Submit Search
Upload
The AWS Shared Responsibility Model in Practice
•
0 likes
•
340 views
Alert Logic
Follow
The AWS Shared Responsibility Model in Practice (Alex Tomic)
Read less
Read more
Technology
Report
Share
Report
Share
1 of 27
Download now
Download to read offline
Recommended
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
Reality Check: Security in the Cloud
Reality Check: Security in the Cloud
Alert Logic
Recommended
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
#ALSummit: Alert Logic & AWS - AWS Security Services
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
#ALSummit: Realities of Security in the Cloud
#ALSummit: Realities of Security in the Cloud
Alert Logic
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
#ALSummit: SCOR Velogica's Journey to SOC2/TYPE2 Via AWS
Alert Logic
#ALSummit: Architecting Security into your AWS Environment
#ALSummit: Architecting Security into your AWS Environment
Alert Logic
Reality Check: Security in the Cloud
Reality Check: Security in the Cloud
Alert Logic
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Alert Logic
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
Alert Logic
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Alert Logic
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
Alert Logic
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
Protecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
Become a Cloud Security Ninja
Become a Cloud Security Ninja
Amazon Web Services
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
Alert Logic
Managed Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Security & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
More Related Content
What's hot
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Alert Logic
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
Alert Logic
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Alert Logic
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
Alert Logic
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
Alert Logic
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
Alert Logic
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
Alert Logic
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
Alert Logic
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Alert Logic
Protecting Against Web Attacks
Protecting Against Web Attacks
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
Become a Cloud Security Ninja
Become a Cloud Security Ninja
Amazon Web Services
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
Alert Logic
Managed Threat Detection and Response
Managed Threat Detection and Response
Alert Logic
What's hot
(20)
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
Securing Healthcare Data on AWS for HIPAA
Securing Healthcare Data on AWS for HIPAA
Security Spotlight: The Coca Cola Company - CSS ATX 2017
Security Spotlight: The Coca Cola Company - CSS ATX 2017
CSS17: Houston - Introduction to Security in the Cloud
CSS17: Houston - Introduction to Security in the Cloud
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Protecting your Web Applications
CSS 17: NYC - Realities of Security in the Cloud
CSS 17: NYC - Realities of Security in the Cloud
Managed Threat Detection & Response for AWS Applications
Managed Threat Detection & Response for AWS Applications
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model Overview
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
CSS17: Atlanta - Realities of Security in the Cloud
CSS17: Atlanta - Realities of Security in the Cloud
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
#ALSummit: Amazon Web Services: Understanding the Shared Security Model
Protecting Against Web Attacks
Protecting Against Web Attacks
Realities of Security in the Cloud
Realities of Security in the Cloud
#ALSummit: Cyber Resiliency: Surviving the Breach
#ALSummit: Cyber Resiliency: Surviving the Breach
Realities of Security in the Cloud
Realities of Security in the Cloud
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Become a Cloud Security Ninja
Become a Cloud Security Ninja
CSS 17: NYC - Stories from the SOC
CSS 17: NYC - Stories from the SOC
Managed Threat Detection and Response
Managed Threat Detection and Response
Similar to The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Security & Compliance in the Cloud
Security & Compliance in the Cloud
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Security@Scale
Security@Scale
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
AWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
Getting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
Introduction to AWS Security
Introduction to AWS Security
Amazon Web Services
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Marcela Cárdenas Hidalgo
Oas un llamado a la accion
Oas un llamado a la accion
Marcela Cárdenas Hidalgo
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Amazon Web Services
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Amazon Web Services
Managing Security on AWS
Managing Security on AWS
Amazon Web Services
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Amazon Web Services
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
Amazon Web Services
Similar to The AWS Shared Responsibility Model in Practice
(20)
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Security & Compliance in the Cloud
Security & Compliance in the Cloud
Introduction to AWS Security
Introduction to AWS Security
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security
Introduction to AWS Security
Introduction to AWS Security
Introduction to AWS Security
Security@Scale
Security@Scale
Introduction to AWS Security
Introduction to AWS Security
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
AWS - Security & Compliance
AWS - Security & Compliance
Getting Started with AWS Security
Getting Started with AWS Security
Introduction to AWS Security
Introduction to AWS Security
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion
Oas un llamado a la accion
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Managing Security on AWS
Managing Security on AWS
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
More from Alert Logic
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
Security Implications of the Cloud
Security Implications of the Cloud
Alert Logic
Reducing Your Attack Surface
Reducing Your Attack Surface
Alert Logic
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Security Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
Alert Logic
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Alert Logic
Security Spotlight: Presidio
Security Spotlight: Presidio
Alert Logic
Security Implications of the Cloud
Security Implications of the Cloud
Alert Logic
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Alert Logic
CSS 2018 Trivia
CSS 2018 Trivia
Alert Logic
Realities of Security in the Cloud
Realities of Security in the Cloud
Alert Logic
The Intersection of Security and DevOps
The Intersection of Security and DevOps
Alert Logic
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola Company
Alert Logic
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Alert Logic
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
Security Implications of the Cloud
Security Implications of the Cloud
Alert Logic
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
Alert Logic
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Alert Logic
10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure
10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure
Alert Logic
More from Alert Logic
(20)
Extending Amazon GuardDuty with Cloud Insight Essentials
Extending Amazon GuardDuty with Cloud Insight Essentials
Security Implications of the Cloud
Security Implications of the Cloud
Reducing Your Attack Surface
Reducing Your Attack Surface
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Security Spotlight: Presidio
Security Spotlight: Presidio
Security Spotlight: Rent-A-Center
Security Spotlight: Rent-A-Center
The Intersection of Security & DevOps
The Intersection of Security & DevOps
Security Spotlight: Presidio
Security Spotlight: Presidio
Security Implications of the Cloud
Security Implications of the Cloud
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
Reducing Your Attack Surface & Your Role in Cloud Workload Protection
CSS 2018 Trivia
CSS 2018 Trivia
Realities of Security in the Cloud
Realities of Security in the Cloud
The Intersection of Security and DevOps
The Intersection of Security and DevOps
Security Spotlight: The Coca Cola Company
Security Spotlight: The Coca Cola Company
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
Reducing Your Attack Surface and Yuor Role in Cloud Workload Protection
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Security Implications of the Cloud
Security Implications of the Cloud
Security Implications of the Cloud - CSS Dallas Azure
Security Implications of the Cloud - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
Microsoft Azure Security Overview - Microsoft - CSS Dallas Azure
10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure
10 Step Guide to Cloud Security - 10th Magnitude - CSS Dallas Azure
Recently uploaded
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
Remote DBA Services
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Deepika Singh
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
apidays
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
MadyBayot
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
The Digital Insurer
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
sudhanshuwaghmare1
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
Rustici Software
Recently uploaded
(20)
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
The AWS Shared Responsibility Model in Practice
1.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Shared Responsibility Model in Practice April 2018 Alex Tomic, Amazon Web Services
2.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Why is security traditionally so hard? Lack of visibility Low degree of automation
3.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. ORMove fast Stay secure Before…
4.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. ORANDMove fast Stay secure Now…
5.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. The most sensitive workloads run on AWS “With AWS, DNAnexus enables enterprises worldwide to perform genomic analysis and clinical studies in a secure and compliant environment at a scale not previously possible.” — Richard Daly, CEO DNAnexus “The fact that we can rely on the AWS security posture to boost our own security is really important for our business. AWS does a much better job at security than we could ever do running a cage in a data center.” — Richard Crowley, Director of Operations, Slack “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” —John Brady, CISO, FINRA (Financial Industry Regulatory Authority)
6.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
7.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Network Traffic Protection Encryption / Integrity / Identity AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Platform & Applications Management Customer content Customers AWS Shared Responsibility Model: forInfrastructureServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication AWSIAMCustomerIAM Operating System, Network & Firewall Configuration Server-Side Encryption Fire System and/or Data APIEndpoints Mgmt Protocols API Calls
8.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. InfrastructureService Example –EC2 • Foundation Services — Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints AWS • Customer Data • Customer Application • Operating System (Hardening, Patches, Backups, Antimalware, Integrity Checks, HIDS) • Network & Firewall • Customer IAM (Corporate Directory Service) • High Availability, Scaling • Instance Management • Data Protection (Transit, Rest, Backup) • AWS IAM (Users, Groups, Roles, Policies) Customers RESPONSIBILITIES
9.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Optional – Opaque data: 1’s and 0’s (in transit/at rest) Firewall Configuration Platform & Applications Management Operating System, Network Configuration Customer content Customers AWS Shared Responsibility Model: forContainerServices Managed by Managed by Client-Side Data encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity AWSIAMCustomerIAM APIEndpoints Mgmt Protocols API Calls
10.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. ContainerService Example –RDS • Foundational Services – Networking, Compute, Storage • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application AWS • Customer Data • Firewall (VPC) • Customer IAM (DB Users, Table Permissions) • AWS IAM (Users, Groups, Roles, Policies) • High Availability • Data Protection (Transit, Rest, Backup) • Scaling Customers RESPONSIBILITIES
11.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Platform & Applications Management Operating System, Network & Firewall Configuration Customer content Customers AWS Shared Responsibility Model: forAbstractServices Managed by Managed by Data Protection by the Platform Protection of Data at Rest Network Traffic Protection by the Platform Protection of Data at in Transit (optional) Opaque Data: 1’s and 0’s (in flight / at rest) Client-Side Data Encryption & Data Integrity Authentication APIEndpoints AWSIAM API Calls
12.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. • Foundational Services • AWS Global Infrastructure • AWS API Endpoints • Operating System • Platform / Application • Data Protection (Rest - SSE, Transit) • High Availability / Scaling AWS • Customer Data • Data Protection (Rest – CSE) • AWS IAM (Users, Groups, Roles, Policies) Customers AbstractService Example –S3,Lambda RESPONSIBILITIES
13.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Summary of Customer Responsibility in the Cloud Customer IAM AWS IAM Firewall Data AWS IAM Data Applications Operating System Networking/Firewall Data Customer IAM AWS IAM Infrastructure Services Container Services Abstract Services
14.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS Strengthen your security posture
15.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Inherit global security and compliance controls
16.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management System (KMS) or managing your own encryption keys with Cloud HSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
17.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Automate with integrated services CloudWatch Events Amazon CloudWatch CloudWatch Event Lambda Lambda Function AWS Lambda GuardDuty Amazon GuardDuty Automated threat remediation
18.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
19.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity and Access Management (IAM) Securely control access to AWS services and resources AWS Organizations Policy-based management for multiple AWS accounts Amazon Cognito Add user sign-up, sign-in, and access control to your web and mobile apps AWS Directory Service Managed Microsoft Active Directory in the AWS Cloud AWS Single Sign-On Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications Define, enforce, and audit user permissions across AWS services, actions and resources. Identity & access management Identity and access management
20.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS CloudTrail Enable governance, compliance, and operational/risk auditing of your AWS account AWS Config Record and evaluate configurations of your AWS resources. Enable compliance auditing, security analysis, resource change tracking, and troubleshooting Amazon CloudWatch Monitor AWS Cloud resources and your applications on AWS to collect metrics, monitor log files, set alarms, and automatically react to changes Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads VPC Flow Logs Capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control
21.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. What can GuardDuty detect? RDP Brute Force RAT Installed Exfiltrate temp IAM creds over DNS Probe api with temp creds Attempt to compromise account Known Malicious IP (Potentially) Unusual Ports DNS Exfiltration RDP Brute Force Unusual Traffic VolumeConnect to Blacklisted Site (Potentially) Recon Anonymizing Proxy Temp credentials Used off-instance Unusual ISP Caller Bitcoin Activity Unusual Instance Launch
22.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. Amazon EC2 Systems Manager Easily configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems AWS Shield Managed DDoS protection service that safeguards web applications running on AWS AWS Web Application Firewall (WAF) Protects your web applications from common web exploits ensuring availability and security Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon Virtual Private Cloud (VPC) Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security
23.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Key Management Service (KMS) Easily create and control the keys used to encrypt your data AWS CloudHSM Managed hardware security module (HSM) on the AWS Cloud Amazon Macie Machine learning-powered security service to discover, classify, and protect sensitive data AWS Certificate Manager Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services Server Side Encryption Flexible data encryption options using AWS service managed keys, AWS managed keys via AWS KMS, or customer managed keys In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection
24.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. AWS Config Rules Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state AWS Lambda Use our serverless compute service to run code without provisioning or managing servers so you can scale your programmed, automated response to incidents During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides the following tools to automate aspects of this best practice. Incident response
25.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority
26.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved. “Previously all our servers were configured and updated by hand or through limited automation, we didn’t take full advantage of a configuration management …All our new services are built as stateless docker containers, allowing us to deploy and scale them easily using Amazon’s ECS.” “AWS allowed us to scale our business to handle 6 million patients a month and elevate our security — all while maintaining HIPAA compliance-–as we migrated 100% to cloud in less than 12 months” • Migrated all-in on AWS in under 12 months, becoming a HIPAA compliant cloud-first organization • New York based startup leveraged infrastructure as code to securely scale to 6 million patients per month • Data liberation—use data to innovate and drive more solutions for patients, reducing patient wait times from 24 days to 24 hours • Maintain end to end visibility of patient data using AWS Online medical care scheduling
27.
© 2018, Amazon
Web Services, Inc. or its Affiliates. All rights reserved.© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you https://aws.amazon.com/security/ https://aws.amazon.com/compliance/
Download now