SlideShare a Scribd company logo

Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agencies - AWS PS Summit Canberra 2017

Amazon Web Services
Amazon Web Services

This session delves into the partnership between TechnologyOne, Departments and Agencies within Federal Government and AWS, on how TechnologyOne's solution architecture achieved great economies of scale, to enable the efficient delivery of services to agencies, and how the Shared Responsibility Model guided this 3 way partnership to achieve ISM security requirements. Speaker: Iain Rouse, Group Director, Cloud R&D, TechnologyOne Level: 200

1 of 24
Commercial in confidence Jenny Johnson, Marketing Director Aaron Hauck Enterprise Engineer, ITSA Iain Rouse Group Director - Cloud, CISO August 2017 Delivering Cost-Effective and Reliable Corporate Services to Agencies
TechnologyOne Cloud ISO/IEC 27001 ISO/IEC 27017 ISO/IEC 27018 SOC 1 SOC 2 UK G-Cloud Rich Compliance and Strong Industry Recognition Australian ISM New Zealand ISM Competencies • Education • Government • Public Sector
TechnologyOne Cloud Enhance our understanding Australian ISM New Zealand ISM
Public Sector SaaS Customers Local Government State Government Education Central Government
TechnologyOne Cloud Cloud Service Platform Built using Ci Anywhere API Driven Automation Major software releases, delivered twice a year Trust Services Principles Security Availability Privacy Confidentiality Core Service API NetworkCompute OS Storage QueueingMessaging Licencing Email Software Services Reports Refreshes Encryption Backups Insights Releases Monitoring Fixes One global platform Upgrades Auto Scale Self Healing Processing Integrity Software as a Service International Standards ISO 27001 ISO 27017 ISO 27018 SSAE 16 ISAE 3402 SOC 1 SOC 2 IRAP G-Cloud PCI DSS
TechnologyOne Cloud AWSTechnologyOneAgencyCustomer Responsible for Security OF the Cloud Compute Database Storage Networking International Standards Responsible for Security IN the Cloud Network Data Firewall OS International Standards ISO 27001 ISO 27017 ISO 27018 SSAE 16 ISAE 3402 SOC 1 SOC 2 IRAP Network Software Availability Updates Scalability Durability Responsible for Configuration IN the Cloud Reports Refreshes Templates Features Approach Proven Fit Consumes Software as a Service
Simplifying the Complex
 Write Once Read Many  Non repudiation of data  Ensure data integrity Worm Buckets Data cannot be modified from its original state
Processing Integrity Privacy Security TechnologyOne Trust Principles We look for patterns we can apply globally
PCI DSS 3.2 Requirement 10.5.5 - Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert). Information Security Manual 2016 Access Controls - Principle 3 - Detect and attribute any violations of information security policy—including cyber security incidents, breaches and intrusions—by maintaining, auditing and ensuring the availability and integrity of event logs. Standards & Guidelines Different standards, consistent requirements
Start With A New AWS Account  Separate Root Credentials  Auditability  Cross account access to S3 is implicitly denied by bucket ACLs  Absolute Control of IAM Policies  Create an Air Gap Between Applications and Data  Billing and Cost Management Security Privacy Processing Integrity Creating W.O.R.M. Buckets Start with a New AWS Account
Ensure Contact Details Are Correct  MFA Root Credentials  Physical MFA Token  Locked in Fire Proof Safe  Cloud Trail Enabled - All Regions  Log Integrity Validation  Log File Encryption  Limit use of IAM users  Long lived access credentials – terrible idea! Security Privacy Processing Integrity Setting Up New Account
Read or Write vs Read and Write Visualising Fine Grain Control
Deploy With CloudFormation  S3 Bucket  Bucket Policy  Versioning  Lifecycle Policy  IAM Roles  Bucket putters  Bucket readers  S3 Events  Alert on object removed W.O.R.M. Bucket Components Security Privacy Processing Integrity
Consider the sensitivity of data  MFA Delete  Require Root credentials and MFA token to delete objects  Provides third layer of defence  Requires Root credentials to set up  Cloud Trail Data Level Event Logging  Records details of event, IAM, IP Address, time etc.  Assume Role events recorded in Cloud Trail  S3 Bucket Logging can capture other details W.O.R.M. Bucket Optional Components Security Privacy Processing Integrity
 Machine Learning  Detect and alert on anomalous access patterns  Restrict access controls based on actual access requirements  Identify and classify based on meta data  Big Data Blockchain  All data is cryptographically signed and chained  Distributed - No one system controls the chain  Collaborative time stamping - everyone agrees on a sequence of events Future Thoughts Security Privacy Processing Integrity
By simply using  S3  IAM  CloudTrail  CloudFormation Primitive AWS Services make this possible Information Security Manual 2016 Access Controls - Principle 3 - Detect and attribute any violations of information security policy—including cyber security incidents, breaches and intrusions—by maintaining, auditing and ensuring the availability and integrity of event logs.
TechnologyOne Cloud AWSTechnologyOneAgencyCustomer Responsible for Security OF the Cloud Compute Database Storage Networking International Standards Responsible for Security IN the Cloud Network Data Firewall OS International Standards ISO 27001 ISO 27017 ISO 27018 SSAE 16 ISAE 3402 SOC 1 SOC 2 IRAP Network Software Availability Updates Scalability Durability Responsible for Configuration IN the Cloud Reports Refreshes Templates Features Approach Proven Fit Consumes Software as a Service
In Closing  Patterns help simplify the complex  AWS have taken care of the heavy lifting  Challenge your thinking  Explicit deny is how you start  Everything you allow is a conscious decision  Considering 4 simple AWS services solve a complex problem, the question is what are you going to build on Monday?
Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agencies - AWS PS Summit Canberra 2017

Recommended

Microsoft Cloud App Security Demo
Microsoft Cloud App Security DemoMicrosoft Cloud App Security Demo
Microsoft Cloud App Security DemoCheah Eng Soon
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365Arjan Cornelissen
 
Cloud Security Demo
Cloud Security DemoCloud Security Demo
Cloud Security DemoCheah Eng Soon
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about securityArjan Cornelissen
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your EnterpriseDavid J Rosenthal
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure adArjan Cornelissen
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about securityArjan Cornelissen
 

Recommended

Microsoft Cloud App Security Demo
Microsoft Cloud App Security DemoMicrosoft Cloud App Security Demo
Microsoft Cloud App Security DemoCheah Eng Soon
 
20181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 36520181115 O365 connect protecting your data in office 365
20181115 O365 connect protecting your data in office 365Arjan Cornelissen
 
Cloud Security Demo
Cloud Security DemoCloud Security Demo
Cloud Security DemoCheah Eng Soon
 
20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about security20171207 we are moving to the cloud what about security
20171207 we are moving to the cloud what about securityArjan Cornelissen
 
Secure Access to Your Enterprise
Secure Access to Your EnterpriseSecure Access to Your Enterprise
Secure Access to Your EnterpriseDavid J Rosenthal
 
20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure ad20181213 - wazug protecting your data with azure ad
20181213 - wazug protecting your data with azure adArjan Cornelissen
 
Microsoft Threat Protection
Microsoft Threat ProtectionMicrosoft Threat Protection
Microsoft Threat ProtectionThierry DEMAN
 
20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about security20180120 spsbre - we are moving to the cloud what about security
20180120 spsbre - we are moving to the cloud what about securityArjan Cornelissen
 
1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - KeynoteAndrew Bettany
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio OverviewIftikhar Ali Iqbal
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCloudLock
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockCloudLock
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Skybox Security
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraDavid De Vos
 
June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report Netskope
 
Multi Cloud Security Technology Requirements.
Multi Cloud Security Technology Requirements. Multi Cloud Security Technology Requirements.
Multi Cloud Security Technology Requirements. Rasool Irfan
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365Arjan Cornelissen
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Bitglass
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 

More Related Content

What's hot

1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - KeynoteAndrew Bettany
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)Iftikhar Ali Iqbal
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionBitglass
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Syed Sabhi Haider
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCloudLock
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockCloudLock
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityCloudLock
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Skybox Security
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraDavid De Vos
 
June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report Netskope
 
Multi Cloud Security Technology Requirements.
Multi Cloud Security Technology Requirements. Multi Cloud Security Technology Requirements.
Multi Cloud Security Technology Requirements. Rasool Irfan
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonAdam Levithan
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365Arjan Cornelissen
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)Robert Crane
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Bitglass
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information ProtectionAndrew Bettany
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 

What's hot (20)

1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - Keynote
 
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
McAfee - MVISION Cloud (MVC) - Cloud Access Security Broker (CASB)
 
Security O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat ProtectionSecurity O365 Using AI-based Advanced Threat Protection
Security O365 Using AI-based Advanced Threat Protection
 
McAfee - Portfolio Overview
McAfee - Portfolio OverviewMcAfee - Portfolio Overview
McAfee - Portfolio Overview
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Codeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWSCodeless Security for the Apps You Buy & Build on AWS
Codeless Security for the Apps You Buy & Build on AWS
 
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLockBe A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
Be A Hero: Combat Cloud Security Threats with Google Apps Unlimited & CloudLock
 
Stop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS SecurityStop Hackers with Integrated CASB & IDaaS Security
Stop Hackers with Integrated CASB & IDaaS Security
 
Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security? Infosec 2014: Who Is Skybox Security?
Infosec 2014: Who Is Skybox Security?
 
Data Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud eraData Protection & Shadow IT in a cloud era
Data Protection & Shadow IT in a cloud era
 
June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report June 2016 EMEA Netskope Cloud Report
June 2016 EMEA Netskope Cloud Report
 
Multi Cloud Security Technology Requirements.
Multi Cloud Security Technology Requirements. Multi Cloud Security Technology Requirements.
Multi Cloud Security Technology Requirements.
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @TowsonImportance of Identity Management in Security - Microsoft Tech Tour @Towson
Importance of Identity Management in Security - Microsoft Tech Tour @Towson
 
20181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 36520181110 sps leicester connect protecting your data in office 365
20181110 sps leicester connect protecting your data in office 365
 
An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)An introduction to Office 365 Advanced Threat Protection (ATP)
An introduction to Office 365 Advanced Threat Protection (ATP)
 
Microsoft Cloud App Security
Microsoft Cloud App SecurityMicrosoft Cloud App Security
Microsoft Cloud App Security
 
Webinar Express: What is a CASB?
Webinar Express: What is a CASB?Webinar Express: What is a CASB?
Webinar Express: What is a CASB?
 
2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection2 Modern Security - Microsoft Information Protection
2 Modern Security - Microsoft Information Protection
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 

Similar to Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agencies - AWS PS Summit Canberra 2017

Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security SuperheroAmazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAmazon Web Services
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSAmazon Web Services
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingAmazon Web Services
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Cloud Security 2014 AASNET
Cloud Security 2014 AASNETCloud Security 2014 AASNET
Cloud Security 2014 AASNETFarrukh Shahzad
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranGSTF
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology GovernanceAlert Logic
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Amazon Web Services
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSKarim Hopper
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityVAST
 

Similar to Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agencies - AWS PS Summit Canberra 2017 (20)

Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
AWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App SecurityAWS Webcast - Top 3 Ways to Improve Web App Security
AWS Webcast - Top 3 Ways to Improve Web App Security
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
Rackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWSRackspace: Best Practices for Security Compliance on AWS
Rackspace: Best Practices for Security Compliance on AWS
 
CloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security ScalingCloudPassage Best Practices for Automatic Security Scaling
CloudPassage Best Practices for Automatic Security Scaling
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
Cloud Security 2014 AASNET
Cloud Security 2014 AASNETCloud Security 2014 AASNET
Cloud Security 2014 AASNET
 
Cloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton RavindranCloud Security By Dr. Anton Ravindran
Cloud Security By Dr. Anton Ravindran
 
Modernizing Technology Governance
Modernizing Technology GovernanceModernizing Technology Governance
Modernizing Technology Governance
 
Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)Automating nist 800 171 compliance in AWS Govcloud (US)
Automating nist 800 171 compliance in AWS Govcloud (US)
 
Paper1
Paper1Paper1
Paper1
 
Cloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWSCloud Security, Risk and Compliance on AWS
Cloud Security, Risk and Compliance on AWS
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
The 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud SecurityThe 3 Recommendations for Cloud Security
The 3 Recommendations for Cloud Security
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Partnering to Deliver Cost Efficient and Reliable Corporate Services to Agencies - AWS PS Summit Canberra 2017

  • 1. Commercial in confidence Jenny Johnson, Marketing Director Aaron Hauck Enterprise Engineer, ITSA Iain Rouse Group Director - Cloud, CISO August 2017 Delivering Cost-Effective and Reliable Corporate Services to Agencies
  • 2. TechnologyOne Cloud ISO/IEC 27001 ISO/IEC 27017 ISO/IEC 27018 SOC 1 SOC 2 UK G-Cloud Rich Compliance and Strong Industry Recognition Australian ISM New Zealand ISM Competencies • Education • Government • Public Sector
  • 3.
  • 4. TechnologyOne Cloud Enhance our understanding Australian ISM New Zealand ISM
  • 5. Public Sector SaaS Customers Local Government State Government Education Central Government
  • 6. TechnologyOne Cloud Cloud Service Platform Built using Ci Anywhere API Driven Automation Major software releases, delivered twice a year Trust Services Principles Security Availability Privacy Confidentiality Core Service API NetworkCompute OS Storage QueueingMessaging Licencing Email Software Services Reports Refreshes Encryption Backups Insights Releases Monitoring Fixes One global platform Upgrades Auto Scale Self Healing Processing Integrity Software as a Service International Standards ISO 27001 ISO 27017 ISO 27018 SSAE 16 ISAE 3402 SOC 1 SOC 2 IRAP G-Cloud PCI DSS
  • 7.
  • 8. TechnologyOne Cloud AWSTechnologyOneAgencyCustomer Responsible for Security OF the Cloud Compute Database Storage Networking International Standards Responsible for Security IN the Cloud Network Data Firewall OS International Standards ISO 27001 ISO 27017 ISO 27018 SSAE 16 ISAE 3402 SOC 1 SOC 2 IRAP Network Software Availability Updates Scalability Durability Responsible for Configuration IN the Cloud Reports Refreshes Templates Features Approach Proven Fit Consumes Software as a Service
  • 10.
  • 11.
  • 12.  Write Once Read Many  Non repudiation of data  Ensure data integrity Worm Buckets Data cannot be modified from its original state
  • 13. Processing Integrity Privacy Security TechnologyOne Trust Principles We look for patterns we can apply globally
  • 14. PCI DSS 3.2 Requirement 10.5.5 - Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert). Information Security Manual 2016 Access Controls - Principle 3 - Detect and attribute any violations of information security policy—including cyber security incidents, breaches and intrusions—by maintaining, auditing and ensuring the availability and integrity of event logs. Standards & Guidelines Different standards, consistent requirements
  • 15. Start With A New AWS Account  Separate Root Credentials  Auditability  Cross account access to S3 is implicitly denied by bucket ACLs  Absolute Control of IAM Policies  Create an Air Gap Between Applications and Data  Billing and Cost Management Security Privacy Processing Integrity Creating W.O.R.M. Buckets Start with a New AWS Account
  • 16. Ensure Contact Details Are Correct  MFA Root Credentials  Physical MFA Token  Locked in Fire Proof Safe  Cloud Trail Enabled - All Regions  Log Integrity Validation  Log File Encryption  Limit use of IAM users  Long lived access credentials – terrible idea! Security Privacy Processing Integrity Setting Up New Account
  • 17. Read or Write vs Read and Write Visualising Fine Grain Control
  • 18. Deploy With CloudFormation  S3 Bucket  Bucket Policy  Versioning  Lifecycle Policy  IAM Roles  Bucket putters  Bucket readers  S3 Events  Alert on object removed W.O.R.M. Bucket Components Security Privacy Processing Integrity
  • 19. Consider the sensitivity of data  MFA Delete  Require Root credentials and MFA token to delete objects  Provides third layer of defence  Requires Root credentials to set up  Cloud Trail Data Level Event Logging  Records details of event, IAM, IP Address, time etc.  Assume Role events recorded in Cloud Trail  S3 Bucket Logging can capture other details W.O.R.M. Bucket Optional Components Security Privacy Processing Integrity
  • 20.  Machine Learning  Detect and alert on anomalous access patterns  Restrict access controls based on actual access requirements  Identify and classify based on meta data  Big Data Blockchain  All data is cryptographically signed and chained  Distributed - No one system controls the chain  Collaborative time stamping - everyone agrees on a sequence of events Future Thoughts Security Privacy Processing Integrity
  • 21. By simply using  S3  IAM  CloudTrail  CloudFormation Primitive AWS Services make this possible Information Security Manual 2016 Access Controls - Principle 3 - Detect and attribute any violations of information security policy—including cyber security incidents, breaches and intrusions—by maintaining, auditing and ensuring the availability and integrity of event logs.
  • 22. TechnologyOne Cloud AWSTechnologyOneAgencyCustomer Responsible for Security OF the Cloud Compute Database Storage Networking International Standards Responsible for Security IN the Cloud Network Data Firewall OS International Standards ISO 27001 ISO 27017 ISO 27018 SSAE 16 ISAE 3402 SOC 1 SOC 2 IRAP Network Software Availability Updates Scalability Durability Responsible for Configuration IN the Cloud Reports Refreshes Templates Features Approach Proven Fit Consumes Software as a Service
  • 23. In Closing  Patterns help simplify the complex  AWS have taken care of the heavy lifting  Challenge your thinking  Explicit deny is how you start  Everything you allow is a conscious decision  Considering 4 simple AWS services solve a complex problem, the question is what are you going to build on Monday?