SlideShare ist ein Scribd-Unternehmen logo

Security Best Practices

•
•
Ian Massingham
Ian Massingham

These are the slides from my Security Best Practices Session from the Business Track in AWS AWSome Day that took place in London on January 27th 2016

Technologie
1 von 55
Downloaden Sie, um offline zu lesen
ianmas@amazon.com @IanMmmm Ian Massingham — Technical Evangelist Security Best Practices
Security Best Practices Architected to be one of the most flexible and secure cloud environments
 Removes many of the security headaches that come with infrastructure
 Built in Security Features
Agenda Sharing the Security Responsibility 
 Overview of AWS Security Features
 Current Recommendations
 Verifying our Security 
 Case Studies & Useful Resources
AWS security approach Size of AWS
 security team Visibility into
 usage & resources Increasing your Security Posture in the Cloud
Broad Accreditations & Certications ISO 27001 ISO 9001 MPAA
Partner ecosystem Customer ecosystem Everyone benefits Security Benets from Community Network Effect
SHARING THE SECURITY RESPONSIBILITY
Shared Security Model • Shared Responsibility – Let AWS do the heavy lifting – Focus on what’s most valuable to your business • Customer • Choice of Guest OS • Application Configuration Options • Account Management flexibility • Security Groups • ACLs • Identity Management • AWS • Facility operations • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualisation Infrastructure • Hardware lifecycle management
Such as Amazon EC2, Amazon EBS, and Amazon VPC Shared Security Model: Infrastructure Services
Such as Amazon RDS and Amazon EMR Shared Security Model: Container Services
Such as Amazon S3 and Amazon DynamoDB Shared Security Model: Abstracted Services
AWS SECURITY FEATURES
SECURE ACCESS API ENDPOINTS USE TLS
BUILT-IN FIREWALLS YOU CONTROL ACCESS TO YOUR INSTANCES
ROLE-BASED ACCESS CONTROL WITH FINE-GRAINED PERMISSIONS
MULTI-FACTOR AUTHENTICATION BUILT IN
PRIVATE SUBNETS WITHIN YOUR AWS VIRTUAL PRIVATE CLOUD
ENCRYPT YOUR DATA AT REST USING AES 256 BIT ENCRYPTION KEYS
CLOUD HSM A HIGHLY SECURE WAY TO STORE KEYS
DEDICATED CONNECTION AN OPTION WITH AWS DIRECT CONNECT
SECURITY LOGS AWS CLOUDTRAIL, AWS CONFIG & AMAZON CLOUDWATCH LOGS
TRUSTED ADVISOR YOUR CUSTOMISED CLOUD EXPERT
CURRENT RECOMMENDATIONS
Foundation Services Compute Storage Database Networking Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data Amazon Shared responsibility You AWS Global Infrastructure Regions Availability Zones Edge Locations Know the AWS Shared Responsibility Model Build your systems using AWS as the foundation & architect using an ISMS that takes advantage of AWS features 1
Understand the AWS Secure Global Infrastructure Regions, Availability Zones and Endpoints Regions An independent collection of AWS resources in a defined geography A solid foundation for meeting location-dependent privacy and compliance requirements Availability Zones Designed as independent failure zones Physically separated within a typical metropolitan region 2
Understand the AWS Secure Global Infrastructure Using the IAM service http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources via credentials such as access keys, passwords and multi-factor authentication devices. You can also federate with SAML to your own pre-existing directories of user account information, such as OpenLDAP or Active Directory 2
Define and Categorise Assets on AWS Identify all the information assets that you need to protect 3
Design Your ISMS to Protect Your Assets on AWS Establish a standard for implementing, operating, monitoring, reviewing, maintaining & improving your information security management system 4
Manage AWS Accounts, IAM Users, Groups & Roles Operate under the principle of Least Privilege AWS Account Your AWS account represents a business relationship between you and AWS. AWS accounts have root permissions to all AWS resources and services, so they are very powerful. IAM Users With IAM you can create multiple users, each with individual security credentials, all controlled under a single AWS account. IAM users can be a person, service, or application that needs access to your AWS resources through the management console, CLI, or directly via APIs. 5
Manage AWS Accounts, IAM Users, Groups & Roles Strategies for using multiple AWS accounts Business Requirement Proposed Design Comments Centralised security management Single AWS Account Centralize information security management and minimize overhead. Separation of production, development & testing accounts Three AWS Accounts Create one AWS account for production services, one for development and one for testing Multiple autonomous departments Multiple AWS Accounts Create separate AWS accounts for each autonomous part of the organization. You can assign permissions and policies under each account Centralized security management with multiple autonomous independent projects Multiple AWS Accounts Create a single AWS account for common project resources (such as DNS services, Active Directory, CMS etc.). Then create separate AWS accounts per project. You can assign permissions and policies under each project account and grant access to resources across accounts. 5
Manage AWS Accounts, IAM Users, Groups & Roles Delegation using IAM Roles and Temporary Security Credentials Applications on Amazon EC2 that need to access AWS resources Cross Account Access Identity Federation 5 http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
Manage OS-level Access to Amazon EC2 Instances You own the credentials, but AWS helps you bootstrap initial access to the OS Amazon EC2 Key Pairs Used to authenticate SSH access to Linux instances and to generate the initial administrator password on Windows instances. If you have higher security requirements, you are free to implement alternative authentication mechanisms and disable Amazon EC2 Key Pair Authentication 6
Secure Your Data At rest & in transit Resource Access Authorisation Users or IAM Roles can only access resources after authentication Fine-grained resources policies can restrict users or permit users to access only the resources that you specify { "Effect": "Allow”, "Action": ["s3:GetObject”,"s3:PutObject”], "Resource": ["arn:aws:s3:::myBucket/amazon/snakegame/${cognito-identity.amazonaws.com:sub}"] } 7
Secure Your Data At rest & in transit Storing and Managing Encryption Keys We recommend you store your keys in tamper-proof storage, such as Hardware Security Modules. AWS CloudHSM is one option available to help you do this, and the best option if you need third-party assurance that AWS doesn’t have access to your keys; for a more easily-integrated solution, also see KMS. As an alternative, you can store keys on your premises (eg using your own HSMs) and access these over secure links, such as via AWS Direct Connect with Ipsec, or IPsec VPNs over the Internet. aws.amazon.com/cloudhsm/ 7 aws.amazon.com/kms/
Protecting Data at Rest Options differ by AWS Service. Amazon S3 – Server side encryption with Amazon S3 managed keys, your own encryption keys with Customer-Provided Keys (SSE-C), or keys managed by KMS Amazon EBS – use volume encryption provided by your operating system or KMS. For example, Windows EFS or Microsoft Windows Bitlocker, Linux dm- crypt, CloudHSM or on-premise HSM with SafeNet ProtectV Amazon RDS – use database specific cryptographic functions, or KMS EMR/DynamoDB – see Security Best Practices Whitepaper for options Secure Your Data At rest & in transit 7
Secure Your Operating Systems & Applications With the shared responsibility model you manage operating systems & application security OS Hardening and Updates Use of Amazon Machine Images (AMIs) makes it easy to deploy standardized operating system and application builds Amazon provides and maintains a preconfigured set of AMIs, but you are also free to create your own and use these as the basis for EC2 instances that you deploy Standard OS hardening principles (eg CIS Benchmarks, DISA STIGs) can and should be applied to the operating systems that you chose to run on EC2 instances There are lots more detailed recommendations for securing your OS environment in the AWS Security Best Practices Whitepaper 8
Secure Your Infrastructure Using AWS platform features Amazon Virtual Private Cloud (VPC) Create private clouds with Layer 2 separation, within the AWS Cloud Use your own IP address space, allocated by you. Use RFC1918 private address space for non-internet-routable networks Connect to your VPC via the Internet, IPsec over the Internet, AWS Direct Connect, AWS Direct Connect with IPsec or a combination of these. Define your own subnet topology, routing table and create custom service instances such as DNS or time servers 9
Secure Your Infrastructure Using AWS platform features Security Zoning and Network Segmentation Network segmentation simply isolates one network from another Security zones are groups of system components with similar security levels that have common controls applied to them Combine AWS platform security features with your own overlay infrastructure components such as repositories, DNS & time servers to segment networks and create security zones The AWS elastic cloud infrastructure & automated deployment tools mean that you can apply the same security controls across all AWS regions Repeatable and uniform deployments improve your overall security posture 9
Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Implement OS & Higher Level Monitoring Logs may be generated by a variety of network components as well as operating systems, platforms and applications We recommend logging and analysis of the following event types: • Actions taken by any individual with root or administrative privileges • Access to all audit trails • Invalid logical access attempts • Use of identification and authentication mechanisms • Initialisation of audit logs • Creation, deletion and modification of system level objects 10 Area Consideration Log collection Note how log files are collected. Often operating system, application, or third-party/middleware agents collect log file information Log transport When log files are centralized, transfer them to the central location in a secure, reliable, and timely fashion Log storage Centralize log files from multiple instances to facilitate retention policies, as well as analysis and correlation Log taxonomy Present different categories of log files in a format suitable for analysis Log analysis/ correlation Log files provide security intelligence after you analyze them and correlate events in them. You can analyze logs in real time, or at scheduled intervals. Log protection/ security Log files are sensitive. Protect them through network control, identity and access management, protection/ encryption, data integrity authentication, and tamper-proof time-stamping
Area Consideration Log collection Note how log files are collected. Often operating system, application, or third-party/middleware agents collect log file information Log transport When log files are centralized, transfer them to the central location in a secure, reliable, and timely fashion Log storage Centralize log files from multiple instances to facilitate retention policies, as well as analysis and correlation Log taxonomy Present different categories of log files in a format suitable for analysis Log analysis/ correlation Log files provide security intelligence after you analyze them and correlate events in them. You can analyze logs in real time, or at scheduled intervals. Log protection/ security Log files are sensitive. Protect them through network control, identity and access management, protection/ encryption, data integrity authentication, and tamper-proof time-stamping Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Use CloudWatch Logs to Centralise Your Logs CloudWatch Logs enables you to monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. Send your existing system, application, and custom log files to CloudWatch Logs via our agent, and monitor these logs in near real-time. This can help you better understand and operate your systems and applications, and you can store your logs using highly durable, low-cost storage for later access 10
Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Use CloudTrail to Record AWS API Calls AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. Splunk Loggly AW S Console 10
Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Use AWS Config to Record AWS Environment Changes AWS Config is a service that records AWS environment configurations, changes and relationships for your account and delivers log files to you. The recorded information includes the configuration and metadata for VPCs, Subnets, NACLS, Security Groups, VGWs, Internet Gateways, Elastic IPs etc and the relationships between them, and the time of the change. Snapshots answer the question “What did my environment look like, at time t?” History answers the question “What changes have happened, to infrastructure element I over time?” Continuous Change RecordingChanging Resources History Stream Snapshot (ex. 2014-11-05) AWS Config 10
Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud 10
VERIFYING OUR SECURITY
AWS is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run applications on our PCI- compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. AWS is ISO 27001 certified under the International Organization for Standardization (ISO) 27001 standard. ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems. Many other government and industry compliance requirements are also met by AWS. Find more at: aws.amazon.com/compliance Compliance at AWS
RESOURCES YOU CAN USE TO LEARN MORE
aws.amazon.com/security/
AWS Technical Documentation
blogs.aws.amazon.com/security
Introduction to AWS Security Security at Scale: Governance in AWS Security at Scale: Logging in AWS AWS Security Best Practices Securing Data at Rest with Encryption AWS Security Whitepaper AWS Security White Papers
aws.amazon.com/iam aws.amazon.com/vpc aws.amazon.com/kms aws.amazon.com/config aws.amazon.com/cloudtrail aws.amazon.com/cloudhsm aws.amazon.com/cloudwatch aws.amazon.com/trustedadvisor
aws.amazon.com/architecture/
Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/
 self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS AWS Training & Certification
Follow us for m ore events & w ebinars @AWScloud for Global AWS News & Announcements @AWS_UKI for local AWS events & news @IanMmmm Ian Massingham — Technical Evangelist

Empfohlen

Cost Optimisation with AWS
Cost Optimisation with AWSCost Optimisation with AWS
Cost Optimisation with AWSIan Massingham
 
Intro Presentation at AWS AWSome Day London September 2015
Intro Presentation at AWS AWSome Day London September 2015Intro Presentation at AWS AWSome Day London September 2015
Intro Presentation at AWS AWSome Day London September 2015Ian Massingham
 
Advanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv LoftAdvanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv LoftIan Massingham
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAmazon Web Services
 
AWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroAWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroIan Massingham
 
AWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesAWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesIan Massingham
 
AWS AWSome Day Roadshow
AWS AWSome Day RoadshowAWS AWSome Day Roadshow
AWS AWSome Day RoadshowIan Massingham
 
AWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneAWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneIdan Tohami
 

Empfohlen

Cost Optimisation with AWS
Cost Optimisation with AWSCost Optimisation with AWS
Cost Optimisation with AWSIan Massingham
 
Intro Presentation at AWS AWSome Day London September 2015
Intro Presentation at AWS AWSome Day London September 2015Intro Presentation at AWS AWSome Day London September 2015
Intro Presentation at AWS AWSome Day London September 2015Ian Massingham
 
Advanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv LoftAdvanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv LoftIan Massingham
 
AWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAWSome Day Cork | Technical Track
AWSome Day Cork | Technical TrackAmazon Web Services
 
AWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroAWS AWSome Day Roadshow Intro
AWS AWSome Day Roadshow IntroIan Massingham
 
AWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesAWS AWSome Day - Getting Started Best Practices
AWS AWSome Day - Getting Started Best PracticesIan Massingham
 
AWS AWSome Day Roadshow
AWS AWSome Day RoadshowAWS AWSome Day Roadshow
AWS AWSome Day RoadshowIan Massingham
 
AWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneAWS Fundamentals @Back2School by CloudZone
AWS Fundamentals @Back2School by CloudZoneIdan Tohami
 
AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech TrackAmazon Web Services
 
Storage and Compute
Storage and ComputeStorage and Compute
Storage and ComputeAmazon Web Services
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdfAmazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAmazon Web Services
 
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Amazon Web Services
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAmazon Web Services
 
Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017Amazon Web Services
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One DayAmazon Web Services
 
AWSome Day Helsinki Training
AWSome Day Helsinki TrainingAWSome Day Helsinki Training
AWSome Day Helsinki TrainingAmazon Web Services
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsAmazon Web Services
 
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWSAWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWSAmazon Web Services
 
Azure Logic Apps by Gil Gross, CloudZone
Azure Logic Apps by Gil Gross, CloudZoneAzure Logic Apps by Gil Gross, CloudZone
Azure Logic Apps by Gil Gross, CloudZoneIdan Tohami
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
Elasticity and Management
Elasticity and ManagementElasticity and Management
Elasticity and ManagementAmazon Web Services
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018Amazon Web Services
 
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAwsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAmazon Web Services
 
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?What is Cloud Computing with AWS?
What is Cloud Computing with AWS?Amazon Web Services
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Moving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesMoving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesAmazon Web Services
 
AWS 101
AWS 101AWS 101
AWS 101Amazon Web Services
 
AWS re:Invent 2016 Day 1 Keynote re:Cap
AWS re:Invent 2016 Day 1 Keynote re:CapAWS re:Invent 2016 Day 1 Keynote re:Cap
AWS re:Invent 2016 Day 1 Keynote re:CapIan Massingham
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackIan Massingham
 

Weitere ähnliche Inhalte

Was ist angesagt?

Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdfAmazon Web Services
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAmazon Web Services
 
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Amazon Web Services
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAmazon Web Services
 
Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017Amazon Web Services
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One DayAmazon Web Services
 
AWSome Day Helsinki Training
AWSome Day Helsinki TrainingAWSome Day Helsinki Training
AWSome Day Helsinki TrainingAmazon Web Services
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsAmazon Web Services
 
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWSAWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWSAmazon Web Services
 
Azure Logic Apps by Gil Gross, CloudZone
Azure Logic Apps by Gil Gross, CloudZoneAzure Logic Apps by Gil Gross, CloudZone
Azure Logic Apps by Gil Gross, CloudZoneIdan Tohami
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpacesAmazon Web Services
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018Amazon Web Services
 
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAwsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAmazon Web Services
 
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?What is Cloud Computing with AWS?
What is Cloud Computing with AWS?Amazon Web Services
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesAmazon Web Services
 
Moving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesMoving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesAmazon Web Services
 

Was ist angesagt? (20)

AWSome Day | Tech Track
AWSome Day | Tech TrackAWSome Day | Tech Track
AWSome Day | Tech Track
 
Storage and Compute
Storage and ComputeStorage and Compute
Storage and Compute
 
Databases on AWS Workshop.pdf
Databases on AWS Workshop.pdfDatabases on AWS Workshop.pdf
Databases on AWS Workshop.pdf
 
AWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and HistoryAWSome Day 2016 - Module 1: AWS Introduction and History
AWSome Day 2016 - Module 1: AWS Introduction and History
 
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
Security, Identity, and Access Management - Module 3 Part 1 - AWSome Day 2017
 
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management ToolsAWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
AWSome Day 2016 - Module 5: AWS Elasticity and Management Tools
 
Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017Welcome - Keynote - AWSome Day Helsinki 2017
Welcome - Keynote - AWSome Day Helsinki 2017
 
Build a Serverless Web Application in One Day
Build a Serverless Web Application in One DayBuild a Serverless Web Application in One Day
Build a Serverless Web Application in One Day
 
AWSome Day Helsinki Training
AWSome Day Helsinki TrainingAWSome Day Helsinki Training
AWSome Day Helsinki Training
 
HSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundationsHSBC and AWS Day - AWS foundations
HSBC and AWS Day - AWS foundations
 
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWSAWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
AWS Canberra WWPS Summit 2013 - Cloud Computing with AWS: Introduction to AWS
 
Azure Logic Apps by Gil Gross, CloudZone
Azure Logic Apps by Gil Gross, CloudZoneAzure Logic Apps by Gil Gross, CloudZone
Azure Logic Apps by Gil Gross, CloudZone
 
Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces Getting Started with Amazon WorkSpaces
Getting Started with Amazon WorkSpaces
 
Elasticity and Management
Elasticity and ManagementElasticity and Management
Elasticity and Management
 
AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018AWS 101 - Tel Aviv Summit 2018
AWS 101 - Tel Aviv Summit 2018
 
Awsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and IntroductionAwsome Day Brussels - Training and Introduction
Awsome Day Brussels - Training and Introduction
 
What is Cloud Computing with AWS?
What is Cloud Computing with AWS?What is Cloud Computing with AWS?
What is Cloud Computing with AWS?
 
Day 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web ServicesDay 1 - Introduction to Cloud Computing with Amazon Web Services
Day 1 - Introduction to Cloud Computing with Amazon Web Services
 
Moving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpacesMoving your Desktops to the Cloud with Amazon WorkSpaces
Moving your Desktops to the Cloud with Amazon WorkSpaces
 
AWS 101
AWS 101AWS 101
AWS 101
 

Andere mochten auch

AWS re:Invent 2016 Day 1 Keynote re:Cap
AWS re:Invent 2016 Day 1 Keynote re:CapAWS re:Invent 2016 Day 1 Keynote re:Cap
AWS re:Invent 2016 Day 1 Keynote re:CapIan Massingham
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackIan Massingham
 
AWS IoT Workshop Keynote
AWS IoT Workshop KeynoteAWS IoT Workshop Keynote
AWS IoT Workshop KeynoteIan Massingham
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWSIan Massingham
 
Scalable Web Applications Session at Codebase
Scalable Web Applications Session at CodebaseScalable Web Applications Session at Codebase
Scalable Web Applications Session at CodebaseIan Massingham
 
Data Analysis - Journey Through the Cloud
Data Analysis - Journey Through the CloudData Analysis - Journey Through the Cloud
Data Analysis - Journey Through the CloudIan Massingham
 
Partner Event Slides - 24 April 2014
Partner Event Slides - 24 April 2014Partner Event Slides - 24 April 2014
Partner Event Slides - 24 April 2014Ian Massingham
 
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014Opportunities that the Cloud Brings for Carriers @ Carriers World 2014
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014Ian Massingham
 
EC2 Masterclass from the AWS User Group Scotland Meetup
EC2 Masterclass from the AWS User Group Scotland MeetupEC2 Masterclass from the AWS User Group Scotland Meetup
EC2 Masterclass from the AWS User Group Scotland MeetupIan Massingham
 
Social & Mobile Apps journey through the cloud
Social & Mobile Apps journey through the cloudSocial & Mobile Apps journey through the cloud
Social & Mobile Apps journey through the cloudIan Massingham
 
AWS CloudFormation Masterclass
AWS CloudFormation Masterclass AWS CloudFormation Masterclass
AWS CloudFormation Masterclass Ian Massingham
 
Scalable Web Apps - Journey Through the Cloud
Scalable Web Apps - Journey Through the CloudScalable Web Apps - Journey Through the Cloud
Scalable Web Apps - Journey Through the CloudIan Massingham
 
Digipack creation
Digipack creationDigipack creation
Digipack creationSean Walters
 
Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...
Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...
Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...Amazon Web Services
 
AWS DevOps Event - Innovating with DevOps on AWS
AWS DevOps Event - Innovating with DevOps on AWSAWS DevOps Event - Innovating with DevOps on AWS
AWS DevOps Event - Innovating with DevOps on AWSIan Massingham
 
AWS re:Invent Recap from AWS User Group UK meetup #8
AWS re:Invent Recap from AWS User Group UK meetup #8AWS re:Invent Recap from AWS User Group UK meetup #8
AWS re:Invent Recap from AWS User Group UK meetup #8Ian Massingham
 
What's New at AWS Update for AWS User Groups
What's New at AWS Update for AWS User Groups What's New at AWS Update for AWS User Groups
What's New at AWS Update for AWS User Groups Ian Massingham
 
Why Some Large Companies Can't Innovate Faster
Why Some Large Companies Can't Innovate Faster Why Some Large Companies Can't Innovate Faster
Why Some Large Companies Can't Innovate Faster Hemanth Kempanna
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 MasterclassIan Massingham
 
What is Cloud Computing with AWS at Websummit Dublin
What is Cloud Computing with AWS at Websummit DublinWhat is Cloud Computing with AWS at Websummit Dublin
What is Cloud Computing with AWS at Websummit DublinIan Massingham
 

Andere mochten auch (20)

AWS re:Invent 2016 Day 1 Keynote re:Cap
AWS re:Invent 2016 Day 1 Keynote re:CapAWS re:Invent 2016 Day 1 Keynote re:Cap
AWS re:Invent 2016 Day 1 Keynote re:Cap
 
Security Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management TrackSecurity Best Practices: AWS AWSome Day Management Track
Security Best Practices: AWS AWSome Day Management Track
 
AWS IoT Workshop Keynote
AWS IoT Workshop KeynoteAWS IoT Workshop Keynote
AWS IoT Workshop Keynote
 
AWS 101: Introduction to AWS
AWS 101: Introduction to AWSAWS 101: Introduction to AWS
AWS 101: Introduction to AWS
 
Scalable Web Applications Session at Codebase
Scalable Web Applications Session at CodebaseScalable Web Applications Session at Codebase
Scalable Web Applications Session at Codebase
 
Data Analysis - Journey Through the Cloud
Data Analysis - Journey Through the CloudData Analysis - Journey Through the Cloud
Data Analysis - Journey Through the Cloud
 
Partner Event Slides - 24 April 2014
Partner Event Slides - 24 April 2014Partner Event Slides - 24 April 2014
Partner Event Slides - 24 April 2014
 
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014Opportunities that the Cloud Brings for Carriers @ Carriers World 2014
Opportunities that the Cloud Brings for Carriers @ Carriers World 2014
 
EC2 Masterclass from the AWS User Group Scotland Meetup
EC2 Masterclass from the AWS User Group Scotland MeetupEC2 Masterclass from the AWS User Group Scotland Meetup
EC2 Masterclass from the AWS User Group Scotland Meetup
 
Social & Mobile Apps journey through the cloud
Social & Mobile Apps journey through the cloudSocial & Mobile Apps journey through the cloud
Social & Mobile Apps journey through the cloud
 
AWS CloudFormation Masterclass
AWS CloudFormation Masterclass AWS CloudFormation Masterclass
AWS CloudFormation Masterclass
 
Scalable Web Apps - Journey Through the Cloud
Scalable Web Apps - Journey Through the CloudScalable Web Apps - Journey Through the Cloud
Scalable Web Apps - Journey Through the Cloud
 
Digipack creation
Digipack creationDigipack creation
Digipack creation
 
Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...
Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...
Indian Case Studies - How AWS Customers Have Successfully Built and Migrated ...
 
AWS DevOps Event - Innovating with DevOps on AWS
AWS DevOps Event - Innovating with DevOps on AWSAWS DevOps Event - Innovating with DevOps on AWS
AWS DevOps Event - Innovating with DevOps on AWS
 
AWS re:Invent Recap from AWS User Group UK meetup #8
AWS re:Invent Recap from AWS User Group UK meetup #8AWS re:Invent Recap from AWS User Group UK meetup #8
AWS re:Invent Recap from AWS User Group UK meetup #8
 
What's New at AWS Update for AWS User Groups
What's New at AWS Update for AWS User Groups What's New at AWS Update for AWS User Groups
What's New at AWS Update for AWS User Groups
 
Why Some Large Companies Can't Innovate Faster
Why Some Large Companies Can't Innovate Faster Why Some Large Companies Can't Innovate Faster
Why Some Large Companies Can't Innovate Faster
 
Amazon S3 Masterclass
Amazon S3 MasterclassAmazon S3 Masterclass
Amazon S3 Masterclass
 
What is Cloud Computing with AWS at Websummit Dublin
What is Cloud Computing with AWS at Websummit DublinWhat is Cloud Computing with AWS at Websummit Dublin
What is Cloud Computing with AWS at Websummit Dublin
 

Ähnlich wie Security Best Practices

Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Amazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSAmazon Web Services
 
Security Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarSecurity Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWSAmazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack SecurityAmazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
Architecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlayArchitecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlayAmazon Web Services
 

Ähnlich wie Security Best Practices (20)

Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices Journey Through The Cloud - Security Best Practices
Journey Through The Cloud - Security Best Practices
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
Journey Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWSJourney Through the Cloud - Security Best Practices on AWS
Journey Through the Cloud - Security Best Practices on AWS
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 
Security Best Practices - Hebrew Webinar
Security Best Practices - Hebrew WebinarSecurity Best Practices - Hebrew Webinar
Security Best Practices - Hebrew Webinar
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214Aw some day_essentials3.2ish_072214
Aw some day_essentials3.2ish_072214
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Toward Full Stack Security
Toward Full Stack SecurityToward Full Stack Security
Toward Full Stack Security
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
Architecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlayArchitecting for Greater Security - London Summit Enteprise Track RePlay
Architecting for Greater Security - London Summit Enteprise Track RePlay
 

Mehr von Ian Massingham

Some thoughts on measuring the impact of developer relations
Some thoughts on measuring the impact of developer relationsSome thoughts on measuring the impact of developer relations
Some thoughts on measuring the impact of developer relationsIan Massingham
 
Leeds IoT Meetup - Nov 2017
Leeds IoT Meetup - Nov 2017Leeds IoT Meetup - Nov 2017
Leeds IoT Meetup - Nov 2017Ian Massingham
 
What's New & What's Next from AWS?
What's New & What's Next from AWS?What's New & What's Next from AWS?
What's New & What's Next from AWS?Ian Massingham
 
DevTalks Romania - Getting Started with AWS Lambda & the Serverless Cloud
DevTalks Romania - Getting Started with AWS Lambda & the Serverless CloudDevTalks Romania - Getting Started with AWS Lambda & the Serverless Cloud
DevTalks Romania - Getting Started with AWS Lambda & the Serverless CloudIan Massingham
 
Getting started with AWS Lambda and the Serverless Cloud
Getting started with AWS Lambda and the Serverless CloudGetting started with AWS Lambda and the Serverless Cloud
Getting started with AWS Lambda and the Serverless CloudIan Massingham
 
AWS re:Invent 2016 Day 2 Keynote re:Cap
AWS re:Invent 2016 Day 2 Keynote re:CapAWS re:Invent 2016 Day 2 Keynote re:Cap
AWS re:Invent 2016 Day 2 Keynote re:CapIan Massingham
 
Getting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless CloudGetting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless CloudIan Massingham
 
Building Better IoT Applications without Servers
Building Better IoT Applications without ServersBuilding Better IoT Applications without Servers
Building Better IoT Applications without ServersIan Massingham
 
Hashiconf AWS Lambda Breakout
Hashiconf AWS Lambda BreakoutHashiconf AWS Lambda Breakout
Hashiconf AWS Lambda BreakoutIan Massingham
 
Getting started with AWS IoT on Raspberry Pi
Getting started with AWS IoT on Raspberry PiGetting started with AWS IoT on Raspberry Pi
Getting started with AWS IoT on Raspberry PiIan Massingham
 
AWSome Day Dublin Intro & Closing Slides
AWSome Day Dublin Intro & Closing Slides AWSome Day Dublin Intro & Closing Slides
AWSome Day Dublin Intro & Closing Slides Ian Massingham
 
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endGOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endIan Massingham
 
AWSome Day London January 2016 Intro
AWSome Day London January 2016 IntroAWSome Day London January 2016 Intro
AWSome Day London January 2016 IntroIan Massingham
 
AWS AWSome Day London October 2015
AWS AWSome Day London October 2015 AWS AWSome Day London October 2015
AWS AWSome Day London October 2015 Ian Massingham
 
AWSome Day Manchester 2105 - Intro/Close
AWSome Day Manchester 2105 - Intro/CloseAWSome Day Manchester 2105 - Intro/Close
AWSome Day Manchester 2105 - Intro/CloseIan Massingham
 
Gaming in the Cloud at Playhubs Oct 2015
Gaming in the Cloud at Playhubs Oct 2015Gaming in the Cloud at Playhubs Oct 2015
Gaming in the Cloud at Playhubs Oct 2015Ian Massingham
 
AWS User Group UK Meetup
AWS User Group UK MeetupAWS User Group UK Meetup
AWS User Group UK MeetupIan Massingham
 
Intro Presentation at AWS AWSome Day Glasgow September 2015
Intro Presentation at AWS AWSome Day Glasgow September 2015Intro Presentation at AWS AWSome Day Glasgow September 2015
Intro Presentation at AWS AWSome Day Glasgow September 2015Ian Massingham
 
AWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July MeetupAWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July MeetupIan Massingham
 
Intro Presentation at AWS AWSome Day Dublin July 2015
Intro Presentation at AWS AWSome Day Dublin July 2015Intro Presentation at AWS AWSome Day Dublin July 2015
Intro Presentation at AWS AWSome Day Dublin July 2015Ian Massingham
 

Mehr von Ian Massingham (20)

Some thoughts on measuring the impact of developer relations
Some thoughts on measuring the impact of developer relationsSome thoughts on measuring the impact of developer relations
Some thoughts on measuring the impact of developer relations
 
Leeds IoT Meetup - Nov 2017
Leeds IoT Meetup - Nov 2017Leeds IoT Meetup - Nov 2017
Leeds IoT Meetup - Nov 2017
 
What's New & What's Next from AWS?
What's New & What's Next from AWS?What's New & What's Next from AWS?
What's New & What's Next from AWS?
 
DevTalks Romania - Getting Started with AWS Lambda & the Serverless Cloud
DevTalks Romania - Getting Started with AWS Lambda & the Serverless CloudDevTalks Romania - Getting Started with AWS Lambda & the Serverless Cloud
DevTalks Romania - Getting Started with AWS Lambda & the Serverless Cloud
 
Getting started with AWS Lambda and the Serverless Cloud
Getting started with AWS Lambda and the Serverless CloudGetting started with AWS Lambda and the Serverless Cloud
Getting started with AWS Lambda and the Serverless Cloud
 
AWS re:Invent 2016 Day 2 Keynote re:Cap
AWS re:Invent 2016 Day 2 Keynote re:CapAWS re:Invent 2016 Day 2 Keynote re:Cap
AWS re:Invent 2016 Day 2 Keynote re:Cap
 
Getting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless CloudGetting Started with AWS Lambda & Serverless Cloud
Getting Started with AWS Lambda & Serverless Cloud
 
Building Better IoT Applications without Servers
Building Better IoT Applications without ServersBuilding Better IoT Applications without Servers
Building Better IoT Applications without Servers
 
Hashiconf AWS Lambda Breakout
Hashiconf AWS Lambda BreakoutHashiconf AWS Lambda Breakout
Hashiconf AWS Lambda Breakout
 
Getting started with AWS IoT on Raspberry Pi
Getting started with AWS IoT on Raspberry PiGetting started with AWS IoT on Raspberry Pi
Getting started with AWS IoT on Raspberry Pi
 
AWSome Day Dublin Intro & Closing Slides
AWSome Day Dublin Intro & Closing Slides AWSome Day Dublin Intro & Closing Slides
AWSome Day Dublin Intro & Closing Slides
 
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-endGOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
GOTO Stockholm - AWS Lambda - Logic in the cloud without a back-end
 
AWSome Day London January 2016 Intro
AWSome Day London January 2016 IntroAWSome Day London January 2016 Intro
AWSome Day London January 2016 Intro
 
AWS AWSome Day London October 2015
AWS AWSome Day London October 2015 AWS AWSome Day London October 2015
AWS AWSome Day London October 2015
 
AWSome Day Manchester 2105 - Intro/Close
AWSome Day Manchester 2105 - Intro/CloseAWSome Day Manchester 2105 - Intro/Close
AWSome Day Manchester 2105 - Intro/Close
 
Gaming in the Cloud at Playhubs Oct 2015
Gaming in the Cloud at Playhubs Oct 2015Gaming in the Cloud at Playhubs Oct 2015
Gaming in the Cloud at Playhubs Oct 2015
 
AWS User Group UK Meetup
AWS User Group UK MeetupAWS User Group UK Meetup
AWS User Group UK Meetup
 
Intro Presentation at AWS AWSome Day Glasgow September 2015
Intro Presentation at AWS AWSome Day Glasgow September 2015Intro Presentation at AWS AWSome Day Glasgow September 2015
Intro Presentation at AWS AWSome Day Glasgow September 2015
 
AWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July MeetupAWS Update from AWS User Group UK July Meetup
AWS Update from AWS User Group UK July Meetup
 
Intro Presentation at AWS AWSome Day Dublin July 2015
Intro Presentation at AWS AWSome Day Dublin July 2015Intro Presentation at AWS AWSome Day Dublin July 2015
Intro Presentation at AWS AWSome Day Dublin July 2015
 

KĂźrzlich hochgeladen

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂşjo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

KĂźrzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Security Best Practices

  • 1. ianmas@amazon.com @IanMmmm Ian Massingham — Technical Evangelist Security Best Practices
  • 2. Security Best Practices Architected to be one of the most flexible and secure cloud environments
 Removes many of the security headaches that come with infrastructure
 Built in Security Features
  • 3. Agenda Sharing the Security Responsibility 
 Overview of AWS Security Features
 Current Recommendations
 Verifying our Security 
 Case Studies & Useful Resources
  • 4. AWS security approach Size of AWS
 security team Visibility into
 usage & resources Increasing your Security Posture in the Cloud
  • 5. Broad Accreditations & Certications ISO 27001 ISO 9001 MPAA
  • 6. Partner ecosystem Customer ecosystem Everyone benefits Security Benets from Community Network Effect
  • 8. Shared Security Model • Shared Responsibility – Let AWS do the heavy lifting – Focus on what’s most valuable to your business • Customer • Choice of Guest OS • Application Configuration Options • Account Management flexibility • Security Groups • ACLs • Identity Management • AWS • Facility operations • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualisation Infrastructure • Hardware lifecycle management
  • 9. Such as Amazon EC2, Amazon EBS, and Amazon VPC Shared Security Model: Infrastructure Services
  • 10. Such as Amazon RDS and Amazon EMR Shared Security Model: Container Services
  • 11. Such as Amazon S3 and Amazon DynamoDB Shared Security Model: Abstracted Services
  • 14.
  • 15. BUILT-IN FIREWALLS YOU CONTROL ACCESS TO YOUR INSTANCES
  • 18. PRIVATE SUBNETS WITHIN YOUR AWS VIRTUAL PRIVATE CLOUD
  • 19. ENCRYPT YOUR DATA AT REST USING AES 256 BIT ENCRYPTION KEYS
  • 20. CLOUD HSM A HIGHLY SECURE WAY TO STORE KEYS
  • 22. SECURITY LOGS AWS CLOUDTRAIL, AWS CONFIG & AMAZON CLOUDWATCH LOGS
  • 25. Foundation Services Compute Storage Database Networking Client-side Data Encryption & Data Integrity Authentication Server-side Encryption (File System and/or Data) Network Traffic Protection (Encryption/Integrity/Identity) Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer Data Amazon Shared responsibility You AWS Global Infrastructure Regions Availability Zones Edge Locations Know the AWS Shared Responsibility Model Build your systems using AWS as the foundation & architect using an ISMS that takes advantage of AWS features 1
  • 26. Understand the AWS Secure Global Infrastructure Regions, Availability Zones and Endpoints Regions An independent collection of AWS resources in a defined geography A solid foundation for meeting location-dependent privacy and compliance requirements Availability Zones Designed as independent failure zones Physically separated within a typical metropolitan region 2
  • 27. Understand the AWS Secure Global Infrastructure Using the IAM service http://docs.aws.amazon.com/IAM/latest/UserGuide/IAMBestPractices.html AWS Identity and Access Management (IAM) enables you to securely control access to AWS services and resources for your users. Using IAM, you can create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources via credentials such as access keys, passwords and multi-factor authentication devices. You can also federate with SAML to your own pre-existing directories of user account information, such as OpenLDAP or Active Directory 2
  • 28. Define and Categorise Assets on AWS Identify all the information assets that you need to protect 3
  • 29. Design Your ISMS to Protect Your Assets on AWS Establish a standard for implementing, operating, monitoring, reviewing, maintaining & improving your information security management system 4
  • 30. Manage AWS Accounts, IAM Users, Groups & Roles Operate under the principle of Least Privilege AWS Account Your AWS account represents a business relationship between you and AWS. AWS accounts have root permissions to all AWS resources and services, so they are very powerful. IAM Users With IAM you can create multiple users, each with individual security credentials, all controlled under a single AWS account. IAM users can be a person, service, or application that needs access to your AWS resources through the management console, CLI, or directly via APIs. 5
  • 31. Manage AWS Accounts, IAM Users, Groups & Roles Strategies for using multiple AWS accounts Business Requirement Proposed Design Comments Centralised security management Single AWS Account Centralize information security management and minimize overhead. Separation of production, development & testing accounts Three AWS Accounts Create one AWS account for production services, one for development and one for testing Multiple autonomous departments Multiple AWS Accounts Create separate AWS accounts for each autonomous part of the organization. You can assign permissions and policies under each account Centralized security management with multiple autonomous independent projects Multiple AWS Accounts Create a single AWS account for common project resources (such as DNS services, Active Directory, CMS etc.). Then create separate AWS accounts per project. You can assign permissions and policies under each project account and grant access to resources across accounts. 5
  • 32. Manage AWS Accounts, IAM Users, Groups & Roles Delegation using IAM Roles and Temporary Security Credentials Applications on Amazon EC2 that need to access AWS resources Cross Account Access Identity Federation 5 http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html
  • 33. Manage OS-level Access to Amazon EC2 Instances You own the credentials, but AWS helps you bootstrap initial access to the OS Amazon EC2 Key Pairs Used to authenticate SSH access to Linux instances and to generate the initial administrator password on Windows instances. If you have higher security requirements, you are free to implement alternative authentication mechanisms and disable Amazon EC2 Key Pair Authentication 6
  • 34. Secure Your Data At rest & in transit Resource Access Authorisation Users or IAM Roles can only access resources after authentication Fine-grained resources policies can restrict users or permit users to access only the resources that you specify { "Effect": "Allow”, "Action": ["s3:GetObject”,"s3:PutObject”], "Resource": ["arn:aws:s3:::myBucket/amazon/snakegame/${cognito-identity.amazonaws.com:sub}"] } 7
  • 35. Secure Your Data At rest & in transit Storing and Managing Encryption Keys We recommend you store your keys in tamper-proof storage, such as Hardware Security Modules. AWS CloudHSM is one option available to help you do this, and the best option if you need third-party assurance that AWS doesn’t have access to your keys; for a more easily-integrated solution, also see KMS. As an alternative, you can store keys on your premises (eg using your own HSMs) and access these over secure links, such as via AWS Direct Connect with Ipsec, or IPsec VPNs over the Internet. aws.amazon.com/cloudhsm/ 7 aws.amazon.com/kms/
  • 36. Protecting Data at Rest Options differ by AWS Service. Amazon S3 – Server side encryption with Amazon S3 managed keys, your own encryption keys with Customer-Provided Keys (SSE-C), or keys managed by KMS Amazon EBS – use volume encryption provided by your operating system or KMS. For example, Windows EFS or Microsoft Windows Bitlocker, Linux dm- crypt, CloudHSM or on-premise HSM with SafeNet ProtectV Amazon RDS – use database specific cryptographic functions, or KMS EMR/DynamoDB – see Security Best Practices Whitepaper for options Secure Your Data At rest & in transit 7
  • 37. Secure Your Operating Systems & Applications With the shared responsibility model you manage operating systems & application security OS Hardening and Updates Use of Amazon Machine Images (AMIs) makes it easy to deploy standardized operating system and application builds Amazon provides and maintains a preconfigured set of AMIs, but you are also free to create your own and use these as the basis for EC2 instances that you deploy Standard OS hardening principles (eg CIS Benchmarks, DISA STIGs) can and should be applied to the operating systems that you chose to run on EC2 instances There are lots more detailed recommendations for securing your OS environment in the AWS Security Best Practices Whitepaper 8
  • 38. Secure Your Infrastructure Using AWS platform features Amazon Virtual Private Cloud (VPC) Create private clouds with Layer 2 separation, within the AWS Cloud Use your own IP address space, allocated by you. Use RFC1918 private address space for non-internet-routable networks Connect to your VPC via the Internet, IPsec over the Internet, AWS Direct Connect, AWS Direct Connect with IPsec or a combination of these. Define your own subnet topology, routing table and create custom service instances such as DNS or time servers 9
  • 39. Secure Your Infrastructure Using AWS platform features Security Zoning and Network Segmentation Network segmentation simply isolates one network from another Security zones are groups of system components with similar security levels that have common controls applied to them Combine AWS platform security features with your own overlay infrastructure components such as repositories, DNS & time servers to segment networks and create security zones The AWS elastic cloud infrastructure & automated deployment tools mean that you can apply the same security controls across all AWS regions Repeatable and uniform deployments improve your overall security posture 9
  • 40. Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Implement OS & Higher Level Monitoring Logs may be generated by a variety of network components as well as operating systems, platforms and applications We recommend logging and analysis of the following event types: • Actions taken by any individual with root or administrative privileges • Access to all audit trails • Invalid logical access attempts • Use of identification and authentication mechanisms • Initialisation of audit logs • Creation, deletion and modification of system level objects 10 Area Consideration Log collection Note how log files are collected. Often operating system, application, or third-party/middleware agents collect log file information Log transport When log files are centralized, transfer them to the central location in a secure, reliable, and timely fashion Log storage Centralize log files from multiple instances to facilitate retention policies, as well as analysis and correlation Log taxonomy Present different categories of log files in a format suitable for analysis Log analysis/ correlation Log files provide security intelligence after you analyze them and correlate events in them. You can analyze logs in real time, or at scheduled intervals. Log protection/ security Log files are sensitive. Protect them through network control, identity and access management, protection/ encryption, data integrity authentication, and tamper-proof time-stamping
  • 41. Area Consideration Log collection Note how log files are collected. Often operating system, application, or third-party/middleware agents collect log file information Log transport When log files are centralized, transfer them to the central location in a secure, reliable, and timely fashion Log storage Centralize log files from multiple instances to facilitate retention policies, as well as analysis and correlation Log taxonomy Present different categories of log files in a format suitable for analysis Log analysis/ correlation Log files provide security intelligence after you analyze them and correlate events in them. You can analyze logs in real time, or at scheduled intervals. Log protection/ security Log files are sensitive. Protect them through network control, identity and access management, protection/ encryption, data integrity authentication, and tamper-proof time-stamping Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Use CloudWatch Logs to Centralise Your Logs CloudWatch Logs enables you to monitor and troubleshoot your systems and applications using your existing system, application, and custom log files. Send your existing system, application, and custom log files to CloudWatch Logs via our agent, and monitor these logs in near real-time. This can help you better understand and operate your systems and applications, and you can store your logs using highly durable, low-cost storage for later access 10
  • 42. Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Use CloudTrail to Record AWS API Calls AWS CloudTrail is a web service that records AWS API calls for your account and delivers log files to you. The recorded information includes the identity of the API caller, the time of the API call, the source IP address of the API caller, the request parameters, and the response elements returned by the AWS service. With CloudTrail, you can get a history of AWS API calls for your account. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing. Splunk Loggly AW S Console 10
  • 43. Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud Use AWS Config to Record AWS Environment Changes AWS Config is a service that records AWS environment configurations, changes and relationships for your account and delivers log files to you. The recorded information includes the configuration and metadata for VPCs, Subnets, NACLS, Security Groups, VGWs, Internet Gateways, Elastic IPs etc and the relationships between them, and the time of the change. Snapshots answer the question “What did my environment look like, at time t?” History answers the question “What changes have happened, to infrastructure element I over time?” Continuous Change RecordingChanging Resources History Stream Snapshot (ex. 2014-11-05) AWS Config 10
  • 44. Monitoring, Alerting, Audit Trail & Incident Response Adapt existing processes, tools & methodologies for use in the cloud 10
  • 46. AWS is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run applications on our PCI- compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. AWS is ISO 27001 certified under the International Organization for Standardization (ISO) 27001 standard. ISO 27001 is a widely-adopted global security standard that outlines the requirements for information security management systems. Many other government and industry compliance requirements are also met by AWS. Find more at: aws.amazon.com/compliance Compliance at AWS
  • 47. RESOURCES YOU CAN USE TO LEARN MORE
  • 51. Introduction to AWS Security Security at Scale: Governance in AWS Security at Scale: Logging in AWS AWS Security Best Practices Securing Data at Rest with Encryption AWS Security Whitepaper AWS Security White Papers
  • 54. Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/
 self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS AWS Training & Certication
  • 55. Follow us for m ore events & w ebinars @AWScloud for Global AWS News & Announcements @AWS_UKI for local AWS events & news @IanMmmm Ian Massingham — Technical Evangelist