Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Carry security with you to the cloud - DEM14-SR - New York AWS Summit

209 Aufrufe

Veröffentlicht am

The cloud is here, and AWS is leading the charge in enabling customers to migrate their data centers and data to the cloud. With these changing needs, enterprises need a proactive, automated approach to monitoring and securing cloud infrastructure. With this shift, there is a natural tension between decentralized, distributed DevOps and the traditional command-and-control approach of classic security management. In this session, you learn common security best practices when migrating to the cloud, how DevOps and InfoSec teams can align to the new DevSecOps paradigm, and why continuous compliance management is a new business imperative. This presentation is brought to you by AWS partner, Symantec.

  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Carry security with you to the cloud - DEM14-SR - New York AWS Summit

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Carry Security with You to the Cloud Anand Visvanathan Director Product Management Symantec D E M 1 4 - S R
  2. 2. S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Enterprise Stages of AWS Adoption Project Foundation Migration Reinvention Discovery Targeted At Scale ClientValue Cloud Adoption Over Time
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Why Is Security Traditionally So Hard? Lack of visibility Low degree of automation
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared Security Model
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared Responsibility for Security “I need to ensure security of our assets “IN” the cloud.” Security Analyst/Admin
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Common Customer Challenges Security and Agility are a Tradeoff Temporal and API-driven Nature of the Cloud Continuous Validation of Compliance Posture 7
  8. 8. How Security Changes in the Cloud
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps Principles Decentralization of security roles. Security accountability moves closer to the application owner 1 Develop security practices in line with the shared responsibility model of the cloud provider 2 Incorporate security in to the release management practice (CI/CD) 3 Attack Vectors are the entire fabric of the cloud including PaaS services, data & infrastructure 4 9
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T KPIs = Time to remediation, compliance posture, time since last incident Risk-driven mitigation Policy & Compliance KPIs = Frequencies of deployments, velocity, failure rates, quality Infrastructure as code Agile development DevSecOps: Operational Transformation DevOps Security 10
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps: Operational Transformation DevOps Security Embedding Security in to the DevOps pipeline with automation
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T DevSecOps: Methodology Transformation Develop/Code Build Test Service Integration Deploy Monitor & Measure New Rev 12 Production Feedback • Leverage a software release management practice for continuous security posture validation (CI/CD). • Insert security tools and processes to automate and operationalize security. • Establish remediation standards.
  13. 13. How to Build a Security Strategy that Scales
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T How Symantec Automates Security for the CI/CD Pipeline 14 Production Feedback Develop/Code Build Test Service Integration Deploy Monitor & Measure New Rev Identify app vulnerabilities CWP Validate app security CWP Validate services CWA Ec2 instance/app inventory CWP Service inventory CWA Bake in Security (AMI) or SSM Agent CWP Monitor FIM, app/OS events, security alerts CWP Continuous assessment & remediation CWA
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Regions Compute Storage Database Networking Shared Responsibility Model Changes Security Client-side data encryption & data integrity authentication Server-side encryption (File system and/or data) Networking traffic protection (encryption, integrity, identity) SOFTWARE HARDWARE/AWS GLOBAL INFRASTRUCTURE Customer data Platform, applications, identity & access management Operating system, network & firewall configuration AWS Responsibility for security “of” the cloud Customer Responsibility for security “in” the cloud Availability zones Edge locations 15
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Shared Responsibility Model Changes Security Regions Compute Storage Database Networking Client-side data encryption & data integrity authentication Server-side encryption (File system and/or data) Networking traffic protection (encryption, integrity, identity) SOFTWARE HARDWARE/AWS GLOBAL INFRASTRUCTURE Customer data Platform, applications, identity & access management Operating system, network & firewall configuration AWS Responsibility for security “of” the cloud Customer Responsibility for security “in” the cloud Availability zones Edge locations Cloud Workload Protection for Storage Cloud Workload Protection Cloud Workload Assurance Continuous Compliance Validation Runtime protection for your instances Malware Scanning for S3 Buckets 16
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security: Design Principles AWS Shared Responsibility Model Implement “least privilege” and separation of duties Apply security at all layers Protect data in transit and at rest Enable traceability ✓ ✓ ✓ ✓
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Related breakouts Session title Speaker name Session title Speaker name Session title Speaker name
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Thank you! S U M M I T © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Anand Visvanathan Anand_Visvanathan@Symantec.com

×