SlideShare ist ein Scribd-Unternehmen logo

Crypto-Options on AWS | Security Roadshow Dublin

Amazon Web Services
Amazon Web Services

Crypto-Options on AWS | Security Roadshow Dublin

Technologie
1 von 28
Downloaden Sie, um offline zu lesen
©Amazon.com, Inc. and its affiliates. All rights reserved. Crypto-Options on AWS Ronan Guilfoyle - Solutions Architect Amazon Web Services Ireland
Agenda • Theory • Options
Data The Cryptographic Trinity Key Algorithm If you don’t own all three parts of the solution, your data is not considered to be “hard” encrypted…
• So what data might I be concerned with?
In Region I: Availability Zone AWS DC Availability Zone AWS DC
In Region II: AWS DC AWS DC Availability Zone AWS DC AWS DC Availability Zone
Between Regions: Region Availability Zone Availability Zone Region Availability Zone Availability Zone Public Customer WAN DX Site DX Site Here be Dragons!
Summary • Data in transit within an AZ might leave the building • Data in transit between AZs will leave the building • Data in transit between AWS Regions or between AWS and customer premises needs to be taken care of, too Encrypt Your Data in Flight
Discussion Points • Hard encryption might be excessive, for some purposes • Find out where you need which kind of encryption – map your view of risk and need • Think about the lifetime of your data (example: German expiry of use of 3DES and resulting requirement for bulk data re-encryption with stronger algorithm…) • Sometimes encryption is only there for Compliance reasons… Work on your data classification Find balance between your obligation for executive care, cost and complexity
What about data at rest? Getting Data at rest encrypted on AWS is so easy that you should consider a policy: All data can (an should) be encrypted at rest!
Some AWS services supporting data at rest encryption Technology Partners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling +
AWS Key Management Service I • Designed for Scalability and Throughput • Uses bespoke AWS hardware + software • Is a multi-tenant service • Performs AES256 operations • API for crypto command: – Key Management – Encryption / Decryption • Customer selects MasterKey • Data Key is transported via envelope encryption • Durability equal to that of the highest durability services in AWS Customer Master Key(s) Data Key 1 Amazon S3 Object Amazon EBS Volume Amazon Redshift Cluster Data Key 2 Data Key 3 Data Key 4 Custom Application AWS KMS
AWS Key Management Service II Reference Architecture Application or AWS Service + Data Key Encrypted Data Key Encrypted Data Master Key(s) in Customer’s Account AWS Key Management Service 1. Application or AWS service client requests an encryption key to use to encrypt data, and passes a reference to a master key under the account. 2. Client request is authenticated based on whether they have access to use the master key. 3. A new data encryption key is created and a copy of it is encrypted under the master key. 4. Both data key and encrypted data key are returned to the client. Data key is used to encrypt customer data and then deleted as soon as is practical. 5. Encrypted data key is stored for later use and sent back to AWS KMS when the source data needs to be decrypted.
S3 (normal mode) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 stores the data unencrypted • Data travels unencrypted between AZs • Enforce https: { "Statement": [{ "Effect": "Deny”, "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": false } }, "Resource": "arn:aws:s3:::bucket/*" ]} }
S3 (server-side encryption) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 encrypts data with AWS owned key • Data travels encrypted between AZs • Data at rest is encrypted with AWS-owned key • Enforce at-rest encryption: { "Statement":[{ "Sid":"DenyUnEncryptedObjectUploads", "Effect":"Deny", "Principal":"*", "Action":"s3:PutObject", "Resource":"arn:aws:s3:::YourBucket/*", "Condition":{ "StringNotEquals":{ "s3:x-amz-server-side-encryption":"AES256" } } } ] }
S3 (server-side, user key) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 encrypts data with customer key sent in request – The key will be forgotten by AWS immediately • Data travels encrypted between AZs • Data at rest is encrypted with customer-owned key • Customer needs to send key in GET request
S3 (server-side, user key + KMS) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 encrypts data with key sent in request • Data travels encrypted between AZs • Data at rest is encrypted with customer-owned key • Key remains in KMS IAM KMS Object
S3 (client-side encryption) AWS AZ AWS AZ AWS AZ • Client encrypts the data locally with local held key • Data is sent to S3 encrypted • Data travels encrypted between AZs • Data at rest is encrypted with customer-owned key • AWS never sees the key
EBS (normal mode) AWS AZ AWS AZ • Instance sends data to volume via hypervisor module – Module can encrypt or not, depending on customer choice – Data travels to the disks and between datacentres, potentially unencrypted – Data lives unencrypted on Disk
EBS (server-side encryption) AWS AZ AWS AZ • Instance sends encrypted data over hypervisor to volume – Instance OS needs to support encryption – Data travels encrypted to the disks and between datacentres – Data lives encrypted on Disk – AWS owns key/algorithm/data – Included in scope of AWS SOC1 report IAM KMS Volume
CloudHSM • Tamper-Proof and Tamper-Evident – Destroys its stored keys if under attack • FIPS 140-2 Level 2 certified • Base position is to be a Keystore • Can also be used to timestamp documents • You can send data for encrypt / decrypt – Key never leaves the HSM as cleartext – Can be used by several commercial software products – Can be used by API to access the HSM • Needs to be backed-up (ideally to HSM on customer premises) • Can (and should) be combined in HA clusters • Is NOT a key management system – but can work with some third-party ones • Communicates via: – PKCS#11 – JCE • Some applications need a “plugin”
Redshift can use CloudHSM • When using CloudHSM – Redshift gets cluster key from HSM – Redshift generates a database key and encrypts it with the cluster key from the CloudHSM – Redshift encrypts and decrypts individual key for data blocks with the database key – Redshift supports re-encryption
RDS Crypto Support • RDS / Oracle can use CloudHSM to store keys for Oracle Wallet – So TDE can be HSM-backed • RDS / MySQL, RDS / Postgres can use KMS to manage keys used to encrypt underlying EBS volumes – So all tables are encrypted at rest • Note that in-memory database contents (once the database has been unlocked) are cleartext – RAM encryption is not something AWS has today, but it has been done in other contexts
VPC VGW • Hardware IPsec termination points • Data on the VPC side of the VGW is unprotected by the VGW (no re-encryption) – If you need VPN termination with onward re-encryption, use EC2 instances with OpenSWAN or Cisco CRSs instead… • Uses pre-shared symmetric key • The Key is a shared one between AWS and the customer AWS AZ AWS AZCustomer
Between Regions Region Availability Zone Availability Zone Region Availability Zone Availability Zone Public Customer WAN DX Site DX Site Customer DC
Others • Glacier – Archives have always been encrypted – this is entirely transparent to the user – Glacier keys are AES256 – AWS holds key/algorithm/data • Route53 – Supports signed zones • ELB – Supports SSL termination including onward re-encryption and customer choice of cipher suite (useful post-POODLE) – AWS holds keys/algorithm/data – Unidirectional trust only (no certificate-based authentication of client to server) • Import/Export – Currently relies on Truecrypt shared secret between customer and AWS for exporting data – Truecrypt has not been broken, but it is not longer maintained. Therefore import/export will choose another option
Ronan Guilfoyle Amazon Web Services Ireland rguilfoy@amazon.com Additional Resources: http://aws.amazon.com/documentation http://aws.amazon.com/compliance http://aws.amazon.com/security
Crypto-Options on AWS | Security Roadshow Dublin

Empfohlen

Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin
Navigating the AWS Compliance Framework | AWS Security Roadshow DublinNavigating the AWS Compliance Framework | AWS Security Roadshow Dublin
Navigating the AWS Compliance Framework | AWS Security Roadshow DublinAmazon Web Services
 
Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...
Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...
Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinAmazon Web Services
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance FrameworkAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Amazon Web Services
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...AWS Germany
 

Empfohlen

Navigating the AWS Compliance Framework | AWS Security Roadshow Dublin
Navigating the AWS Compliance Framework | AWS Security Roadshow DublinNavigating the AWS Compliance Framework | AWS Security Roadshow Dublin
Navigating the AWS Compliance Framework | AWS Security Roadshow DublinAmazon Web Services
 
Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...
Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...
Account Separation and Mandatory Access Control on AWS | Security Roadshow Du...Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinAmazon Web Services
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance FrameworkAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Protecting Your Data With AWS KMS and AWS CloudHSM
Protecting Your Data With AWS KMS and AWS CloudHSM Amazon Web Services
 
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...
So verarbeiten Sie AWS Sensordaten, um Anwendungen zu sichern - AWS Security ...AWS Germany
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerEast Midlands Cyber Security Forum
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & ComplianceAmazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential EightAmazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWSAmazon Web Services
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended PracticesAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Amazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudAmazon Web Services
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 

Was ist angesagt? (20)

Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended Practices
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
Architecting for End-to-End Security in the Enterprise (ARC308) | AWS re:Inve...
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential Eight
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
Getting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless CloudGetting Started with AWS Lambda and the Serverless Cloud
Getting Started with AWS Lambda and the Serverless Cloud
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - Keynote
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 

Andere mochten auch

Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivAmazon Web Services
 
Security best practices on AWS cloud
Security best practices on AWS cloudSecurity best practices on AWS cloud
Security best practices on AWS cloudMartin Yan
 
쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016
쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016
쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016Amazon Web Services Korea
 
RMG204 Optimizing Costs with AWS - AWS re: Invent 2012
RMG204 Optimizing Costs with AWS - AWS re: Invent 2012RMG204 Optimizing Costs with AWS - AWS re: Invent 2012
RMG204 Optimizing Costs with AWS - AWS re: Invent 2012Amazon Web Services
 
AWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAmazon Web Services
 
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAccelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAmazon Web Services
 
Staying Lean with Amazon Web Services
Staying Lean with Amazon Web ServicesStaying Lean with Amazon Web Services
Staying Lean with Amazon Web ServicesAmazon Web Services
 
AWS - Managing Your Cloud Assets 2013
AWS - Managing Your Cloud Assets 2013AWS - Managing Your Cloud Assets 2013
AWS - Managing Your Cloud Assets 2013Amazon Web Services
 
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...Amazon Web Services
 
AWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter Kemps
AWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter KempsAWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter Kemps
AWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter KempsAmazon Web Services
 
AWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloud
AWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloudAWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloud
AWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloudAmazon Web Services
 
AWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS CloudAWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS CloudAmazon Web Services
 
Getting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoGetting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoAmazon Web Services
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...
AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...
AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...Amazon Web Services
 

Andere mochten auch (20)

Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel AvivVPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
VPC Fundamentals & Connectivity - Pop-up Loft Tel Aviv
 
Security best practices on AWS cloud
Security best practices on AWS cloudSecurity best practices on AWS cloud
Security best practices on AWS cloud
 
쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016
쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016
쉽게 알아보는 AWS 클라우드 보안 :: 임기성 & 신용녀 :: AWS Summit Seoul 2016
 
RMG204 Optimizing Costs with AWS - AWS re: Invent 2012
RMG204 Optimizing Costs with AWS - AWS re: Invent 2012RMG204 Optimizing Costs with AWS - AWS re: Invent 2012
RMG204 Optimizing Costs with AWS - AWS re: Invent 2012
 
6 rules for innovation
6 rules for innovation6 rules for innovation
6 rules for innovation
 
Analytics in the Cloud
Analytics in the CloudAnalytics in the Cloud
Analytics in the Cloud
 
AWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyte
 
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYCAccelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
Accelerating Organizations with Flexible IT - AWS Summit 2012 - NYC
 
Staying Lean with Amazon Web Services
Staying Lean with Amazon Web ServicesStaying Lean with Amazon Web Services
Staying Lean with Amazon Web Services
 
AWS - Managing Your Cloud Assets 2013
AWS - Managing Your Cloud Assets 2013AWS - Managing Your Cloud Assets 2013
AWS - Managing Your Cloud Assets 2013
 
Canberra Symposium Keynote
Canberra Symposium KeynoteCanberra Symposium Keynote
Canberra Symposium Keynote
 
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
 
AWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter Kemps
AWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter KempsAWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter Kemps
AWS Summit 2013 | India - 0 to Production in 40 minutes, Pieter Kemps
 
AWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloud
AWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloudAWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloud
AWS Paris Summit 2014 - T2 - Amazon Workspaces, postes de travail sur le cloud
 
AWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS CloudAWS Webcast - Build Agile Applications in AWS Cloud
AWS Webcast - Build Agile Applications in AWS Cloud
 
Getting started with amazon redshift - Toronto
Getting started with amazon redshift - TorontoGetting started with amazon redshift - Toronto
Getting started with amazon redshift - Toronto
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...
AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...
AWS Summit 2013 | Singapore - Delivering Search for Today's Local, Social, an...
 

Ähnlich wie Crypto-Options on AWS | Security Roadshow Dublin

Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_awssaifam
 
AWS Well Architected-Info Session WeCloudData
AWS Well Architected-Info Session WeCloudDataAWS Well Architected-Info Session WeCloudData
AWS Well Architected-Info Session WeCloudDataWeCloudData
 
AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS Amazon Web Services
 
Building a Bigdata Architecture on AWS
Building a Bigdata Architecture on AWSBuilding a Bigdata Architecture on AWS
Building a Bigdata Architecture on AWSArun Sirimalla
 
So you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuelsSo you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuelsAmazon Web Services
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSKristana Kane
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Amazon Relational Database Service Deep Dive
Amazon Relational Database Service Deep DiveAmazon Relational Database Service Deep Dive
Amazon Relational Database Service Deep DiveAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS Amazon Web Services
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionAmazon Web Services
 

Ähnlich wie Crypto-Options on AWS | Security Roadshow Dublin (20)

Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
 
Using encryption with_aws
Using encryption with_awsUsing encryption with_aws
Using encryption with_aws
 
AWS Well Architected-Info Session WeCloudData
AWS Well Architected-Info Session WeCloudDataAWS Well Architected-Info Session WeCloudData
AWS Well Architected-Info Session WeCloudData
 
AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS AWS Summit Auckland 2014 | Black Belt Tips on AWS
AWS Summit Auckland 2014 | Black Belt Tips on AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Building a Bigdata Architecture on AWS
Building a Bigdata Architecture on AWSBuilding a Bigdata Architecture on AWS
Building a Bigdata Architecture on AWS
 
So you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuelsSo you think you are an aws ninja dean samuels
So you think you are an aws ninja dean samuels
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
AWS Black Belt Tips
AWS Black Belt TipsAWS Black Belt Tips
AWS Black Belt Tips
 
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWSMigrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
Migrating Your Databases to AWS Deep Dive on Amazon RDS and AWS
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
 
AWS Black Belt Tips
AWS Black Belt TipsAWS Black Belt Tips
AWS Black Belt Tips
 
AWS Black Belt Tips
AWS Black Belt TipsAWS Black Belt Tips
AWS Black Belt Tips
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Amazon Relational Database Service Deep Dive
Amazon Relational Database Service Deep DiveAmazon Relational Database Service Deep Dive
Amazon Relational Database Service Deep Dive
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
AWS Public Sector Symposium 2014 Canberra | Black Belt Tips on AWS
 
Well-Architected for Security: Advanced Session
Well-Architected for Security: Advanced SessionWell-Architected for Security: Advanced Session
Well-Architected for Security: Advanced Session
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Kürzlich hochgeladen (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Crypto-Options on AWS | Security Roadshow Dublin

  • 1. ©Amazon.com, Inc. and its affiliates. All rights reserved. Crypto-Options on AWS Ronan Guilfoyle - Solutions Architect Amazon Web Services Ireland
  • 3. Data The Cryptographic Trinity Key Algorithm If you don’t own all three parts of the solution, your data is not considered to be “hard” encrypted…
  • 4. • So what data might I be concerned with?
  • 5. In Region I: Availability Zone AWS DC Availability Zone AWS DC
  • 6. In Region II: AWS DC AWS DC Availability Zone AWS DC AWS DC Availability Zone
  • 7. Between Regions: Region Availability Zone Availability Zone Region Availability Zone Availability Zone Public Customer WAN DX Site DX Site Here be Dragons!
  • 8. Summary • Data in transit within an AZ might leave the building • Data in transit between AZs will leave the building • Data in transit between AWS Regions or between AWS and customer premises needs to be taken care of, too Encrypt Your Data in Flight
  • 9. Discussion Points • Hard encryption might be excessive, for some purposes • Find out where you need which kind of encryption – map your view of risk and need • Think about the lifetime of your data (example: German expiry of use of 3DES and resulting requirement for bulk data re-encryption with stronger algorithm…) • Sometimes encryption is only there for Compliance reasons… Work on your data classification Find balance between your obligation for executive care, cost and complexity
  • 10. What about data at rest? Getting Data at rest encrypted on AWS is so easy that you should consider a policy: All data can (an should) be encrypted at rest!
  • 11. Some AWS services supporting data at rest encryption Technology Partners Consulting Partners AWS MarketplaceEcosystem Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net OpsWorks CloudFormationContainers & Deployment (PaaS) Management & AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface Direct Connect Route 53VPC Networking Analytics Data PipelineRedshiftEMR Kinesis SWFSNS SQS CloudSearchSES AppStreamCloudFront Application Services WorkSpaces Regions Availability Zones Content Delivery POPs Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache StorageCompute Databases RDS MySQL, PostgreSQL Oracle, SQL Server Elastic Load BalancerEC2 Auto Scaling +
  • 12. AWS Key Management Service I • Designed for Scalability and Throughput • Uses bespoke AWS hardware + software • Is a multi-tenant service • Performs AES256 operations • API for crypto command: – Key Management – Encryption / Decryption • Customer selects MasterKey • Data Key is transported via envelope encryption • Durability equal to that of the highest durability services in AWS Customer Master Key(s) Data Key 1 Amazon S3 Object Amazon EBS Volume Amazon Redshift Cluster Data Key 2 Data Key 3 Data Key 4 Custom Application AWS KMS
  • 13. AWS Key Management Service II Reference Architecture Application or AWS Service + Data Key Encrypted Data Key Encrypted Data Master Key(s) in Customer’s Account AWS Key Management Service 1. Application or AWS service client requests an encryption key to use to encrypt data, and passes a reference to a master key under the account. 2. Client request is authenticated based on whether they have access to use the master key. 3. A new data encryption key is created and a copy of it is encrypted under the master key. 4. Both data key and encrypted data key are returned to the client. Data key is used to encrypt customer data and then deleted as soon as is practical. 5. Encrypted data key is stored for later use and sent back to AWS KMS when the source data needs to be decrypted.
  • 14. S3 (normal mode) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 stores the data unencrypted • Data travels unencrypted between AZs • Enforce https: { "Statement": [{ "Effect": "Deny”, "Action": "s3:*", "Condition": { "Bool": { "aws:SecureTransport": false } }, "Resource": "arn:aws:s3:::bucket/*" ]} }
  • 15. S3 (server-side encryption) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 encrypts data with AWS owned key • Data travels encrypted between AZs • Data at rest is encrypted with AWS-owned key • Enforce at-rest encryption: { "Statement":[{ "Sid":"DenyUnEncryptedObjectUploads", "Effect":"Deny", "Principal":"*", "Action":"s3:PutObject", "Resource":"arn:aws:s3:::YourBucket/*", "Condition":{ "StringNotEquals":{ "s3:x-amz-server-side-encryption":"AES256" } } } ] }
  • 16. S3 (server-side, user key) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 encrypts data with customer key sent in request – The key will be forgotten by AWS immediately • Data travels encrypted between AZs • Data at rest is encrypted with customer-owned key • Customer needs to send key in GET request
  • 17. S3 (server-side, user key + KMS) AWS AZ AWS AZ AWS AZ • Data is sent to S3 encrypted • S3 encrypts data with key sent in request • Data travels encrypted between AZs • Data at rest is encrypted with customer-owned key • Key remains in KMS IAM KMS Object
  • 18. S3 (client-side encryption) AWS AZ AWS AZ AWS AZ • Client encrypts the data locally with local held key • Data is sent to S3 encrypted • Data travels encrypted between AZs • Data at rest is encrypted with customer-owned key • AWS never sees the key
  • 19. EBS (normal mode) AWS AZ AWS AZ • Instance sends data to volume via hypervisor module – Module can encrypt or not, depending on customer choice – Data travels to the disks and between datacentres, potentially unencrypted – Data lives unencrypted on Disk
  • 20. EBS (server-side encryption) AWS AZ AWS AZ • Instance sends encrypted data over hypervisor to volume – Instance OS needs to support encryption – Data travels encrypted to the disks and between datacentres – Data lives encrypted on Disk – AWS owns key/algorithm/data – Included in scope of AWS SOC1 report IAM KMS Volume
  • 21. CloudHSM • Tamper-Proof and Tamper-Evident – Destroys its stored keys if under attack • FIPS 140-2 Level 2 certified • Base position is to be a Keystore • Can also be used to timestamp documents • You can send data for encrypt / decrypt – Key never leaves the HSM as cleartext – Can be used by several commercial software products – Can be used by API to access the HSM • Needs to be backed-up (ideally to HSM on customer premises) • Can (and should) be combined in HA clusters • Is NOT a key management system – but can work with some third-party ones • Communicates via: – PKCS#11 – JCE • Some applications need a “plugin”
  • 22. Redshift can use CloudHSM • When using CloudHSM – Redshift gets cluster key from HSM – Redshift generates a database key and encrypts it with the cluster key from the CloudHSM – Redshift encrypts and decrypts individual key for data blocks with the database key – Redshift supports re-encryption
  • 23. RDS Crypto Support • RDS / Oracle can use CloudHSM to store keys for Oracle Wallet – So TDE can be HSM-backed • RDS / MySQL, RDS / Postgres can use KMS to manage keys used to encrypt underlying EBS volumes – So all tables are encrypted at rest • Note that in-memory database contents (once the database has been unlocked) are cleartext – RAM encryption is not something AWS has today, but it has been done in other contexts
  • 24. VPC VGW • Hardware IPsec termination points • Data on the VPC side of the VGW is unprotected by the VGW (no re-encryption) – If you need VPN termination with onward re-encryption, use EC2 instances with OpenSWAN or Cisco CRSs instead… • Uses pre-shared symmetric key • The Key is a shared one between AWS and the customer AWS AZ AWS AZCustomer
  • 25. Between Regions Region Availability Zone Availability Zone Region Availability Zone Availability Zone Public Customer WAN DX Site DX Site Customer DC
  • 26. Others • Glacier – Archives have always been encrypted – this is entirely transparent to the user – Glacier keys are AES256 – AWS holds key/algorithm/data • Route53 – Supports signed zones • ELB – Supports SSL termination including onward re-encryption and customer choice of cipher suite (useful post-POODLE) – AWS holds keys/algorithm/data – Unidirectional trust only (no certificate-based authentication of client to server) • Import/Export – Currently relies on Truecrypt shared secret between customer and AWS for exporting data – Truecrypt has not been broken, but it is not longer maintained. Therefore import/export will choose another option
  • 27. Ronan Guilfoyle Amazon Web Services Ireland rguilfoy@amazon.com Additional Resources: http://aws.amazon.com/documentation http://aws.amazon.com/compliance http://aws.amazon.com/security