SlideShare ist ein Scribd-Unternehmen logo

How to protect your IoT data on AWS

Lahav Savir
Lahav Savir

Data and IoT are very exciting but also very dangerous, this presentation walk though AWS best practicing for securing the cloud platfrom

Technologie
1 von 41
How to Protect Your IoT data on AWS Lahav Savir Co-founder and CTO AllCloud
A Global Leader in Cloud Transformation and Adoption for SaaS, ISV and Enterprises
“AWS Managed Service Partners are skilled at cloud infrastructure and application migration, and deliver value to customers by offering proactive monitoring, automation, and management of their customer’s environment.” https://aws.amazon.com/partners/msp/ http://www.emind.co/msp AWS Next-Gen (v3) Managed Service Partner (MSP)
A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS-specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
360° Solution for vending business ● 100s of thousands connected devices around the world ● GPRS / 3G / Wifi ● Real-Time Data ● PCI-DSS Certified http://www.emind.co/case-study/nayax-partners-with-emind-to-migr ate-cashless-service-solutions-to-amazon-cloud/
More Than Just A Wireless Charging Solution. ● 1000s of locations worldwide ● Driving more traffic to businesses ● Big-data and real-time analytics http://www.emind.co/case-study/powermat-partners-with-emind-to- fully-manage-their-wireless-charging-services-on-aws/
Where there is more data, there are bound to be more data breaches!
Security in the Cloud Security of the Cloud
Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
Why the Cloud is more Secure? ● More segmentation ● More encryption ● Stronger authentication ● More logging and monitoring ● More managed platforms
Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
Identity Federation
Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP You can avoid the IAM Users
Network Access
Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: VPC Endpoints are not transitive via VPC Peering ● Public Virtual Interface – Access to the region IP address space (non-VPC Services)
SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● CheckPoint ● Sophos ● pfSense ● … Others
Don’t assume your corporate network is secure and expose your production networks to all users
Smart Separation
Inbound Layer Application Layer Outbound Layer
● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
Host Security
What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
Data Encryption
AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data -at-rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
Encrypt all your data, you never know who and when someone will request access to the data
Centrally Monitor and Audit
Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
● Create Clear Visibility ● Set Governance Rules ● Define Actions
© 2016 AllCloud Join our Fastlane to a Successful Cloud Deployment Contact me: lahav.savir@allcloud.io

Empfohlen

How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
Cloud Computing workshop
Cloud Computing workshopCloud Computing workshop
Cloud Computing workshopSuraj Kumar Jana
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Codit
 
The hidden secrets of azure networking
The hidden secrets of azure networkingThe hidden secrets of azure networking
The hidden secrets of azure networkingMohamed Wali
 
AWS Security
AWS SecurityAWS Security
AWS Securityarmincoralic
 
Distributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageDistributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageAmazon Web Services
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudFranklin Mosley
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 

Empfohlen

How to Protect your AWS Environment
How to Protect your AWS EnvironmentHow to Protect your AWS Environment
How to Protect your AWS EnvironmentLahav Savir
 
Cloud Computing workshop
Cloud Computing workshopCloud Computing workshop
Cloud Computing workshopSuraj Kumar Jana
 
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event)
Introduction to Azure PaaS services (Nick Trogh at Codit Azure PaaS Event) Codit
 
The hidden secrets of azure networking
The hidden secrets of azure networkingThe hidden secrets of azure networking
The hidden secrets of azure networkingMohamed Wali
 
AWS Security
AWS SecurityAWS Security
AWS Securityarmincoralic
 
Distributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageDistributing Ledger on Cloud: The Perfect Marriage
Distributing Ledger on Cloud: The Perfect MarriageAmazon Web Services
 
Taking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudTaking Security Responsibility in the AWS Cloud
Taking Security Responsibility in the AWS CloudFranklin Mosley
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesAmazon Web Services
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureXpand IT
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAmazon Web Services
 
How to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSHow to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSDatabarracks
 
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...Amazon Web Services
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Amazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsAmazon Web Services
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Amazon Web Services
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure AdministratorViknaraj Manogararajah
 
aOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsaOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsMaxime Rastello
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesAmazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaChris Farris
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...Andrew Backhouse
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsBill Chesnut
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationLahav Savir
 
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-timeDynatrace
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapeChristian Posta
 
Introduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeIntroduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeRavikanth Chaganti
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesAmazon Web Services
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureXpand IT
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAmazon Web Services
 
How to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSHow to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSDatabarracks
 
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...Amazon Web Services
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Amazon Web Services
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsAmazon Web Services
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Amazon Web Services
 
aOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsaOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsMaxime Rastello
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesAmazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaChris Farris
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...Andrew Backhouse
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsBill Chesnut
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationLahav Savir
 
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-timeDynatrace
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapeChristian Posta
 
Introduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeIntroduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeRavikanth Chaganti
 

Was ist angesagt? (20)

Security in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web ServicesSecurity in the Cloud | Amazon Web Services
Security in the Cloud | Amazon Web Services
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
 
Integrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft AzureIntegrating Cloudera & Microsoft Azure
Integrating Cloudera & Microsoft Azure
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
 
How to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWSHow to Develop and Deploy Web-Scale Applications on AWS
How to Develop and Deploy Web-Scale Applications on AWS
 
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
(ARC203) Expanding Your Data Center with Hybrid Infrastructure | AWS re:Inven...
 
Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.Successful Cloud Adoption for the Enterprise. Not If. When.
Successful Cloud Adoption for the Enterprise. Not If. When.
 
Improving Security Agility using DevSecOps
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
 
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
Building Performance Clinical Systems' HIPAA-Compliant Clinical Workflow Plat...
 
Azure Administrator
Azure AdministratorAzure Administrator
Azure Administrator
 
aOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory NewsaOS Brussels - Azure Active Directory News
aOS Brussels - Azure Active Directory News
 
Mission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web ServicesMission Critical Applications Workloads on Amazon Web Services
Mission Critical Applications Workloads on Amazon Web Services
 
Moving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit AtlantaMoving the needle on cloud security - AWS Summit Atlanta
Moving the needle on cloud security - AWS Summit Atlanta
 
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
AWS Leeds Meetup - How do you manage secure access to AWS in an ever-increasi...
 
Azure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api AppsAzure app services 2 - Logic & Api Apps
Azure app services 2 - Logic & Api Apps
 
Emind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS IntegrationEmind’s Architecture for Enterprise with AWS Integration
Emind’s Architecture for Enterprise with AWS Integration
 
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
Rio Info 2015 - Painel Oportunidades para o Brasil na era da Computação em Nu...
 
The full picture of Openstack in real-time
The full picture of Openstack in real-timeThe full picture of Openstack in real-time
The full picture of Openstack in real-time
 
PHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh LandscapePHX DevOps Days: Service Mesh Landscape
PHX DevOps Days: Service Mesh Landscape
 
Introduction to Microsoft Azure Compute
Introduction to Microsoft Azure ComputeIntroduction to Microsoft Azure Compute
Introduction to Microsoft Azure Compute
 

Ähnlich wie How to protect your IoT data on AWS

How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivAmazon Web Services
 
Low Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the CloudLow Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the CloudDhaval Nagar
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Write less (code) and build more with serverless
Write less (code) and build more with serverlessWrite less (code) and build more with serverless
Write less (code) and build more with serverlessDhaval Nagar
 
Introduction to amazon web services for developers
Introduction to amazon web services for developersIntroduction to amazon web services for developers
Introduction to amazon web services for developersCiklum Ukraine
 
Building self service framework
Building self service frameworkBuilding self service framework
Building self service frameworkRovshan Musayev
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance John Varghese
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security CenterLalit Rawat
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayAmazon Web Services
 
How to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndHow to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndLahav Savir
 
The Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSThe Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSRightScale
 
Architecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsArchitecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsHenry Fougere
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Priyanka Aash
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionDenodo
 

Ähnlich wie How to protect your IoT data on AWS (20)

How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel AvivBuilding PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
Building PCI Compliance Solution on AWS - Pop-up Loft Tel Aviv
 
Low Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the CloudLow Cost AWS Services For Application Development in the Cloud
Low Cost AWS Services For Application Development in the Cloud
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Write less (code) and build more with serverless
Write less (code) and build more with serverlessWrite less (code) and build more with serverless
Write less (code) and build more with serverless
 
Introduction to amazon web services for developers
Introduction to amazon web services for developersIntroduction to amazon web services for developers
Introduction to amazon web services for developers
 
Building self service framework
Building self service frameworkBuilding self service framework
Building self service framework
 
Automating AWS security and compliance
Automating AWS security and compliance Automating AWS security and compliance
Automating AWS security and compliance
 
Tour to Azure Security Center
Tour to Azure Security CenterTour to Azure Security Center
Tour to Azure Security Center
 
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlayPragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
Pragmatic Approach to Workload Migrations - London Summit Enteprise Track RePlay
 
How to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-EndHow to Secure Your AWS Powered Mobile App End-to-End
How to Secure Your AWS Powered Mobile App End-to-End
 
cc.pptx
cc.pptxcc.pptx
cc.pptx
 
The Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWSThe Best of Both Worlds: Implementing Hybrid IT with AWS
The Best of Both Worlds: Implementing Hybrid IT with AWS
 
An introduction to cloud systems architecture
An introduction to cloud systems architectureAn introduction to cloud systems architecture
An introduction to cloud systems architecture
 
Information Security in AWS - Dave Walker
Information Security in AWS - Dave WalkerInformation Security in AWS - Dave Walker
Information Security in AWS - Dave Walker
 
Architecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.jsArchitecting applications on amazon web services with node.js
Architecting applications on amazon web services with node.js
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform...
 
Cloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service OptionCloud Modernization and Data as a Service Option
Cloud Modernization and Data as a Service Option
 

Mehr von Lahav Savir

Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationLahav Savir
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkLahav Savir
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSLahav Savir
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWSLahav Savir
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudLahav Savir
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the CloudLahav Savir
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםLahav Savir
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1Lahav Savir
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir
 

Mehr von Lahav Savir (9)

Best of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentationBest of re:Invent 2016 meetup presentation
Best of re:Invent 2016 meetup presentation
 
Real-Time Vote Platform Benchmark
Real-Time Vote Platform BenchmarkReal-Time Vote Platform Benchmark
Real-Time Vote Platform Benchmark
 
Build Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWSBuild Secure Cloud Solution using F5 BIG-IP on AWS
Build Secure Cloud Solution using F5 BIG-IP on AWS
 
Running an erlang based messaging system on AWS
Running an erlang based messaging system on AWSRunning an erlang based messaging system on AWS
Running an erlang based messaging system on AWS
 
DevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloudDevOps sensors 360° high availability in the cloud
DevOps sensors 360° high availability in the cloud
 
Deploying secure backup on to the Cloud
Deploying secure backup on to the CloudDeploying secure backup on to the Cloud
Deploying secure backup on to the Cloud
 
סע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתייםסע לשלום - הדרכה לרכזים כיתתיים
סע לשלום - הדרכה לרכזים כיתתיים
 
Multi Layer Monitoring V1
Multi Layer Monitoring V1Multi Layer Monitoring V1
Multi Layer Monitoring V1
 
Lahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile GatewaysLahav Savir - Massively Scaleable Mobile Gateways
Lahav Savir - Massively Scaleable Mobile Gateways
 

Kürzlich hochgeladen

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 

Kürzlich hochgeladen (20)

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

How to protect your IoT data on AWS

  • 1. How to Protect Your IoT data on AWS Lahav Savir Co-founder and CTO AllCloud
  • 2. A Global Leader in Cloud Transformation and Adoption for SaaS, ISV and Enterprises
  • 3. “AWS Managed Service Partners are skilled at cloud infrastructure and application migration, and deliver value to customers by offering proactive monitoring, automation, and management of their customer’s environment.” https://aws.amazon.com/partners/msp/ http://www.emind.co/msp AWS Next-Gen (v3) Managed Service Partner (MSP)
  • 4. A “Cloud-native” MSP Market Guide for Managed Service Providers on Amazon Web Services (Lydia Leong, Oct. 2015) “Amazon Web Services does not offer managed services, but many customers want to use AWS as a cloud IaaS and PaaS platform, while outsourcing IT operations or application management. AWS's ecosystem of MSP partners can fulfill this need.” https://www.gartner.com/doc/3157620/market-guide-managed-service-providers “Common Types of MSPs (on AWS) with Example References ● Cloud-native MSPs. These MSPs were either founded specifically to provide services on cloud IaaS, or pivoted to entirely focus their business on these services. Many of these MSPs are AWS-specific. Examples include 2nd Watch, Cloudnexa, Cloudreach, Emind and Minjar”
  • 5.
  • 6. 360° Solution for vending business ● 100s of thousands connected devices around the world ● GPRS / 3G / Wifi ● Real-Time Data ● PCI-DSS Certified http://www.emind.co/case-study/nayax-partners-with-emind-to-migr ate-cashless-service-solutions-to-amazon-cloud/
  • 7. More Than Just A Wireless Charging Solution. ● 1000s of locations worldwide ● Driving more traffic to businesses ● Big-data and real-time analytics http://www.emind.co/case-study/powermat-partners-with-emind-to- fully-manage-their-wireless-charging-services-on-aws/
  • 8. Where there is more data, there are bound to be more data breaches!
  • 10. Assessing the Risk: Yes, the Cloud Can Be More Secure Than Your On-Premises Environment IDC, July 2015
  • 11. Why the Cloud is more Secure? ● More segmentation ● More encryption ● Stronger authentication ● More logging and monitoring ● More managed platforms
  • 12. Top Topics ● Infrastructure Security ● Network Security ● Host Security ● Data Encryption ● Identity Management ● Monitoring & Auditing
  • 14. Why do you need Single Identity? ● Multiple AWS Accounts ● Multiple Security Policies ● Multiple Entry Points ● Many Resources ● Multiple 3rd Party Services
  • 15. Single Identity Provider ● Single Password Policy ● Single Lock Policy ● Single OTP ● Single Login Audit ● Same username used across all resources
  • 16. Organization users accessing: AWS Resources ● AWS Console ● AWS API ● Network Access / VPN ● EC2 Instances Other Resources ● New Relic ● Datadog ● Pingdom ● Google Apps ● Office 365 ● Jira ● Github ● Logz.io ● ...
  • 17. ● Don't mix Corporate and Cloud Resources ● Minimize Replication ● Maximize Federation
  • 18. Corporate ● Corporate Active Directory ● Mix of users and desktops / servers ● 3rd Party SSO / Federation Services Cloud ● Cloud Active Directory ● Cloud Resources Only Integration ● One Way Trust between Corp AD and Cloud AD
  • 19. Login Scenarios ● AWS Console ○ SAML Federation ● VPN ○ Radius ● Jumpbox on EC2 ○ Radius / LDAP ● Windows instance on EC2 ○ Kerberos / LDAP ● Linux instance on EC2 ○ Kerberos / LDAP You can avoid the IAM Users
  • 20.
  • 22. Networking ● Public Internet ● VPN / IPSec Tunnel ● DirectConnect
  • 23. Direct Connect Options ● Private Virtual Interface – Access to VPC ○ Note: VPC Endpoints are not transitive via VPC Peering ● Public Virtual Interface – Access to the region IP address space (non-VPC Services)
  • 24. SSL VPN Options ● OpenVPN ● Fortinet Fortigate ● CheckPoint ● Sophos ● pfSense ● … Others
  • 25. Don’t assume your corporate network is secure and expose your production networks to all users
  • 28. ● Create a controlled environment that minimizes human mistakes ● Inspect inbound and outbound traffic
  • 30. What’s Host Security ? ● OS Hardening ● Anti Virus ● Malware Protection ● Host Based IPS ● File Integrity Monitoring ● Vulnerability Scanning
  • 32. AWS Encryption Options Data at Rest ● EBS Encryption (inc. root device) ● S3 Client / Server Side Encryption ● RDS / Redshift Storage Encryption ● DynamoDB Client Side Encryption https://d0.awsstatic.com/whitepapers/aws-securing-data -at-rest-with-encryption.pdf Data in Transit ● API’s are TLS Encrypted ● Service Endpoints are TLS Encrypted ● Elastic Load Balancer supports TLS ● CloudFront supports TLS ● IPSec VPN
  • 33. Encrypt all your data, you never know who and when someone will request access to the data
  • 35. Events Sources ● CloudTrail ● ELB / S3 / CloudFront Access Logs ● VPC Flow logs ● AWS Inspector ● Host AV & IPS ● Network WAF & IPS ● Evident.io / Dome9 ● Observable
  • 36.
  • 37.
  • 38.
  • 39.
  • 40. ● Create Clear Visibility ● Set Governance Rules ● Define Actions
  • 41. © 2016 AllCloud Join our Fastlane to a Successful Cloud Deployment Contact me: lahav.savir@allcloud.io