AWSome Day Online 2020_Module 4: Secure your cloud applications
Die SlideShare-Präsentation wird heruntergeladen.
×
Hier ansehen
Empfohlen
Weitere Verwandte Inhalte
Diashows für Sie (20)
Ähnlich wie Public Cloud Security Blueprint (20)
Weitere von Amazon Web Services (20)
Public Cloud Security Blueprint
- 1. ‹#›©2020 Check Point Software Technologies Ltd. ©2020 Check Point Software Technologies Ltd. 溫德鈞 | Check Point 資安顧問 PUBLIC CLOUD SECURITY BLUEPRINT
- 2. ‹#›©2020 Check Point Software Technologies Ltd. • Security Blueprint Recap • Demo – can it be automated ? • What’s new • Isn’t it enough? • Summary Agenda
- 3. ‹#›©2020 Check Point Software Technologies Ltd. PUBLIC CLOUD = SHARED RESPONSIBILITY Cloud Provider responsible for security OF the cloud Infrastructure Customer responsible for security IN the cloud of their data and application Customer Data Platform, Applications, IAM Operating System, Network and FW Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System / Data) Network Traffic Protection (Encryption, Integrity, Identity) Compute Storage Database Networking Cloud Global Infrastructure Regions Availability Zones Edge Locations
- 4. ‹#›©2020 Check Point Software Technologies Ltd. Recap – Security Blue print 1.0
- 5. ‹#›©2020 Check Point Software Technologies Ltd. AWS Direct Connect Southbound VPC CloudGuard Auto-Scaling Group Northbound VPC Corporate data center AWS Transit GW TGW VPC Attachment VPN Tunnel VPC Peering CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic Initial Construct AWS Transit Gateway
- 6. ‹#›©2020 Check Point Software Technologies Ltd. Initial Construct github.com/rcove/TGW
- 7. ‹#›©2020 Check Point Software Technologies Ltd. Initial Construct github.com/rcove/TGW
- 8. ‹#›©2020 Check Point Software Technologies Ltd. Initial Construct AWS Direct Connect South VPC CloudGuard Auto-Scaling Group North VPC Corporate data center AWS Transit GW CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic
- 9. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster
- 10. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster WWW
- 11. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster Amazon Simple Storage Service (S3) Bucket Bucket
- 12. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster Partner VPC
- 13. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster WWW Amazon Simple Storage Service (S3) Bucket Bucket Partner VPC
- 14. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster
- 15. ‹#›©2020 Check Point Software Technologies Ltd. Updated Construct AWS Direct Connect Outgoing HUB CloudGuard Auto-Scaling Group Inbound VPC Corporate data center AWS Transit GW CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic East-West VPC CloudGuard Geo-Cluster State Sync WWW Amazon Simple Storage Service (S3) Bucket Bucket WWW
- 16. ‹#›©2020 Check Point Software Technologies Ltd. Is that enough? South Hub Spoke 1 Spoke 3 Spoke N… North Hub IaaS IaaS Spoke 2 Services Storage Cloud Account Messaging Queue Serverless Keys
- 17. ‹#›©2020 Check Point Software Technologies Ltd. Cloud Security Blueprint
- 18. ‹#›©2020 Check Point Software Technologies Ltd. Internet E-MailSIEMITSMAuto- remediation IP Threat Hunting Geo-Location DB Cloud Provider Account South Hub Spoke 1 Spoke 3 Spoke N… North Hub IaaS IaaS Spoke 2
- 19. ‹#›©2020 Check Point Software Technologies Ltd. Summary • Moving to cloud has risks! • Securing the cloud is possible – use Check Point knowledge and experience • Make security the Cloud Enabler
- 20. ‹#›©2020 Check Point Software Technologies Ltd. ©2020 Check Point Software Technologies Ltd. 溫德鈞 | Check Point 資安顧問 PUBLIC CLOUD SECURITY BLUEPRINT
