SlideShare ist ein Scribd-Unternehmen logo

AWS - Security & Compliance

Amazon Web Services LATAM
Amazon Web Services LATAM

La seguridad en la nube de AWS es la mayor prioridad. Como cliente de AWS, se beneficiará de una arquitectura de red y un centro de datos diseñados para satisfacer los requisitos de seguridad de las organizaciones más exigentes. Una ventaja de la nube de AWS es que permite a los clientes escalar e innovar al mismo tiempo que garantizan la seguridad del entorno. Los clientes solo pagan por los servicios que usan, es decir, que puede gozar de la seguridad que necesite sin tener que realizar pagos iniciales y a un costo inferior que el de un entorno on-premise. https://aws.amazon.com/es/security/

Technologie
1 von 25
Downloaden Sie, um offline zu lesen
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Leandro Bennaton LATAM Compliance Strategist March 2018 AWS – Security & Compliance
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL AWS Security is Job Zero
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 53 Availability Zones – +101 Edge Locations AWS Global Infrastructure Worldwide Global Standardization
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 53 Availability Zones – +101 Edge Locations AWS Global Infrastructure Availability Zone A Availability Zone B Availability Zone C AZ DataCenter 1 DataCenter 2 DataCenter n
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Freedom of choice Compute Microsoft Windows Server 2016, 2012, 2008, and 2003 Red Hat Enterprise Linux Amazon Linux SUSE Linux Ubuntu Database Microsoft SQL Server Oracle Amazon Aurora PostgreSQL MySQL MariaDB Amazon DynamoDB
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Your Datacenter Fully Featured Compute Resource & Deployment Management Common Controls for Security & Access Integrated Networking Data Integration & Life Cycle Management Flexible hybrid options AWS Different forms of implementation Amazon Web Services
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Different forms of implementation Your Datacenter Amazon Web Services Comcast’s IT strategy focuses on combining its own data centers and AWS as the cornerstone of its next-generation TV service, X1. This has allowed them to rapidly scale interactive, on-demand content to millions of viewers. Data Integration Network Integration Integrated Identity & Access Resource & Deployment Management Devices & Edge Systems
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS Strengthen your security posture
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You are in control of privacy You retain full ownership and control of your content § Choose the AWS Sao Paulo Region and AWS will not replicate it elsewhere unless you choose to do so. § Control format, accuracy, and encryption any way that you choose. § Control who can access content. § Control content lifecycle and disposal.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption Data at Transit and Rest EBS Volume Encryption EBS Encryption Filesystem Tools AWS Marketplace/Partner Object Encryption S3 Server Side Encryption (SSE) S3 SSE w/ Customer Provided Keys Client-Side Encryption Database Encryption Redshift Encryption RDS PostgreSQL KMS RDS MYSQL KMS RDS ORACLE TDE/HSM RDS MSSQL TDE AWS Whitepaper Securing Data at Rest with Encryption End-to-end SSL/TLS
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Control access and segregate duties everywhere You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with an existing Active Directory using federation and single sign-on
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure security Logging & monitoring Identity & access control Configuration & vulnerability analysis Data protection Largest ecosystem of security partners and solutions Infrastructure security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security engineering Governance, risk & compliance Security operations & automation Consulting competency partners with demonstrated expertise Security engineering
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORMove fast Stay secure Before…
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORANDMove fast Stay secure Now…
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS – Capital One DEVOPS https://developer.capitalone.com/opensource-projects/cloud-custodian/
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Reference architecture https://aws.amazon.com/architecture/
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://example.com AWS Edge Locations AWS WAF Amazon Route 53 Amazon CloudFront AWS Shield Advanced CloudTrail us-east-1a us-east-1bProxies NAT RDS DB DMZSubnet PrivateSubnet PrivateSubnet Proxies Bastion RDS DB AWS Config CloudWatch Alarms Archive Logs Bucket S3 Lifecycle Policies to Glacier PrivateSubnet PrivateSubnet AWS Account Virtual Private Cloud (VPC) Cyber Security Well-Architected via a NIST High Quick Start High availability with multi-AZ deployments - fault tolerance solution Failover occurs automatically in response to the most important failure scenarios
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Capacitación de Seguridad https://aws.amazon.com/es/training/ Reglas básicas de seguridad de AWS (curso gratuito – 4 horas)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Worldwide | N. America | LATAM | UK/IR | EMEA | APAC | Japan | China Leandro Bennaton LATAM Compliance Strategist bennaton@amazon.com

Empfohlen

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 

Empfohlen

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
Amazon Web Services
 
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019 Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Security best practices the well-architected way - SDD318 - AWS re:Inforce 2019
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWS
Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Security Fundamentals
AWS Security FundamentalsAWS Security Fundamentals
AWS Security Fundamentals
Amazon Web Services
 
Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
Amazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
Amazon Web Services
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
Amazon Web Services
 
Amazon Macie Demo
Amazon Macie DemoAmazon Macie Demo
Amazon Macie Demo
Amazon Web Services
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Amazon Web Services
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
Amazon Web Services
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
Amazon Web Services Korea
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
Amazon Web Services
 
How to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWSHow to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWS
Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
Amazon Web Services
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
Edureka!
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
Amazon Web Services Korea
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
Amazon Web Services Korea
 

Was ist angesagt? (20)

Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS Security
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Amazon Macie Demo
Amazon Macie DemoAmazon Macie Demo
Amazon Macie Demo
 
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech TalksDeep Dive on Amazon GuardDuty - AWS Online Tech Talks
Deep Dive on Amazon GuardDuty - AWS Online Tech Talks
 
AWS for Backup and Recovery
AWS for Backup and RecoveryAWS for Backup and Recovery
AWS for Backup and Recovery
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
강의 3. AWS 보안 및 AWS Identity and Access Managment (IAM)::AWSome Day Online Con...
 
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응[AWS Builders] AWS상의 보안 위협 탐지 및 대응
[AWS Builders] AWS상의 보안 위협 탐지 및 대응
 
(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector(SEC324) NEW! Introducing Amazon Inspector
(SEC324) NEW! Introducing Amazon Inspector
 
How to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWSHow to backup, restore and archive your data on AWS
How to backup, restore and archive your data on AWS
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
 
Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services Introduction to Cloud Computing with Amazon Web Services
Introduction to Cloud Computing with Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
 
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
AWS IAM Tutorial | Identity And Access Management (IAM) | AWS Training Videos...
 

Ähnlich wie AWS - Security & Compliance

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Amazon Web Services
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
Cloudera, Inc.
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Amazon Web Services
 

Ähnlich wie AWS - Security & Compliance (20)

Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
Oas un llamado a la accion para proteger a ciudadanos-Sector Privado y Gobi...
 
Oas un llamado a la accion
Oas un llamado a la accionOas un llamado a la accion
Oas un llamado a la accion
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
How Rent-A-Center Stays Secure and Compliant on AWS with Alert Logic
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
Mission (Not) Impossible: Applying NIST 800-53 High Impact-Controls on AWS fo...
 
AWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & ComplianceAWS Innovate Ottawa: Security & Compliance
AWS Innovate Ottawa: Security & Compliance
 
PaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with AltusPaaS or Fail: Rule the Cloud with Altus
PaaS or Fail: Rule the Cloud with Altus
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Protecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and FeaturesProtecting Your Data- AWS Security Tools and Features
Protecting Your Data- AWS Security Tools and Features
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloud
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
HLC302_Adopting Microservices in Healthcare Building a Compliant DevOps Pipel...
 

Mehr von Amazon Web Services LATAM

Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
Amazon Web Services LATAM
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
Amazon Web Services LATAM
 

Mehr von Amazon Web Services LATAM (20)

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWS
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
 
Simplifique o seu BI com a AWS
Simplifique o seu BI com a AWSSimplifique o seu BI com a AWS
Simplifique o seu BI com a AWS
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWS
 

Kürzlich hochgeladen

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Kürzlich hochgeladen (20)

GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

AWS - Security & Compliance

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Leandro Bennaton LATAM Compliance Strategist March 2018 AWS – Security & Compliance
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL AWS Security is Job Zero
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “CIOs and CISOs need to stop obsessing over unsubstantiated cloud security worries, and instead apply their imagination and energy to developing new approaches to cloud control, allowing them to securely, compliantly, and reliably leverage the benefits of this increasingly ubiquitous computing model.” Source: Clouds Are Secure: Are You Using Them Securely?
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 53 Availability Zones – +101 Edge Locations AWS Global Infrastructure Worldwide Global Standardization
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 53 Availability Zones – +101 Edge Locations AWS Global Infrastructure Availability Zone A Availability Zone B Availability Zone C AZ DataCenter 1 DataCenter 2 DataCenter n
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Freedom of choice Compute Microsoft Windows Server 2016, 2012, 2008, and 2003 Red Hat Enterprise Linux Amazon Linux SUSE Linux Ubuntu Database Microsoft SQL Server Oracle Amazon Aurora PostgreSQL MySQL MariaDB Amazon DynamoDB
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Your Datacenter Fully Featured Compute Resource & Deployment Management Common Controls for Security & Access Integrated Networking Data Integration & Life Cycle Management Flexible hybrid options AWS Different forms of implementation Amazon Web Services
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Different forms of implementation Your Datacenter Amazon Web Services Comcast’s IT strategy focuses on combining its own data centers and AWS as the cornerstone of its next-generation TV service, X1. This has allowed them to rapidly scale interactive, on-demand content to millions of viewers. Data Integration Network Integration Integrated Identity & Access Resource & Deployment Management Devices & Edge Systems
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automate with deeply integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Move to AWS Strengthen your security posture
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Organizations AWS Cognito AWS Directory Service AWS Single Sign-On AWS CloudTrail AWS Config Amazon CloudWatch Amazon GuardDuty VPC Flow Logs Amazon EC2 Systems Manager AWS Shield AWS Web Application Firewall (WAF) Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM Amazon Macie Certificate Manager Server Side Encryption AWS Config Rules AWS Lambda Identity Detective control Infrastructure security Incident response Data protection AWS security solutions
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You are in control of privacy You retain full ownership and control of your content § Choose the AWS Sao Paulo Region and AWS will not replicate it elsewhere unless you choose to do so. § Control format, accuracy, and encryption any way that you choose. § Control who can access content. § Control content lifecycle and disposal.
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption Data at Transit and Rest EBS Volume Encryption EBS Encryption Filesystem Tools AWS Marketplace/Partner Object Encryption S3 Server Side Encryption (SSE) S3 SSE w/ Customer Provided Keys Client-Side Encryption Database Encryption Redshift Encryption RDS PostgreSQL KMS RDS MYSQL KMS RDS ORACLE TDE/HSM RDS MSSQL TDE AWS Whitepaper Securing Data at Rest with Encryption End-to-end SSL/TLS
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Control access and segregate duties everywhere You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with an existing Active Directory using federation and single sign-on
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure security Logging & monitoring Identity & access control Configuration & vulnerability analysis Data protection Largest ecosystem of security partners and solutions Infrastructure security
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Security engineering Governance, risk & compliance Security operations & automation Consulting competency partners with demonstrated expertise Security engineering
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORMove fast Stay secure Before…
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. ORANDMove fast Stay secure Now…
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Scale with visibility and control
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS – Capital One DEVOPS https://developer.capitalone.com/opensource-projects/cloud-custodian/
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Reference architecture https://aws.amazon.com/architecture/
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://example.com AWS Edge Locations AWS WAF Amazon Route 53 Amazon CloudFront AWS Shield Advanced CloudTrail us-east-1a us-east-1bProxies NAT RDS DB DMZSubnet PrivateSubnet PrivateSubnet Proxies Bastion RDS DB AWS Config CloudWatch Alarms Archive Logs Bucket S3 Lifecycle Policies to Glacier PrivateSubnet PrivateSubnet AWS Account Virtual Private Cloud (VPC) Cyber Security Well-Architected via a NIST High Quick Start High availability with multi-AZ deployments - fault tolerance solution Failover occurs automatically in response to the most important failure scenarios
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Capacitación de Seguridad https://aws.amazon.com/es/training/ Reglas básicas de seguridad de AWS (curso gratuito – 4 horas)
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Worldwide | N. America | LATAM | UK/IR | EMEA | APAC | Japan | China Leandro Bennaton LATAM Compliance Strategist bennaton@amazon.com