SlideShare ist ein Scribd-Unternehmen logo

Public Cloud Security Blueprint

Amazon Web Services
Amazon Web Services
1 von 20
‹#›©2020 Check Point Software Technologies Ltd. ©2020 Check Point Software Technologies Ltd. 溫德鈞 | Check Point 資安顧問 PUBLIC CLOUD SECURITY BLUEPRINT
‹#›©2020 Check Point Software Technologies Ltd. • Security Blueprint Recap • Demo – can it be automated ? • What’s new • Isn’t it enough? • Summary Agenda
‹#›©2020 Check Point Software Technologies Ltd. PUBLIC CLOUD = SHARED RESPONSIBILITY Cloud Provider responsible for security OF the cloud Infrastructure Customer responsible for security IN the cloud of their data and application Customer Data Platform, Applications, IAM Operating System, Network and FW Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System / Data) Network Traffic Protection (Encryption, Integrity, Identity) Compute Storage Database Networking Cloud Global Infrastructure Regions Availability Zones Edge Locations
‹#›©2020 Check Point Software Technologies Ltd. Recap – Security Blue print 1.0
‹#›©2020 Check Point Software Technologies Ltd. AWS Direct Connect Southbound VPC CloudGuard Auto-Scaling Group Northbound VPC Corporate data center AWS Transit GW TGW VPC Attachment VPN Tunnel VPC Peering CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic Initial Construct AWS Transit Gateway
‹#›©2020 Check Point Software Technologies Ltd. Initial Construct github.com/rcove/TGW
‹#›©2020 Check Point Software Technologies Ltd. Initial Construct github.com/rcove/TGW
‹#›©2020 Check Point Software Technologies Ltd. Initial Construct AWS Direct Connect South VPC CloudGuard Auto-Scaling Group North VPC Corporate data center AWS Transit GW CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic
‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster
‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster WWW
‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster Amazon Simple Storage Service (S3) Bucket Bucket
‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster Partner VPC
‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster WWW Amazon Simple Storage Service (S3) Bucket Bucket Partner VPC
‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster
‹#›©2020 Check Point Software Technologies Ltd. Updated Construct AWS Direct Connect Outgoing HUB CloudGuard Auto-Scaling Group Inbound VPC Corporate data center AWS Transit GW CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic East-West VPC CloudGuard Geo-Cluster State Sync WWW Amazon Simple Storage Service (S3) Bucket Bucket WWW
‹#›©2020 Check Point Software Technologies Ltd. Is that enough? South Hub Spoke 1 Spoke 3 Spoke N… North Hub IaaS IaaS Spoke 2 Services Storage Cloud Account Messaging Queue Serverless Keys
‹#›©2020 Check Point Software Technologies Ltd. Cloud Security Blueprint
‹#›©2020 Check Point Software Technologies Ltd. Internet E-MailSIEMITSMAuto- remediation IP Threat Hunting Geo-Location DB Cloud Provider Account South Hub Spoke 1 Spoke 3 Spoke N… North Hub IaaS IaaS Spoke 2
‹#›©2020 Check Point Software Technologies Ltd. Summary • Moving to cloud has risks! • Securing the cloud is possible – use Check Point knowledge and experience • Make security the Cloud Enabler
‹#›©2020 Check Point Software Technologies Ltd. ©2020 Check Point Software Technologies Ltd. 溫德鈞 | Check Point 資安顧問 PUBLIC CLOUD SECURITY BLUEPRINT

Empfohlen

AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理Amazon Web Services
 
Lambda Function Security
Lambda Function SecurityLambda Function Security
Lambda Function SecurityAmazon Web Services
 
Come costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWSCome costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWSAmazon Web Services
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Amazon Web Services
 
AWS 資料數據與 IoT
AWS 資料數據與 IoTAWS 資料數據與 IoT
AWS 資料數據與 IoTAmazon Web Services
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals2nd Watch
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 

Empfohlen

AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理AWS雲端自動化合規檢核與資安警訊通報管理
AWS雲端自動化合規檢核與資安警訊通報管理Amazon Web Services
 
Lambda Function Security
Lambda Function SecurityLambda Function Security
Lambda Function SecurityAmazon Web Services
 
Come costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWSCome costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWSAmazon Web Services
 
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...
Enabling digital transformation of your business on AWS - DEM08-S - Mexico Ci...Amazon Web Services
 
AWS 資料數據與 IoT
AWS 資料數據與 IoTAWS 資料數據與 IoT
AWS 資料數據與 IoTAmazon Web Services
 
Aws Architecture Fundamentals
Aws Architecture FundamentalsAws Architecture Fundamentals
Aws Architecture Fundamentals2nd Watch
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAmazon Web Services
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...Amazon Web Services
 
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre... ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...Amazon Web Services
 
The Future of Enterprise IT
The Future of Enterprise IT The Future of Enterprise IT
The Future of Enterprise IT Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PAAmazon Web Services
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the CloudAmazon Web Services
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials DayAmazon Web Services
 
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceDEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Introduction to AWS Workshop Series
Introduction to AWS Workshop SeriesIntroduction to AWS Workshop Series
Introduction to AWS Workshop SeriesAmazon Web Services
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleTom Laszewski
 
SAP Modernization with AWS
SAP Modernization with AWSSAP Modernization with AWS
SAP Modernization with AWSAmazon Web Services
 
SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWSAmazon Web Services
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018Amazon Web Services
 
AWS re:Invent recap
AWS re:Invent recapAWS re:Invent recap
AWS re:Invent recapAmazon Web Services LATAM
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Building your Cloud Strategy
Building your Cloud StrategyBuilding your Cloud Strategy
Building your Cloud StrategyAmazon Web Services
 
20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCUMarcia Villalba
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBECristian Garcia G.
 

Weitere ähnliche Inhalte

Was ist angesagt?

AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAmazon Web Services
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...Amazon Web Services
 
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre... ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...Amazon Web Services
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesTom Laszewski
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the CloudAmazon Web Services
 
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceDEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceAmazon Web Services
 
Introduction to AWS Workshop Series
Introduction to AWS Workshop SeriesIntroduction to AWS Workshop Series
Introduction to AWS Workshop SeriesAmazon Web Services
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleTom Laszewski
 
SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWSAmazon Web Services
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneAmazon Web Services
 

Was ist angesagt? (20)

AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
 
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
DEM08 Use Cisco Cloud Connect to Securely Extend Private Network to AWS and M...
 
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre... ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
ENT307 Move your Desktops and Apps to AWS with Amazon WorkSpaces and AppStre...
 
The Future of Enterprise IT
The Future of Enterprise IT The Future of Enterprise IT
The Future of Enterprise IT
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PA
 
Security Innovations in the Cloud
Security Innovations in the CloudSecurity Innovations in the Cloud
Security Innovations in the Cloud
 
AWS Technical Essentials Day
AWS Technical Essentials DayAWS Technical Essentials Day
AWS Technical Essentials Day
 
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with DynatraceDEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
DEM09 [Repeat] Fearless: From Monolith to Serverless with Dynatrace
 
Introduction to AWS Workshop Series
Introduction to AWS Workshop SeriesIntroduction to AWS Workshop Series
Introduction to AWS Workshop Series
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the Possible
 
SAP Modernization with AWS
SAP Modernization with AWSSAP Modernization with AWS
SAP Modernization with AWS
 
SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018AWSome Day Madrid - March 2018
AWSome Day Madrid - March 2018
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018
 
AWS re:Invent recap
AWS re:Invent recapAWS re:Invent recap
AWS re:Invent recap
 
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing ZoneSimplify & Standardise Your Migration to AWS with a Migration Landing Zone
Simplify & Standardise Your Migration to AWS with a Migration Landing Zone
 
Building your Cloud Strategy
Building your Cloud StrategyBuilding your Cloud Strategy
Building your Cloud Strategy
 

Ähnlich wie Public Cloud Security Blueprint

20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCUMarcia Villalba
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBECristian Garcia G.
 
Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...
Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...
Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...Amazon Web Services
 
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipelineAmazon Web Services Japan
 
Partner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptxPartner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptxCloudera, Inc.
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAmazon Web Services
 
Best Practices for Using AWS Credits
Best Practices for Using AWS CreditsBest Practices for Using AWS Credits
Best Practices for Using AWS CreditsTechSoup
 
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitAmazon Web Services
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Amazon Web Services
 
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAmazon Web Services
 
IoT enable smoker for great BBQ
IoT enable smoker for great BBQIoT enable smoker for great BBQ
IoT enable smoker for great BBQJimmy Dahlqvist
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Quantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdf
Quantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdfQuantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdf
Quantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdfMiguelFernandoBarrio
 
Realise True Business Value .pdf
Realise True Business Value .pdfRealise True Business Value .pdf
Realise True Business Value .pdfThousandEyes
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesAmazon Web Services
 
Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?eG Innovations
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOpsLeon Stigter
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Samy Fodil
 

Ähnlich wie Public Cloud Security Blueprint (20)

20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCU
 
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBETENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
TENDENCIAS DE SEGURIDAD PARA AMBIENTES EN LA NUBE
 
Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...
Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...
Interactive Zero-Touch Enterprise Networks: Nuage SD-WAN on AWS (TLC310) - AW...
 
What Is Spring?
What Is Spring?What Is Spring?
What Is Spring?
 
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
20201111 AWS Black Belt Online Seminar AWS CodeStar & AWS CodePipeline
 
Partner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptxPartner Briefing_January 25 (FINAL).pptx
Partner Briefing_January 25 (FINAL).pptx
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
 
Best Practices for Using AWS Credits
Best Practices for Using AWS CreditsBest Practices for Using AWS Credits
Best Practices for Using AWS Credits
 
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City SummitPlanificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
Planificación de arquitecturas de red de AWS - MXO211 - Mexico City Summit
 
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
Enterprise Network Transformation Powered by OrangeX, with Nokia Nuage and AW...
 
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
 
IoT enable smoker for great BBQ
IoT enable smoker for great BBQIoT enable smoker for great BBQ
IoT enable smoker for great BBQ
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Quantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdf
Quantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdfQuantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdf
Quantum SD-WAN - High Level Customer PPT - 1-Mar-2023.pdf
 
Realise True Business Value .pdf
Realise True Business Value .pdfRealise True Business Value .pdf
Realise True Business Value .pdf
 
Deep Dive - Hybrid Architectures
Deep Dive - Hybrid ArchitecturesDeep Dive - Hybrid Architectures
Deep Dive - Hybrid Architectures
 
Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?Citrix Cloud Services - Are they right for you ?
Citrix Cloud Services - Are they right for you ?
 
Data Driven Decisions in DevOps
Data Driven Decisions in DevOpsData Driven Decisions in DevOps
Data Driven Decisions in DevOps
 
Check Point and Accenture Webinar
Check Point and Accenture Webinar Check Point and Accenture Webinar
Check Point and Accenture Webinar
 
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
Connectivity is here (5 g, swarm,...). now, let's build interplanetary apps! (1)
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei server
 

Public Cloud Security Blueprint

  • 1. ‹#›©2020 Check Point Software Technologies Ltd. ©2020 Check Point Software Technologies Ltd. 溫德鈞 | Check Point 資安顧問 PUBLIC CLOUD SECURITY BLUEPRINT
  • 2. ‹#›©2020 Check Point Software Technologies Ltd. • Security Blueprint Recap • Demo – can it be automated ? • What’s new • Isn’t it enough? • Summary Agenda
  • 3. ‹#›©2020 Check Point Software Technologies Ltd. PUBLIC CLOUD = SHARED RESPONSIBILITY Cloud Provider responsible for security OF the cloud Infrastructure Customer responsible for security IN the cloud of their data and application Customer Data Platform, Applications, IAM Operating System, Network and FW Configuration Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System / Data) Network Traffic Protection (Encryption, Integrity, Identity) Compute Storage Database Networking Cloud Global Infrastructure Regions Availability Zones Edge Locations
  • 4. ‹#›©2020 Check Point Software Technologies Ltd. Recap – Security Blue print 1.0
  • 5. ‹#›©2020 Check Point Software Technologies Ltd. AWS Direct Connect Southbound VPC CloudGuard Auto-Scaling Group Northbound VPC Corporate data center AWS Transit GW TGW VPC Attachment VPN Tunnel VPC Peering CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic Initial Construct AWS Transit Gateway
  • 6. ‹#›©2020 Check Point Software Technologies Ltd. Initial Construct github.com/rcove/TGW
  • 7. ‹#›©2020 Check Point Software Technologies Ltd. Initial Construct github.com/rcove/TGW
  • 8. ‹#›©2020 Check Point Software Technologies Ltd. Initial Construct AWS Direct Connect South VPC CloudGuard Auto-Scaling Group North VPC Corporate data center AWS Transit GW CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic
  • 9. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster
  • 10. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster WWW
  • 11. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster Amazon Simple Storage Service (S3) Bucket Bucket
  • 12. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster Partner VPC
  • 13. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster WWW Amazon Simple Storage Service (S3) Bucket Bucket Partner VPC
  • 14. ‹#›©2020 Check Point Software Technologies Ltd. What’s new – Geo Cluster
  • 15. ‹#›©2020 Check Point Software Technologies Ltd. Updated Construct AWS Direct Connect Outgoing HUB CloudGuard Auto-Scaling Group Inbound VPC Corporate data center AWS Transit GW CloudGuard Auto-Scaling Group Incoming Traffic Outgoing Traffic East-West VPC CloudGuard Geo-Cluster State Sync WWW Amazon Simple Storage Service (S3) Bucket Bucket WWW
  • 16. ‹#›©2020 Check Point Software Technologies Ltd. Is that enough? South Hub Spoke 1 Spoke 3 Spoke N… North Hub IaaS IaaS Spoke 2 Services Storage Cloud Account Messaging Queue Serverless Keys
  • 17. ‹#›©2020 Check Point Software Technologies Ltd. Cloud Security Blueprint
  • 18. ‹#›©2020 Check Point Software Technologies Ltd. Internet E-MailSIEMITSMAuto- remediation IP Threat Hunting Geo-Location DB Cloud Provider Account South Hub Spoke 1 Spoke 3 Spoke N… North Hub IaaS IaaS Spoke 2
  • 19. ‹#›©2020 Check Point Software Technologies Ltd. Summary • Moving to cloud has risks! • Securing the cloud is possible – use Check Point knowledge and experience • Make security the Cloud Enabler
  • 20. ‹#›©2020 Check Point Software Technologies Ltd. ©2020 Check Point Software Technologies Ltd. 溫德鈞 | Check Point 資安顧問 PUBLIC CLOUD SECURITY BLUEPRINT