of Guest OS • Application Configuration Options • Account Management Flexibility • Security Groups • Network ACLs • Network Configuration Control © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 19. You Decide Where Applications and Data Reside © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 20. Network Security © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 21. Amazon EC2 Security Host operating system (AWS controlled) • • Individual SSH keyed logins via bastion host for AWS admins All accesses logged and audited Guest operating system (Customer controlled) • • AWS admins cannot log in Customer-generated keypairs Stateful firewall • • Mandatory inbound firewall, default deny mode Customer controls configuration via Security Groups Signed API calls • Require customer’s secret AWS key © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 22. Customer 1 Customer 2 … Customer n Hypervisor Virtual interfaces Customer 1 Security groups Customer 2 Security groups … Customer n Security groups Firewall Physical interfaces © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 23. Tiering Security Groups © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 24. Web (HTTP) Tiering Security Groups Firewall Dynamically created rules based on Security Group membership Effectively create tiered network architectures “Web” Security Group: TCP 80 0.0.0.0/0 TCP 22 “Mgmt” “App” Security Group: TCP 8080 “Web” TCP 22 “Mgmt” “DB” Security Group: TCP 3306 “App” TCP 22 “Mgmt” “Mgmt” Security Group: TCP 22 163.128.25.32/32 Web Server 22 Firewall 808 0 App Server 22 Firewall 330 6 DB Server 22 Firewall Bastion Host © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 25. Amazon VPC Architecture Customer’s isolated AWS resources NA T Internet Subnets Secure VPN connection over the Internet Customer’s network Router AWS Direct Connect – Dedicated Path/Bandwi dth Amazon Web Services cloud © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 26. Amazon VPC Network Security Controls © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 27. VPC - Dedicated Instances Option to ensure physical hosts are not shared with other customers $2/hr flat fee per region + small hourly charge Can identify specific Instances as dedicated Optionally configure entire VPC as dedicated © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 28. AWS Deployment Models Logical Server and Application Isolation Granular Information Access Policy Logical Network Isolation Physical server Isolation Commercial Cloud   Virtual Private Cloud (VPC)     AWS GovCloud (US)     Government Only Physical Network and Facility Isolation ITAR Compliant (US Persons Only) Sample Workloads Public-facing apps, web sites, dev, test, etc. Datacenter extension, TIC environment, email, FISMA low and Moderate   US Persons Compliant and Government Specific Apps © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 29. The Importance of Access Control One of customers’ top considerations when moving to the cloud CONTROL Why do we want control? • • • • Appropriate access to do appropriate actions I want to implement security best practices I want to be at least as secure as on premise I must comply with certain industry specific security regulations © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 30. AWS Identity and Access Management (IAM) • • • • • • Users and Groups within Accounts Unique security credentials • Access keys • AWS Management Console Login/Password • Enforce password complexity • Optional MFA device Policies control access to AWS APIs All API calls must be signed by secret key Resource level integration into many Services • EC2: tags control access to resources • S3: policies on objects and buckets Not for Operating Systems or Applications • Use LDAP, Active Directory/ADFS, etc... © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 31. Authentication Methods CLI • Access + Secret Keys for REST calls • SSH Keys for access to EC2 instances API • Access + Secret Keys • Optional multifactor authentication Web UI • Username + Password • Optional multifactor authentication © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 32. Multi-Factor Authentication (MFA) Extra level of security Works with • AWS root account • IAM users xxxxxxxxxxxxxxxxxxxxxxxxxxx Multiple form factors • Virtual MFA on your phone • Hardware MFA key fobs No additional cost! • Except for the cost of the hardware key fob © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 33. AWS CloudHSM Secure Key Storage • • • Dedicated access to tamper-resistant HSM appliances (SafeNet® Luna SA) Designed to comply with Common Criteria EAL4+ and NIST FIPS 140-2 You retain full control of your keys and cryptographic operations Contractual and Regulatory Compliance • Helps comply with the most stringent regulatory and contractual requirements for key protection. Reliable and Durable Key Storage • Available in multiple AZs and Regions Simple and Secure Connectivity • • Connected to your VPC Improved Application Performance between EC2 and HSM © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 34. Premium Support Trusted Advisor Security Checks • • • Security Group Rules (Hosts & Ports) IAM Use S3 Policies Fault Tolerance Checks • • • Snapshots Multi-AZ VPN Tunnel Redundancy © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 35. Enable Root Account MFA! If you don’t see: Go to: http://blogs.aws.amazon.com/security/post/Tx1KJ4H6H5 R80UD/Securing-access-to-AWS-using-MFA-Part-1 © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 36. AWS Security, Compliance, & Architecture Resources http://aws.amazon.com/security/ Security whitepaper Security best practices Security bulletins Customer security testing process http://aws.amazon.com/compliance/ Risk and compliance whitepaper http://aws.amazon.com/architecture/ Reference Architectures Whitepapers Webinars http://blogs.aws.amazon.com/security/ Stay up to date on security and compliance in AWS Feedback is always welcome! © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.
  • 37. Thank You!!! awsmax@amazon.com Any questions? © 2011 Amazon.com, Inc. and its affiliates. All rights reserved. May not be copied, modified or distributed in whole or in part without the express consent of Amazon.com, Inc.