SlideShare a Scribd company logo

AWS Trend Micro NIST 800-53 High Impact Controls

Download as PPTX, PDF
Amazon Web Services
Amazon Web Services

The document discusses applying the NIST 800-53 high impact controls on AWS for GDPR compliance. It describes how AWS and third-party security tools like Trend Micro can help customers automate compliance with these controls by leveraging AWS services for identity and access management, logging, networking, and security tools for intrusion prevention, firewalls, and more. An AWS CloudFormation template called the Enterprise Accelerator provides an automated reference deployment of Trend Micro with AWS to help customers meet key NIST controls and simplify GDPR compliance efforts.

1 of 40
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bharat Mistry Principal Security Strategist, Trend Micro Mission (Not) Impossible: Applying NIST 800-53 High Impact Controls on AWS for GDPR Compliance
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public Cloud Virtual Servers Virtual Desktops Hybrid Environments Datacentre has evolved faster than everyone imagined Physical Servers Containers Worldwide Public Cloud Services Spending Forecast to Reach $160 Billion in 2018, According to IDC. Western Europe $24.1Billion
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. With Cloud, we are cool! We don’t need to worry about safety, physical theft, outages etc… It’s not our problem anymore??? © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. With Cloud, we are cool! We don’t need to worry about safety, physical theft, outages etc… It’s not our problem anymore???
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility Infrastructure Hypervisor OS Middleware Runtime Applications Data Infrastructure Hypervisor OS Infrastructure Hypervisor OS Middleware Runtime Infrastructure Hypervisor OS Middleware Runtime Applications Datacentre/ Private Cloud IaaS PaaS SaaS Consumer responsible Provider responsible
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Compliance & Regulation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GDPR Technical Facts Protect personal data Resistance to malicious code & hacks Evaluate personal data risk Build data protection by design Where to start?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why NIST 800-53? NIST SP 800-53 provides a catalog of controls that support the development of secure and resilient information systems that stores, processes, or transmits ID FAMILY ID FAMILY AC Access Control MP Media Protection AT Awareness & Training PE Physical & Environmental Protection AU Audit & Accountability PL Planning CA Security Assessment & Authorisation PS Personnel Security CM Configuration Management RA Risk Assessment CP Contingency Planning SA System & Services Acquisition IA Identification & Authentication SC Systems & Comms Protection IR Incident Response SI Systems & Information Integrity MA Maintenance PM Programme Management Access Control Audit & Accountability Identification & Authentication Systems & Comms Protection Systems & Information Integrity Configuration Management
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise Accelerator for NIST SP 800-53 (rev 4)
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leveraging AWS services for NIST controls
AWS Identity & Access Management (IAM) What is configured? Base security, IAM and access configuration for AWS account Why? • Manage user access • Programmatically implement controls for machines, roles, groups, data access Control Families • Access Control • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
AWS CloudTrail What is configured? Define S3 bucket, versioning enabled, capture all events Why? • Automated audit of infrastructure and change management Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
Amazon SNS, AWS CloudWatch What is configured? Security alarms and notifications Why? • Automated exception notification and configurable alarms • Triggering incident response Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
VPC, NACL, Security Groups What is configured? Provides networking configuration for a standard management VPC, enforces traffic with NACL Why? • Programmatic delivery of network infrastructure and access controls Control Families • Access Control CREATE_IN_PROGRESSCREATE_COMPLETE
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM, AWS CloudTrail, Amazon SNS, Amazon VPC, NACL Infrastructure security Cloud Infrastructure Operating System Data Applications FileSecurityNetwork Security Integrity Monitoring, Log Inspection and Application Scanning Anti-malware and Integrity Monitoring Intrusion prevention, Firewall
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Trend Micro Deep Security • Seamlessly integrated with EC2 • Deploy as AMI, SaaS or software • AWS Marketplace All in a single, host-based tool
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leveraging Deep Security for NIST controls
Management and Visibility What is configured? Deploys Deep Security Manager to AWS Why? • Visibility of EC2 resources • Single console with integrated threat information Applicable Controls • Access Control • Audit & Accountability • Incident Response • Risk Assessment • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
File Controls What is configured? Anti-Malware, Integrity Monitoring, Log Inspection, Application Control Why? • Discover and block malicious code • Monitor files for changes • Inspect existing logs for indications of unusual activity Applicable Controls • Audit & Accountability • Configuration Management • System & Information Integrity Applicable Controls • Audit & Accountability • Security Assessment & Authorization • Configuration Management • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
Network Controls What is configured? Intrusion detection & prevention, Firewall Why? • Add additional stateful controls to enhance security groups and NACLs • Add layer 7 visibility and inspection Applicable Controls • Security Assessment & Authorization • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information IntegrityCREATE_IN_PROGRESSCREATE_COMPLETE
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating NIST controls with AWS CloudFormation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation Why use it? • Infrastructure as code • Repeatable • Audit baseline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Third party integration with CloudFormation If you can’t automate 3rd party products with AWS CloudFormation They aren’t built for AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS + Trend Micro Enterprise Accelerator: NIST 800-53 High Impact Controls • Adds additional coverage for High Impact controls • Design philosophy • NIST SP 800-53 (r4) security controls best practices • Sample implementation for many different resource types and hundreds of controls • Plug and play sub-templates to fit your requirements
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.https://aws.amazon.com/quickstart/ Trend Micro Deep Security AWS Enterprise Accelerator - Compliance: NIST High Impact controls AWS Enterprise Accelerator: NIST High Impact controls
Access Control Audit & Accountability Configuration Management Contingency Planning Identification & Authentication Incident Response Maintenance Media Protection Physical & Environmental Protection Risk Assessment Security Assessment & Authorization System & Communications Protection System & Information Integrity System & Services Acquisition Major NIST SP 800-53 (rev4) Trend Micro + AWS coverage CustomerOverall Inherited Shared
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise Accelerator: Quick Start CloudFormation Stack 2,500 lines of JSON code = 126 AWS Resources, 200+ API Actions Prevent Malicious code execution Block Remote Exploits Shield App Vulnerabilities Detect OS and App changes Deep Security Stack Deep Security Manager, Agents, and required AWS Infrastructure Amazon EC2 Instances, Availability Zones, Amazon RDS databases, Auto scaling ELB load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch VPCs, Subnets, Gateways, Route Tables, NACLs Users, Groups & Roles, CloudFormation access, and Service Catalog constraints
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Architecture for NIST High-Impact Compliance on AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional Resources • Spreadsheet with High security controls mapping • Github repo • Templates • Deployment guide – tailor and deploy template https://docs.aws.amazon.com/quickstart/latest/accelerator-nist-high-impact/welcome.html aws.amazon.com/quickstart/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Summary • GDPR is coming 25th May 2018 • Framework based approach is essential • NIST 800-53 supports a solid information security program that can be used to help with GDPR • High Impact control for GDPR: • AWS + Trend Micro – simplify the adoption and automation of NIST high impact security controls for GDPR Compliance • Access Control • Audit & Accountability • Identification & Authentication • System & Communication Protection • System & Information Integrity
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Q&A
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your feedback is important to us! Please complete the session survey in the summit mobile app.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated security for AWS trendmicro.com/aws

Recommended

SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP Technology
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureChris Dufour
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
IBM Public Cloud Platform Nov 2021
IBM Public Cloud Platform Nov 2021IBM Public Cloud Platform Nov 2021
IBM Public Cloud Platform Nov 2021Nguyen Tai Dzung
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsAraf Karsh Hamid
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 

Recommended

SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP Technology
 
Migrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureMigrate an Existing Application to Microsoft Azure
Migrate an Existing Application to Microsoft AzureChris Dufour
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
IBM Public Cloud Platform Nov 2021
IBM Public Cloud Platform Nov 2021IBM Public Cloud Platform Nov 2021
IBM Public Cloud Platform Nov 2021Nguyen Tai Dzung
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and ComplianceKarina Matos
 
E-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachE-RBAC Development - A Risk Based Security Architecture Approach
E-RBAC Development - A Risk Based Security Architecture ApproachFemi Ashaye
 
Zero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsZero-Trust SASE DevSecOps
Zero-Trust SASE DevSecOpsAraf Karsh Hamid
 
Microsoft Azure Cloud Services
Microsoft Azure Cloud ServicesMicrosoft Azure Cloud Services
Microsoft Azure Cloud ServicesDavid J Rosenthal
 
Azure conditional access
Azure conditional accessAzure conditional access
Azure conditional accessTad Yoke
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureAymen Mami
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategiesSogetiLabs
 
Azure purview
Azure purviewAzure purview
Azure purviewShafqat Turza
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemuguntafloridawusergroup
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionDifferentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionJames Serra
 
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...Amazon Web Services
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAmazon Web Services
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 
Security@Scale
Security@ScaleSecurity@Scale
Security@ScaleAmazon Web Services
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & ComplianceAmazon Web Services LATAM
 

More Related Content

What's hot

Azure conditional access
Azure conditional accessAzure conditional access
Azure conditional accessTad Yoke
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureAymen Mami
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Timothy McAliley
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access managementDinusha Kumarasiri
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftDavid J Rosenthal
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)Srikanth Kappagantula
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategiesSogetiLabs
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overviewgjuljo
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptxNBBNOC
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemuguntafloridawusergroup
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudNew Relic
 
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionDifferentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionJames Serra
 
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...Amazon Web Services
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAmazon Web Services
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?Ulf Mattsson
 

What's hot (20)

Azure conditional access
Azure conditional accessAzure conditional access
Azure conditional access
 
Business Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft AzureBusiness Continuity & Disaster Recovery with Microsoft Azure
Business Continuity & Disaster Recovery with Microsoft Azure
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
 
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
Azure Cloud Adoption Framework + Governance - Sana Khan and Jay Kumar
 
Azure Identity and access management
Azure Identity and access managementAzure Identity and access management
Azure Identity and access management
 
Azure Arc Overview from Microsoft
Azure Arc Overview from MicrosoftAzure Arc Overview from Microsoft
Azure Arc Overview from Microsoft
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
Azure role based access control (rbac)
Azure role based access control (rbac)Azure role based access control (rbac)
Azure role based access control (rbac)
 
Cloud migration strategies
Cloud migration strategiesCloud migration strategies
Cloud migration strategies
 
Azure purview
Azure purviewAzure purview
Azure purview
 
Microsoft Azure Technical Overview
Microsoft Azure Technical OverviewMicrosoft Azure Technical Overview
Microsoft Azure Technical Overview
 
Endpoint Security Pres.pptx
Endpoint Security Pres.pptxEndpoint Security Pres.pptx
Endpoint Security Pres.pptx
 
Data Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish VemuguntaData Power Architectural Patterns - Jagadish Vemugunta
Data Power Architectural Patterns - Jagadish Vemugunta
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The CloudCloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
Cloud Migration Cookbook: A Guide To Moving Your Apps To The Cloud
 
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solutionDifferentiate Big Data vs Data Warehouse use cases for a cloud solution
Differentiate Big Data vs Data Warehouse use cases for a cloud solution
 
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
How a Global Healthcare Company Built a Migration Factory to Quickly Move Tho...
 
AWS Cloud Migration Insights Forum
AWS Cloud Migration Insights ForumAWS Cloud Migration Insights Forum
AWS Cloud Migration Insights Forum
 
What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?What is a secure enterprise architecture roadmap?
What is a secure enterprise architecture roadmap?
 

Similar to AWS Trend Micro NIST 800-53 High Impact Controls

AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneAmazon Web Services
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionAmazon Web Services
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSAmazon Web Services
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSAmazon Web Services
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the CloudAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Similar to AWS Trend Micro NIST 800-53 High Impact Controls (20)

Security@Scale
Security@ScaleSecurity@Scale
Security@Scale
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Secure Your Customers' Data From Day One
Secure Your Customers' Data From Day OneSecure Your Customers' Data From Day One
Secure Your Customers' Data From Day One
 
A Case Study on Insider Threat Detection
A Case Study on Insider Threat DetectionA Case Study on Insider Threat Detection
A Case Study on Insider Threat Detection
 
Protecting Your Data
Protecting Your DataProtecting Your Data
Protecting Your Data
 
Intro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWSIntro to Threat Detection and Remediation on AWS
Intro to Threat Detection and Remediation on AWS
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
 
Proteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWSProteggere applicazioni e dati nel cloud AWS
Proteggere applicazioni e dati nel cloud AWS
 
Security & Compliance in the Cloud
Security & Compliance in the CloudSecurity & Compliance in the Cloud
Security & Compliance in the Cloud
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Trend Micro NIST 800-53 High Impact Controls

  • 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Bharat Mistry Principal Security Strategist, Trend Micro Mission (Not) Impossible: Applying NIST 800-53 High Impact Controls on AWS for GDPR Compliance
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Public Cloud Virtual Servers Virtual Desktops Hybrid Environments Datacentre has evolved faster than everyone imagined Physical Servers Containers Worldwide Public Cloud Services Spending Forecast to Reach $160 Billion in 2018, According to IDC. Western Europe $24.1Billion
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. With Cloud, we are cool! We don’t need to worry about safety, physical theft, outages etc… It’s not our problem anymore??? © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. With Cloud, we are cool! We don’t need to worry about safety, physical theft, outages etc… It’s not our problem anymore???
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility Infrastructure Hypervisor OS Middleware Runtime Applications Data Infrastructure Hypervisor OS Infrastructure Hypervisor OS Middleware Runtime Infrastructure Hypervisor OS Middleware Runtime Applications Datacentre/ Private Cloud IaaS PaaS SaaS Consumer responsible Provider responsible
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Compliance & Regulation
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. GDPR Technical Facts Protect personal data Resistance to malicious code & hacks Evaluate personal data risk Build data protection by design Where to start?
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why NIST 800-53? NIST SP 800-53 provides a catalog of controls that support the development of secure and resilient information systems that stores, processes, or transmits ID FAMILY ID FAMILY AC Access Control MP Media Protection AT Awareness & Training PE Physical & Environmental Protection AU Audit & Accountability PL Planning CA Security Assessment & Authorisation PS Personnel Security CM Configuration Management RA Risk Assessment CP Contingency Planning SA System & Services Acquisition IA Identification & Authentication SC Systems & Comms Protection IR Incident Response SI Systems & Information Integrity MA Maintenance PM Programme Management Access Control Audit & Accountability Identification & Authentication Systems & Comms Protection Systems & Information Integrity Configuration Management
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS and you share responsibility for security AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Identity & Access Control Network Security Customer applications & content You get to define your controls ON the Cloud AWS takes care of the security OF the Cloud You Inventory & Config Data Encryption
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise Accelerator for NIST SP 800-53 (rev 4)
  • 11.
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leveraging AWS services for NIST controls
  • 13. AWS Identity & Access Management (IAM) What is configured? Base security, IAM and access configuration for AWS account Why? • Manage user access • Programmatically implement controls for machines, roles, groups, data access Control Families • Access Control • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
  • 14. AWS CloudTrail What is configured? Define S3 bucket, versioning enabled, capture all events Why? • Automated audit of infrastructure and change management Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
  • 15.
  • 16. Amazon SNS, AWS CloudWatch What is configured? Security alarms and notifications Why? • Automated exception notification and configurable alarms • Triggering incident response Control Families • Access Control • Audit & Accountability • Configuration Management CREATE_IN_PROGRESSCREATE_COMPLETE
  • 17. VPC, NACL, Security Groups What is configured? Provides networking configuration for a standard management VPC, enforces traffic with NACL Why? • Programmatic delivery of network infrastructure and access controls Control Families • Access Control CREATE_IN_PROGRESSCREATE_COMPLETE
  • 18.
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. IAM, AWS CloudTrail, Amazon SNS, Amazon VPC, NACL Infrastructure security Cloud Infrastructure Operating System Data Applications FileSecurityNetwork Security Integrity Monitoring, Log Inspection and Application Scanning Anti-malware and Integrity Monitoring Intrusion prevention, Firewall
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Trend Micro Deep Security • Seamlessly integrated with EC2 • Deploy as AMI, SaaS or software • AWS Marketplace All in a single, host-based tool
  • 21.
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Leveraging Deep Security for NIST controls
  • 23. Management and Visibility What is configured? Deploys Deep Security Manager to AWS Why? • Visibility of EC2 resources • Single console with integrated threat information Applicable Controls • Access Control • Audit & Accountability • Incident Response • Risk Assessment • System & Communications Protection • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
  • 24. File Controls What is configured? Anti-Malware, Integrity Monitoring, Log Inspection, Application Control Why? • Discover and block malicious code • Monitor files for changes • Inspect existing logs for indications of unusual activity Applicable Controls • Audit & Accountability • Configuration Management • System & Information Integrity Applicable Controls • Audit & Accountability • Security Assessment & Authorization • Configuration Management • System & Information Integrity CREATE_IN_PROGRESSCREATE_COMPLETE
  • 25. Network Controls What is configured? Intrusion detection & prevention, Firewall Why? • Add additional stateful controls to enhance security groups and NACLs • Add layer 7 visibility and inspection Applicable Controls • Security Assessment & Authorization • Audit & Accountability • Configuration Management • Contingency Planning • Identification & Authentication • System & Communications Protection • System & Information IntegrityCREATE_IN_PROGRESSCREATE_COMPLETE
  • 26.
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automating NIST controls with AWS CloudFormation
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CloudFormation Why use it? • Infrastructure as code • Repeatable • Audit baseline
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Third party integration with CloudFormation If you can’t automate 3rd party products with AWS CloudFormation They aren’t built for AWS
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS + Trend Micro Enterprise Accelerator: NIST 800-53 High Impact Controls • Adds additional coverage for High Impact controls • Design philosophy • NIST SP 800-53 (r4) security controls best practices • Sample implementation for many different resource types and hundreds of controls • Plug and play sub-templates to fit your requirements
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.https://aws.amazon.com/quickstart/ Trend Micro Deep Security AWS Enterprise Accelerator - Compliance: NIST High Impact controls AWS Enterprise Accelerator: NIST High Impact controls
  • 32. Access Control Audit & Accountability Configuration Management Contingency Planning Identification & Authentication Incident Response Maintenance Media Protection Physical & Environmental Protection Risk Assessment Security Assessment & Authorization System & Communications Protection System & Information Integrity System & Services Acquisition Major NIST SP 800-53 (rev4) Trend Micro + AWS coverage CustomerOverall Inherited Shared
  • 33.
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Enterprise Accelerator: Quick Start CloudFormation Stack 2,500 lines of JSON code = 126 AWS Resources, 200+ API Actions Prevent Malicious code execution Block Remote Exploits Shield App Vulnerabilities Detect OS and App changes Deep Security Stack Deep Security Manager, Agents, and required AWS Infrastructure Amazon EC2 Instances, Availability Zones, Amazon RDS databases, Auto scaling ELB load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch VPCs, Subnets, Gateways, Route Tables, NACLs Users, Groups & Roles, CloudFormation access, and Service Catalog constraints
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Architecture for NIST High-Impact Compliance on AWS
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Additional Resources • Spreadsheet with High security controls mapping • Github repo • Templates • Deployment guide – tailor and deploy template https://docs.aws.amazon.com/quickstart/latest/accelerator-nist-high-impact/welcome.html aws.amazon.com/quickstart/
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Summary • GDPR is coming 25th May 2018 • Framework based approach is essential • NIST 800-53 supports a solid information security program that can be used to help with GDPR • High Impact control for GDPR: • AWS + Trend Micro – simplify the adoption and automation of NIST high impact security controls for GDPR Compliance • Access Control • Audit & Accountability • Identification & Authentication • System & Communication Protection • System & Information Integrity
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Q&A
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Your feedback is important to us! Please complete the session survey in the summit mobile app.
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automated security for AWS trendmicro.com/aws

Editor's Notes

  1. The speed of change in the data center with virtualization and cloud is unrelenting. Cloud Applications & Infrastructures have multiplied at an exponential rate. There is no a change in semantics – Users are saying “What CANNOT be put in the Cloud” instead of “What CAN We Put in the Cloud” – seems cloud is the platform of choice and the numbers reflect this change. IDC forecast Cloud Spend by the end of 2018 will $160bn globally – wit around $24Bn in western Europe alone.
  2. Happy Days – Right! With Cloud we get: Operational Cost Saving 24x7 Service – improving uptime / reliability of IT Flexibility of Delivery Scalability Increasing Speed of Access to New Technology Low Cost of Adoption No need to worry – no longer our Problem?
  3. COMPLIANCE & REGULATION Its doesn’t matter where or how you deliver the application or service – if you are in a regulated environment or handling PII data you must comply with the regulations. there has been a lot of discussion if those organisations that have to comply with these regulations can use the cloud and still be compliant – the simple answer is YES But challenge with most mandates is INTERPRETATION – not just be the company that it applies to but also the certifying body – being able to translate what Auditors ask for and mapping to Controls can be difficult when operating in a Cloud / Hybrid environment. GDPR is coming in 2018 and will affect any organisation in Europe handling PII – get ahead of this mandate now and review against your Cloud policies to understand the shortfall
  4. GDPR is meant to protect the privacy and personal data of end users and is less about cybersecurity and hacking. The shared responsibility model puts the responsibility of managing data privacy and usage squarely in the domain of the customers GDPR does not offer a manual for compliance, only general guidelines - these are written in legal terms as opposed to technological ones, making it challenging to know what exactly needs to be done in order to be compliant What are appropriate measures? What is an effective manner? And who decides what are necessary safeguards? This is open to interpretation, But there some basic things that you start to look at: Access restrictions Encryption Monitoring & Logging Minimal Footprint Prevention & Detection
  5. NIST guidelines adopt a multi-tiered approach to risk management through control compliance The 800-53 guidelines were created to heighten the security of the information systems used within the federal government It also helps to improve the security of your organization’s information systems by providing a fundamental baseline for developing a secure organizational infrastructure The controls are broken into 3 classes based on impact – low, moderate, and high – and split into 18 different families
  6. Alarms and triggering incident response Unauthorized access Changes to security groups
  7. [if
  8. Top cell: Should read: Amazon EC2 Instances, Availability Zones, Amazon RDS Databases, and Auto Scaling ·         Second cell down: Should read: Elastic Load Balancing load balancers, Amazon S3 Bucket Policies, Security Groups, Amazon SNS, Amazon SQS, Amazon Cloud Watch ·         Bottom cell: Third line of text onward should read: and AWS Service Catalog constraints