SlideShare a Scribd company logo

Best Practices for IoT Security in the Cloud

Amazon Web Services
Amazon Web Services

This session will introduce best practices for IoT security in the cloud and the access control mechanisms used by AWS IoT. These mechanisms can be used to not only securely build and provision devices, but also to integrate devices with other AWS services. As a result, you are able to scale and innovate, while maintaining a secure environment.

Presentations & Public Speaking
1 of 33
© 20167 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gavin Adams March,2017 Best Practices with AWS IoT Security
We’ll Cover Best Practices Related to... Overall AWS IoT Understanding risks Protecting communications Protecting the devices
All things around us are getting connected
AWS IoT DEVICE SDK Set of client libraries to connect, authenticate and exchange messages DEVICE GATEWAY Communicate with devices via MQTT and HTTP AUTHENTICATION AUTHORIZATION Secure with mutual authentication and encryption RULES ENGINE Transform messages based on rules and route to AWS Services AWS Services - - - - - 3P Services DEVICE SHADOW Persistent thing state during intermittent connections APPLICATIONS AWS IoT API DEVICE REGISTRY Identity and Management of your things
Security and Identity AUTHENTICATION Secure with mutual authentication and encryption
AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer applications & content Customers Security shared responsibility Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
Why focus on “things”?
The Risk I’m a thing pwn’d
Protecting Things
Protocol Support
AWS IoT Protocols MQTT over TLS MQTT over Web Sockets HTTPS Server Auth Cert Cert Cert Client Auth Cert AWS API Keys AWS API Keys Cert Confidentiality TLS TLS TLS Protocol MQTT Web Sockets MQTT HTTP/MQTT
AWS IoT Identities
Credentials Overview
Security and Identity Identity Principles Usage X.509 certificates Device identity IAM users, groups and roles Application layer access for HTTP or Websockets Amazon Cognito Identities API Access
Authentication
Security and Identity
Certificate management Certificate creation mechanism Pros Cons AWS IoT created certificate (including public/private keypair) Everything handled by AWS IoT Private key has to be transmitted between AWS IoT and customer AWS IoT created certificate (Certificate Signing Request(CSR) based) Certificate creation handled by AWS. AWS never has the private key. Customer has to create the public/private keypair and CSR. JiTR/BYOC (Bring Your Own Certificate) AWS never has the private key. Customer controls certificate creation Customer has to create a certificate for every device.
When is a certificate not a valid certificate t1 t2 • t1 is earlier than t2, (i.e. the server cert is in the future) • No realtime clock • No NTP update (chicken and egg) • Don’t valid the timestamp if you’ve never connected to the NTP Server • Don’t validate the timestamp if the device has been on the shelf for a long time
Authorization
Fine grained policies • Effect • Action • Principal • Substitution { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east- 1:123456789012:topic/${iot:Connection.Thing. ThingTypeName}/${iot:Connection.Thing.ThingN ame}" ] } ] }
Policy and certificates Device Policy Truck 1 Allow to connect and publish Truck 2 Allow to connect / publish / subscribe Truck 3 Allow to connect / publish /subscribe / unsubscribe
Policy actions • Connect • Publish • Subscribe • Unsubscribe • Receive
Encryption
History of TLS/SSL Evolution of Web Encryption Technologies 1995 SSL2.0 1996 SSL3.0 2006 TLS1.1 2008 TLS1.2 2014/09 POODLE 2011 BEAST 2014/04 Heartbleed 2016/03 DROWN Battle Against Vulnerabilities 1999 TLS1.0 2015 FREAK 2013 Planning of TLS1.3 starts
Greater Enforcement by Industry/Vendors Battle Against Vulnerabilities 2014/09 POODLE 2011 BEAST 2014/04 Heartbleed 2016/03 DROWN Industry Enforcement 2015 FREAK 2015/12 Indexing HTTPS Pages by Default 2016/04 PCI DSS v3.2 2016/07 Mandatory ATS 2016/08 HTTP Strict Transport Security (HSTS) 2017/06/30 Mandatory TLS1.2
TLS1.2 in AWS IoT • Client side certs should be at least • 2048 for RSA • P-256 and P-384 curves for ECC • Recommended cipher suites • ECDHE-ECDSA-AES128-GCM-SHA256 • ECDHE-RSA-AES128-GCM-SHA256 • 2048-bit primes for DH
Securing your thing
Certificates & keys • Securing private keys • Hardware based solutions • Securing certificates • Manufacturing • Install on boot
Identifying misbehavior • Pen-testing • Open ports • Manufacturing • In-service • On Thing agent • Vulnerability scanning • CIS • CVE • Telemetry
Thanks ! https://docs.aws.amazon.com/iot/latest/developerguide/iot- security-identity.html

Recommended

Newt211 final project
Newt211 final projectNewt211 final project
Newt211 final projectBrianCooper73
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoTAmazon Web Services
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & ProtocolsAmazon Web Services
 
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using ThingsAmazon Web Services
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015Amazon Web Services Korea
 

Recommended

Newt211 final project
Newt211 final projectNewt211 final project
Newt211 final projectBrianCooper73
 
(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoT(MBL205) New! Everything You Want to Know About AWS IoT
(MBL205) New! Everything You Want to Know About AWS IoTAmazon Web Services
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Best Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudBest Practices for IoT Security in the Cloud
Best Practices for IoT Security in the CloudAmazon Web Services
 
Operational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentOperational Complexity: The Biggest Security Threat to Your AWS Environment
Operational Complexity: The Biggest Security Threat to Your AWS EnvironmentCryptzone
 
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & Protocols
(MBL313) NEW! AWS IoT: Understanding Hardware Kits, SDKs, & ProtocolsAmazon Web Services
 
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using Things
(MBL311) NEW! AWS IoT: Securely Building, Provisioning, & Using ThingsAmazon Web Services
 
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015
AWS IoT 및 Mobile Hub 서비스 소개 (김일호) :: re:Invent re:Cap Webinar 2015Amazon Web Services Korea
 
Cloud security
Cloud securityCloud security
Cloud securityFrançois Boucher
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
AWS IoT 深入探討
AWS IoT 深入探討AWS IoT 深入探討
AWS IoT 深入探討Amazon Web Services
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoTAmazon Web Services
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
Overview of IoT Infrastructure and Connectivity at AWS
Overview of IoT Infrastructure and Connectivity at AWSOverview of IoT Infrastructure and Connectivity at AWS
Overview of IoT Infrastructure and Connectivity at AWSAmazon Web Services
 
Intro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonIntro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonBoaz Ziniman
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Aws iot
Aws iotAws iot
Aws iotRuqaiya Khanam
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Essential Capabilities of an IoT Platform
Essential Capabilities of an IoT PlatformEssential Capabilities of an IoT Platform
Essential Capabilities of an IoT PlatformAmazon Web Services
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaEdureka!
 
AWS IoT Webinar
AWS IoT WebinarAWS IoT Webinar
AWS IoT WebinarAmazon Web Services
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Building Powerful IoT Apps with AWS IoT and Websockets
Building Powerful IoT Apps with AWS IoT and WebsocketsBuilding Powerful IoT Apps with AWS IoT and Websockets
Building Powerful IoT Apps with AWS IoT and WebsocketsAmazon Web Services
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Bloombase
 
IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets Amazon Web Services
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryJames Strong
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 
Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksAmazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTAmazon Web Services
 

More Related Content

What's hot

PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015Evident.io
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
Overview of IoT Infrastructure and Connectivity at AWS
Overview of IoT Infrastructure and Connectivity at AWSOverview of IoT Infrastructure and Connectivity at AWS
Overview of IoT Infrastructure and Connectivity at AWSAmazon Web Services
 
Intro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonIntro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonBoaz Ziniman
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforcePerimeter 81
 
Essential Capabilities of an IoT Platform
Essential Capabilities of an IoT PlatformEssential Capabilities of an IoT Platform
Essential Capabilities of an IoT PlatformAmazon Web Services
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaEdureka!
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Building Powerful IoT Apps with AWS IoT and Websockets
Building Powerful IoT Apps with AWS IoT and WebsocketsBuilding Powerful IoT Apps with AWS IoT and Websockets
Building Powerful IoT Apps with AWS IoT and WebsocketsAmazon Web Services
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Bloombase
 
IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets Amazon Web Services
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryJames Strong
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws securityAmazon Web Services
 

What's hot (20)

Cloud security
Cloud securityCloud security
Cloud security
 
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
PCI Compliance on AWS - Evident.io @ AWS Pop-up Loft 2/26/2015
 
AWS IoT 深入探討
AWS IoT 深入探討AWS IoT 深入探討
AWS IoT 深入探討
 
Introduction to AWS IoT
Introduction to AWS IoTIntroduction to AWS IoT
Introduction to AWS IoT
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
Overview of IoT Infrastructure and Connectivity at AWS
Overview of IoT Infrastructure and Connectivity at AWSOverview of IoT Infrastructure and Connectivity at AWS
Overview of IoT Infrastructure and Connectivity at AWS
 
Intro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft LondonIntro to AWS IoT - Pop-up Loft London
Intro to AWS IoT - Pop-up Loft London
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Aws iot
Aws iotAws iot
Aws iot
 
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern WorkforceThe Software-Defined Perimeter: Securing Network Access for the Modern Workforce
The Software-Defined Perimeter: Securing Network Access for the Modern Workforce
 
Essential Capabilities of an IoT Platform
Essential Capabilities of an IoT PlatformEssential Capabilities of an IoT Platform
Essential Capabilities of an IoT Platform
 
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | EdurekaCloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
Cloud Security Tutorial | Cloud Security Fundamentals | AWS Training | Edureka
 
AWS IoT Webinar
AWS IoT WebinarAWS IoT Webinar
AWS IoT Webinar
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
Building Powerful IoT Apps with AWS IoT and Websockets
Building Powerful IoT Apps with AWS IoT and WebsocketsBuilding Powerful IoT Apps with AWS IoT and Websockets
Building Powerful IoT Apps with AWS IoT and Websockets
 
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
Delivering transparent data_encryption_while_centrally_managing_keys_eskm-blo...
 
IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets IoT Apps with AWS IoT and Websockets
IoT Apps with AWS IoT and Websockets
 
Kubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no tryKubernetes - do or do not, there is no try
Kubernetes - do or do not, there is no try
 
T4 – Understanding aws security
T4 – Understanding aws securityT4 – Understanding aws security
T4 – Understanding aws security
 

Similar to Best Practices for IoT Security in the Cloud

Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksAmazon Web Services
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTAmazon Web Services
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markryAmazon Web Services LATAM
 
3 Easy Steps to Building Large-Scale IoT Architectures
3 Easy Steps to Building Large-Scale IoT Architectures3 Easy Steps to Building Large-Scale IoT Architectures
3 Easy Steps to Building Large-Scale IoT ArchitecturesAmazon Web Services
 
AWS_IoT_Device_Management_Workshop.pptx
AWS_IoT_Device_Management_Workshop.pptxAWS_IoT_Device_Management_Workshop.pptx
AWS_IoT_Device_Management_Workshop.pptxhawkheadtrolley
 
Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...
Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...
Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...AWS Germany
 
Reply Webinar Online - Mastering AWS - IoT Advanced
Reply Webinar Online - Mastering AWS - IoT AdvancedReply Webinar Online - Mastering AWS - IoT Advanced
Reply Webinar Online - Mastering AWS - IoT AdvancedAndrea Mercanti
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAmazon Web Services
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...Amazon Web Services
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsAmazon Web Services
 
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101Amazon Web Services
 
Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300Amazon Web Services
 
Connecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made SimpleConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made SimpleDanilo Poccia
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksAmazon Web Services
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security OverviewAmazon Web Services
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security OverviewAmazon Web Services
 
Security & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel AvivSecurity & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel AvivAmazon Web Services
 
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"Chris Munns
 

Similar to Best Practices for IoT Security in the Cloud (20)

Best Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech TalksBest Practices with IoT Security - February Online Tech Talks
Best Practices with IoT Security - February Online Tech Talks
 
Srv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoTSrv204 Getting Started with AWS IoT
Srv204 Getting Started with AWS IoT
 
1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry1. aws security and compliance wwps pre-day sao paolo - markry
1. aws security and compliance wwps pre-day sao paolo - markry
 
3 Easy Steps to Building Large-Scale IoT Architectures
3 Easy Steps to Building Large-Scale IoT Architectures3 Easy Steps to Building Large-Scale IoT Architectures
3 Easy Steps to Building Large-Scale IoT Architectures
 
AWS_IoT_Device_Management_Workshop.pptx
AWS_IoT_Device_Management_Workshop.pptxAWS_IoT_Device_Management_Workshop.pptx
AWS_IoT_Device_Management_Workshop.pptx
 
Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...
Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...
Internet der Ingenieure - reale und virtuelle Welten verschmelzen - AWS IoT W...
 
Reply Webinar Online - Mastering AWS - IoT Advanced
Reply Webinar Online - Mastering AWS - IoT AdvancedReply Webinar Online - Mastering AWS - IoT Advanced
Reply Webinar Online - Mastering AWS - IoT Advanced
 
AWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel AvivAWS IoT - Best of re:Invent Tel Aviv
AWS IoT - Best of re:Invent Tel Aviv
 
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
AWS re:Invent 2016: Understanding IoT Data: How to Leverage Amazon Kinesis in...
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101Introducing AWS IoT - Interfacing with the Physical World - Technical 101
Introducing AWS IoT - Interfacing with the Physical World - Technical 101
 
Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300Serverless Data Processing on AWS - Level 300
Serverless Data Processing on AWS - Level 300
 
Connecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made SimpleConnecting the Unconnected: IoT Made Simple
Connecting the Unconnected: IoT Made Simple
 
AWS IoT Security Best Practices
AWS IoT Security Best PracticesAWS IoT Security Best Practices
AWS IoT Security Best Practices
 
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech TalksHow to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
How to Easily and Securely Connect Devices to AWS IoT - AWS Online Tech Talks
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
 
IoT End-to-End Security Overview
IoT End-to-End Security OverviewIoT End-to-End Security Overview
IoT End-to-End Security Overview
 
Security & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel AvivSecurity & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel Aviv
 
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
AWS NYC Meetup - May 2017 - "AWS IoT and Greengrass"
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxJohnree4
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...marjmae69
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comsaastr
 
James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !risocarla2016
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Escort Service
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.KathleenAnnCordero2
 
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxnoorehahmad
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxCarrieButtitta
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSebastiano Panichella
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Krijn Poppe
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationNathan Young
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸mathanramanathan2005
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYpruthirajnayak525
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxaryanv1753
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...漢銘 謝
 

Recently uploaded (20)

Genshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptxGenshin Impact PPT Template by EaTemp.pptx
Genshin Impact PPT Template by EaTemp.pptx
 
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
Gaps, Issues and Challenges in the Implementation of Mother Tongue Based-Mult...
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.comSaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
SaaStr Workshop Wednesday w/ Kyle Norton, Owner.com
 
James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !James Joyce, Dubliners and Ulysses.ppt !
James Joyce, Dubliners and Ulysses.ppt !
 
Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170Call Girls In Aerocity 🤳 Call Us +919599264170
Call Girls In Aerocity 🤳 Call Us +919599264170
 
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
PAG-UNLAD NG EKONOMIYA na dapat isaalang alang sa pag-aaral.
 
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptxAnne Frank A Beacon of Hope amidst darkness ppt.pptx
Anne Frank A Beacon of Hope amidst darkness ppt.pptx
 
miladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptxmiladyskindiseases-200705210221 2.!!pptx
miladyskindiseases-200705210221 2.!!pptx
 
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with AerialistSimulation-based Testing of Unmanned Aerial Vehicles with Aerialist
Simulation-based Testing of Unmanned Aerial Vehicles with Aerialist
 
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
Presentation for the Strategic Dialogue on the Future of Agriculture, Brussel...
 
The Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism PresentationThe Ten Facts About People With Autism Presentation
The Ten Facts About People With Autism Presentation
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸Mathan flower ppt.pptx slide orchids ✨🌸
Mathan flower ppt.pptx slide orchids ✨🌸
 
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGYPHYSICS PROJECT BY MSC - NANOTECHNOLOGY
PHYSICS PROJECT BY MSC - NANOTECHNOLOGY
 
Event 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptxEvent 4 Introduction to Open Source.pptx
Event 4 Introduction to Open Source.pptx
 
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular PlasticsDutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
Dutch Power - 26 maart 2024 - Henk Kras - Circular Plastics
 
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
THE COUNTRY WHO SOLVED THE WORLD_HOW CHINA LAUNCHED THE CIVILIZATION REVOLUTI...
 

Best Practices for IoT Security in the Cloud

  • 1. © 20167 Amazon Web Services, Inc. or its Affiliates. All rights reserved. Gavin Adams March,2017 Best Practices with AWS IoT Security
  • 2. We’ll Cover Best Practices Related to... Overall AWS IoT Understanding risks Protecting communications Protecting the devices
  • 3. All things around us are getting connected
  • 4. AWS IoT DEVICE SDK Set of client libraries to connect, authenticate and exchange messages DEVICE GATEWAY Communicate with devices via MQTT and HTTP AUTHENTICATION AUTHORIZATION Secure with mutual authentication and encryption RULES ENGINE Transform messages based on rules and route to AWS Services AWS Services - - - - - 3P Services DEVICE SHADOW Persistent thing state during intermittent connections APPLICATIONS AWS IoT API DEVICE REGISTRY Identity and Management of your things
  • 5. Security and Identity AUTHENTICATION Secure with mutual authentication and encryption
  • 6. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer applications & content Customers Security shared responsibility Customers are responsible for their security IN the Cloud AWS is responsible for the security OF the Cloud
  • 7. Why focus on “things”?
  • 8. The Risk I’m a thing pwn’d
  • 9.
  • 10.
  • 11.
  • 14. AWS IoT Protocols MQTT over TLS MQTT over Web Sockets HTTPS Server Auth Cert Cert Cert Client Auth Cert AWS API Keys AWS API Keys Cert Confidentiality TLS TLS TLS Protocol MQTT Web Sockets MQTT HTTP/MQTT
  • 17. Security and Identity Identity Principles Usage X.509 certificates Device identity IAM users, groups and roles Application layer access for HTTP or Websockets Amazon Cognito Identities API Access
  • 20. Certificate management Certificate creation mechanism Pros Cons AWS IoT created certificate (including public/private keypair) Everything handled by AWS IoT Private key has to be transmitted between AWS IoT and customer AWS IoT created certificate (Certificate Signing Request(CSR) based) Certificate creation handled by AWS. AWS never has the private key. Customer has to create the public/private keypair and CSR. JiTR/BYOC (Bring Your Own Certificate) AWS never has the private key. Customer controls certificate creation Customer has to create a certificate for every device.
  • 21. When is a certificate not a valid certificate t1 t2 • t1 is earlier than t2, (i.e. the server cert is in the future) • No realtime clock • No NTP update (chicken and egg) • Don’t valid the timestamp if you’ve never connected to the NTP Server • Don’t validate the timestamp if the device has been on the shelf for a long time
  • 23. Fine grained policies • Effect • Action • Principal • Substitution { "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":[ "iot:Publish" ], "Resource":[ "arn:aws:iot:us-east- 1:123456789012:topic/${iot:Connection.Thing. ThingTypeName}/${iot:Connection.Thing.ThingN ame}" ] } ] }
  • 24. Policy and certificates Device Policy Truck 1 Allow to connect and publish Truck 2 Allow to connect / publish / subscribe Truck 3 Allow to connect / publish /subscribe / unsubscribe
  • 25. Policy actions • Connect • Publish • Subscribe • Unsubscribe • Receive
  • 27. History of TLS/SSL Evolution of Web Encryption Technologies 1995 SSL2.0 1996 SSL3.0 2006 TLS1.1 2008 TLS1.2 2014/09 POODLE 2011 BEAST 2014/04 Heartbleed 2016/03 DROWN Battle Against Vulnerabilities 1999 TLS1.0 2015 FREAK 2013 Planning of TLS1.3 starts
  • 28. Greater Enforcement by Industry/Vendors Battle Against Vulnerabilities 2014/09 POODLE 2011 BEAST 2014/04 Heartbleed 2016/03 DROWN Industry Enforcement 2015 FREAK 2015/12 Indexing HTTPS Pages by Default 2016/04 PCI DSS v3.2 2016/07 Mandatory ATS 2016/08 HTTP Strict Transport Security (HSTS) 2017/06/30 Mandatory TLS1.2
  • 29. TLS1.2 in AWS IoT • Client side certs should be at least • 2048 for RSA • P-256 and P-384 curves for ECC • Recommended cipher suites • ECDHE-ECDSA-AES128-GCM-SHA256 • ECDHE-RSA-AES128-GCM-SHA256 • 2048-bit primes for DH
  • 31. Certificates & keys • Securing private keys • Hardware based solutions • Securing certificates • Manufacturing • Install on boot
  • 32. Identifying misbehavior • Pen-testing • Open ports • Manufacturing • In-service • On Thing agent • Vulnerability scanning • CIS • CVE • Telemetry