SlideShare ist ein Scribd-Unternehmen logo

How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit 2018

Amazon Web Services
Amazon Web Services

The document discusses Payment Card Industry Data Security Standard (PCI DSS) compliance on Amazon Web Services (AWS). It provides an overview of PCI DSS requirements and guidelines for protecting cardholder data. It then describes how AWS services like Lambda, Step Functions, and a segmented cardholder data environment can help achieve PCI DSS compliance by leveraging the AWS shared responsibility model. Finally, it mentions the AWS PCI Quick Start, which automates deployment of a standardized architecture for PCI DSS workloads on AWS.

1 von 39
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS PCI Quick Start http://bit.ly/aws-pci
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The data on a credit card
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Guidelines for Cardholder Data Elements
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI Security Standards Council • Defines the PCI Security Standards • Standards are technical and operational requirements to protect cardholder data.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What are PCI Security Standards?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What are PCI Security Standards? PCI Data Security Standard (DSS) • Applies to all entities that store, process, and/or transmit cardholder data. • Covers technical and operational system components included in or connected to cardholder data. • If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI DSS Goals and 12 High level Requirements
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What is PCI-DSS Requirement 4.1? Encrypt transmission of cardholder data across open, public networks • 4.1 Use strong cryptography and security protocols such as SSL/TLS, SSH or IPSec to safeguard sensitive cardholder data during transmission over open, public networks (e.g. Internet, wireless technologies, Global System for Mobile communications [GSM], General Packet Radio Service [GPRS]). Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment use industry best practices (e.g., IEEE 802.11i) to implement strong encryption for authentication and transmission. The use of WEP as a security control is prohibited.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Encryption in Transit for Requirement – 4.1 Increased complexity with additional components and integration with other applications or services Middleware Server Data base App Server Web Server Internet Load balancer Load balancer SSL/TLS SSL/TLS SSL/TLS SSL/TLS SSL/TLS SSL/TLS SSL/TLS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Encryption in Transit for Requirement – 4.1 Issues with End-to-end encryption • Affect Application Performance • Multiple encryption and decryption • Increase management overhead • Each additional encryption and decryption point adds key and certificate management overhead • Increases PCI DSS testing procedures by QSA
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Let’s Build
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Achieving PCI DSS Compliant Via Shared Security Responsibility Model AWS © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Achieving PCI DSS Compliant Via Shared Security Responsibility Model AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Shared Responsibility Model Customer Data Platform & Application Management Operating system, network, and firewall configuration Client-side data encryption (data integrity, authentication) Network traffic protection encryption / integrity / identity Server-side encryption (file system and/or data) CustomerIAM AWS Endpoints AWSIAM NetworkingDatabasesStorageCompute Edge Locations Availability Zones Regions AWS Global Infrastructure Foundation Services Security IN the Cloud Managed by customers Security OF the Cloud Managed by AWS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Microservices
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What are Microservices? Microservices are small, autonomous services that work together [1]. Gather together those things that change for the same reason, and separate those things that change for different reasons, Single Responsibility Principle Golden rule: can you make a change to a service and deploy it by itself without changing anything else?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 16 Lambda Functions Serverless Computing AWS Lambda is a compute service that runs developers' code in response to events and automatically manages the compute resources for them, making it easy to build applications that respond quickly to new information [2]. Triggered by events or API calls: • AWS S3 bucket PUT • DynamoDB table updates • API Gateway endpoint call • Mobile backend call • Others... Lambda simplifies: • Real-time data processing • Build services for scalable backends • Connect and orchestrate applications Execute code without server. Pay only for used processing. Be happy!
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 18 Step Functions AWS Step Functions makes it easy to coordinate the components of distributed applications and Microservices using visual workflows [3] Building applications from individual components that each perform a discrete function lets you scale and change applications quickly
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 21 Microservices Taxonomy Example Central Cache Handling Cheque Processing λ5 Payments Java Code Operational Services Payments Execution Step Function 1 Customer Billing λ6 Cross Product Operations Business Areas Business Domains Domain Service (Microservices) Service Infrastructure (Serverless) Service Implementation CanonicalModel(BusinessView) AWSPlatform (TechnicalView) Service Composition Python Code Srv Oper 1 Flow SrvOper SrvOper Capability Capability Capability Capability Has Has Has Has Has λ2 λ3 Java Code Nodejs Code Srv Oper 4 λ1 Java Code Service Composite λ4 Python Code SrvOper2 Srv.Oper3
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 22 Mapping Service Domain to Lambda (Java) PaymentsExecution Message IN/OUT (XML) ExecutePayment (ExecutePaymentIN): ExecutePaymentOUT One Lambda Function for each Operation of PaymentsExecution Manage payment lifecycle mapping λ1 execute ( ExecutePaymentIN ): ExecutePaymentOUT update ( UpdatePaymentIN ): UpdatePaymentOUT request ( RequestPaymentIN ): RequestPaymentOUT notify ( NotifyPaymentIN ): NotifyPaymentOUT UpdatePayment (UpdatePaymentIN): UpdatePaymentOUTλ2 RequestPayment (RequestPaymentIN): RequestPaymentOUTλ3 NotifyPayment (NotifyPaymentIN): NotifyPaymentOUTλ4 mapping mapping mapping ExecutePaymentIN Service Domain and Operations Message IN/OUT (POJO Java) ExecutePaymentIN ExecutePaymentOUT ExecutePaymentOUT PaymentsExecutionTransaction Business Object (XSD) mapping reference mapping PaymentsExecutionTransaction Business Object (POJO Java) reference messages messages mapping
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 23 Mapping Service Domain to Lambda (Java) PaymentsExecution ExecutePayment (ExecutePaymentIN): ExecutePaymentOUTλ1 execute ( ExecutePaymentIN ): ExecutePaymentOUT update ( UpdatePaymentIN ): UpdatePaymentOUT request ( RequestPaymentIN ): RequestPaymentOUT notify ( NotifyPaymentIN ): NotifyPaymentOUT Service Domain (Microservice) Lambda Function Definition Lambda Function Implementation (Java)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What if I am B2B, or a SAAS? © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What if I am B2B, or a SAAS?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Build a Segmented Cardholder data environment
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Benefits of Segmented Cardholder Environment • Isolates the cardholder data environment from the remainder of an entity’s network • Reduces the cost of the PCI DSS assessment • Reduces the cost and difficulty of implementing and maintaining PCI DSS controls, • Overall Reduces risk for the entity by limiting data exposure
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Sample Banking Environment Data Center Operations Back office Branch - Systems processing and storing PCI data - Systems for regular banking, internal services, operations, management, etc. Service providers
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI-DSS Scoping – Non-segmented Environment Data Center Operations Back office Branch - Systems processing and storing PCI data - Systems for regular banking, internal services, operations, management, etc. Service providers Environment In scope for PCI-DSS Assessment without segmentation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Data Center PCI-DSS Scoping – Segmented Environment Operations Back office Branch - Systems processing and storing PCI data - Systems for regular banking, internal services, operations, management, etc. Service providers Environment In scope for PCI-DSS Assessment after segmentation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Once in operation
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The Layers of Fraud Prevention • Prevention Stopping the activity before it happens. • Detection Identifying and reporting o behaviors that meet your definition of “fraud” • Enforcement Actions you use to exit a bad actor. • Containment Limiting blast radius or trusting users as appropriate for the amount of risk you are willing to tolerate.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Layered Model
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Prevention Containment / Enforcement Detection First Service Launch AWS Layered Model
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Data Gathering Analysis Decisions / Rules Investigations Device Fingerprints Browser Info IP Layer Usage History Payment Instrument Clickstream Log Files Behavioral Patterns Derived Values Relationships 3rd Party Data Real Time Binary Tree Regression Machine Learning Deep Learning Derived Values Historical Model Training Back Testing Anomaly Detection Auto Pass Auto Block Investigate Usage Limits Gather more Info Pass Gather more Info Fail Supporting Workflows Amazon EC2 AWS Lambda Amazon S3 Amazon RDS Amazon DynamoDB Amazon Kinesis Amazon Redshift* Amazon Machine Learning Amazon SWF Amazon SQS Amazon SNS Risk Management Technology Stack
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Find out what vulnerabilities you have FPO
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Get Advice- Trusted Advisor
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Who is doing what? Who ? When ? What? Where to? Where from? Bill 3:27p m Launch Instance us-west- 2 72.21.198.64 Alice 8:19a m Added Bob to admin group us-east- 1 127.0.0.1 Stev e 2:22p m Deleted security group eu-west- 1 205.251.233. 176
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark How to think about logs
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI DSS – Quick Start Reference Deployment AWS Enterprise Accelerator – Compliance: Standardized Architecture for PCI DSS on the AWS Cloud • Deploys a standardized environment for organizations with PCI DSS workloads • Utilizes AWS CloudFormation templates to automate the deployment • Based on the requirements of PCI DSS version 3.1
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Standard Architecture Deployed by AWS Quick Start
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS PCI Quick Start http://bit.ly/aws-pci
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AMAZON CONFIDENTIAL Did We Scan Your Badge? Remember to opt-in to AWS communications and you will receive a post-event email with a link to: • AWS Developer Workshop Slides • $200 in AWS Credits @shaun_r_ray

Empfohlen

AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 

Empfohlen

AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons Learned
AWS Summit Singapore 2019 | Banking in the Cloud: 10 Lessons LearnedAWS Summits
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...
AWS Summit Singapore 2019 | Next Generation Audit & Compliance - Learn how RH...AWS Summits
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Ocean9, Inc.
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
Evolving Security in AWS
Evolving Security in AWSEvolving Security in AWS
Evolving Security in AWSAmazon Web Services
 
Implementing Governance as Code
Implementing Governance as CodeImplementing Governance as Code
Implementing Governance as CodeAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayAmazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
AWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAmazon Web Services
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert LogicAmazon Web Services
 
AWS view of Financial Services Industry
AWS view of Financial Services IndustryAWS view of Financial Services Industry
AWS view of Financial Services IndustryAmazon Web Services LATAM
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Ocean9, Inc.
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayAmazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
AWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAmazon Web Services
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert LogicAmazon Web Services
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 

Was ist angesagt? (20)

Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?Agility, Business Continuity & Security in a Digital World: Can we have it all?
Agility, Business Continuity & Security in a Digital World: Can we have it all?
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWS
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
Deploying critical Microsoft workloads on AWS at Capital One - SDD337 - AWS r...
 
Evolving Security in AWS
Evolving Security in AWSEvolving Security in AWS
Evolving Security in AWS
 
Implementing Governance as Code
Implementing Governance as CodeImplementing Governance as Code
Implementing Governance as Code
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
 
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
How to Enable Single Sign On to Multiple AWS Accounts and Business Applicatio...
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
AWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim RainsAWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
AWS re:Invent Comes to London 2019 - Security Strategy, Tim Rains
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
 
AWS view of Financial Services Industry
AWS view of Financial Services IndustryAWS view of Financial Services Industry
AWS view of Financial Services Industry
 
Tci reference architecture_v2.0
Tci reference architecture_v2.0Tci reference architecture_v2.0
Tci reference architecture_v2.0
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 

Ähnlich wie How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit 2018

Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
 
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...Amazon Web Services
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBoaz Ziniman
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadAmazon Web Services
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
AWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di businessAWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di businessAmazon Web Services
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Amazon Web Services
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...Martin Klie
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...Amazon Web Services
 

Ähnlich wie How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit 2018 (20)

Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
AWS IoT for Frictionless Consumer Experiences in Retail (RET201) - AWS re:Inv...
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
New AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your WorkloadNew AWS Security Solutions to Protect Your Workload
New AWS Security Solutions to Protect Your Workload
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
 
AWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di businessAWS IoT: servizi costruiti per migliorare le performance di business
AWS IoT: servizi costruiti per migliorare le performance di business
 
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
Build Your Own Log Analytics Solutions on AWS (ANT323-R) - AWS re:Invent 2018
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
A New Approach to Continuous Monitoring in the Cloud: Migrate to AWS with NET...
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
[NEW LAUNCH!] Introducing AWS App Mesh – service mesh on AWS (CON367) - AWS r...
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

How to Process Transactions Like a Boss! AWS Developer Workshop at Web Summit 2018

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS PCI Quick Start http://bit.ly/aws-pci
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The data on a credit card
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Guidelines for Cardholder Data Elements
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI Security Standards Council • Defines the PCI Security Standards • Standards are technical and operational requirements to protect cardholder data.
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What are PCI Security Standards?
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What are PCI Security Standards? PCI Data Security Standard (DSS) • Applies to all entities that store, process, and/or transmit cardholder data. • Covers technical and operational system components included in or connected to cardholder data. • If you are a merchant who accepts or processes payment cards, you must comply with the PCI DSS.
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI DSS Goals and 12 High level Requirements
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What is PCI-DSS Requirement 4.1? Encrypt transmission of cardholder data across open, public networks • 4.1 Use strong cryptography and security protocols such as SSL/TLS, SSH or IPSec to safeguard sensitive cardholder data during transmission over open, public networks (e.g. Internet, wireless technologies, Global System for Mobile communications [GSM], General Packet Radio Service [GPRS]). Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment use industry best practices (e.g., IEEE 802.11i) to implement strong encryption for authentication and transmission. The use of WEP as a security control is prohibited.
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Encryption in Transit for Requirement – 4.1 Increased complexity with additional components and integration with other applications or services Middleware Server Data base App Server Web Server Internet Load balancer Load balancer SSL/TLS SSL/TLS SSL/TLS SSL/TLS SSL/TLS SSL/TLS SSL/TLS
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Encryption in Transit for Requirement – 4.1 Issues with End-to-end encryption • Affect Application Performance • Multiple encryption and decryption • Increase management overhead • Each additional encryption and decryption point adds key and certificate management overhead • Increases PCI DSS testing procedures by QSA
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Let’s Build
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Achieving PCI DSS Compliant Via Shared Security Responsibility Model AWS © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Achieving PCI DSS Compliant Via Shared Security Responsibility Model AWS
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Shared Responsibility Model Customer Data Platform & Application Management Operating system, network, and firewall configuration Client-side data encryption (data integrity, authentication) Network traffic protection encryption / integrity / identity Server-side encryption (file system and/or data) CustomerIAM AWS Endpoints AWSIAM NetworkingDatabasesStorageCompute Edge Locations Availability Zones Regions AWS Global Infrastructure Foundation Services Security IN the Cloud Managed by customers Security OF the Cloud Managed by AWS
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Microservices
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What are Microservices? Microservices are small, autonomous services that work together [1]. Gather together those things that change for the same reason, and separate those things that change for different reasons, Single Responsibility Principle Golden rule: can you make a change to a service and deploy it by itself without changing anything else?
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 16 Lambda Functions Serverless Computing AWS Lambda is a compute service that runs developers' code in response to events and automatically manages the compute resources for them, making it easy to build applications that respond quickly to new information [2]. Triggered by events or API calls: • AWS S3 bucket PUT • DynamoDB table updates • API Gateway endpoint call • Mobile backend call • Others... Lambda simplifies: • Real-time data processing • Build services for scalable backends • Connect and orchestrate applications Execute code without server. Pay only for used processing. Be happy!
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 18 Step Functions AWS Step Functions makes it easy to coordinate the components of distributed applications and Microservices using visual workflows [3] Building applications from individual components that each perform a discrete function lets you scale and change applications quickly
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 21 Microservices Taxonomy Example Central Cache Handling Cheque Processing λ5 Payments Java Code Operational Services Payments Execution Step Function 1 Customer Billing λ6 Cross Product Operations Business Areas Business Domains Domain Service (Microservices) Service Infrastructure (Serverless) Service Implementation CanonicalModel(BusinessView) AWSPlatform (TechnicalView) Service Composition Python Code Srv Oper 1 Flow SrvOper SrvOper Capability Capability Capability Capability Has Has Has Has Has λ2 λ3 Java Code Nodejs Code Srv Oper 4 λ1 Java Code Service Composite λ4 Python Code SrvOper2 Srv.Oper3
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 22 Mapping Service Domain to Lambda (Java) PaymentsExecution Message IN/OUT (XML) ExecutePayment (ExecutePaymentIN): ExecutePaymentOUT One Lambda Function for each Operation of PaymentsExecution Manage payment lifecycle mapping λ1 execute ( ExecutePaymentIN ): ExecutePaymentOUT update ( UpdatePaymentIN ): UpdatePaymentOUT request ( RequestPaymentIN ): RequestPaymentOUT notify ( NotifyPaymentIN ): NotifyPaymentOUT UpdatePayment (UpdatePaymentIN): UpdatePaymentOUTλ2 RequestPayment (RequestPaymentIN): RequestPaymentOUTλ3 NotifyPayment (NotifyPaymentIN): NotifyPaymentOUTλ4 mapping mapping mapping ExecutePaymentIN Service Domain and Operations Message IN/OUT (POJO Java) ExecutePaymentIN ExecutePaymentOUT ExecutePaymentOUT PaymentsExecutionTransaction Business Object (XSD) mapping reference mapping PaymentsExecutionTransaction Business Object (POJO Java) reference messages messages mapping
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark 23 Mapping Service Domain to Lambda (Java) PaymentsExecution ExecutePayment (ExecutePaymentIN): ExecutePaymentOUTλ1 execute ( ExecutePaymentIN ): ExecutePaymentOUT update ( UpdatePaymentIN ): UpdatePaymentOUT request ( RequestPaymentIN ): RequestPaymentOUT notify ( NotifyPaymentIN ): NotifyPaymentOUT Service Domain (Microservice) Lambda Function Definition Lambda Function Implementation (Java)
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What if I am B2B, or a SAAS? © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark What if I am B2B, or a SAAS?
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Build a Segmented Cardholder data environment
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Benefits of Segmented Cardholder Environment • Isolates the cardholder data environment from the remainder of an entity’s network • Reduces the cost of the PCI DSS assessment • Reduces the cost and difficulty of implementing and maintaining PCI DSS controls, • Overall Reduces risk for the entity by limiting data exposure
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Sample Banking Environment Data Center Operations Back office Branch - Systems processing and storing PCI data - Systems for regular banking, internal services, operations, management, etc. Service providers
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI-DSS Scoping – Non-segmented Environment Data Center Operations Back office Branch - Systems processing and storing PCI data - Systems for regular banking, internal services, operations, management, etc. Service providers Environment In scope for PCI-DSS Assessment without segmentation
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Data Center PCI-DSS Scoping – Segmented Environment Operations Back office Branch - Systems processing and storing PCI data - Systems for regular banking, internal services, operations, management, etc. Service providers Environment In scope for PCI-DSS Assessment after segmentation
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Once in operation
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark The Layers of Fraud Prevention • Prevention Stopping the activity before it happens. • Detection Identifying and reporting o behaviors that meet your definition of “fraud” • Enforcement Actions you use to exit a bad actor. • Containment Limiting blast radius or trusting users as appropriate for the amount of risk you are willing to tolerate.
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS Layered Model
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Prevention Containment / Enforcement Detection First Service Launch AWS Layered Model
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Data Gathering Analysis Decisions / Rules Investigations Device Fingerprints Browser Info IP Layer Usage History Payment Instrument Clickstream Log Files Behavioral Patterns Derived Values Relationships 3rd Party Data Real Time Binary Tree Regression Machine Learning Deep Learning Derived Values Historical Model Training Back Testing Anomaly Detection Auto Pass Auto Block Investigate Usage Limits Gather more Info Pass Gather more Info Fail Supporting Workflows Amazon EC2 AWS Lambda Amazon S3 Amazon RDS Amazon DynamoDB Amazon Kinesis Amazon Redshift* Amazon Machine Learning Amazon SWF Amazon SQS Amazon SNS Risk Management Technology Stack
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Find out what vulnerabilities you have FPO
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Get Advice- Trusted Advisor
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Who is doing what? Who ? When ? What? Where to? Where from? Bill 3:27p m Launch Instance us-west- 2 72.21.198.64 Alice 8:19a m Added Bob to admin group us-east- 1 127.0.0.1 Stev e 2:22p m Deleted security group eu-west- 1 205.251.233. 176
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark How to think about logs
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark PCI DSS – Quick Start Reference Deployment AWS Enterprise Accelerator – Compliance: Standardized Architecture for PCI DSS on the AWS Cloud • Deploys a standardized environment for organizations with PCI DSS workloads • Utilizes AWS CloudFormation templates to automate the deployment • Based on the requirements of PCI DSS version 3.1
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Standard Architecture Deployed by AWS Quick Start
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AWS PCI Quick Start http://bit.ly/aws-pci
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark AMAZON CONFIDENTIAL Did We Scan Your Badge? Remember to opt-in to AWS communications and you will receive a post-event email with a link to: • AWS Developer Workshop Slides • $200 in AWS Credits @shaun_r_ray