SlideShare ist ein Scribd-Unternehmen logo

Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singapore

Amazon Web Services
Amazon Web Services

Build on AWS

1 von 50
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bisham Kishnani Head Consulting Engineering – APAC, Palo Alto Networks Cloud Conversations: Giving Business Transformation a Voice Kenneth Sim Director, Consulting Services, AsiaPac Distribution
DATA AND APPLICATIONS ARE ? 2 | © 2018, Palo Alto Networks. All Rights Reserved.
DATA AND APPLICATIONS ARE EVERYWHERE SAASPRIVATE PHYSICAL IAAS PAAS 3 | © 2018, Palo Alto Networks. All Rights Reserved.
TODAY’S TOP PRIORITY FOR A CIO 4 | © 2018, Palo Alto Networks. All Rights Reserved.
5 | © 2018, Palo Alto Networks. All Rights Reserved.
SECURITY CAN BE…. Fragmented Prone to Human Error Manual 6 | © 2018, Palo Alto Networks. All Rights Reserved.
Cloud API has changed the attack surface 1000s of ways to misconfigure Attacks are more automated than security Too long to validate compliance Managing multi-cloud security is complex Engineers can create massive failures Fragmented Manual Human Error SECURITY CAN BE.… 7 | © 2018, Palo Alto Networks. All Rights Reserved.
WHAT’S NEEDED Frictionless Deployment & Management Advanced Application & Data Breach Prevention Consistent Protection across Locations & Clouds 8 | © 2018, Palo Alto Networks. All Rights Reserved.
Partial & Broader Context = Flawed Conclusion Visibility WHAT’S NEEDED 9 | © 2018, Palo Alto Networks. All Rights Reserved.
WHATS NEEDED 344 KB file-sharing URL category PowerPoint file type “Confidential and Proprietary” content mjacobsen user prodmgmt group canada destination country 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port SSL protocol HTTP protocol slideshare application slideshare-uploading application function 10 | © 2018, Palo Alto Networks. All Rights Reserved.
Security in the Cloud is built upon Shared Responsibility and a Collaborative Approach 11 | © 2018, Palo Alto Networks. All Rights Reserved.
SEPARATION OF RESPONSIBILITES 12 | © 2018, Palo Alto Networks. All Rights Reserved.
SECURITY: A SHARED RESPONSIBILITY 13 | © 2017, Palo Alto Networks. Confidential and Proprietary. Cloud Infrastructure & Services Compute Storage Database Networking Encryption Key Management Client & Server Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers are responsible for their security IN the cloud AWS looks after security OF the cloud
NEW OVER FIVE YEARS OF CONTINUED INVESTMENTS 2013 2014 2015 2016 2017 2018 AWS CloudFormation AWS ELB AWS Auto-Scaling Config Drive AWS Lambda Heat Templates Cloud Infrastructure Support Orchestration and Automation Integration Advanced Automation 14 | © 2018, Palo Alto Networks. All Rights Reserved.
CORE ELEMENTS OF PUBLIC CLOUD SECURITY WEB APP Web Server App Server Protect and segment cloud workloads INLINE CLOUD APPLICATION 1 Infrastructure-as-a-Service (IaaS) 15 | © 2018, Palo Alto Networks. All Rights Reserved.
CLOUD APPLICATION Secure OS and app within workloads WEB APP Web Server App Server HOST Protect and segment cloud workloads INLINE 1 2 Infrastructure-as-a-Service (IaaS) CORE ELEMENTS OF PUBLIC CLOUD SECURITY 16 | © 2018, Palo Alto Networks. All Rights Reserved.
CLOUD APPLICATION Secure OS and app within workloads Continuous security & compliance API WEB APP Web Server App Server HOST Protect and segment cloud workloads INLINE 1 2 3 Infrastructure-as-a-Service (IaaS) OBJECT STORAGE CACHING DATABASE Platform-as-a-Service (PaaS) CORE ELEMENTS OF PUBLIC CLOUD SECURITY 17 | © 2018, Palo Alto Networks. All Rights Reserved.
CLOUD APPLICATION Secure OS and app within workloads THE MOST COMPLETE OFFERING FOR THE PUBLIC CLOUD Continuous security & compliance API WEB APP Web Server App Server HOST Protect and segment cloud workloads INLINE Infrastructure-as-a-Service (IaaS) OBJECT STORAGE CACHING DATABASE Platform-as-a-Service (PaaS) 18 | © 2018, Palo Alto Networks. All Rights Reserved.
Protect and segment cloud workloads INLINE 1 19 | © 2018, Palo Alto Networks. All Rights Reserved.
VM-SERIES: PROTECT & SEGMENT CLOUD WORKLOADS CLOUD APPLICATION WEB APP Web Server App Server Infrastructure-as-a-Service (IaaS) OBJECT STORAGE CACHING DATABASE Platform-as-a-Service (PaaS) Application visibility and workload segmentation Centrally manage and automate deployments Prevent outbound and inbound attacks
VALUE WHICH WE GET ON CLOUD Identify applications Control traffic based on application, not only port Prevent known and unknown threats Grant access based on user identity NGFW Visibility and Control Automated Scale up and Scale out Provisioning/Hybrid Lambda, Elastic/Application Load Balancing, CloudWatch, Cloud Templates, Application Insight Manager, ASC MULTI-CLOUDCLOUD SCALE ENTERPRISE CLASS SECURITY POLICY MANAGEMENT CLOUD INTEGRATION
VALUE WHICH WE GET ON CLOUD § Manage traffic with a single line § Determine the matching criteria of traffic by using § Network Zones, IP Addresses § User ID or Groups § Machine State § Applications (Layer 7) § Ports / Services § Define Content Scanning Profiles Anti-Spyware Profile All traffic scanned URL Filtering Profile Filter Unwanted URL Categories AV Profile All filles scanned IPS Profile All Exploits Scanned FileBlocking Profile Control File attachments
PERIODIC TABLE 23 OF DEVOPS TOOLS
SECURITY & DEVOPS DevOps Is Dynamic Security Is Static
SECURITY & DEVOPS
TOOLS TO AUTOMATE SECURITY IN THE CLOUD Fully documented XML API XML API Dynamic Policy Updates External Dynamic Lists HTTP Log Forwarding • Quarantine • Service ticketing • Other… HTTP logsBootstrapping
AWS CloudFormation AWS Lambda Automation Tools FRICTIONLESS SECURE CLOUD OPERATIONS Template-based deployment Build Bootstrapped Configuration Embed Agent into Workloads Operate Segment Based on Apps & Attributes Orchestrate Policy via XML API Continuously Monitor Resources & Storage Scale Auto-scale Based on Triggers Policies Updated Automatically Integration into Native Services
AWS MARKET PLACE
CLOUD RESIDENT MANAGEMENT WITH PANORAMA Security management and logging for any cloud NEW
PANORAMA AND LOGGING AS A SERVICE 32 | © 2018, Palo Alto Networks. Confidential and Proprietary. Logging Policies Cloud-based deployment enables scalability and agility Reduces the operational burden associated with log collection Opt-in contribution to Application Framework Manage all physical and virtualized appliances, regardless of environment Reporting & Analysis Logging Service Panorama Logging Service
33 | © 2018, Palo Alto Networks. Confidential and Proprietary.
Deployment Use Cases Protect your AWS deployment just as you would in your data center Hybrid Segmentation Internet Gateway Remote Access Securely deploy applications & extend your data center into AWS Separate data and applications for compliance and security Protect Internet facing applications Security consistency for your network, your cloud, and your devices
> DCD Summit | Interpol World AUTO SCALING OF INSTANCES Cyber Monday Start of work day Tax season Snow day Provisioned Capacity On-demand scaling Predictable Less predictable
AUTO SCALING OF SECURITY SERVICES Cyber Monday Start of work day Tax season Snow day Provisioned capacity On-demand scaling Predictable Less predictable
RESOURCES TO ACCELERATE DEPLOYMENTS https://live.paloaltonetworks.com/cloudtemplate
Secure OS and app within workloads HOST 2
Lightweight Agent Real-time Exploit and Malware Protection Protects Unpatched Workloads TRAPS: WORKLOAD PROTECTION APP WORKLOAD Multi-method Attack Prevention Traps Advanced Endpoint Protections NEW
§ Identity Access Management: Do passwords match policy? Is MFA used? Do only entitled users have access? § Key Rotation & Management: Are keys being rotated adequately? § Security Monitoring & Logs: Is logging turned on? § Firewall / Security Group / ACL Configuration: What systems/people have access? § Load Balancer Configuration: Is it configured correctly? Are you using VPC security groups on ELBs? § VPC / Subnet Management: Do you have any empty VPCs? Are you nearing the EC2 Security Group limit for your VPC? § Snapshot Management: Do we have a recent snapshot stored? § User & Access Management: Who has access to what resources/accounts? What actions did they take? § Data Encryption: Is encryption turned on for data at rest? In motion? HOW ON MULTI-CLOUD ?
And Many More….Across Cloud…
Continuous security & compliance API 3
THE SOLUTION : EVIDENT.IO CUSTOMER DATA OS/PATCH MGMT IMAGE/SNAPSHOTS USER ACCESS MGMT CLOUD INFRASTRUCTURE SECURITY MONITORING & LOGGING ENCRYPTION / KEY ROTATION VPC / SUBNET SERVICE CONFIGURATION SECURITY GROUPS ACCESS MANAGEMENT COMPUTE STORAGE DATABASE NETWORKING YOUR RESPONSIBLITY THE CSP’s RESPONSIBLITY API CONTROL PLANE WHERE EVIDENT HELPS CLOUD SERVICES
EVIDENT.IO ADDRESSES ALL REQUIREMENTS • Deep integration and extensibility • Full understanding of configuration and user behavior • Automated policy enforcement • Full regulatory coverage: HIPAA, PCI, NIST, GDPR… • Full industry coverage: CIS, ISO, SOC2… • Customizable compliance reports and controls Continuous discovery and monitoring Complete and continuous compliance reporting • Risk exposure • Malware analysis and prevention • Sensitive data discovery • Content data discovery Comprehensive storage security
EVIDENT.IO 1-CLICK REPORTING MULTI-CLOUD CONTINUOUS & REAL-TIME BUILT FOR DEVOPS, SECOPS, COMPLIANCE AGENTLESS CUSTOMIZE TO MATCH YOUR POLICY PALO ALTO NETWORKS - EVIDENT.IO
EVIDENT.IO
WHAT MAKES EVIDENT UNIQUE? • Customization • Ability to monitor AWS services • Continuous scanning and alerting • Agentless integration • Out-of-the-box compliance frameworks • Automated policy enforcement and guided remediation
TRY IT TODAY !!!
PHYSICAL NETWORK MOBILE PRIVATE CLOUD SUMMARY : CONSISTENT, FRICTIONLESS PREVENTION EVERYWHERE IAAS SAAS PAAS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank You

Empfohlen

CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsAmazon Web Services
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Amazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By DesignAmazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 

Empfohlen

CI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsCI/CD Pipeline Security: Advanced Continuous Delivery Recommendations
CI/CD Pipeline Security: Advanced Continuous Delivery RecommendationsAmazon Web Services
 
Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Pragmatic container security - DEM11-R - AWS re:Inforce 2019
Pragmatic container security - DEM11-R - AWS re:Inforce 2019 Amazon Web Services
 
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...
A Self-Defending Border: Protect Your Web-Facing Workloads with AWS Security ...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By DesignAmazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsAmazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAleksandr Maklakov
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWSAmazon Web Services
 
Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Amazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design Amazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Amazon Web Services
 
Build HIPAA Eligible Solutions with AWS and APN Partners PPT
Build HIPAA Eligible Solutions with AWS and APN Partners PPT Build HIPAA Eligible Solutions with AWS and APN Partners PPT
Build HIPAA Eligible Solutions with AWS and APN Partners PPTAmazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Amazon Web Services
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Amazon Web Services
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWSAmazon Web Services
 
Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Amazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by designRichard Harvey
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Amazon Web Services
 
Build HIPAA Eligible Solutions with AWS and APN Partners PPT
Build HIPAA Eligible Solutions with AWS and APN Partners PPT Build HIPAA Eligible Solutions with AWS and APN Partners PPT
Build HIPAA Eligible Solutions with AWS and APN Partners PPTAmazon Web Services
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Amazon Web Services
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Amazon Web Services
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Amazon Web Services
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Amazon Web Services
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Amazon Web Services
 

Was ist angesagt? (20)

Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
 
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
Lean and clean SecOps using AWS native services cloud - SDD301 - AWS re:Infor...
 
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
Build a PCI SAQ A-EP-compliant serverless service to manage credit card payme...
 
Introduction to Incident Response on AWS
Introduction to Incident Response on AWSIntroduction to Incident Response on AWS
Introduction to Incident Response on AWS
 
Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...Monitoring and administrating privilegeMonitoring and administrating privileg...
Monitoring and administrating privilegeMonitoring and administrating privileg...
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Deep dive - AWS security by design
Deep dive - AWS security by designDeep dive - AWS security by design
Deep dive - AWS security by design
 
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019 Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
Your first compliance-as-code - GRC305-R - AWS re:Inforce 2019
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019 Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
Build anywhere; Secure everywhere - DEM01-R - AWS re:Inforce 2019
 
Build HIPAA Eligible Solutions with AWS and APN Partners PPT
Build HIPAA Eligible Solutions with AWS and APN Partners PPT Build HIPAA Eligible Solutions with AWS and APN Partners PPT
Build HIPAA Eligible Solutions with AWS and APN Partners PPT
 
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019 Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
Cloud auditing workshop - GRC323 - AWS re:Inforce 2019
 
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019 Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
Scaling threat detection and response in AWS - SDD312-R - AWS re:Inforce 2019
 
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019 Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
Using analytics to set access controls in AWS - SDD204 - AWS re:Inforce 2019
 
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019 Making application threat intelligence practical - DEM06 - AWS reInforce 2019
Making application threat intelligence practical - DEM06 - AWS reInforce 2019
 
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
Ensure the integrity of your code for fast and secure deployments - SDD319 - ...
 

Ähnlich wie Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singapore

A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...Amazon Web Services
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsSebastian Taphanel CISSP-ISSEP
 
Secure Clouds are Happy Clouds
Secure Clouds are Happy CloudsSecure Clouds are Happy Clouds
Secure Clouds are Happy Clouds2nd Watch
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...Amazon Web Services
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Amazon Web Services
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud SecurityAmazon Web Services
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Amazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB
 
SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWS SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWSAmazon Web Services
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAmazon Web Services
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation OverviewAmazon Web Services
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxNelson Kimathi
 

Ähnlich wie Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singapore (20)

A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
 
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS AccountsHow to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
How to leverage Evident Security Platform for DFARS-NIST 800-171 AWS Accounts
 
Secure Clouds are Happy Clouds
Secure Clouds are Happy CloudsSecure Clouds are Happy Clouds
Secure Clouds are Happy Clouds
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security Developing a Continuous Automated Approach to Cloud Security
Developing a Continuous Automated Approach to Cloud Security
 
Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...Integrating network and API security into your application lifecycle - DEM07 ...
Integrating network and API security into your application lifecycle - DEM07 ...
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
MongoDB World 2018: Tutorial - How to Build Applications with MongoDB Atlas &...
 
SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWS SRV205 Architectures and Strategies for Building Modern Applications on AWS
SRV205 Architectures and Strategies for Building Modern Applications on AWS
 
Accelerating Your Cloud Innovation
Accelerating Your Cloud InnovationAccelerating Your Cloud Innovation
Accelerating Your Cloud Innovation
 
Secure Configuration and Automation Overview
Secure Configuration and Automation OverviewSecure Configuration and Automation Overview
Secure Configuration and Automation Overview
 
Building Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptxBuilding Modern Applications on AWS.pptx
Building Modern Applications on AWS.pptx
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Cloud Conversations: Giving Business Transformation a Voice_AWSPSSummit_Singapore

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bisham Kishnani Head Consulting Engineering – APAC, Palo Alto Networks Cloud Conversations: Giving Business Transformation a Voice Kenneth Sim Director, Consulting Services, AsiaPac Distribution
  • 2. DATA AND APPLICATIONS ARE ? 2 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 3. DATA AND APPLICATIONS ARE EVERYWHERE SAASPRIVATE PHYSICAL IAAS PAAS 3 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 4. TODAY’S TOP PRIORITY FOR A CIO 4 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 5. 5 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 6. SECURITY CAN BE…. Fragmented Prone to Human Error Manual 6 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 7. Cloud API has changed the attack surface 1000s of ways to misconfigure Attacks are more automated than security Too long to validate compliance Managing multi-cloud security is complex Engineers can create massive failures Fragmented Manual Human Error SECURITY CAN BE.… 7 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 8. WHAT’S NEEDED Frictionless Deployment & Management Advanced Application & Data Breach Prevention Consistent Protection across Locations & Clouds 8 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 9. Partial & Broader Context = Flawed Conclusion Visibility WHAT’S NEEDED 9 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 10. WHATS NEEDED 344 KB file-sharing URL category PowerPoint file type “Confidential and Proprietary” content mjacobsen user prodmgmt group canada destination country 172.16.1.10 source IP 64.81.2.23 destination IP TCP/443 destination port SSL protocol HTTP protocol slideshare application slideshare-uploading application function 10 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 11. Security in the Cloud is built upon Shared Responsibility and a Collaborative Approach 11 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 12. SEPARATION OF RESPONSIBILITES 12 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 13. SECURITY: A SHARED RESPONSIBILITY 13 | © 2017, Palo Alto Networks. Confidential and Proprietary. Cloud Infrastructure & Services Compute Storage Database Networking Encryption Key Management Client & Server Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers are responsible for their security IN the cloud AWS looks after security OF the cloud
  • 14. NEW OVER FIVE YEARS OF CONTINUED INVESTMENTS 2013 2014 2015 2016 2017 2018 AWS CloudFormation AWS ELB AWS Auto-Scaling Config Drive AWS Lambda Heat Templates Cloud Infrastructure Support Orchestration and Automation Integration Advanced Automation 14 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 15. CORE ELEMENTS OF PUBLIC CLOUD SECURITY WEB APP Web Server App Server Protect and segment cloud workloads INLINE CLOUD APPLICATION 1 Infrastructure-as-a-Service (IaaS) 15 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 16. CLOUD APPLICATION Secure OS and app within workloads WEB APP Web Server App Server HOST Protect and segment cloud workloads INLINE 1 2 Infrastructure-as-a-Service (IaaS) CORE ELEMENTS OF PUBLIC CLOUD SECURITY 16 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 17. CLOUD APPLICATION Secure OS and app within workloads Continuous security & compliance API WEB APP Web Server App Server HOST Protect and segment cloud workloads INLINE 1 2 3 Infrastructure-as-a-Service (IaaS) OBJECT STORAGE CACHING DATABASE Platform-as-a-Service (PaaS) CORE ELEMENTS OF PUBLIC CLOUD SECURITY 17 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 18. CLOUD APPLICATION Secure OS and app within workloads THE MOST COMPLETE OFFERING FOR THE PUBLIC CLOUD Continuous security & compliance API WEB APP Web Server App Server HOST Protect and segment cloud workloads INLINE Infrastructure-as-a-Service (IaaS) OBJECT STORAGE CACHING DATABASE Platform-as-a-Service (PaaS) 18 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 19. Protect and segment cloud workloads INLINE 1 19 | © 2018, Palo Alto Networks. All Rights Reserved.
  • 20. VM-SERIES: PROTECT & SEGMENT CLOUD WORKLOADS CLOUD APPLICATION WEB APP Web Server App Server Infrastructure-as-a-Service (IaaS) OBJECT STORAGE CACHING DATABASE Platform-as-a-Service (PaaS) Application visibility and workload segmentation Centrally manage and automate deployments Prevent outbound and inbound attacks
  • 21. VALUE WHICH WE GET ON CLOUD Identify applications Control traffic based on application, not only port Prevent known and unknown threats Grant access based on user identity NGFW Visibility and Control Automated Scale up and Scale out Provisioning/Hybrid Lambda, Elastic/Application Load Balancing, CloudWatch, Cloud Templates, Application Insight Manager, ASC MULTI-CLOUDCLOUD SCALE ENTERPRISE CLASS SECURITY POLICY MANAGEMENT CLOUD INTEGRATION
  • 22. VALUE WHICH WE GET ON CLOUD § Manage traffic with a single line § Determine the matching criteria of traffic by using § Network Zones, IP Addresses § User ID or Groups § Machine State § Applications (Layer 7) § Ports / Services § Define Content Scanning Profiles Anti-Spyware Profile All traffic scanned URL Filtering Profile Filter Unwanted URL Categories AV Profile All filles scanned IPS Profile All Exploits Scanned FileBlocking Profile Control File attachments
  • 24. SECURITY & DEVOPS DevOps Is Dynamic Security Is Static
  • 26. TOOLS TO AUTOMATE SECURITY IN THE CLOUD Fully documented XML API XML API Dynamic Policy Updates External Dynamic Lists HTTP Log Forwarding • Quarantine • Service ticketing • Other… HTTP logsBootstrapping
  • 27. AWS CloudFormation AWS Lambda Automation Tools FRICTIONLESS SECURE CLOUD OPERATIONS Template-based deployment Build Bootstrapped Configuration Embed Agent into Workloads Operate Segment Based on Apps & Attributes Orchestrate Policy via XML API Continuously Monitor Resources & Storage Scale Auto-scale Based on Triggers Policies Updated Automatically Integration into Native Services
  • 28.
  • 30.
  • 31. CLOUD RESIDENT MANAGEMENT WITH PANORAMA Security management and logging for any cloud NEW
  • 32. PANORAMA AND LOGGING AS A SERVICE 32 | © 2018, Palo Alto Networks. Confidential and Proprietary. Logging Policies Cloud-based deployment enables scalability and agility Reduces the operational burden associated with log collection Opt-in contribution to Application Framework Manage all physical and virtualized appliances, regardless of environment Reporting & Analysis Logging Service Panorama Logging Service
  • 33. 33 | © 2018, Palo Alto Networks. Confidential and Proprietary.
  • 34. Deployment Use Cases Protect your AWS deployment just as you would in your data center Hybrid Segmentation Internet Gateway Remote Access Securely deploy applications & extend your data center into AWS Separate data and applications for compliance and security Protect Internet facing applications Security consistency for your network, your cloud, and your devices
  • 35. > DCD Summit | Interpol World AUTO SCALING OF INSTANCES Cyber Monday Start of work day Tax season Snow day Provisioned Capacity On-demand scaling Predictable Less predictable
  • 36. AUTO SCALING OF SECURITY SERVICES Cyber Monday Start of work day Tax season Snow day Provisioned capacity On-demand scaling Predictable Less predictable
  • 37. RESOURCES TO ACCELERATE DEPLOYMENTS https://live.paloaltonetworks.com/cloudtemplate
  • 38. Secure OS and app within workloads HOST 2
  • 39. Lightweight Agent Real-time Exploit and Malware Protection Protects Unpatched Workloads TRAPS: WORKLOAD PROTECTION APP WORKLOAD Multi-method Attack Prevention Traps Advanced Endpoint Protections NEW
  • 40. § Identity Access Management: Do passwords match policy? Is MFA used? Do only entitled users have access? § Key Rotation & Management: Are keys being rotated adequately? § Security Monitoring & Logs: Is logging turned on? § Firewall / Security Group / ACL Configuration: What systems/people have access? § Load Balancer Configuration: Is it configured correctly? Are you using VPC security groups on ELBs? § VPC / Subnet Management: Do you have any empty VPCs? Are you nearing the EC2 Security Group limit for your VPC? § Snapshot Management: Do we have a recent snapshot stored? § User & Access Management: Who has access to what resources/accounts? What actions did they take? § Data Encryption: Is encryption turned on for data at rest? In motion? HOW ON MULTI-CLOUD ?
  • 43. THE SOLUTION : EVIDENT.IO CUSTOMER DATA OS/PATCH MGMT IMAGE/SNAPSHOTS USER ACCESS MGMT CLOUD INFRASTRUCTURE SECURITY MONITORING & LOGGING ENCRYPTION / KEY ROTATION VPC / SUBNET SERVICE CONFIGURATION SECURITY GROUPS ACCESS MANAGEMENT COMPUTE STORAGE DATABASE NETWORKING YOUR RESPONSIBLITY THE CSP’s RESPONSIBLITY API CONTROL PLANE WHERE EVIDENT HELPS CLOUD SERVICES
  • 44. EVIDENT.IO ADDRESSES ALL REQUIREMENTS • Deep integration and extensibility • Full understanding of configuration and user behavior • Automated policy enforcement • Full regulatory coverage: HIPAA, PCI, NIST, GDPR… • Full industry coverage: CIS, ISO, SOC2… • Customizable compliance reports and controls Continuous discovery and monitoring Complete and continuous compliance reporting • Risk exposure • Malware analysis and prevention • Sensitive data discovery • Content data discovery Comprehensive storage security
  • 45. EVIDENT.IO 1-CLICK REPORTING MULTI-CLOUD CONTINUOUS & REAL-TIME BUILT FOR DEVOPS, SECOPS, COMPLIANCE AGENTLESS CUSTOMIZE TO MATCH YOUR POLICY PALO ALTO NETWORKS - EVIDENT.IO
  • 47. WHAT MAKES EVIDENT UNIQUE? • Customization • Ability to monitor AWS services • Continuous scanning and alerting • Agentless integration • Out-of-the-box compliance frameworks • Automated policy enforcement and guided remediation
  • 49. PHYSICAL NETWORK MOBILE PRIVATE CLOUD SUMMARY : CONSISTENT, FRICTIONLESS PREVENTION EVERYWHERE IAAS SAAS PAAS
  • 50. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank You