Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Architecting for Greater Security on AWS

6,926 views

Published on

Leveraging AWS for your business provides a catalyst for security programs as customers inherit a faster pace of security innovation simply by using AWS. This session highlights design and architecture patterns customers can employ to measurably improve the security of their organization. In this session, customers explore design patterns for data security using encryption, strong access controls, and least privilege; for implementing detective security controls, such as logging and monitoring, at scale; and for implementing a defense-in-depth network security architecture.

Published in: Technology
  • Sex in your area is here: ❶❶❶ http://bit.ly/2u6xbL5 ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ❤❤❤ http://bit.ly/2u6xbL5 ❤❤❤
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/yxufevpm } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Architecting for Greater Security on AWS

  1. 1. ©2015,  Amazon  Web  Services,  Inc.  or  its  affiliates.  All  rights  reserved Architecting for Greater Security in AWS Bill Shinn Principal Security Solutions Architect
  2. 2. 1) Why does security come first in enterprise cloud adoption? AWS Job Zero New Territory Enterprise Security is Traditionally Hard
  3. 3. 2) Why is enterprise security traditionally so hard? So much planning Slows down feature flow
  4. 4. 3) Why so much planning which takes so long? So many processes So many hand-offs Built-in pauses
  5. 5. 4) Why so many processes? Processes detect unwanted change Visibility, control and quality are essential Reduce impact of failure
  6. 6. 5) Why are change detection and low-risk changes so difficult? Lack of visibility No stimulus+response Low degree of automation
  7. 7. So where does AWS come in? AWS makes security faster Lets you move fast but stay safe
  8. 8. 1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)
  9. 9. 1) Secure, Sensible Defaults - Access IAM Users, Groups, Roles Managed and inline policies Versioned IAM policies Multi-factor authentication Workforce lifecycle management (SAML Federation, Connected Directory)
  10. 10. 1) Secure, Sensible Defaults - Network Virtual Private Cloud DirectConnect & Virtual Private Gateway Routing control – private and public subnets IAM policies limit who can launch instances by trust zone Security Groups
  11. 11. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management
  12. 12. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management
  13. 13. 2) Improve Trust & Accountability with Better Visibility AWS CloudTrail AWS CloudWatch Logs AWS Config Tagging Asset Management
  14. 14. 3) Inherit compliance and controls Map AWS certifications into your enterprise GRC Recognized industry audit standards Jurisdiction Regulatory and contractual options (FedRAMP, HIPAA Business Associate Addendum, EU DPD Data Protection Addendum, PCI Attestation of Compliance)
  15. 15. 4) Ride the pace of innovation Find projects in your 3-year strategy where we innovating and let us do it Most companies do not encrypt content internally Encryption is built into EBS, S3, RDS, RedShift, Glacier, Elastic MapReduce, etc. Key Management Service give you more control and visibility at cloud prices We launched ~190 security-related features last year
  16. 16. 5) Much Smaller Batch, Faster Changes CloudFormation Infrastructure as code, checked into source code control Route53 or ELB cutover in deployments Elastic Beanstalk application versions Integrate teams across functions - less hand-offs between teams, but far greater awareness and control of lower-risk changes
  17. 17. 6) Reduce the impact of failure Multi-Availability Zone deployments Use multiple regions Replicate data – S3, EBS, RDS Lifecycle policies Auto-scaling Auto-recovery
  18. 18. 7) Further improve automation Access and deployments are no longer performed by people EC2 Instance Profiles and service roles (Security Token Service) AWS CodeDeploy Continuous Integration & Deployment Extends to on-premises workloads
  19. 19. 8) Make security actionable Review what matters -  Internet Gateway -  Identity and Access Management -  VPC – Subnet and NACL changes -  Security Groups Shut things down automatically Scan what change Roll-back automatically Use Lambda
  20. 20. Benefits of Enterprise Security on AWS Higher degree of visibility, transparency and accountability (secure and can prove it) Higher degree of trust and autonomy Significant reductions in long-term, privileged access Focus a greater proportion of limited security resources on application security Have a much higher rate of successful change and changes are delivered more quickly
  21. 21. Thank you!

×