Ultra secure cloud data center on aws

•

1 gefällt mir•1,286 views

Ultra Secure Data Center
on Amazon Cloud
Lahav Savir, Architect & CEO
Emind systems Ltd.
lahavs@emind.co

About
Lahav Savir
• 15+ years’ experience in on-line industry
• Architect and CEO @ Emind Systems

Emind Systems (est. 2006)
• Boutique system integrator
• 100+ AWS customers
• AWS solution provider

Amazon (AWS) Certification
Amazon Solution Provider
& Consulting Partner

https://aws.amazon.com/solution-providers/si/emind-systems-ltd

What is secure data center ?
• Isolated • User management
• Controlled – One time password
• Firewalled • Data encryption
• Secure access • Frequent updates
– VPN • Configuration analysis
– SSL • Regulatory compliance
• IDS & IPS • One spot for monitoring
• Antivirus – Centralized alerts
• Audited

Emind’s best practices

Access Management
• Control the data flow
– AWS VPC
– ACL
– Routing
– Handle all in/out traffic
• Firewall
– Security groups
• Identity access management
– One-time-password
– AWS IAM with MFA

ACL & Routing in the VPC

Emind’s best practices

Traffic Control
• Log in / out traffic
• Terminate encrypted connection
• Sanitize in / out packets
– Real-time decisions
– Accept / reject connections
– Rate limiting

Emind’s best practices

Anomalies detection
• Host-based IDS
– Detect configuration changes
– Track running processes
– Track file access
– Resource access
– Detect abnormal behavior !
• OS hardening
• App cleanup

Emind’s best practices

Data Protection
• In-flight
– SSL encryption
– IPSec
• In-rest
– Storage level encryption
– Data base encryption

Emind’s best practices

Centralize the info
• Need to aggregate
– VPN access logs
– Traffic audit logs
– Network IDS logs
– Host IDS logs
– Anti virus logs
• Detect patterns

Security lifecycle management
• Ongoing discovery & analysis
– Access
– Traffic
– IDS
– Anti virus
– Encryption keys
• Act on analysis results
• Reveal and solve settings
• Make them all orchestrate together !

Emind’s best practices

• goCloud – Emind’s optimal road to the cloud
– Secure cloud architecture
– Scalable & high-availability design
– Customized system deployment
– Orchestrating cloud and software
– Cloud operation team
– Monitoring and alerting
– 24x7 SLA

Contact me
lahavs@emind.co @lahavsavir
054-4321688

Weitere ähnliche Inhalte

Andere mochten auch

The Enterprise Reference Architecture and Tools

The Enterprise Reference Architecture and Tools

The Enterprise Reference Architecture and Tools

Software Park Thailand

Reference Architecture for Data Loss Prevention in the Cloud

Reference Architecture for Data Loss Prevention in the Cloud

Reference Architecture for Data Loss Prevention in the Cloud

Take It to the Cloud: The Evolution of Security Architecture

Take It to the Cloud: The Evolution of Security Architecture

Take It to the Cloud: The Evolution of Security Architecture

The F5 DDoS Protection Reference Architecture (Technical White Paper)

The F5 DDoS Protection Reference Architecture (Technical White Paper)

The F5 DDoS Protection Reference Architecture (Technical White Paper)

As organizations move mission critical files and data into Box, security and productivity become increasingly important. How can IT enable users to seamlessly access Box with their existing network credentials or ensure that user accounts are automatically provisioned and deprovisioned as employee roles change? Historically, Active Directory has been core to application security and productivity. However, Active Directory was built for on-premise networks and does not easily integrate with cloud applications like Box. Okta’s Active Directory integration service bridges this gap, takes only moments to set up, and best of all… is FREE! This webinar will discuss Okta’s free Directory Integration Edition for Box, and how it can deliver the following benefits: -Single sign-on with federation or delegated authentication -Automated provisioning & de-provisioning via Security Groups -True end-to-end provisioning from HRIS systems like Workday -Password synchronization -Multifactor authentication

Extending Active Directory to Box for Seamless IT Management

Extending Active Directory to Box for Seamless IT Management

Extending Active Directory to Box for Seamless IT Management

Load balancing isn’t dead—it has evolved into something much greater. While it remains a core functionality for delivering any application, traditional load-balancing has moved beyond the network to encompasses a range of security, performance and management services. As leaders in the application services industry, F5’s expertise in helping power fast, available, and secure applications forms the foundation for our entire catalog of solutions. Any Device. Anytime. Anywhere. Not only are employees accessing enterprise applications on mobile devices, they’re increasingly using their own devices. Making applications always available anywhere on any device is critical to lowering costs and maximizing productivity. With F5, you can remove the roadblocks in your network to efficiently and securely deliver applications that are available to users when and where they need them.

F5 Application Services Reference Architecture (Audio)

F5 Application Services Reference Architecture (Audio)

F5 Application Services Reference Architecture (Audio)

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Stefaan Van daele

AWS Security Architecture - Overview

AWS Security Architecture - Overview

AWS Security Architecture - Overview

Sai Kesavamatham

It’s no secret that Identity Management is a key component to any modern identity solution. Organizations need to easily provision, de-provision and perform synchronization & reconciliation tasks across not just users, but devices and things as well. The future of Identity Management will require the unique flexibility of a service based approach with custom configurable administrative and self-service capabilities that can handle any kind of Identity. Find out more about how all forms of identity (business, consumer and device) can by centralized, normalized, coordinated and managed by policy - and automated to ensure a consistent experience that complies with regulations and policies. Discover how ForgeRock can help you deliver Identity Management the right way to your customers, partners and employees. Learn more about ForgeRock Access Management: https://www.forgerock.com/platform/access-management/ Learn more about ForgeRock Identity Management: https://www.forgerock.com/platform/identity-management/

Identity Management with the ForgeRock Identity Platform - So What’s New?

Identity Management with the ForgeRock Identity Platform - So What’s New?

Identity Management with the ForgeRock Identity Platform - So What’s New?

Cloud initiatives are beginning to dominate enterprise IT roadmaps. Successful adoption of Cloud and the subsequent governance challenges warrant a Cloud reference architecture that is applied consistently across the enterprise. This presentation will answer questions such as what exactly a Cloud is, why you need it, what changes it will bring to the enterprise, and what the key capabilities of a Cloud infrastructure are - using Oracle's Cloud Reference Architecture, which is part of the IT Strategies from Oracle (ITSO) Cloud Enterprise Technology Strategy (ETS).

Oracle Cloud Reference Architecture

Oracle Cloud Reference Architecture

Oracle Cloud Reference Architecture

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture

Thanakrit Lersmethasakul

Cloud Computing and the Next-Generation of Enterprise Architecture - Cloud Co...

Cloud Computing and the Next-Generation of Enterprise Architecture - Cloud Co...

Cloud Computing and the Next-Generation of Enterprise Architecture - Cloud Co...

Stuart Charlton

Microsoft Active Directory is the foundation for distributed networks built on Windows Server. Learn how our new Active Directory Reference Implementation Guide can help you deploy highly available AD Domain Services on AWS in about an hour. Included will be an overview of the reference architecture, implementation guide, and Cloud Formation templates, which automate much of the process. Two scenarios are covered: one fully cloud-based and one hybrid, using AWS Direct Connect to extend an existing on-premises AD solution into the AWS Cloud.

AWS Webcast - Active Directory on AWS

AWS Webcast - Active Directory on AWS

AWS Webcast - Active Directory on AWS

Amazon Web Services

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...

Amazon Web Services

Andere mochten auch (14)

The Enterprise Reference Architecture and Tools

The Enterprise Reference Architecture and Tools

The Enterprise Reference Architecture and Tools

Reference Architecture for Data Loss Prevention in the Cloud

Reference Architecture for Data Loss Prevention in the Cloud

Reference Architecture for Data Loss Prevention in the Cloud

Take It to the Cloud: The Evolution of Security Architecture

Take It to the Cloud: The Evolution of Security Architecture

Take It to the Cloud: The Evolution of Security Architecture

The F5 DDoS Protection Reference Architecture (Technical White Paper)

The F5 DDoS Protection Reference Architecture (Technical White Paper)

The F5 DDoS Protection Reference Architecture (Technical White Paper)

Extending Active Directory to Box for Seamless IT Management

Extending Active Directory to Box for Seamless IT Management

Extending Active Directory to Box for Seamless IT Management

F5 Application Services Reference Architecture (Audio)

F5 Application Services Reference Architecture (Audio)

F5 Application Services Reference Architecture (Audio)

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Security Building Blocks of the IBM Cloud Computing Reference Architecture

Security Building Blocks of the IBM Cloud Computing Reference Architecture

AWS Security Architecture - Overview

AWS Security Architecture - Overview

AWS Security Architecture - Overview

Identity Management with the ForgeRock Identity Platform - So What’s New?

Identity Management with the ForgeRock Identity Platform - So What’s New?

Identity Management with the ForgeRock Identity Platform - So What’s New?

Oracle Cloud Reference Architecture

Oracle Cloud Reference Architecture

Oracle Cloud Reference Architecture

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture

NIST Cloud Computing Reference Architecture

Cloud Computing and the Next-Generation of Enterprise Architecture - Cloud Co...

Cloud Computing and the Next-Generation of Enterprise Architecture - Cloud Co...

Cloud Computing and the Next-Generation of Enterprise Architecture - Cloud Co...

AWS Webcast - Active Directory on AWS

AWS Webcast - Active Directory on AWS

AWS Webcast - Active Directory on AWS

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...

Securing Serverless Workloads with Cognito and API Gateway Part II - AWS Secu...

Mehr von Lahav Savir

How to Secure Your AWS Powered Mobile App End-to-End

How to Secure Your AWS Powered Mobile App End-to-End

How to Secure Your AWS Powered Mobile App End-to-End

Best of re:Invent 2016 meetup presentation

Best of re:Invent 2016 meetup presentation

Best of re:Invent 2016 meetup presentation

How to protect your IoT data on AWS

How to protect your IoT data on AWS

How to protect your IoT data on AWS

How to Protect your AWS Environment

How to Protect your AWS Environment

How to Protect your AWS Environment

Emind’s Architecture for Enterprise with AWS Integration

Emind’s Architecture for Enterprise with AWS Integration

Emind’s Architecture for Enterprise with AWS Integration

Real-Time Vote Platform Benchmark

Real-Time Vote Platform Benchmark

Real-Time Vote Platform Benchmark

Build Secure Cloud Solution using F5 BIG-IP on AWS

Build Secure Cloud Solution using F5 BIG-IP on AWS

Build Secure Cloud Solution using F5 BIG-IP on AWS

Running an erlang based messaging system on AWS

Running an erlang based messaging system on AWS

Running an erlang based messaging system on AWS

DevOps sensors 360° high availability in the cloud

DevOps sensors 360° high availability in the cloud

DevOps sensors 360° high availability in the cloud

Deploying secure backup on to the Cloud

Deploying secure backup on to the Cloud

Deploying secure backup on to the Cloud

סע לשלום - הדרכה לרכזים כיתתיים

סע לשלום - הדרכה לרכזים כיתתיים

סע לשלום - הדרכה לרכזים כיתתיים

Multi Layer Monitoring V1

Multi Layer Monitoring V1

Multi Layer Monitoring V1

Lahav Savir - Massively Scaleable Mobile Gateways

Lahav Savir - Massively Scaleable Mobile Gateways

Lahav Savir - Massively Scaleable Mobile Gateways

Mehr von Lahav Savir (13)

How to Secure Your AWS Powered Mobile App End-to-End

How to Secure Your AWS Powered Mobile App End-to-End

How to Secure Your AWS Powered Mobile App End-to-End

Best of re:Invent 2016 meetup presentation

Best of re:Invent 2016 meetup presentation

Best of re:Invent 2016 meetup presentation

How to protect your IoT data on AWS

How to protect your IoT data on AWS

How to protect your IoT data on AWS

How to Protect your AWS Environment

How to Protect your AWS Environment

How to Protect your AWS Environment

Emind’s Architecture for Enterprise with AWS Integration

Emind’s Architecture for Enterprise with AWS Integration

Emind’s Architecture for Enterprise with AWS Integration

Real-Time Vote Platform Benchmark

Real-Time Vote Platform Benchmark

Real-Time Vote Platform Benchmark

Build Secure Cloud Solution using F5 BIG-IP on AWS

Build Secure Cloud Solution using F5 BIG-IP on AWS

Build Secure Cloud Solution using F5 BIG-IP on AWS

Running an erlang based messaging system on AWS

Running an erlang based messaging system on AWS

Running an erlang based messaging system on AWS

DevOps sensors 360° high availability in the cloud

DevOps sensors 360° high availability in the cloud

DevOps sensors 360° high availability in the cloud

Deploying secure backup on to the Cloud

Deploying secure backup on to the Cloud

Deploying secure backup on to the Cloud

סע לשלום - הדרכה לרכזים כיתתיים

סע לשלום - הדרכה לרכזים כיתתיים

סע לשלום - הדרכה לרכזים כיתתיים

Multi Layer Monitoring V1

Multi Layer Monitoring V1

Multi Layer Monitoring V1

Lahav Savir - Massively Scaleable Mobile Gateways

Lahav Savir - Massively Scaleable Mobile Gateways

Lahav Savir - Massively Scaleable Mobile Gateways

Kürzlich hochgeladen

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

The action of the next cyber saga takes place in the mystical lands of the Asia-Pacific region, where the main characters began their digital activities in the middle of 2021 and qualitatively strengthened it in 2022. Corporate espionage, document theft, audio recordings, and data leaks from messaging platforms were all a matter of one day for Dark Pink. Their geographical focus may have started in the Asia-Pacific region, but their ambitions knew no bounds, targeting a European government ministry in a bold move to expand their portfolio. Their victim profile was as diverse as a UN meeting, targeting military organizations, government agencies, and even a religious organization. Because discrimination is not a fashionable agenda. In the world of cybercrime, they serve as a reminder that sometimes the most serious threats come in the most unassuming packages with a pink bow.

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Overkill Security

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Rustici Software

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

rafiqahmad00786416

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

Kürzlich hochgeladen (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Cyberprint. Dark Pink Apt Group [EN].pdf

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

How to Troubleshoot Apps for the Modern Connected Worker

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Why Teams call analytics are critical to your entire business

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

MS Copilot expands with MS Graph connectors

Ultra secure cloud data center on aws

1. Ultra Secure Data Center on Amazon Cloud Lahav Savir, Architect & CEO Emind systems Ltd. lahavs@emind.co

2. About Lahav Savir • 15+ years’ experience in on-line industry • Architect and CEO @ Emind Systems Emind Systems (est. 2006) • Boutique system integrator • 100+ AWS customers • AWS solution provider

3. Amazon (AWS) Certification Amazon Solution Provider & Consulting Partner https://aws.amazon.com/solution-providers/si/emind-systems-ltd

4. What is secure data center ? • Isolated • User management • Controlled – One time password • Firewalled • Data encryption • Secure access • Frequent updates – VPN • Configuration analysis – SSL • Regulatory compliance • IDS & IPS • One spot for monitoring • Antivirus – Centralized alerts • Audited

5. Emind’s best practices

6. Access Management • Control the data flow – AWS VPC – ACL – Routing – Handle all in/out traffic • Firewall – Security groups • Identity access management – One-time-password – AWS IAM with MFA

7. ACL & Routing in the VPC

8. Emind’s best practices

9. Traffic Control • Log in / out traffic • Terminate encrypted connection • Sanitize in / out packets – Real-time decisions – Accept / reject connections – Rate limiting

10. Emind’s best practices

11. Anomalies detection • Host-based IDS – Detect configuration changes – Track running processes – Track file access – Resource access – Detect abnormal behavior ! • OS hardening • App cleanup

12. Emind’s best practices

13. Data Protection • In-flight – SSL encryption – IPSec • In-rest – Storage level encryption – Data base encryption

14. Emind’s best practices

15. Centralize the info • Need to aggregate – VPN access logs – Traffic audit logs – Network IDS logs – Host IDS logs – Anti virus logs • Detect patterns

16. Security lifecycle management • Ongoing discovery & analysis – Access – Traffic – IDS – Anti virus – Encryption keys • Act on analysis results • Reveal and solve settings • Make them all orchestrate together !

17. Emind’s best practices

18. • goCloud – Emind’s optimal road to the cloud – Secure cloud architecture – Scalable & high-availability design – Customized system deployment – Orchestrating cloud and software – Cloud operation team – Monitoring and alerting – 24x7 SLA

19. Contact me lahavs@emind.co @lahavsavir 054-4321688