SlideShare a Scribd company logo

Plan Security, Risk & Compliance When Migrating to AWS

Amazon Web Services
Amazon Web Services

When migrating to the cloud, the shared responsibility model inherent to AWS creates different paradigms for assessing your security, risk and compliance posture. Determining how to deal with these aspects of cloud can often slow migration and adoption far more than any technical blockers. In this session, we will discuss how you can build your landing zone in a way that addresses your security, risk, and compliance requirements. The session will feature ECMC who will chronicle the migration and transformation of regulated workloads to AWS and their approach to addressing security risk and compliance in the cloud

1 of 28
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Robert D. Barnes Cloud Security Architect, AWS Amedeo Minutolo Chief IT Architect, ECMC Group 195345 How Do I Plan for Security, Risk, and Compliance when Migrating to AWS?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Robert D. Barnes Cloud Security Architect, AWS Amedeo Minutolo Chief IT Architect, ECMC Group 195345 How Do I Plan for Security, Risk, and Compliance when Migrating to AWS?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Answer: Early and often
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start small: What is this? Is it secure?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How about this? Is this secure?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where do I start?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing the vowels of security, risk, and compliance!
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for automate Automate everything* *Eventually
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for educate Educate everyone
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for iterate The three rules of AWS adoption are: • Iterate • Iterate • Iterate
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for OODA What the heck is OODA? • Observe • Orient • Decide • Act
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for understand Understand your requirements.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. And sometimes Why not encrypt everything? Why not use native services? Why not log everything…forever?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resources: AWS Quick Starts (https://aws.amazon.com/quickstart/) • NIST • PCI • HIPAA • CJIS • CIS AWS Foundations Benchmark
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. But don’t take my word for it…
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Educational Credit Management Corporation At ECMC, we help students succeed. We: • Work to lower student loan default rates • Sponsor college access and success initiatives and financial literacy programs • Provide resources to support student loan borrowers to successfully repay their loans As a nonprofit corporation providing services in support of higher education finance, we assist students and families in their efforts to plan and pay for college.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Educational Credit Management Corporation ECMC must adhere to two compliance/regulatory initiatives: • Federal Information Security Management Act (FISMA) • We must maintain PCI-DSS compliance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. FISMA The Federal Information Security Management Act (FISMA) requires federal agencies to develop, document, and implement an information security and protection program. The top FISMA requirements include: • Information System Inventory • Risk Categorization • System Security Plan • Security Controls: NIST SP 800-53 outlines an extensive catalog of suggested security controls for FISMA compliance • Risk Assessments • Certification and Accreditation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA: 1. Categorize the information to be protected. 2. Select minimum baseline controls. 3. Refine controls using a risk assessment procedure. 4. Document the controls in the system security plan. 5. Implement security controls in appropriate information systems. 6. Assess the effectiveness of the security controls once they have been implemented. 7. Determine agency-level risk to the mission or business case. 8. Authorize the information system for processing. 9. Monitor the security controls on a continuous basis.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Determine your organization’s risk tolerance • Perform a business process review. • Perform an IT service audit, mapping them to the business processes. • Categorize the services into enterprise application definitions. • Conduct a business impact analysis on the services. • Map cross-service dependencies and determine RTO/RPO requirements for each service. • Classify each application’s data into protection levels and determine the risk tolerance for each application.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Determine your organization’s risk tolerance Fault and threat isolation influenced many decisions. • Account design • AWS Organizations usage • Multi-region AWS deployment • VPC/account design, placement, and isolation • Network design • Application and service designs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Some decisions made early will help the process. • If you adopt a multi-account strategy, will you use AWS organizations? • Can you automate account provisioning early? • Can/will you use federated services for account access? What will you use? • Based on your regulatory requirements, can you use AWS Quick Starts as a starting point? (NIST, PCI, CIS AWS Foundations Benchmark, etc.) • Can you use CloudFormation for consistent deployments? • Can you develop deployment pipelines to build your environment?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Determine your organization’s security requirements. • What are you required to accomplish? • How can technology support achieving these goals? • What solutions meet the technical requirements? • Focus on cloud-native or cloud-integrated technologies.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Treat security solutions like everything else in the cloud. • Look at solutions as cattle and not as pets. • Security tends to be a religious topic, so the challenge here is related to cultural and operational change. • Education and training are critical. • What works in a traditional data center may not be right in the cloud.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. To sniff or not to sniff? That is the question. • In the cloud, the network is a shared resource. Trust AWS to manage layers 1-3. • Avoid using subnets and IP addresses as a security construct. • Using network layers 2 and 3 as a security control will quickly complicate the environment. • Use network layers 4-7 to secure the environment with host-based controls. • Use AWS security mechanisms where possible to protect the network.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous Monitoring • Utilize AWS Config to track resource changes and report on compliance items related to configuration management. • Utilize CloudTrail to track and monitor user and infrastructure activity. • Use CloudWatch to monitor and react to changes in the environment. • Leverage Trusted Advisor to evaluate security configurations. • Use Lambda and Inspector for continuous vulnerability scanning. • Use GuardDuty to continuously monitor CloudTrail, VPC Flow Logs, and DNS logs
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consider a Dev-Sec-Ops model • While enterprise security controls are necessary, involving security in application design and operations will yield better solutions in the long run. • Placing some responsibility on security for application usability and performance creates a balance and prevents the security controls from becoming unnecessarily restrictive. • Security will understand the landscape and application base more thoroughly, and the end result will be a more secure environment.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Please complete the session survey in the Summit mobile app.

Recommended

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAleksandr Maklakov
 
Automating Incident Response and Forensics
Automating Incident Response and ForensicsAutomating Incident Response and Forensics
Automating Incident Response and ForensicsAmazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
Cloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdf
Cloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdfCloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdf
Cloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdfAmazon Web Services
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloudReham Maher El-Safarini
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes EverywhereAmazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Amazon Web Services
 

Recommended

AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAleksandr Maklakov
 
Automating Incident Response and Forensics
Automating Incident Response and ForensicsAutomating Incident Response and Forensics
Automating Incident Response and ForensicsAmazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
Cloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdf
Cloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdfCloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdf
Cloud Choices- Quantifying the Cost and Risk Implications of Cloud.pdfAmazon Web Services
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloudReham Maher El-Safarini
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes EverywhereAmazon Web Services
 
Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Building a security knowledge management platform for AWS - FND224 - AWS re:I...
Building a security knowledge management platform for AWS - FND224 - AWS re:I...Amazon Web Services
 
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018
Architecting for Healthcare Compliance on AWS (HLC301-i) - AWS re:Invent 2018Amazon Web Services
 
Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Why Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooWhy Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooAmazon Web Services
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAmazon Web Services
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Amazon Web Services
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Amazon Web Services
 
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 

More Related Content

What's hot

Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSAmazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Why Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooWhy Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooAmazon Web Services
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAmazon Web Services
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Amazon Web Services
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Amazon Web Services
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Amazon Web Services
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Amazon Web Services
 
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Amazon Web Services
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 Amazon Web Services
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfAmazon Web Services
 
Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Amazon Web Services
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...Amazon Web Services
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 

What's hot (20)

Introduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWSIntroduction to Threat Detection and Remediation on AWS
Introduction to Threat Detection and Remediation on AWS
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths Dispelled
 
Why Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should TooWhy Your Customers Care About Compliance and You Should Too
Why Your Customers Care About Compliance and You Should Too
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPR
 
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
Architecting for Enterprise Identity Across Multiple Operating Models (ENT413...
 
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
Unlock Highly Regulated Enterprise Workloads with SaaS on AWS GovCloud (US) (...
 
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
Orchestrate Perimeter Security Across Distributed Applications (SEC326) - AWS...
 
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
Automating Compliance on AWS (HLC302-S-i) - AWS re:Invent 2018
 
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
Managing Security of Large IoT Fleets (IOT321-R1) - AWS re:Invent 2018
 
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019 DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
DDoS attack detection at scale - SDD408 - AWS re:Inforce 2019
 
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF LoftIntro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
Intro to Threat Detection & Remediation on AWS: AWS Security Week at the SF Loft
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018
 
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ... How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
How to Leverage Traffic Analysis to Navigate through Cloudy Skies - DEM03-R ...
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWS
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 

Similar to Plan Security, Risk & Compliance When Migrating to AWS

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate FasterAccelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate FasterAmazon Web Services
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...Amazon Web Services
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSTom Laszewski
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...Martin Klie
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...Amazon Web Services
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected FrameworkAdam Dillman
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAmazon Web Services
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...
Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...
Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...Amazon Web Services
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Amazon Web Services
 

Similar to Plan Security, Risk & Compliance When Migrating to AWS (20)

Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
 
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate FasterAccelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
Accelerating Enterprise Cloud Adoption: Automate Security to Migrate Faster
 
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
“Cloud First” Helps Hub Intl Grow the Business with Splunk on AWS (ANT330-S) ...
 
DevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWSDevOps, CI/CD, cost management, and security on AWS
DevOps, CI/CD, cost management, and security on AWS
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
DevSecOps: Instituting Cultural Transformation for Public Sector Organization...
 
Living the AWS Well Architected Framework
Living the AWS Well Architected FrameworkLiving the AWS Well Architected Framework
Living the AWS Well Architected Framework
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
AWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_SingaporeAWS Governance at Scale_AWSPSSummit_Singapore
AWS Governance at Scale_AWSPSSummit_Singapore
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...
Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...
Remove Undifferentiated Heavy Lifting from CI/CD Toolsets with Corteva Agrisc...
 
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018Landing Zones Creating a Foundation - AWS Summit Sydney 2018
Landing Zones Creating a Foundation - AWS Summit Sydney 2018
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
Leading Your Team Through a Cloud Transformation - Virtual Transformation Day...
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Plan Security, Risk & Compliance When Migrating to AWS

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Robert D. Barnes Cloud Security Architect, AWS Amedeo Minutolo Chief IT Architect, ECMC Group 195345 How Do I Plan for Security, Risk, and Compliance when Migrating to AWS?
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Robert D. Barnes Cloud Security Architect, AWS Amedeo Minutolo Chief IT Architect, ECMC Group 195345 How Do I Plan for Security, Risk, and Compliance when Migrating to AWS?
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Answer: Early and often
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start small: What is this? Is it secure?
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. How about this? Is this secure?
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where do I start?
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing the vowels of security, risk, and compliance!
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for automate Automate everything* *Eventually
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for educate Educate everyone
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for iterate The three rules of AWS adoption are: • Iterate • Iterate • Iterate
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for OODA What the heck is OODA? • Observe • Orient • Decide • Act
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. is for understand Understand your requirements.
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. And sometimes Why not encrypt everything? Why not use native services? Why not log everything…forever?
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resources: AWS Quick Starts (https://aws.amazon.com/quickstart/) • NIST • PCI • HIPAA • CJIS • CIS AWS Foundations Benchmark
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. But don’t take my word for it…
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Educational Credit Management Corporation At ECMC, we help students succeed. We: • Work to lower student loan default rates • Sponsor college access and success initiatives and financial literacy programs • Provide resources to support student loan borrowers to successfully repay their loans As a nonprofit corporation providing services in support of higher education finance, we assist students and families in their efforts to plan and pay for college.
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Educational Credit Management Corporation ECMC must adhere to two compliance/regulatory initiatives: • Federal Information Security Management Act (FISMA) • We must maintain PCI-DSS compliance
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. FISMA The Federal Information Security Management Act (FISMA) requires federal agencies to develop, document, and implement an information security and protection program. The top FISMA requirements include: • Information System Inventory • Risk Categorization • System Security Plan • Security Controls: NIST SP 800-53 outlines an extensive catalog of suggested security controls for FISMA compliance • Risk Assessments • Certification and Accreditation
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The National Institute of Standards and Technology (NIST) outlines nine steps toward compliance with FISMA: 1. Categorize the information to be protected. 2. Select minimum baseline controls. 3. Refine controls using a risk assessment procedure. 4. Document the controls in the system security plan. 5. Implement security controls in appropriate information systems. 6. Assess the effectiveness of the security controls once they have been implemented. 7. Determine agency-level risk to the mission or business case. 8. Authorize the information system for processing. 9. Monitor the security controls on a continuous basis.
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Determine your organization’s risk tolerance • Perform a business process review. • Perform an IT service audit, mapping them to the business processes. • Categorize the services into enterprise application definitions. • Conduct a business impact analysis on the services. • Map cross-service dependencies and determine RTO/RPO requirements for each service. • Classify each application’s data into protection levels and determine the risk tolerance for each application.
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Determine your organization’s risk tolerance Fault and threat isolation influenced many decisions. • Account design • AWS Organizations usage • Multi-region AWS deployment • VPC/account design, placement, and isolation • Network design • Application and service designs
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Some decisions made early will help the process. • If you adopt a multi-account strategy, will you use AWS organizations? • Can you automate account provisioning early? • Can/will you use federated services for account access? What will you use? • Based on your regulatory requirements, can you use AWS Quick Starts as a starting point? (NIST, PCI, CIS AWS Foundations Benchmark, etc.) • Can you use CloudFormation for consistent deployments? • Can you develop deployment pipelines to build your environment?
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Determine your organization’s security requirements. • What are you required to accomplish? • How can technology support achieving these goals? • What solutions meet the technical requirements? • Focus on cloud-native or cloud-integrated technologies.
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Treat security solutions like everything else in the cloud. • Look at solutions as cattle and not as pets. • Security tends to be a religious topic, so the challenge here is related to cultural and operational change. • Education and training are critical. • What works in a traditional data center may not be right in the cloud.
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. To sniff or not to sniff? That is the question. • In the cloud, the network is a shared resource. Trust AWS to manage layers 1-3. • Avoid using subnets and IP addresses as a security construct. • Using network layers 2 and 3 as a security control will quickly complicate the environment. • Use network layers 4-7 to secure the environment with host-based controls. • Use AWS security mechanisms where possible to protect the network.
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Continuous Monitoring • Utilize AWS Config to track resource changes and report on compliance items related to configuration management. • Utilize CloudTrail to track and monitor user and infrastructure activity. • Use CloudWatch to monitor and react to changes in the environment. • Leverage Trusted Advisor to evaluate security configurations. • Use Lambda and Inspector for continuous vulnerability scanning. • Use GuardDuty to continuously monitor CloudTrail, VPC Flow Logs, and DNS logs
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consider a Dev-Sec-Ops model • While enterprise security controls are necessary, involving security in application design and operations will yield better solutions in the long run. • Placing some responsibility on security for application usability and performance creates a balance and prevents the security controls from becoming unnecessarily restrictive. • Security will understand the landscape and application base more thoroughly, and the end result will be a more secure environment.
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! Please complete the session survey in the Summit mobile app.