SlideShare ist ein Scribd-Unternehmen logo
1 von 21
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
this
  or
this?
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
Australia
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
…
 Customer 1         Customer 2                       Customer n




                                Hypervisor


                               Virtual interfaces

  Customer 1
Security groups
                     Customer 2
                   Security groups
                                                …     Customer n
                                                    Security groups


                                     Firewall

   Physical interfaces
Amazon VPC Architecture
                                                                    Customer’s isolated AWS
                                                                    resources

                                                                                 Subnets




                           NAT
                                                           Router
 Internet
                                      VPN gateway

            Secure VPN connection                                    Amazon
            over the Internet
                                                                     Web Services
                                                                     cloud
                                    AWS Direct Connect –
                                    Dedicated
                                    Path/Bandwidth



                                      Customer’s
                                      network
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
SEC206 Security OF the AWS Cloud - AWS re: Invent 2012
Logical Server   Granular        Logical     Physical    Government Only    ITAR          Sample Workloads
                   and              Information     Network     server      Physical Network   Compliant
                   Application      Access Policy   Isolation   Isolation   and Facility       (US Persons
                   Isolation                                                Isolation          Only)


Commercial Cloud                                                                                           Public-facing apps, web
                                                                                                             sites, dev, test, etc.


Virtual Private                                                                                          Datacenter extension,
Cloud (VPC)                                                                                                  TIC environment, email,
                                                                                                             FISMA low and Moderate


AWS GovCloud                                                                                           US Persons Compliant
(US)                                                                                                         and Government Specific
                                                                                                             Apps
http://aws.amazon.com/security/
We are sincerely eager to
 hear your feedback on this
presentation and on re:Invent.

 Please fill out an evaluation
   form when you have a
            chance.

Weitere ähnliche Inhalte

Andere mochten auch

Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaSecurity and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaAmazon Web Services
 
Aws for the Retail Industry, Webinar, September 2012
Aws for the Retail Industry, Webinar, September 2012Aws for the Retail Industry, Webinar, September 2012
Aws for the Retail Industry, Webinar, September 2012Amazon Web Services
 
ENT103 Making the Case for Cloud - AWS re: Invent 2012
ENT103 Making the Case for Cloud - AWS re: Invent 2012ENT103 Making the Case for Cloud - AWS re: Invent 2012
ENT103 Making the Case for Cloud - AWS re: Invent 2012Amazon Web Services
 
Journey through the Cloud - Best Practices Getting Started in the AWS Cloud
Journey through the Cloud - Best Practices Getting Started in the AWS CloudJourney through the Cloud - Best Practices Getting Started in the AWS Cloud
Journey through the Cloud - Best Practices Getting Started in the AWS CloudAmazon Web Services
 
Big Data Analytics with AWS and AWS Marketplace Webinar
Big Data Analytics with AWS and AWS Marketplace WebinarBig Data Analytics with AWS and AWS Marketplace Webinar
Big Data Analytics with AWS and AWS Marketplace WebinarAmazon Web Services
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAmazon Web Services
 
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Amazon Web Services
 
Security as an Enabler – Cloud Security
Security as an Enabler – Cloud SecuritySecurity as an Enabler – Cloud Security
Security as an Enabler – Cloud SecurityTom Laszewski
 
Security best practices on AWS cloud
Security best practices on AWS cloudSecurity best practices on AWS cloud
Security best practices on AWS cloudMartin Yan
 
AWS Customer Presentation: EyeEm.com - Berlin Summit 2012
AWS Customer Presentation: EyeEm.com - Berlin Summit 2012AWS Customer Presentation: EyeEm.com - Berlin Summit 2012
AWS Customer Presentation: EyeEm.com - Berlin Summit 2012Amazon Web Services
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”Amazon Web Services
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAmazon Web Services
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...Amazon Web Services
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)Amazon Web Services
 

Andere mochten auch (17)

Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 AustraliaSecurity and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
Security and Privacy in the Cloud - Stephen Schmidt - AWS Summit 2012 Australia
 
Aws for the Retail Industry, Webinar, September 2012
Aws for the Retail Industry, Webinar, September 2012Aws for the Retail Industry, Webinar, September 2012
Aws for the Retail Industry, Webinar, September 2012
 
ENT103 Making the Case for Cloud - AWS re: Invent 2012
ENT103 Making the Case for Cloud - AWS re: Invent 2012ENT103 Making the Case for Cloud - AWS re: Invent 2012
ENT103 Making the Case for Cloud - AWS re: Invent 2012
 
Journey through the Cloud - Best Practices Getting Started in the AWS Cloud
Journey through the Cloud - Best Practices Getting Started in the AWS CloudJourney through the Cloud - Best Practices Getting Started in the AWS Cloud
Journey through the Cloud - Best Practices Getting Started in the AWS Cloud
 
Big Data Analytics with AWS and AWS Marketplace Webinar
Big Data Analytics with AWS and AWS Marketplace WebinarBig Data Analytics with AWS and AWS Marketplace Webinar
Big Data Analytics with AWS and AWS Marketplace Webinar
 
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security KeynoteAWS Summit Benelux 2013 - AWS Cloud Security Keynote
AWS Summit Benelux 2013 - AWS Cloud Security Keynote
 
AWS Cloud Security
AWS Cloud SecurityAWS Cloud Security
AWS Cloud Security
 
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C. Security in the Cloud - AWS Symposium 2014 - Washington D.C.
Security in the Cloud - AWS Symposium 2014 - Washington D.C.
 
Security as an Enabler – Cloud Security
Security as an Enabler – Cloud SecuritySecurity as an Enabler – Cloud Security
Security as an Enabler – Cloud Security
 
Security best practices on AWS cloud
Security best practices on AWS cloudSecurity best practices on AWS cloud
Security best practices on AWS cloud
 
AWS Customer Presentation: EyeEm.com - Berlin Summit 2012
AWS Customer Presentation: EyeEm.com - Berlin Summit 2012AWS Customer Presentation: EyeEm.com - Berlin Summit 2012
AWS Customer Presentation: EyeEm.com - Berlin Summit 2012
 
Shared Security in AWS
Shared Security in AWSShared Security in AWS
Shared Security in AWS
 
AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”AWS Security Overview and “What’s New”
AWS Security Overview and “What’s New”
 
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best PracticesAWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
AWS 201 - A Walk through the AWS Cloud: AWS Security Best Practices
 
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
AWS re:Invent 2016: How Harvard University Improves Scalable Cloud Network Se...
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
AWS re:Invent 2016: VMware and AWS Together - VMware Cloud on AWS (ENT317)
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

SEC206 Security OF the AWS Cloud - AWS re: Invent 2012

  • 14. … Customer 1 Customer 2 Customer n Hypervisor Virtual interfaces Customer 1 Security groups Customer 2 Security groups … Customer n Security groups Firewall Physical interfaces
  • 15. Amazon VPC Architecture Customer’s isolated AWS resources Subnets NAT Router Internet VPN gateway Secure VPN connection Amazon over the Internet Web Services cloud AWS Direct Connect – Dedicated Path/Bandwidth Customer’s network
  • 19. Logical Server Granular Logical Physical Government Only ITAR Sample Workloads and Information Network server Physical Network Compliant Application Access Policy Isolation Isolation and Facility (US Persons Isolation Isolation Only) Commercial Cloud   Public-facing apps, web sites, dev, test, etc. Virtual Private     Datacenter extension, Cloud (VPC) TIC environment, email, FISMA low and Moderate AWS GovCloud       US Persons Compliant (US) and Government Specific Apps
  • 21. We are sincerely eager to hear your feedback on this presentation and on re:Invent. Please fill out an evaluation form when you have a chance.