SlideShare ist ein Scribd-Unternehmen logo

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Security Agility and Posture (HLC303)

Amazon Web Services
Amazon Web Services

This session will demonstrate how to embrace DevSecOps to improve your security and compliance agility and posture within the highly regulated HIPAA environment. We will cover compliance frameworks, data decoupling strategies to fully utilize AWS, and best practices learned from the industry most active cloud adopters.

Technologie
1 von 28
Downloaden Sie, um offline zu lesen
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scott Paddock, AWS Security Solutions Architect Matt Ferrari, ClearDATA Chief Technology Officer November 28, 2016 HLC303 Embracing DevSecOps While Improving Your Compliance and Security Agility and Posture
Agenda • DevOps to DevSecOps Primer • Observed industry cloud techniques with AWS • Tools, processes and frameworks to assist • Example Compliance Workflows
DevOps Toolchain Plan Configure Verify Preprod Monitor Create Release Define and plan; business value, application requirements, security, compliance and metrics Build, code and configuration Ensuring quality; acceptance, regression, security and compliance testing Infrastructure and application Approval/certification, triggered releases, release staging and holding Process, application, infrastructure, security and compliance Release coordination, promotion, scheduling, rollback and recovery Source: Wikipedia
DevOps Principles • Collaborate with all stakeholders • Codify everything • Test everything • Automate everything • Measure and monitor everything • Deliver business value with continual feedback
Drivers for DevSecOps Embedding Security into DevOps was not successful because… • Compliance checklists didn’t take us far before we stopped scaling… • We couldn’t keep up with deployments without automation… • Standard Security Operations did not work… • And we needed far more data than we expected to help the business make decisions… From Intuit
DevSecOps: Security as Code Establishing these principles… • Customer-focused mindset • Scale, scale, scale • Objective criteria • Proactive hunting • Continuous detection and response
DevOps Toolchain Plan Configure Verify Preprod Monitor Create Release Define and plan; business value, application requirements, security, compliance and metrics Build, code and configuration Ensuring quality; acceptance, regression, security and compliance testing Infrastructure and application Approval/certification, triggered releases, release staging and holding Process, application, infrastructure, security and compliance Release coordination, promotion, scheduling, rollback and recovery
AWS Service Amazon EC2 Amazon EMR Amazon Glacier Amazon S3 Amazon DynamoDB Amazon RDS (MySQL and Oracle) Amazon Redshift Amazon EBS Elastic Load Balancing AWS HIPAA Eligible Services (prior to re:Invent) Consult with compliance and security organizations before implementing Amazon Snowball
AWS Service Amazon EC2 Amazon EMR Amazon Glacier Amazon S3 Amazon DynamoDB Amazon RDS (MySQL and Oracle) Amazon Redshift Amazon EBS Elastic Load Balancing Amazon ECS Amazon CloudWatch AWS CodeCommit AWS CodeDeploy AWS CodePipeline SQS SNS AWS Config AWS Device Farm AWS HIPAA Eligible Services (prior to re:Invent) Other AWS Services Consult with compliance and security organizations before implementing Amazon Snowball
Observed industry cloud techniques with AWS
Consult internally before implementing The following slides are practices we have seen used in industry. As security and industry compliance is determined by the customer before implementing please: • Consult with your internal best practices • Consult with with your Cloud Center of Excellence • Consult with your Information Security group • Consult with your Compliance organization • Do your due diligence
General Strategies AWS CodeCommit AWS CodeDeploy AWS CodePipeline Consult with compliance and security organizations before implementing • Decouple protected/sensitive data from the processing or orchestration • Track where your protected/sensitive data flows • Do not check the protected data into your source or artifact repository! • Use indirection when orchestrating your protected/sensitive data flow • Separate protected/sensitive and general workflow logical boundaries
Separate Virtual Private Cloud (VPC) Strategy Amazon EC2 Amazon EMR Amazon S3 PHI / Sensitive Data VPC Amazon EC2 General VPC AWS Directory Service AWS Device Farm PHI Consult with compliance and security organizations before implementing
Indirection Strategy Data Processing System Inbound Data Store (S3) HTTPS Send SQS SNS Claims PHI Data Consult with compliance and security organizations before implementing
A Deeper Dive http://amzn.to/2cHDDuN
HEALTHCARE MANAGED CLOUD Designed for today’s healthcare environment. THE PREMIER COMPANY
Deployment Tools • Configuration Management Tools • Orchestration Tools • Auditing & Governance Tools
Security and Automation Objectives No Tight Coupling to Orchestration Tools Strong & Secure Audit Trail External Managed Services Highly Automated
Rethinking the model – Observe, Orient, Decide, Act Credits: Patrick Edwin Moran https://commons.wikimedia.org/wiki/File:OODA.Boyd.svg
AWS ConfigAWS CloudTrail Amazon CloudWatch Customer Account Amazon SNS Amazon API Gateway Management Account AWS Lambda Amazon Kinesis AWS Services Account Configuration
Amazon Kinesis Streams SensuCMDB Backups Vuln Scanning SlackPagerDuty Ticketing CloudTrail / CloudWatch EventsEC2 events Auditing / Governance AlertingSEIM Remediation Amazon DynamoDB Amazon Redshift
AWS Services Driving Security • Catches common account misconfigurations • Suggests cost reductions • Evaluates fault tolerance CloudWatch • Monitor performance of AWS resources • Aggregate and process log files (non-PHI) • Requires instance profile or distributed credentials AWS Config rules • Constantly watch for account changes • Remediate in near real-time • Incredibly flexible and extendable • AWS Lambda-based Trusted Advisor
Emerging AWS-native Solutions
Extending OODA Inside the Instance Unobtrusive Strong & Secure Audit Trail External Managed Services Highly Automated
AWS Environment • Compute • Storage • Network / Cloud Operating Environment • Hardened AMIs • Configuration management engine • Patch management • Managed backup & snapshots • Monitoring & alerts • Consolidated account info • Isolated dev & test environments Security & Compliance • Hardened encryption configuration • Key management • Intrusion detection system • Login and access tracking • Event log management • ClearDATA security appliance • VPNs / Address translation • Anti-virus 24/7 Managed Services Delivered by AWS Certified Personnel Over 30 additional services automatically attached to AWS infrastructure Dynamic Cloud Platform
Security & Compliance Dashboard • First of its kind in the industry – service-based, real-time, HIPAA compliance dashboard • At-a-glance system status plus trending over time • Detailed history available for attestation during audits Continuous security and compliance monitoring mapped directly to HIPAA guidelines delivered across cloud and private environments via interactive dashboard and individual asset scorecards.
Thank you!
Remember to complete your evaluations! Remember to complete your evaluations!

Empfohlen

Running Lean Architectures
Running Lean ArchitecturesRunning Lean Architectures
Running Lean ArchitecturesAmazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Amazon Web Services
 
DevOps for the Enterprise: Continuous Deployment
DevOps for the Enterprise: Continuous DeploymentDevOps for the Enterprise: Continuous Deployment
DevOps for the Enterprise: Continuous DeploymentAmazon Web Services
 
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...Amazon Web Services
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 

Empfohlen

Running Lean Architectures
Running Lean ArchitecturesRunning Lean Architectures
Running Lean ArchitecturesAmazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...
Accelerating cloud adoption for your regulated workloads - AWS PS Summit Canb...Amazon Web Services
 
DevOps for the Enterprise: Continuous Deployment
DevOps for the Enterprise: Continuous DeploymentDevOps for the Enterprise: Continuous Deployment
DevOps for the Enterprise: Continuous DeploymentAmazon Web Services
 
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...
AWS January 2016 Webinar Series - Cloud Data Migration: 6 Strategies for Gett...Amazon Web Services
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWSAmazon Web Services
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Migrating the GoPro Plus Cloud Service to Amazon ECS
Migrating the GoPro Plus Cloud Service to Amazon ECSMigrating the GoPro Plus Cloud Service to Amazon ECS
Migrating the GoPro Plus Cloud Service to Amazon ECSAmazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
Vancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakVancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakAmazon Web Services
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAmazon Web Services
 
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013Amazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive ScaleAmazon Web Services
 
NEW LAUNCH! Additional transparency and control for your AWS environment thro...
NEW LAUNCH! Additional transparency and control for your AWS environment thro...NEW LAUNCH! Additional transparency and control for your AWS environment thro...
NEW LAUNCH! Additional transparency and control for your AWS environment thro...Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAmazon Web Services
 
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)Amazon Web Services
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornAmazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...Amazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
Visualising Your Data Insights with Amazon QuickSight
Visualising Your Data Insights with Amazon QuickSight Visualising Your Data Insights with Amazon QuickSight
Visualising Your Data Insights with Amazon QuickSight Amazon Web Services
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the CloudAdrian Hornsby
 

Weitere ähnliche Inhalte

Was ist angesagt?

Migrating the GoPro Plus Cloud Service to Amazon ECS
Migrating the GoPro Plus Cloud Service to Amazon ECSMigrating the GoPro Plus Cloud Service to Amazon ECS
Migrating the GoPro Plus Cloud Service to Amazon ECSAmazon Web Services
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
Vancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakVancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakAmazon Web Services
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAmazon Web Services
 
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013Amazon Web Services
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive ScaleAmazon Web Services
 
NEW LAUNCH! Additional transparency and control for your AWS environment thro...
NEW LAUNCH! Additional transparency and control for your AWS environment thro...NEW LAUNCH! Additional transparency and control for your AWS environment thro...
NEW LAUNCH! Additional transparency and control for your AWS environment thro...Amazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAmazon Web Services
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAmazon Web Services
 
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)Amazon Web Services
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornAmazon Web Services
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014Amazon Web Services
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridAmazon Web Services
 
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...Amazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
Visualising Your Data Insights with Amazon QuickSight
Visualising Your Data Insights with Amazon QuickSight Visualising Your Data Insights with Amazon QuickSight
Visualising Your Data Insights with Amazon QuickSight Amazon Web Services
 

Was ist angesagt? (20)

Migrating the GoPro Plus Cloud Service to Amazon ECS
Migrating the GoPro Plus Cloud Service to Amazon ECSMigrating the GoPro Plus Cloud Service to Amazon ECS
Migrating the GoPro Plus Cloud Service to Amazon ECS
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
 
Vancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam ElmalakVancouver keynote - AWS Innovate - Sam Elmalak
Vancouver keynote - AWS Innovate - Sam Elmalak
 
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the CloudAWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
AWS Enterprise Summit Netherlands - Starting Your Journey in the Cloud
 
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
Zero to Sixty: AWS OpsWorks (DMG202) | AWS re:Invent 2013
 
Automating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOpsAutomating Security in Cloud Workloads with DevSecOps
Automating Security in Cloud Workloads with DevSecOps
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS Security
 
(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale(SPOT303) Security Operations at Massive Scale
(SPOT303) Security Operations at Massive Scale
 
NEW LAUNCH! Additional transparency and control for your AWS environment thro...
NEW LAUNCH! Additional transparency and control for your AWS environment thro...NEW LAUNCH! Additional transparency and control for your AWS environment thro...
NEW LAUNCH! Additional transparency and control for your AWS environment thro...
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
Automate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS ResourcesAutomate Best Practices and Operational Health for your AWS Resources
Automate Best Practices and Operational Health for your AWS Resources
 
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API CallsAWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
AWS Partner: Grindr: Aggregate, Analyze, and Act on 900M Daily API Calls
 
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
AWS re:Invent 2016: Tips for Passing APN Technical Validations (GPSISV2)
 
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New UnicornWKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
WKS407 Wild Rydes Takes Off – The Dawn of a New Unicorn
 
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
(SEC201) AWS Security Keynote Address | AWS re:Invent 2014
 
Ponencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - MadridPonencia Principal - AWS Summit - Madrid
Ponencia Principal - AWS Summit - Madrid
 
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
ENT201 A Tale of Two Pizzas: Accelerating Software Delivery with AWS Develope...
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017
 
Visualising Your Data Insights with Amazon QuickSight
Visualising Your Data Insights with Amazon QuickSight Visualising Your Data Insights with Amazon QuickSight
Visualising Your Data Insights with Amazon QuickSight
 

Ähnlich wie AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Security Agility and Posture (HLC303)

AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the CloudAdrian Hornsby
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudAmazon Web Services
 
Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Amazon Web Services
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAmazon Web Services
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsAmazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,20162016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,2016Amazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtHelen Rogers
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Amazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Migración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores PrácticasMigración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores PrácticasAmazon Web Services LATAM
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfAmazon Web Services
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...Amazon Web Services
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...Amazon Web Services
 

Ähnlich wie AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Security Agility and Posture (HLC303) (20)

AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloud
 
Benefits of Cloud Computing
Benefits of Cloud ComputingBenefits of Cloud Computing
Benefits of Cloud Computing
 
Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101Introducing “Well-Architected” For Developers - Technical 101
Introducing “Well-Architected” For Developers - Technical 101
 
An Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - WebinarAn Introduction to the AWS Well Architected Framework - Webinar
An Introduction to the AWS Well Architected Framework - Webinar
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,20162016 AWS Healthcare Days | Nashville, TN – May 3,2016
2016 AWS Healthcare Days | Nashville, TN – May 3,2016
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John Hildebrandt
 
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
Automated Compliance and Governance with AWS Config and AWS CloudTrail - June...
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
Migración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores PrácticasMigración a la Nube: Preparación y Mejores Prácticas
Migración a la Nube: Preparación y Mejores Prácticas
 
Integrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdfIntegrating-Cloud-Development-Security-And-Operations.pdf
Integrating-Cloud-Development-Security-And-Operations.pdf
 
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
AWS re:Invent 2016: Evolving an Enterprise-Level Compliance Framework with Am...
 
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
AWS re:Invent 2016: Continuous Compliance in the AWS Cloud for Regulated Life...
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 

Kürzlich hochgeladen (20)

Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Security Agility and Posture (HLC303)

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scott Paddock, AWS Security Solutions Architect Matt Ferrari, ClearDATA Chief Technology Officer November 28, 2016 HLC303 Embracing DevSecOps While Improving Your Compliance and Security Agility and Posture
  • 2. Agenda • DevOps to DevSecOps Primer • Observed industry cloud techniques with AWS • Tools, processes and frameworks to assist • Example Compliance Workflows
  • 3. DevOps Toolchain Plan Configure Verify Preprod Monitor Create Release Define and plan; business value, application requirements, security, compliance and metrics Build, code and configuration Ensuring quality; acceptance, regression, security and compliance testing Infrastructure and application Approval/certification, triggered releases, release staging and holding Process, application, infrastructure, security and compliance Release coordination, promotion, scheduling, rollback and recovery Source: Wikipedia
  • 4. DevOps Principles • Collaborate with all stakeholders • Codify everything • Test everything • Automate everything • Measure and monitor everything • Deliver business value with continual feedback
  • 5. Drivers for DevSecOps Embedding Security into DevOps was not successful because… • Compliance checklists didn’t take us far before we stopped scaling… • We couldn’t keep up with deployments without automation… • Standard Security Operations did not work… • And we needed far more data than we expected to help the business make decisions… From Intuit
  • 6. DevSecOps: Security as Code Establishing these principles… • Customer-focused mindset • Scale, scale, scale • Objective criteria • Proactive hunting • Continuous detection and response
  • 7. DevOps Toolchain Plan Configure Verify Preprod Monitor Create Release Define and plan; business value, application requirements, security, compliance and metrics Build, code and configuration Ensuring quality; acceptance, regression, security and compliance testing Infrastructure and application Approval/certification, triggered releases, release staging and holding Process, application, infrastructure, security and compliance Release coordination, promotion, scheduling, rollback and recovery
  • 8. AWS Service Amazon EC2 Amazon EMR Amazon Glacier Amazon S3 Amazon DynamoDB Amazon RDS (MySQL and Oracle) Amazon Redshift Amazon EBS Elastic Load Balancing AWS HIPAA Eligible Services (prior to re:Invent) Consult with compliance and security organizations before implementing Amazon Snowball
  • 9. AWS Service Amazon EC2 Amazon EMR Amazon Glacier Amazon S3 Amazon DynamoDB Amazon RDS (MySQL and Oracle) Amazon Redshift Amazon EBS Elastic Load Balancing Amazon ECS Amazon CloudWatch AWS CodeCommit AWS CodeDeploy AWS CodePipeline SQS SNS AWS Config AWS Device Farm AWS HIPAA Eligible Services (prior to re:Invent) Other AWS Services Consult with compliance and security organizations before implementing Amazon Snowball
  • 10. Observed industry cloud techniques with AWS
  • 11. Consult internally before implementing The following slides are practices we have seen used in industry. As security and industry compliance is determined by the customer before implementing please: • Consult with your internal best practices • Consult with with your Cloud Center of Excellence • Consult with your Information Security group • Consult with your Compliance organization • Do your due diligence
  • 12. General Strategies AWS CodeCommit AWS CodeDeploy AWS CodePipeline Consult with compliance and security organizations before implementing • Decouple protected/sensitive data from the processing or orchestration • Track where your protected/sensitive data flows • Do not check the protected data into your source or artifact repository! • Use indirection when orchestrating your protected/sensitive data flow • Separate protected/sensitive and general workflow logical boundaries
  • 13. Separate Virtual Private Cloud (VPC) Strategy Amazon EC2 Amazon EMR Amazon S3 PHI / Sensitive Data VPC Amazon EC2 General VPC AWS Directory Service AWS Device Farm PHI Consult with compliance and security organizations before implementing
  • 14. Indirection Strategy Data Processing System Inbound Data Store (S3) HTTPS Send SQS SNS Claims PHI Data Consult with compliance and security organizations before implementing
  • 16. HEALTHCARE MANAGED CLOUD Designed for today’s healthcare environment. THE PREMIER COMPANY
  • 17. Deployment Tools • Configuration Management Tools • Orchestration Tools • Auditing & Governance Tools
  • 18. Security and Automation Objectives No Tight Coupling to Orchestration Tools Strong & Secure Audit Trail External Managed Services Highly Automated
  • 19. Rethinking the model – Observe, Orient, Decide, Act Credits: Patrick Edwin Moran https://commons.wikimedia.org/wiki/File:OODA.Boyd.svg
  • 20. AWS ConfigAWS CloudTrail Amazon CloudWatch Customer Account Amazon SNS Amazon API Gateway Management Account AWS Lambda Amazon Kinesis AWS Services Account Configuration
  • 21. Amazon Kinesis Streams SensuCMDB Backups Vuln Scanning SlackPagerDuty Ticketing CloudTrail / CloudWatch EventsEC2 events Auditing / Governance AlertingSEIM Remediation Amazon DynamoDB Amazon Redshift
  • 22. AWS Services Driving Security • Catches common account misconfigurations • Suggests cost reductions • Evaluates fault tolerance CloudWatch • Monitor performance of AWS resources • Aggregate and process log files (non-PHI) • Requires instance profile or distributed credentials AWS Config rules • Constantly watch for account changes • Remediate in near real-time • Incredibly flexible and extendable • AWS Lambda-based Trusted Advisor
  • 24. Extending OODA Inside the Instance Unobtrusive Strong & Secure Audit Trail External Managed Services Highly Automated
  • 25. AWS Environment • Compute • Storage • Network / Cloud Operating Environment • Hardened AMIs • Configuration management engine • Patch management • Managed backup & snapshots • Monitoring & alerts • Consolidated account info • Isolated dev & test environments Security & Compliance • Hardened encryption configuration • Key management • Intrusion detection system • Login and access tracking • Event log management • ClearDATA security appliance • VPNs / Address translation • Anti-virus 24/7 Managed Services Delivered by AWS Certified Personnel Over 30 additional services automatically attached to AWS infrastructure Dynamic Cloud Platform
  • 26. Security & Compliance Dashboard • First of its kind in the industry – service-based, real-time, HIPAA compliance dashboard • At-a-glance system status plus trending over time • Detailed history available for attestation during audits Continuous security and compliance monitoring mapped directly to HIPAA guidelines delivered across cloud and private environments via interactive dashboard and individual asset scorecards.
  • 28. Remember to complete your evaluations! Remember to complete your evaluations!