SlideShare a Scribd company logo

The 2014 AWS Enterprise Summit - Understanding AWS Security

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

AWS provides comprehensive security capabilities to support workloads on its cloud platform. It emphasizes that security is a shared responsibility between AWS and customers, with AWS responsible for security of the cloud and customers responsible for security in the cloud. AWS offers more visibility into environments, auditability of actions, and control over identity and access than customers can achieve on their own through services like CloudTrail, IAM, and encryption options. Customers can choose the right level of security for their needs.

Technology
1 of 62
AWS Security Bill Shinn billshin@amazon.com Principal Solutions Architect - Security, Amazon Web Services Sami Zuhuruddin, samiz@amazon.com Solutions Architect, Amazon Web Services
Different customer viewpoints on security PR exec keep out of the news CEO protect shareholder value CI{S}O preserve the confidentiality, integrity and availability of data
Security is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload Customer Ecosystem Partner Ecosystem Every Customer Benefits Physical Security People & Procedures Network Security Platform Security
SECURITY IS SHARED
WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
WHAT WE DO FOR YOU WHAT YOU DO YOURSELF
EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES CHOOSE WHAT’S RIGHT FOR YOUR BUSINESS
“Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom – CTO – NASA JPL
AWS Security Offers More… Visibility Auditability Control
MORE VISIBILITY
• Can you map your network? • What is in your environment right now?
TRUSTED ADVISOR
MORE AUDITABILITY
Certifications and Accreditations for Workloads That Matter
Security control objectives 1. Security organization 2. Amazon user access 3. Logical security 4. Secure data handling 5. Physical security and environmental safeguards 6. Change management 7. Data integrity, availability and redundancy 8. Incident handling
AWS CLOUDTRAIL
You are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to you
Security Analysis Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns. Track Changes to AWS Resources Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot Operational Issues Quickly identify the most recent changes made to resources in your environment. Compliance Aid Easier to demonstrate compliance with internal policies and regulatory standards.
‣ CloudTrail records API calls and delivers a log file to your S3 bucket. ‣ Typically, delivers an event within 15 minutes of the API call. ‣ Log files are delivered approximately every 5 minutes. ‣ Multiple partners offer integrated solutions to analyze log files.
LOGS OBTAINED, RETAINED, ANALYZED
PROTECT YOUR LOGS WITH IAM ARCHIVE YOUR LOGS
MORE CONTROL
Defense in Depth Multi level security • Physical security of the data centers • Network security • System security • Data security
AWS Security Delivers More Control & Granularity AWS CloudHSM Defense in depth Rapid scale for security Automated checks with AWS Trusted Advisor Fine grained access controls Server side encryption Multi-factor authentication Dedicated instances Direct connection, Storage Gateway HSM-based key storage AWS IAM Amazon VPC AWS Direct Connect AWS Storage Gateway Customize the implementation based on your business needs
LEAST PRIVILEGE PRINCIPLE AT AWS
Least Privilege Principle Confine roles only to the material required to do specific work
Least Privilege Principle Separate networks for corporate work vs. accessing customer data
Least Privilege Principle Must have a business need-to-know about sensitive information like data center locations
Least Privilege Principle Must have a business need-to-know in order to access data centers
Simple Security Controls Are the easiest to get right, easiest to audit, and easiest to enforce
MORE CONTROL ON IDENTITY & ACCESS
Use AWS Identity & Access Management (IAM) Control who can do what with your AWS account Best Practice
AWS IAM: Recent Innovations Securely control access to AWS services and resources • Delegation – Roles for Amazon EC2 – Cross-account access • Powerful integrated permissions – Resource level permissions: Amazon EC2, Amazon RDS, Amazon DynamoDB, AWS CloudFormation – Access control policy variables – Policy Simulator – Enhanced IAM support: Amazon SWF, Amazon EMR, AWS Storage Gateway, AWS CloudFormation, Amazon Redshift, Elastic Beanstalk • Federation – Web Identity Federation – AD and Shibboleth examples – Partner integrations – Case study: Expedia • Strong authentication – MFA-protected API access – Password policies • Enhanced documentation and videos
ACCESS TO SERVICE APIs
Amazon DynamoDB Fine Grained Access Control Directly and securely access application data in Amazon DynamoDB Specify access permissions at table, item and attribute levels With Web Identity Federation, completely remove the need for proxy servers to perform authorization
MORE CONTROL OF YOUR DATA
MFA Delete Protection Your data stays where you put it Best Practice
It’s Not Just Having Services in a Couple of Regions Hundreds of thousands of customers across 190 countries 800+ government agencies 3,000+ educational institutions 10 regions 26 availability zones 52 edge locations Everyday, AWS adds enough new server capacity to support Amazon.com when it was a $7 billion global enterprise.
Use Multiple AZs Amazon S3 Amazon DynamoDB Amazon RDS Multi-AZ Amazon EBS snapshots Best Practice
Data Encryption Choose what’s right for you… • Automated – AWS manages encryption • Enabled – user manages encryption using AWS • Client-side – user manages encryption using their own mean
AWS CloudHSM Managed and monitored by AWS, but you control the keys Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection EC2 Instance AWS CloudHSM AWS CloudHSM
Encrypt Your Data AWS CloudHSM Amazon S3 SSE Amazon Glacier Amazon Redshift Amazon RDS … Best Practice
More Auditability More Visibility More Control
IDC Survey • Attitudes and perceptions around security and cloud services • Nearly 60% of organizations agreed that CSPs [Cloud Service Providers] provide better security than their own IT organization Source: IDC 2013 U.S. Cloud security survey Doc #242836, September 2013
AWS.AMAZON.COM/SECURITY
AWS SECURITY WHITEPAPERS RISK & COMPLIANCE AUDITING SECURITY CHECKLIST SECURITY PROCESSES SECURITY BEST PRACTICES
AWS MARKETPLACE SECURITY SOLUTIONS
The 2014 AWS Enterprise Summit - Understanding AWS Security

Recommended

AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
Aws security Fundamentals
Aws security Fundamentals Aws security Fundamentals
Aws security Fundamentals Christopher Caplan
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 

Recommended

AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
Aws security Fundamentals
Aws security Fundamentals Aws security Fundamentals
Aws security Fundamentals Christopher Caplan
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Security and Compliance in the Cloud
Security and Compliance in the Cloud Security and Compliance in the Cloud
Security and Compliance in the Cloud Amazon Web Services
 
Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Managing Security with AWS | AWS Public Sector Summit 2017
Managing Security with AWS | AWS Public Sector Summit 2017Amazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailPawel Rzepa
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security UpdateAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAmazon Web Services
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: SecurityAmazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS Amazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS securityAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
Federation
FederationFederation
FederationAmazon Web Services
 
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksCloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
 
Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 

More Related Content

What's hot

AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailPawel Rzepa
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksCloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksAmazon Web Services
 

What's hot (20)

AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Aws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detailAws(in)security - the devil is in the detail
Aws(in)security - the devil is in the detail
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYCAWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
AWS Security Overview - AWS CISO Steve Schmidt - AWS Summit 2012 - NYC
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWS Protecting Your Data in AWS
Protecting Your Data in AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 
Understanding AWS security
Understanding AWS securityUnderstanding AWS security
Understanding AWS security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow Dublin
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
Federation
FederationFederation
Federation
 
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech TalksCloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
CloudHSM: Secure, Scalable Key Storage in AWS - AWS Online Tech Talks
 

Viewers also liked

Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAmazon Web Services
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...
(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...
(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...Amazon Web Services
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersAmazon Web Services
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSAmazon Web Services
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014Amazon Web Services
 
Running your First Application on AWS
Running your First Application on AWSRunning your First Application on AWS
Running your First Application on AWSAmazon Web Services
 
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...Amazon Web Services
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Amazon Web Services
 
AWS Activate Webinar - Improving customer experience & growing addressable m...
AWS Activate Webinar - Improving customer experience & growing addressable m...AWS Activate Webinar - Improving customer experience & growing addressable m...
AWS Activate Webinar - Improving customer experience & growing addressable m...Amazon Web Services
 
(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014
(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014
(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014Amazon Web Services
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
Mobility in Retail - Market Research by RapidValue Solutions
Mobility in Retail - Market Research by RapidValue SolutionsMobility in Retail - Market Research by RapidValue Solutions
Mobility in Retail - Market Research by RapidValue SolutionsRapidValue
 
(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014
(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014
(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014Amazon Web Services
 
(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...
(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...
(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...Amazon Web Services
 
10 Pro Tips for scaling your startup from 0-10M users
10 Pro Tips for scaling your startup from 0-10M users10 Pro Tips for scaling your startup from 0-10M users
10 Pro Tips for scaling your startup from 0-10M usersAmazon Web Services
 
Real time data analytics - part 1 - backend infrastructure
Real time data analytics - part 1 - backend infrastructureReal time data analytics - part 1 - backend infrastructure
Real time data analytics - part 1 - backend infrastructureAmazon Web Services
 
Public IaaS Provider Bake-off - AWS vs Azure
Public IaaS Provider Bake-off - AWS vs Azure Public IaaS Provider Bake-off - AWS vs Azure
Public IaaS Provider Bake-off - AWS vs Azure Amazon Web Services
 
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
Spark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni SchieferSpark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni SchieferSpark Summit
 

Viewers also liked (20)

Advanced Security Best Practices Masterclass
Advanced Security Best Practices MasterclassAdvanced Security Best Practices Masterclass
Advanced Security Best Practices Masterclass
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...
(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...
(ADV303) MediaMath’s Data Revolution with Amazon Kinesis and Amazon EMR | AWS...
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million Users
 
Deploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWSDeploy, Scale and Manage your Microsoft Investments with AWS
Deploy, Scale and Manage your Microsoft Investments with AWS
 
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014
 
Running your First Application on AWS
Running your First Application on AWSRunning your First Application on AWS
Running your First Application on AWS
 
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...
(SEC306) Turn on CloudTrail: Log API Activity in Your AWS Account | AWS re:In...
 
Storage and Archiving Options on AWS
Storage and Archiving Options on AWS Storage and Archiving Options on AWS
Storage and Archiving Options on AWS
 
AWS Activate Webinar - Improving customer experience & growing addressable m...
AWS Activate Webinar - Improving customer experience & growing addressable m...AWS Activate Webinar - Improving customer experience & growing addressable m...
AWS Activate Webinar - Improving customer experience & growing addressable m...
 
(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014
(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014
(ENT203) Iterating Your Way To 95% Reserved Instance Usage | AWS re:Invent 2014
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
 
Mobility in Retail - Market Research by RapidValue Solutions
Mobility in Retail - Market Research by RapidValue SolutionsMobility in Retail - Market Research by RapidValue Solutions
Mobility in Retail - Market Research by RapidValue Solutions
 
(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014
(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014
(ARC206) Architecting Reactive Applications on AWS | AWS re:Invent 2014
 
(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...
(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...
(BAC304) Deploying a Disaster Recovery Site on AWS: Minimal Cost with Maximum...
 
10 Pro Tips for scaling your startup from 0-10M users
10 Pro Tips for scaling your startup from 0-10M users10 Pro Tips for scaling your startup from 0-10M users
10 Pro Tips for scaling your startup from 0-10M users
 
Real time data analytics - part 1 - backend infrastructure
Real time data analytics - part 1 - backend infrastructureReal time data analytics - part 1 - backend infrastructure
Real time data analytics - part 1 - backend infrastructure
 
Public IaaS Provider Bake-off - AWS vs Azure
Public IaaS Provider Bake-off - AWS vs Azure Public IaaS Provider Bake-off - AWS vs Azure
Public IaaS Provider Bake-off - AWS vs Azure
 
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C. AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
AWS Deployment Best Practices - AWS Symposium 2014 - Washington D.C.
 
Spark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni SchieferSpark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni Schiefer
 

Similar to The 2014 AWS Enterprise Summit - Understanding AWS Security

AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAmazon Web Services
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...Amazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도Amazon Web Services Korea
 
AWS Summit Singapore - Next Generation Security
AWS Summit Singapore - Next Generation SecurityAWS Summit Singapore - Next Generation Security
AWS Summit Singapore - Next Generation SecurityAmazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 

Similar to The 2014 AWS Enterprise Summit - Understanding AWS Security (20)

Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS SecurityAWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
AWS Paris Summit 2014 - Keynote Stephen Schmidt - AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
AWS Summit Singapore Webinar Edition | Building Tomorrow’s Financial Services...
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
AWS re:Invent re:Cap - 종단간 보안을 위한 클라우드 아키텍처 구축 - 양승도
 
AWS Summit Singapore - Next Generation Security
AWS Summit Singapore - Next Generation SecurityAWS Summit Singapore - Next Generation Security
AWS Summit Singapore - Next Generation Security
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

The 2014 AWS Enterprise Summit - Understanding AWS Security

  • 1. AWS Security Bill Shinn billshin@amazon.com Principal Solutions Architect - Security, Amazon Web Services Sami Zuhuruddin, samiz@amazon.com Solutions Architect, Amazon Web Services
  • 2. Different customer viewpoints on security PR exec keep out of the news CEO protect shareholder value CI{S}O preserve the confidentiality, integrity and availability of data
  • 3. Security is Our No.1 Priority Comprehensive Security Capabilities to Support Virtually Any Workload Customer Ecosystem Partner Ecosystem Every Customer Benefits Physical Security People & Procedures Network Security Platform Security
  • 5. WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE
  • 6. WHAT WE DO FOR YOU WHAT YOU DO YOURSELF
  • 7. EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES CHOOSE WHAT’S RIGHT FOR YOUR BUSINESS
  • 8. “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers” Tom Soderstrom – CTO – NASA JPL
  • 9. AWS Security Offers More… Visibility Auditability Control
  • 11. • Can you map your network? • What is in your environment right now?
  • 12.
  • 13.
  • 15.
  • 16.
  • 17.
  • 19. Certifications and Accreditations for Workloads That Matter
  • 20. Security control objectives 1. Security organization 2. Amazon user access 3. Logical security 4. Secure data handling 5. Physical security and environmental safeguards 6. Change management 7. Data integrity, availability and redundancy 8. Incident handling
  • 21.
  • 23. You are making API calls... On a growing set of services around the world… CloudTrail is continuously recording API calls… And delivering log files to you
  • 24. Security Analysis Use log files as an input into log management and analysis solutions to perform security analysis and to detect user behavior patterns. Track Changes to AWS Resources Track creation, modification, and deletion of AWS resources such as Amazon EC2 instances, Amazon VPC security groups and Amazon EBS volumes. Troubleshoot Operational Issues Quickly identify the most recent changes made to resources in your environment. Compliance Aid Easier to demonstrate compliance with internal policies and regulatory standards.
  • 25. ‣ CloudTrail records API calls and delivers a log file to your S3 bucket. ‣ Typically, delivers an event within 15 minutes of the API call. ‣ Log files are delivered approximately every 5 minutes. ‣ Multiple partners offer integrated solutions to analyze log files.
  • 27.
  • 28.
  • 29. PROTECT YOUR LOGS WITH IAM ARCHIVE YOUR LOGS
  • 30.
  • 31.
  • 33. Defense in Depth Multi level security • Physical security of the data centers • Network security • System security • Data security
  • 34. AWS Security Delivers More Control & Granularity AWS CloudHSM Defense in depth Rapid scale for security Automated checks with AWS Trusted Advisor Fine grained access controls Server side encryption Multi-factor authentication Dedicated instances Direct connection, Storage Gateway HSM-based key storage AWS IAM Amazon VPC AWS Direct Connect AWS Storage Gateway Customize the implementation based on your business needs
  • 36. Least Privilege Principle Confine roles only to the material required to do specific work
  • 37. Least Privilege Principle Separate networks for corporate work vs. accessing customer data
  • 38. Least Privilege Principle Must have a business need-to-know about sensitive information like data center locations
  • 39. Least Privilege Principle Must have a business need-to-know in order to access data centers
  • 40. Simple Security Controls Are the easiest to get right, easiest to audit, and easiest to enforce
  • 41.
  • 43. Use AWS Identity & Access Management (IAM) Control who can do what with your AWS account Best Practice
  • 44.
  • 45. AWS IAM: Recent Innovations Securely control access to AWS services and resources • Delegation – Roles for Amazon EC2 – Cross-account access • Powerful integrated permissions – Resource level permissions: Amazon EC2, Amazon RDS, Amazon DynamoDB, AWS CloudFormation – Access control policy variables – Policy Simulator – Enhanced IAM support: Amazon SWF, Amazon EMR, AWS Storage Gateway, AWS CloudFormation, Amazon Redshift, Elastic Beanstalk • Federation – Web Identity Federation – AD and Shibboleth examples – Partner integrations – Case study: Expedia • Strong authentication – MFA-protected API access – Password policies • Enhanced documentation and videos
  • 47. Amazon DynamoDB Fine Grained Access Control Directly and securely access application data in Amazon DynamoDB Specify access permissions at table, item and attribute levels With Web Identity Federation, completely remove the need for proxy servers to perform authorization
  • 49. MFA Delete Protection Your data stays where you put it Best Practice
  • 50.
  • 51.
  • 52. It’s Not Just Having Services in a Couple of Regions Hundreds of thousands of customers across 190 countries 800+ government agencies 3,000+ educational institutions 10 regions 26 availability zones 52 edge locations Everyday, AWS adds enough new server capacity to support Amazon.com when it was a $7 billion global enterprise.
  • 53. Use Multiple AZs Amazon S3 Amazon DynamoDB Amazon RDS Multi-AZ Amazon EBS snapshots Best Practice
  • 54. Data Encryption Choose what’s right for you… • Automated – AWS manages encryption • Enabled – user manages encryption using AWS • Client-side – user manages encryption using their own mean
  • 55. AWS CloudHSM Managed and monitored by AWS, but you control the keys Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection EC2 Instance AWS CloudHSM AWS CloudHSM
  • 56. Encrypt Your Data AWS CloudHSM Amazon S3 SSE Amazon Glacier Amazon Redshift Amazon RDS … Best Practice
  • 58. IDC Survey • Attitudes and perceptions around security and cloud services • Nearly 60% of organizations agreed that CSPs [Cloud Service Providers] provide better security than their own IT organization Source: IDC 2013 U.S. Cloud security survey Doc #242836, September 2013
  • 60. AWS SECURITY WHITEPAPERS RISK & COMPLIANCE AUDITING SECURITY CHECKLIST SECURITY PROCESSES SECURITY BEST PRACTICES

Editor's Notes

  1. We give you the tools to do the same: USE IAM (otherwise it’s like logging as root)
  2. …Each user can have a specific policy which defines what she can do with AWS. You can pick a policy from the list of predefined ones we offer …
  3. There’s been recent additions to IAM
  4. And IAM can also be used to define roles, so the same restrictions you apply to your “human” users can also be applied to your “software” users. Here you can define that those EC2 instances can only access S3 and DynamoDB. And even go fine grained into those
  5. Who Developers wanting to get more lower level control over their data in DynamoDB Mobile Developers using Social Login and using DynamoDB as a scalable store for their user data What Ability to directly and securely access application data in DynamoDB Apps running on mobile devices / web platforms can send workloads to a DynamoDB table, row, or even a column without going through an intervening proxy layer.  Using access control this way involves a setup phase of authenticating the user (step 1) and obtaining IAM credentials (step 2). After these steps, the mobile app may directly perform permitted operations on DynamoDB (step 3). Where / When One of the pieces of a mobile infrastructure that developers have to build and maintain is the fleet of proxy servers that authorize requests coming from millions of mobile devices. This proxy tier allows vetted requests to continue to DynamoDB and then filters responses so the user only receives permitted items and attributes. So, if I am building a mobile gaming app, I must run a proxy fleet that ensures “johndoe@gmail.com” only retrieves his game state and nothing else. While Web Identity Federation, which we introduced a few months back, allowed using public identity providers such as Login with Amazon, Facebook, or Google for authentication, it still required a developer to build and deploy a proxy layer in front of DynamoDB for this type of authorization Why Speed of development, scalability, and simplicity of management are among the critical needs of mobile developers. With the proliferation of mobile devices and users, and small agile teams that are tasked with building successful mobile apps that can grow from 100 users to 1 million users in a few days, scalability of the underlying infrastructure and simplicity of management are more important than ever.  We are further simplifying mobile app development. Now you can eliminate the middleware proxy layer needed for authorization Additional Readings Werner Blog -> http://www.allthingsdistributed.com/2013/10/mobile-app-data-management-dynamodb.html Jeff Barr Blog -> http://aws.typepad.com/aws/2013/10/fine-grained-access-control-for-amazon-dynamodb.html