SlideShare ist ein Scribd-Unternehmen logo

Security & Compliance in the Cloud

Amazon Web Services
Amazon Web Services

Cloud security at AWS is the highest priority. As an AWS customer, you will benefit from a data center and network architecture built to meet the requirements of the most security-sensitive organizations. In this session you'll learn how to keep your data safe and meet compliance requirements, being able to scale quickly and save money.

1 von 36
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jarkko Hirvonen Manager, Solutions Architecture, AWS Nordics Petri Kallberg Cloud Solution Architect, Sanoma Group Security & Compliance in the Cloud
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Content • AWS Shared Responsibility Model • AWS Security Solutions • Identity & Access Management • Detective Controls • Infrastructure Security • Data Protection • Incident Response • Customer – Sanoma Group
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Every AWS Cloud journey is unique.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migrating or extending existing infrastructure and applications. Building customer facing cloud-native applications. Going all-in on cloud solutions across the organization. Using the scale of the AWS Cloud to solve new challenges. Deploying cloud-based business solutions. Managing governance at scale.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shared Responsibility Model
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security is a Shared Responsibility AWS foundation services Compute Storage Database Networking AWS Global Infrastructure Regions Availability zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, Identity and Access Management Operating system, network, and firewall configuration Customer content AWS is responsible for the security OF the Cloud Customers are responsible for their security and compliance IN the Cloud
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure Services Customer Content Platform and application management Operating system, network, and firewall configuration Client-side data encryption and data integrity authentication Network traffic protection encryption/ integrity/identity Server-side encryption file system and/or data Optional – Opaque data: 0’s and 1’s (in transit/at rest) CustomerIAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability ZonesRegions AWS Global Infrastructure Foundation services Managed by customers Managed by AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Container Services Customer Content Client-side data encryption and data integrity authentication Network traffic protection encryption/integrity/identity Optional—opaque data: 0’s and 1’s (in transit/at rest) Customer IAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by AWS Platform and application management Firewall configuration Operating system and network configuration
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Abstracted Services Customer Content Client-side data encryption and data integrity authentication AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by AWS Optional—opaque data: 0’s and 1’s (in transit/at rest) Data protection provided by the platform for data at rest Network traffic protection provided by the platform protection of data in transit Platform and application management Operating system, network, and firewall configuration
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Solutions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations Amazon Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (AWS WAF) Amazon Inspector Amazon VPC AWS KMS AWS CloudHSM Amazon Macie ACM Server-Side Encryption AWS Config Rules AWS Lambda Identity Detective controls Infrastructure security Incident response Data protection AWS Security Solutions
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity & Access Management
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity and Access Management (IAM) Fine-grained access management for AWS resources AWS Organizations Policy-based management for multiple AWS accounts Amazon Cognito Add user sign-up, sign-in, and access control to your web and mobile apps AWS Directory Service Managed Microsoft Active Directory in the AWS Cloud AWS Single Sign-On Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications Define, enforce, and audit user permissions across AWS services, actions, and resources Identity & access management
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Detective Controls
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudTrail Track user activity and API usage. Enable governance, compliance, and operational/risk auditing of your AWS account AWS Config Record configurations of your AWS resources. Enable compliance auditing, security analysis, resource change tracking, and troubleshooting Amazon CloudWatch Monitor AWS Cloud resources and your applications on AWS to collect metrics, monitor log files, set alarms, and automatically react to changes Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads VPC Flow Logs Capture information about the IP traffic going to and from network interfaces in your VPC. Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure Security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Systems Manager Easily configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems AWS Shield Managed DDoS protection service that safeguards web applications running on AWS AWS Web Application Firewall (AWS WAF) Protects your web applications from common web exploits ensuring availability and security Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon VPC Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Protection
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS KMS Easily create and control the keys used to encrypt your data AWS CloudHSM Managed hardware security module (HSM) on the AWS Cloud Amazon Macie Machine learning-powered security service to discover, classify, and protect sensitive data AWS Certificate Manager (ACM) Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services Server-Side Encryption Flexible data encryption options using AWS service-managed keys, AWS managed keys via AWS KMS, or customer-managed keys In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Incident Response
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Config Rules Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state AWS Lambda Use our serverless compute service to run code without provisioning or managing servers so you can scale your programmed, automated response to incidents During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides tools to automate aspects of this best practice. Incident response
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudWatch Events Amazon CloudWatch CloudWatch Event Lambda Lambda Function AWS Lambda GuardDuty Amazon GuardDuty Automated Threat Remediation Automate with Integrated Services
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer – Sanoma Group
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sanoma Group • Newspapers • Magazines • TV and radio • Events • is.fi +600M montly pageviews Operations in Finland, Netherlands, Belgium, Poland and Sweden Sanoma Media Finland • Magazines • Events • E-commerce sites • Apps • nu.nl +800M monthly pageviews Net sales 1.4 billion euros Sanoma Media BeNe • Print, digital and hybrid • Primary, secondary and vocational education +4400 Employees Sanoma Learning
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our History with AWS • Production services in AWS since 2012 • Usual challenges and motivations of media company • Spiky workloads • OPEX vs. CAPEX • Stressful deployments • We are doing the 3rd iteration of organizing our AWS assets
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Iterations of AWS Management Gen1 - ”VMs as Code” Gen2 - ”Infrastructure as Code”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenges of Shared Accounts • Use tags for cost allocation. • IAM polices separate teams and define roles within team. • Teams depend on IT when IAM doesn’t support resource based policies. Shared Accounts
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: More Accounts • Single payer for all costs. • IAM policies define roles within team, but teams are separated by accounts. • Omnipotent teams don’t depend on central IT. Single Owner Accounts Gen3 - ”Accounts as Code” +100
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations AWS -version Corporate -version
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations - Local Control, Global View • Automating account creation process • Standard IAM Roles, Cloudtrail, Network infrastructure • Global view using IAM roles from ”master” –account • Limit local control with Service Control Policies • Deny Cloudtrail changes • Select AWS regions • Deny Reserved capacity purchase
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Securing Account Root -user • Securing the root user on new account • Setup Root password (and throw it away) • Attach phone# for your account • Setup Root Virtual MFA (and stored it) • Simply not setting Root password doesn’t mean someone with access to registration email can not reset it. That’s why you must always enable Root MFA.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Whats Next • Continue work on global view. • Sanoma CCoE to help and verify teams do the right thing. • Watch re:Invent 2017 (SID331) ”Architecting Security and Governance Across a Multi-Account Strategy”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & Compliance in the Cloud
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Recommended Next Sessions • 15:00 Let’s Start! - Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options • 15:45 Cloud Operations - Enabling Governance Compliance and Operational and Risk Auditing with AWS Management Tools • 15:45 Move IT! - Navigating GDPR Compliance on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank You!

Empfohlen

The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Amazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
Amazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Boaz Ziniman
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 

Empfohlen

The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Module 3: Security, Architecting Best Practices, Pricing, Partner Solutions, ...
Amazon Web Services
 
Deep Dive - AWS Security by Design
Deep Dive - AWS Security by DesignDeep Dive - AWS Security by Design
Deep Dive - AWS Security by Design
Amazon Web Services
 
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Data Security in the Cloud - Matt Taylor - AWS TechShift ANZ 2018
Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
 
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Starting your Cloud Transformation Journey - Tel Aviv Summit 2018
Boaz Ziniman
 
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing ZonesBuilding a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Building a Hybrid Cloud Architecture Utilizing AWS Landing Zones
Tom Laszewski
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services
 
Castilleja School Automates Data Protection and Shortens RTOs
Castilleja School Automates Data Protection and Shortens RTOs Castilleja School Automates Data Protection and Shortens RTOs
Castilleja School Automates Data Protection and Shortens RTOs
Amazon Web Services
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
Amazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
Amazon Web Services
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
Amazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
Amazon Web Services
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Riyadh User Group
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
Amazon Web Services LATAM
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the Possible
Tom Laszewski
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
Amazon Web Services
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Amazon Web Services
 
Come costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWSCome costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWS
Amazon Web Services
 
Best Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSBest Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWS
Amazon Web Services
 
An Amazonian Approach To Enterprise Transformation
An Amazonian Approach To Enterprise TransformationAn Amazonian Approach To Enterprise Transformation
An Amazonian Approach To Enterprise Transformation
Amazon Web Services
 
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Tom Laszewski
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
Alert Logic
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
Amazon Web Services
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
Amazon Web Services
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the Possible
Tom Laszewski
 

Was ist angesagt? (20)

AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Castilleja School Automates Data Protection and Shortens RTOs
Castilleja School Automates Data Protection and Shortens RTOs Castilleja School Automates Data Protection and Shortens RTOs
Castilleja School Automates Data Protection and Shortens RTOs
 
Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018Module 1 - AWSome Day Online Conference 2018
Module 1 - AWSome Day Online Conference 2018
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
 
AWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applicationsAWSome Day Online 2020_Module 4: Secure your cloud applications
AWSome Day Online 2020_Module 4: Secure your cloud applications
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Landing Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS MigrationsLanding Zones - Creating a Foundation for Your AWS Migrations
Landing Zones - Creating a Foundation for Your AWS Migrations
 
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_SingaporeAWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
AWS Accounts@Scale Using AWS Landing Zone_AWSPSSummit_Singapore
 
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in awsAWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
AWS Technical Day Riyadh Nov 2019 - Scaling threat detection and response in aws
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Hybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the PossibleHybrid Cloud on AWS - Introduction and Art of the Possible
Hybrid Cloud on AWS - Introduction and Art of the Possible
 
Costruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWSCostruire Architetture Ibride con AWS
Costruire Architetture Ibride con AWS
 
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
Using AWS to Ingest, Store, Archive, Share and carry out Analysis of Video Co...
 
Come costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWSCome costruire apllicazioni "12-factor microservices" in AWS
Come costruire apllicazioni "12-factor microservices" in AWS
 
Best Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWSBest Practices for Encrypting Data on AWS
Best Practices for Encrypting Data on AWS
 
An Amazonian Approach To Enterprise Transformation
An Amazonian Approach To Enterprise TransformationAn Amazonian Approach To Enterprise Transformation
An Amazonian Approach To Enterprise Transformation
 
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
Hybrid Cloud on AWS : Provisioning, Operations, Management, and Monitoring
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 

Ähnlich wie Security & Compliance in the Cloud

Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 

Ähnlich wie Security & Compliance in the Cloud (20)

The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
Build a Hybrid Cloud Architecture Using AWS Landing Zones (ENT304-R1) - AWS r...
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
Crash Course in Security Best Practices, AWS Startup Day Cape Town 2018
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
AWS Security By Design
AWS Security By DesignAWS Security By Design
AWS Security By Design
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS SummitThreat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
Threat detection and mitigation at AWS - SEC301 - Santa Clara AWS Summit
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models AWS Systems Manage: Bridging Operational Models
AWS Systems Manage: Bridging Operational Models
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Security & Compliance in the Cloud

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Jarkko Hirvonen Manager, Solutions Architecture, AWS Nordics Petri Kallberg Cloud Solution Architect, Sanoma Group Security & Compliance in the Cloud
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Session Content • AWS Shared Responsibility Model • AWS Security Solutions • Identity & Access Management • Detective Controls • Infrastructure Security • Data Protection • Incident Response • Customer – Sanoma Group
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Every AWS Cloud journey is unique.
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migrating or extending existing infrastructure and applications. Building customer facing cloud-native applications. Going all-in on cloud solutions across the organization. Using the scale of the AWS Cloud to solve new challenges. Deploying cloud-based business solutions. Managing governance at scale.
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Shared Responsibility Model
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security is a Shared Responsibility AWS foundation services Compute Storage Database Networking AWS Global Infrastructure Regions Availability zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, Identity and Access Management Operating system, network, and firewall configuration Customer content AWS is responsible for the security OF the Cloud Customers are responsible for their security and compliance IN the Cloud
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure Services Customer Content Platform and application management Operating system, network, and firewall configuration Client-side data encryption and data integrity authentication Network traffic protection encryption/ integrity/identity Server-side encryption file system and/or data Optional – Opaque data: 0’s and 1’s (in transit/at rest) CustomerIAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability ZonesRegions AWS Global Infrastructure Foundation services Managed by customers Managed by AWS
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Container Services Customer Content Client-side data encryption and data integrity authentication Network traffic protection encryption/integrity/identity Optional—opaque data: 0’s and 1’s (in transit/at rest) Customer IAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by AWS Platform and application management Firewall configuration Operating system and network configuration
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Abstracted Services Customer Content Client-side data encryption and data integrity authentication AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability Zones Regions AWS Global Infrastructure Foundation services Managed by customers Managed by AWS Optional—opaque data: 0’s and 1’s (in transit/at rest) Data protection provided by the platform for data at rest Network traffic protection provided by the platform protection of data in transit Platform and application management Operating system, network, and firewall configuration
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Solutions
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations Amazon Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (AWS WAF) Amazon Inspector Amazon VPC AWS KMS AWS CloudHSM Amazon Macie ACM Server-Side Encryption AWS Config Rules AWS Lambda Identity Detective controls Infrastructure security Incident response Data protection AWS Security Solutions
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identity & Access Management
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity and Access Management (IAM) Fine-grained access management for AWS resources AWS Organizations Policy-based management for multiple AWS accounts Amazon Cognito Add user sign-up, sign-in, and access control to your web and mobile apps AWS Directory Service Managed Microsoft Active Directory in the AWS Cloud AWS Single Sign-On Centrally manage single sign-on (SSO) access to multiple AWS accounts and business applications Define, enforce, and audit user permissions across AWS services, actions, and resources Identity & access management
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Detective Controls
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudTrail Track user activity and API usage. Enable governance, compliance, and operational/risk auditing of your AWS account AWS Config Record configurations of your AWS resources. Enable compliance auditing, security analysis, resource change tracking, and troubleshooting Amazon CloudWatch Monitor AWS Cloud resources and your applications on AWS to collect metrics, monitor log files, set alarms, and automatically react to changes Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads VPC Flow Logs Capture information about the IP traffic going to and from network interfaces in your VPC. Gain the visibility you need to spot issues before they impact the business, improve your security posture, and reduce the risk profile of your environment. Detective control
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure Security
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Systems Manager Easily configure and manage Amazon EC2 and on-premises systems to apply OS patches, create secure system images, and configure secure operating systems AWS Shield Managed DDoS protection service that safeguards web applications running on AWS AWS Web Application Firewall (AWS WAF) Protects your web applications from common web exploits ensuring availability and security Amazon Inspector Automates security assessments to help improve the security and compliance of applications deployed on AWS Amazon VPC Provision a logically isolated section of AWS where you can launch AWS resources in a virtual network that you define Reduce surface area to manage and increase privacy for and control of your overall infrastructure on AWS. Infrastructure security
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Protection
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS KMS Easily create and control the keys used to encrypt your data AWS CloudHSM Managed hardware security module (HSM) on the AWS Cloud Amazon Macie Machine learning-powered security service to discover, classify, and protect sensitive data AWS Certificate Manager (ACM) Easily provision, manage, and deploy SSL/TLS certificates for use with AWS services Server-Side Encryption Flexible data encryption options using AWS service-managed keys, AWS managed keys via AWS KMS, or customer-managed keys In addition to our automatic data encryption and management services, employ more features for data protection. (including data management, data security, and encryption key storage) Data protection
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Incident Response
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Config Rules Create rules that automatically take action in response to changes in your environment, such as isolating resources, enriching events with additional data, or restoring configuration to a known-good state AWS Lambda Use our serverless compute service to run code without provisioning or managing servers so you can scale your programmed, automated response to incidents During an incident, containing the event and returning to a known good state are important elements of a response plan. AWS provides tools to automate aspects of this best practice. Incident response
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudWatch Events Amazon CloudWatch CloudWatch Event Lambda Lambda Function AWS Lambda GuardDuty Amazon GuardDuty Automated Threat Remediation Automate with Integrated Services
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer – Sanoma Group
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sanoma Group • Newspapers • Magazines • TV and radio • Events • is.fi +600M montly pageviews Operations in Finland, Netherlands, Belgium, Poland and Sweden Sanoma Media Finland • Magazines • Events • E-commerce sites • Apps • nu.nl +800M monthly pageviews Net sales 1.4 billion euros Sanoma Media BeNe • Print, digital and hybrid • Primary, secondary and vocational education +4400 Employees Sanoma Learning
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our History with AWS • Production services in AWS since 2012 • Usual challenges and motivations of media company • Spiky workloads • OPEX vs. CAPEX • Stressful deployments • We are doing the 3rd iteration of organizing our AWS assets
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Iterations of AWS Management Gen1 - ”VMs as Code” Gen2 - ”Infrastructure as Code”
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Challenges of Shared Accounts • Use tags for cost allocation. • IAM polices separate teams and define roles within team. • Teams depend on IT when IAM doesn’t support resource based policies. Shared Accounts
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Solution: More Accounts • Single payer for all costs. • IAM policies define roles within team, but teams are separated by accounts. • Omnipotent teams don’t depend on central IT. Single Owner Accounts Gen3 - ”Accounts as Code” +100
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations AWS -version Corporate -version
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Organizations - Local Control, Global View • Automating account creation process • Standard IAM Roles, Cloudtrail, Network infrastructure • Global view using IAM roles from ”master” –account • Limit local control with Service Control Policies • Deny Cloudtrail changes • Select AWS regions • Deny Reserved capacity purchase
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Securing Account Root -user • Securing the root user on new account • Setup Root password (and throw it away) • Attach phone# for your account • Setup Root Virtual MFA (and stored it) • Simply not setting Root password doesn’t mean someone with access to registration email can not reset it. That’s why you must always enable Root MFA.
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Whats Next • Continue work on global view. • Sanoma CCoE to help and verify teams do the right thing. • Watch re:Invent 2017 (SID331) ”Architecting Security and Governance Across a Multi-Account Strategy”
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & Compliance in the Cloud
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Recommended Next Sessions • 15:00 Let’s Start! - Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options • 15:45 Cloud Operations - Enabling Governance Compliance and Operational and Risk Auditing with AWS Management Tools • 15:45 Move IT! - Navigating GDPR Compliance on AWS
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Please complete the session survey in the summit mobile app.
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank You!