SlideShare ist ein Scribd-Unternehmen logo

(SEC312) Reliable Design & Deployment of Security & Compliance

Amazon Web Services
Amazon Web Services

"No matter how you use AWS resources, you can design your AWS account to deliver a reliably secure and controlled environment. This session will focus on ""Secure by Design"" principles and show how you can configure the AWS environment to provide the reliable operation of security controls, such as: Organizational governance Asset inventory and control Logical access controls Operating system configuration Database security Applications security configurations This session will focus on using AWS security features to architect securing and auditing the architecture capabilities of AWS cloud services such as AWS Identity and Access Management (IAM), Amazon Elastic Compute Cloud (EC2), Amazon Elastic Block Storage (EBS), Amazon S3, Amazon Virtual Private Cloud (VPC), Amazon Machine Images (AMIs), and AWS CloudFormation templates. The session will include demonstrations with the governance perspective in mind and discuss how AWS technology can be used to create a secure and auditable environment."

Technologie
1 von 31
Downloaden Sie, um offline zu lesen
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chad Woolf, AWS Director of Risk and Compliance Tim Sandage, AWS Senior Risk and Compliance Strategist October 2015 SEC312 Reliable Design and Deployment of Security and Compliance
What to expect from this session • Technical session for audit/governance users • “Security by Design” approach: consuming AWS securely • Live demo of these concepts • Key resources for achieving this in your own AWS account
When, not a matter of if Regulated, audited, and sensitive data will be better fit to be stored and processed in the cloud.
The AWS cloud allows for advanced governance Manual auditing in a simple world Governance in a complex world Thick procedure manuals Software-enforced processes Periodic surveys Alarming/triggering Few truly automated controls Ubiquitous, software-driven, predictable controls Sample testing, hoping Full population monitoring, test of 1
Evolution of compliance at AWS AWS certifications Customer enabler docs Customer case studies Security by Design tech (SbD) AWS CloudTrailAWS CloudHSM AWS IAM AWS KMS AWS Config
Quality by Design - QbD “Quality by Design (QbD) is a modern, scientific approach that formalizes product design, automates manual testing, and streamlines troubleshooting. It is a systematic approach to ensure quality; instead of relying on finished product testing alone, QbD provides insights upstream throughout the development process.” - DPT Labs, “What Is Quality by Design (QbD)—And Why Should You Care?” http://www.dptlabs.com/wp-content/uploads/2013/05/What-is-Quality-by-Design-QbD-and-Why-Should-You-Care.pdf
Security by Design – SbD Security by Design (SbD) is a modern, security assurance approach that formalizes AWS account design, automates security controls, and streamlines auditing. It is a systematic approach to ensure security; instead of relying on after-the-fact auditing, SbD provides control insights throughout the IT management process. CloudTrail CloudHSM IAM KMS Config
Impact of Security by Design SbD – Scripting your governance policy Result: Reliable technical implementation of administrative controls
Elements of a secure architecture 1. Create a golden environment 2. Enforce AWS Service Catalog 3. Create permissions to use AWS services
What you do in any IT environment • Firewall rules • Network ACLs • Network time pointers • Internal and external subnets • NAT rules • Gold OS images • Encryption algorithms for data in transit and at rest Golden code: Security translation to AWS AWS JSON translation Gold image, NTP, and NAT Network ACLs, subnets, firewall rules
Create a golden environment • Create a gold OS image • Configure use of AWS services, for example: 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Amazon S3 Amazon EBS Amazon Redshift • Force SSE • Turn on logging • Specify retention • Set Amazon Glacier archiving • Prevent external access • Specify overriding permissions • Set event notifications • Define volume type • Volume size limits • IOPS performance (input/output) • Data location – regions • Snapshot (backup) ID • Encryption requirements • Cluster type (single or multi) • Encryption (KMS or HSM) • VPC location • External access (yes/no) • Security groups applied • Create SNS topic • Enforce Amazon CloudWatch alarms
Demo: Configuring S3 in the GUI Logging { "LoggingEnabled": { "TargetPrefix": "logs/", "TargetBucket": "audit-aws-cloudtrail-s3" } Lifecycle { "Rules": [ { "Status": "Enabled", "Prefix": "", "Transition": { "Days": 180, "StorageClass": "GLACIER" }, "ID": "Rule for the Entire Bucket Console/web view Command-line view
Create a golden environment 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Creates an S3 bucket for CloudTrail Creates SNS topic SNS CloudTrail and S3 template Turns on S3 logging for CloudTrail logs Sets SNS notification Sets security for CloudTrail S3 bucket
Create a golden environment – Help! • Whitepapers – Security best practices • AWS Solutions Architects, AWS Professional Services • AWS Partners • AWS GoldBase – Tactical enablers
Enforce AWS Service Catalog • Allows administrators to create and manage approved catalogs of resources (products) that end users can access via a personalized portal. • An AWS Service Catalog product is a deployable AWS CloudFormation template. 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Provisioning Team creates and manages Service Catalog Products built from CloudFormation Templates
Demo: AWS Service Catalog Demo will include: CloudFormation templates enforcement • Portfolios • Products • Permissions (IAM) • Create/deploy • User launch • Constraints • Tags
Create permissions to use AWS AWS Service Catalog • Gives workload owners permissions to deploy templates and nothing more 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Main.json CloudFormation Template Additional CloudFormation Templates AWS Service Catalog constraints specify IAM role used only for template deployment Workload owner with limited IAM permissions
Demo: IAM permission Read Write List Bob    Doug    Jim   Sara  Read Write List Bob    Larry  Sam   Network resource Server resources AWS Service Catalog permissions Who has access to a particular resource? Demo: IAM overview • Users, groups, and roles • User settings • Default IAM policies • Custom IAM policies • Account settings • Roles versus users
Impact of Security by Design SbD – Scripting your governance policy Result: Reliable technical implementation of administrative controls
Closing the loop: AWS Config Rules • AWS Config Rules: a sweeping check of whether your security design is deployed in existing environments • Accurate, complete audit
AWS Config Rules How Config Rules can be used to audit any environment Config Rule Config results
AWS Config Rules session SEC314 – AWS Config: Full Visibility and Improved Governance of Your AWS Resources Thursday, October 8, 5:30–6:30 PM – Palazzo K
AWS Inspector: Audit perspective • Inspector: In-host assistance • Session: • SEC324 – Introducing Amazon Inspector – Security Insight into Your Application Deployments (5:30 P.M. tomorrow)
SbD: The Next Big Thing in IT GRC AWS provides Governance, Risk, and Compliance (GRC) teams: 1. The right SbD tech – AWS 2. SbD whitepaper 3. AWS GoldBase 1. Security controls implementation matrix 2. Architecture diagrams 3. CloudFormation templates – Industry compliance templates for PCI, NIST 800-53, HIPAA, FFIEC, and CJIS 4. User guides and deployment instructions 4. AWS Config Rules – Auditing 5. AWS Inspector – Advanced in-host security and audit 6. Training CloudTrail CloudHSM IAM KMS Config
Getting started aws.amazon.com/compliance/securitybydesign • SbD whitepaper – To wrap your head around this topic • AWS GoldBase whitepaper –Explore the resources and templates • Auditing Your Architecture self-training QuickLab ($27) • Auditing Your Architecture – 6hrs, 3 labs, instructor led (AWS or Partner provided) • email: awsaudittraining@amazon.com
Related sessions • SEC 302 – IAM Best Practices to Live By (1:30 P.M. today – see the replay on YouTube) • SEC 324 – Introducing Amazon Inspector – Security Insight into Your Application Deployments (5:30 P.M. tomorrow) • SEC305 – Become an AWS IAM Policy Ninja in 60 Minutes or Less (11:00 A.M. tomorrow) • SEC314 – AWS Config: Full Visibility and Improved Governance of Your AWS Resources (5:30 P.M. tomorrow)
Remember to complete your evaluations!
Thank you! awscompliance@amazon.com

Empfohlen

AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAmazon Web Services
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceAmazon Web Services
 
(DVO303) Scaling Infrastructure Operations with AWS
(DVO303) Scaling Infrastructure Operations with AWS(DVO303) Scaling Infrastructure Operations with AWS
(DVO303) Scaling Infrastructure Operations with AWSAmazon Web Services
 
AWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWSAWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWSAmazon Web Services
 
(SEC308) Wrangling Security Events In The Cloud
(SEC308) Wrangling Security Events In The Cloud(SEC308) Wrangling Security Events In The Cloud
(SEC308) Wrangling Security Events In The CloudAmazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte Scale(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte ScaleAmazon Web Services
 
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Amazon Web Services
 

Empfohlen

AWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAWS APAC Webinar Week - Understanding AWS Storage Options
AWS APAC Webinar Week - Understanding AWS Storage OptionsAmazon Web Services
 
Security and Compliance
Security and ComplianceSecurity and Compliance
Security and ComplianceAmazon Web Services
 
(DVO303) Scaling Infrastructure Operations with AWS
(DVO303) Scaling Infrastructure Operations with AWS(DVO303) Scaling Infrastructure Operations with AWS
(DVO303) Scaling Infrastructure Operations with AWSAmazon Web Services
 
AWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWSAWS APAC Webinar Week - Securing Your Business on AWS
AWS APAC Webinar Week - Securing Your Business on AWSAmazon Web Services
 
(SEC308) Wrangling Security Events In The Cloud
(SEC308) Wrangling Security Events In The Cloud(SEC308) Wrangling Security Events In The Cloud
(SEC308) Wrangling Security Events In The CloudAmazon Web Services
 
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...
AWS re:Invent 2016: Scaling Security Resources for Your First 10 Million Cust...Amazon Web Services
 
(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte Scale(SEC313) Security & Compliance at the Petabyte Scale
(SEC313) Security & Compliance at the Petabyte ScaleAmazon Web Services
 
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...
Overview of IoT Infrastructure and Connectivity at AWS & Getting Started with...Amazon Web Services
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended PracticesAmazon Web Services
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Masting Access Control Policies
Masting Access Control PoliciesMasting Access Control Policies
Masting Access Control PoliciesAmazon Web Services
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
 
Sec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleSec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleAmazon Web Services
 
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response SimulationsAmazon Web Services
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance SummitAmazon Web Services
 
Log Analytics with Amazon Elasticsearch Service - September Webinar Series
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesLog Analytics with Amazon Elasticsearch Service - September Webinar Series
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesAmazon Web Services
 
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...Amazon Web Services
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsAmazon Web Services
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWSAmazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - TorontoAmazon Web Services
 
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)Amazon Web Services
 
Get Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSGet Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSAmazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Stream Processing in SmartNews #jawsdays
Stream Processing in SmartNews #jawsdaysStream Processing in SmartNews #jawsdays
Stream Processing in SmartNews #jawsdaysSmartNews, Inc.
 
Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryDBmaestro - Database DevOps
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014Amazon Web Services
 
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response SimulationsAmazon Web Services
 
Log Analytics with Amazon Elasticsearch Service - September Webinar Series
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesLog Analytics with Amazon Elasticsearch Service - September Webinar Series
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesAmazon Web Services
 
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...Amazon Web Services
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsAmazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - TorontoAmazon Web Services
 
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...Amazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)Amazon Web Services
 
Get Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSGet Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSAmazon Web Services
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - TorontoAmazon Web Services
 
Stream Processing in SmartNews #jawsdays
Stream Processing in SmartNews #jawsdaysStream Processing in SmartNews #jawsdays
Stream Processing in SmartNews #jawsdaysSmartNews, Inc.
 

Was ist angesagt? (20)

IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended Practices
 
Masting Access Control Policies
Masting Access Control PoliciesMasting Access Control Policies
Masting Access Control Policies
 
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
(SEC405) Enterprise Cloud Security via DevSecOps | AWS re:Invent 2014
 
Sec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) ScaleSec301 Security @ (Cloud) Scale
Sec301 Security @ (Cloud) Scale
 
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
(SEC316) Harden Your Architecture w/ Security Incident Response Simulations
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit
 
Log Analytics with Amazon Elasticsearch Service - September Webinar Series
Log Analytics with Amazon Elasticsearch Service - September Webinar SeriesLog Analytics with Amazon Elasticsearch Service - September Webinar Series
Log Analytics with Amazon Elasticsearch Service - September Webinar Series
 
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
AWS March 2016 Webinar Series - Best Practices for Managing Security Operatio...
 
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS OrganizationsSEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
SEC302 Becoming an AWS Policy Ninja using AWS IAM and AWS Organizations
 
Crypto Options in AWS
Crypto Options in AWSCrypto Options in AWS
Crypto Options in AWS
 
Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto Getting Started with Windows Workloads on Amazon EC2 - Toronto
Getting Started with Windows Workloads on Amazon EC2 - Toronto
 
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
ENT305 Migrating Your Databases to AWS: Deep Dive on Amazon Relational Databa...
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
 
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
AWS re:Invent 2016: IoT Visualizations and Analytics (IOT306)
 
Get Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWSGet Started and Migrate Your Data to AWS
Get Started and Migrate Your Data to AWS
 
Protecting your data in aws - Toronto
Protecting your data in aws - TorontoProtecting your data in aws - Toronto
Protecting your data in aws - Toronto
 
Stream Processing in SmartNews #jawsdays
Stream Processing in SmartNews #jawsdaysStream Processing in SmartNews #jawsdays
Stream Processing in SmartNews #jawsdays
 

Andere mochten auch

Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryDBmaestro - Database DevOps
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...Amazon Web Services
 
Spark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni SchieferSpark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni SchieferSpark Summit
 
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Amazon Web Services
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveAmazon Web Services
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure IntegrationAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsAmazon Web Services
 
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAmazon Web Services
 
The Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivThe Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivAmazon Web Services
 
AWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAmazon Web Services
 
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPCAmazon Web Services
 
(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++Amazon Web Services
 
Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Amazon Web Services
 
Workshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs ZombiesWorkshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs ZombiesAmazon Web Services
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAmazon Web Services
 

Andere mochten auch (20)

Challenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous DeliveryChallenges and Best Practices of Database Continuous Delivery
Challenges and Best Practices of Database Continuous Delivery
 
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
(SEC311) Architecting for End-to-End Security in the Enterprise | AWS re:Inve...
 
Spark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni SchieferSpark Summit EU talk by Berni Schiefer
Spark Summit EU talk by Berni Schiefer
 
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
Get the Most Out of Amazon EC2: A Deep Dive on Reserved, On-Demand, and Spot ...
 
Data Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and ArchiveData Storage for the Long Haul: Compliance and Archive
Data Storage for the Long Haul: Compliance and Archive
 
Hybrid Infrastructure Integration
Hybrid Infrastructure IntegrationHybrid Infrastructure Integration
Hybrid Infrastructure Integration
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
 
Agile BI - Pop-up Loft Tel Aviv
Agile BI - Pop-up Loft Tel AvivAgile BI - Pop-up Loft Tel Aviv
Agile BI - Pop-up Loft Tel Aviv
 
Scaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services PatternsScaling by Design: AWS Web Services Patterns
Scaling by Design: AWS Web Services Patterns
 
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless ArchitecturesAWS March 2016 Webinar Series Getting Started with Serverless Architectures
AWS March 2016 Webinar Series Getting Started with Serverless Architectures
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 
The Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel AvivThe Pace of Innovation - Pop-up Loft Tel Aviv
The Pace of Innovation - Pop-up Loft Tel Aviv
 
AWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & DemoAWS Mobile Services & SDK Introduction & Demo
AWS Mobile Services & SDK Introduction & Demo
 
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
(NET307) Pinterest: The road from EC2-Classic To EC2-VPC
 
(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++(DEV204) Building High-Performance Native Cloud Apps In C++
(DEV204) Building High-Performance Native Cloud Apps In C++
 
Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301Compute Without Servers – Building Applications with AWS Lambda - Technical 301
Compute Without Servers – Building Applications with AWS Lambda - Technical 301
 
Workshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs ZombiesWorkshop: AWS Lamda Signal Corps vs Zombies
Workshop: AWS Lamda Signal Corps vs Zombies
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended Practices
 
Ansible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel AvivAnsible on aws - Pop-up Loft Tel Aviv
Ansible on aws - Pop-up Loft Tel Aviv
 
My First Big Data Application
My First Big Data ApplicationMy First Big Data Application
My First Big Data Application
 

Ähnlich wie (SEC312) Reliable Design & Deployment of Security & Compliance

Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Adrian Hornsby
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the CloudAmazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAmazon Web Services
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...Amazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...Amazon Web Services Korea
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the CloudAdrian Hornsby
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAmazon Web Services
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudAmazon Web Services
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security Amazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...Amazon Web Services
 
AWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certifiedAWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certifiedInfosec
 

Ähnlich wie (SEC312) Reliable Design & Deployment of Security & Compliance (20)

Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 
Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)Being Well Architected in the Cloud (Updated)
Being Well Architected in the Cloud (Updated)
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the Cloud
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security OverviewAWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
AWS Canberra WWPS Summit 2013 - AWS Governance and Security Overview
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 
AWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS SecurityAWS Summit Sydney 2014 | Understanding AWS Security
AWS Summit Sydney 2014 | Understanding AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
선도 금융사들의 aws security 활용 방안 소개 :: Eugene Yu :: AWS Finance...
 
Being Well Architected in the Cloud
Being Well Architected in the CloudBeing Well Architected in the Cloud
Being Well Architected in the Cloud
 
AWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for DevelopersAWS Summit Auckland - Introducing Well-Architected for Developers
AWS Summit Auckland - Introducing Well-Architected for Developers
 
re:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloudre:Invent recap session 2: Being well Architected in the cloud
re:Invent recap session 2: Being well Architected in the cloud
 
AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security AWS Summit Auckland 2014 | Understanding AWS Security
AWS Summit Auckland 2014 | Understanding AWS Security
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
AWS Public Sector Symposium 2014 Canberra | Compliance and Governance on the ...
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
AWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certifiedAWS Certified Security - Specialty: What it is and how to get certified
AWS Certified Security - Specialty: What it is and how to get certified
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 

Kürzlich hochgeladen (20)

My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 

(SEC312) Reliable Design & Deployment of Security & Compliance

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Chad Woolf, AWS Director of Risk and Compliance Tim Sandage, AWS Senior Risk and Compliance Strategist October 2015 SEC312 Reliable Design and Deployment of Security and Compliance
  • 2. What to expect from this session • Technical session for audit/governance users • “Security by Design” approach: consuming AWS securely • Live demo of these concepts • Key resources for achieving this in your own AWS account
  • 3. When, not a matter of if Regulated, audited, and sensitive data will be better fit to be stored and processed in the cloud.
  • 4. The AWS cloud allows for advanced governance Manual auditing in a simple world Governance in a complex world Thick procedure manuals Software-enforced processes Periodic surveys Alarming/triggering Few truly automated controls Ubiquitous, software-driven, predictable controls Sample testing, hoping Full population monitoring, test of 1
  • 5.
  • 6.
  • 7.
  • 8. Evolution of compliance at AWS AWS certifications Customer enabler docs Customer case studies Security by Design tech (SbD) AWS CloudTrailAWS CloudHSM AWS IAM AWS KMS AWS Config
  • 9. Quality by Design - QbD “Quality by Design (QbD) is a modern, scientific approach that formalizes product design, automates manual testing, and streamlines troubleshooting. It is a systematic approach to ensure quality; instead of relying on finished product testing alone, QbD provides insights upstream throughout the development process.” - DPT Labs, “What Is Quality by Design (QbD)—And Why Should You Care?” http://www.dptlabs.com/wp-content/uploads/2013/05/What-is-Quality-by-Design-QbD-and-Why-Should-You-Care.pdf
  • 10. Security by Design – SbD Security by Design (SbD) is a modern, security assurance approach that formalizes AWS account design, automates security controls, and streamlines auditing. It is a systematic approach to ensure security; instead of relying on after-the-fact auditing, SbD provides control insights throughout the IT management process. CloudTrail CloudHSM IAM KMS Config
  • 11. Impact of Security by Design SbD – Scripting your governance policy Result: Reliable technical implementation of administrative controls
  • 12. Elements of a secure architecture 1. Create a golden environment 2. Enforce AWS Service Catalog 3. Create permissions to use AWS services
  • 13. What you do in any IT environment • Firewall rules • Network ACLs • Network time pointers • Internal and external subnets • NAT rules • Gold OS images • Encryption algorithms for data in transit and at rest Golden code: Security translation to AWS AWS JSON translation Gold image, NTP, and NAT Network ACLs, subnets, firewall rules
  • 14. Create a golden environment • Create a gold OS image • Configure use of AWS services, for example: 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Amazon S3 Amazon EBS Amazon Redshift • Force SSE • Turn on logging • Specify retention • Set Amazon Glacier archiving • Prevent external access • Specify overriding permissions • Set event notifications • Define volume type • Volume size limits • IOPS performance (input/output) • Data location – regions • Snapshot (backup) ID • Encryption requirements • Cluster type (single or multi) • Encryption (KMS or HSM) • VPC location • External access (yes/no) • Security groups applied • Create SNS topic • Enforce Amazon CloudWatch alarms
  • 15. Demo: Configuring S3 in the GUI Logging { "LoggingEnabled": { "TargetPrefix": "logs/", "TargetBucket": "audit-aws-cloudtrail-s3" } Lifecycle { "Rules": [ { "Status": "Enabled", "Prefix": "", "Transition": { "Days": 180, "StorageClass": "GLACIER" }, "ID": "Rule for the Entire Bucket Console/web view Command-line view
  • 16. Create a golden environment 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Creates an S3 bucket for CloudTrail Creates SNS topic SNS CloudTrail and S3 template Turns on S3 logging for CloudTrail logs Sets SNS notification Sets security for CloudTrail S3 bucket
  • 17. Create a golden environment – Help! • Whitepapers – Security best practices • AWS Solutions Architects, AWS Professional Services • AWS Partners • AWS GoldBase – Tactical enablers
  • 18. Enforce AWS Service Catalog • Allows administrators to create and manage approved catalogs of resources (products) that end users can access via a personalized portal. • An AWS Service Catalog product is a deployable AWS CloudFormation template. 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Provisioning Team creates and manages Service Catalog Products built from CloudFormation Templates
  • 19. Demo: AWS Service Catalog Demo will include: CloudFormation templates enforcement • Portfolios • Products • Permissions (IAM) • Create/deploy • User launch • Constraints • Tags
  • 20. Create permissions to use AWS AWS Service Catalog • Gives workload owners permissions to deploy templates and nothing more 1. Create a golden environment 2. Enforce Service Catalog 3. Create permissions to use AWS services Main.json CloudFormation Template Additional CloudFormation Templates AWS Service Catalog constraints specify IAM role used only for template deployment Workload owner with limited IAM permissions
  • 21. Demo: IAM permission Read Write List Bob    Doug    Jim   Sara  Read Write List Bob    Larry  Sam   Network resource Server resources AWS Service Catalog permissions Who has access to a particular resource? Demo: IAM overview • Users, groups, and roles • User settings • Default IAM policies • Custom IAM policies • Account settings • Roles versus users
  • 22. Impact of Security by Design SbD – Scripting your governance policy Result: Reliable technical implementation of administrative controls
  • 23. Closing the loop: AWS Config Rules • AWS Config Rules: a sweeping check of whether your security design is deployed in existing environments • Accurate, complete audit
  • 24. AWS Config Rules How Config Rules can be used to audit any environment Config Rule Config results
  • 25. AWS Config Rules session SEC314 – AWS Config: Full Visibility and Improved Governance of Your AWS Resources Thursday, October 8, 5:30–6:30 PM – Palazzo K
  • 26. AWS Inspector: Audit perspective • Inspector: In-host assistance • Session: • SEC324 – Introducing Amazon Inspector – Security Insight into Your Application Deployments (5:30 P.M. tomorrow)
  • 27. SbD: The Next Big Thing in IT GRC AWS provides Governance, Risk, and Compliance (GRC) teams: 1. The right SbD tech – AWS 2. SbD whitepaper 3. AWS GoldBase 1. Security controls implementation matrix 2. Architecture diagrams 3. CloudFormation templates – Industry compliance templates for PCI, NIST 800-53, HIPAA, FFIEC, and CJIS 4. User guides and deployment instructions 4. AWS Config Rules – Auditing 5. AWS Inspector – Advanced in-host security and audit 6. Training CloudTrail CloudHSM IAM KMS Config
  • 28. Getting started aws.amazon.com/compliance/securitybydesign • SbD whitepaper – To wrap your head around this topic • AWS GoldBase whitepaper –Explore the resources and templates • Auditing Your Architecture self-training QuickLab ($27) • Auditing Your Architecture – 6hrs, 3 labs, instructor led (AWS or Partner provided) • email: awsaudittraining@amazon.com
  • 29. Related sessions • SEC 302 – IAM Best Practices to Live By (1:30 P.M. today – see the replay on YouTube) • SEC 324 – Introducing Amazon Inspector – Security Insight into Your Application Deployments (5:30 P.M. tomorrow) • SEC305 – Become an AWS IAM Policy Ninja in 60 Minutes or Less (11:00 A.M. tomorrow) • SEC314 – AWS Config: Full Visibility and Improved Governance of Your AWS Resources (5:30 P.M. tomorrow)