SlideShare a Scribd company logo

Security Day What's (nearly) New

Amazon Web Services
Amazon Web Services

Security Day What's (nearly) New

Business
1 of 39
Download to read offline
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dave Walker SpecialistSolutions Architect,Security & Compliance EMEA 28/01/16 What’s (nearly) New? London
Cloud Security Principles Compliance o Issued 1 Apr 2014 by the CESG o They replace the Business Impact Levels model (BIL: IL1-IL5+) o Distributed certification model o Risk-based approach: suitability for purpose o New protective marking mechanisms o AWS Whitepaper Available
Cyber Essentials Plus Compliance in Dublin This is to certify that Amazon Web Services (Scope limited to Dublin Region) 60 Holborn Viaduct London EC1A 2FD Has been assessed by Zia Rehman for Perspective Risk Ltd against the Cyber Essentials Scheme Test Specification Level of certification: Cyber Essentials PLUS Scope: Cyber Essentials Plus of external Dublin network perimeter, sample desktop and mobile devices Certification date: August 7th, 2015 Recommended re-assessment date: August 6th, 2016 Certificate no.: 2864877880893798 This Certificate confirms that the organisation named was assessed against the Cyber Essentials RequirementsThis Certificate confirms that the organisation named was assessed against the Cyber Essentials Requirements dated June 2014, and at the time of testing, the organisation's ICT defences were assessed to meet thedated June 2014, and at the time of testing, the organisation's ICT defences were assessed to meet the Requirements. Cyber Essentials Certification indicates that the organisation has implemented a sensible baseline ofRequirements. Cyber Essentials Certification indicates that the organisation has implemented a sensible baseline of organisational cyber security only, and implies no guarantee of effective defence against commodity cyber attacksorganisational cyber security only, and implies no guarantee of effective defence against commodity cyber attacks circumventing this baseline. Organisations are recommended to define and understand the risks to theircircumventing this baseline. Organisations are recommended to define and understand the risks to their organisation and take all appropriate action to mitigate or reduce any issues, which may require a greater degree oforganisation and take all appropriate action to mitigate or reduce any issues, which may require a greater degree of rigour or technical investment than is required for Cyber Essentials alone.rigour or technical investment than is required for Cyber Essentials alone. Cyber Essentials Plus is a UK Government-backed, industry- supported certification scheme that helps organisations demonstrate security against common cyber attacks. The ‘Plus’ scheme benefits from independent testing and validation compared to the baseline ‘Cyber Essentials’ scheme that is self- attested.
ISO 27018 Based on certification examination in conformity with defined requirements in ISO/IEC17021:2011 and ISO/IEC 27006:2011, the Information Security Management System as defined and implemented by headquartered in Seattle, Washington, United States of America, certified under certification number [2013-009], is also compliant with the requirements as stated in the standard: EY CertifyPoint will, according to the certification agreement dated October 23, 2014, perform surveillance audits and acknowledge the certificate until the expiration date of this certificate or the expiration of the related ISMS certificate with number [2013-009]. *This certificate is applicable for the assets, services and locations as described in the scoping section on the back of this certificate, with regard to the specific requirements for information security and protection of personally identifiable information (PII) as stated in Statement of Applicability version 2015,01, approved on September 15, 2015. ISO/IEC 27018:2014 Issue date of certificate: October 1, 2015 Expiration date of certificate: November 12, 2016 Amazon Web Services, Inc.* Certificate Certificate number: 2015-016 Certified by EY CertifyPoint since: October 1, 2015 © Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V. headquartered at Antonio Vivaldistraat 150, 1083 HP Amsterdam, The Netherlands. All rights reserved. Drs. R. Toppen RA Director EY CertifyPoint DIGITAL COPY1/3 o Customers control their content. o Customers' content will not be used for any unauthorized purposes. o Physical media is destroyed prior to leaving AWS data centers. o AWS provides customers the means to delete their content. o AWS doesn’t disclose customers' content
ISO 27017 Based on certification examination in conformity with defined requirements in ISO/IEC17021:2011 and ISO/IEC 27006:2011, the Information Security Management System as defined and implemented by headquartered in Seattle, Washington, United States of America, certified under certification number [2013-009], is also compliant with the requirements as stated in the standard: EY CertifyPoint will, according to the certification agreement dated October 23, 2014, perform surveillance audits and acknowledge the certificate until the expiration date of this certificate or the expiration of the related ISMS certificate with number [2013-009]. *This certificate is applicable for the assets, services and locations as described in the scoping section on the back of this certificate, with regard to the specific requirements for information security and protection of personally identifiable information (PII) as stated in Statement of Applicability version 2015,01, approved on September 15, 2015. ISO/IEC 27018:2014 Issue date of certificate: October 1, 2015 Expiration date of certificate: November 12, 2016 Amazon Web Services, Inc.* Certificate Certificate number: 2015-016 Certified by EY CertifyPoint since: October 1, 2015 © Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V. headquartered at Antonio Vivaldistraat 150, 1083 HP Amsterdam, The Netherlands. All rights reserved. Drs. R. Toppen RA Director EY CertifyPoint DIGITAL COPY1/3 o Newest ISO code of practice o Builds on top of ISO 27002 o Information security controls specific to Cloud services o Scope includes all AWS Regions and edge locations
AWS Security Tools AWS Trusted Advisor AWS Config Rules Amazon Inspector Periodic evaluation of alignment with AWS Best Practices. Not just Security-related. Create rules that govern configuration of your AWS resources. Continuous evaluation. Security insightsinto your applications. Runs on EC2 instances; on-demand scans AWS Compliance AWS: Security of the cloud Customer: Security in the cloud
Cloud Config Rules
AWS Config Rules features Flexible rules evaluated continuously and retroactively Dashboard and reports for common goals Customizable remediation API automation
AWS Config Rules Broad ecosystem of solutions
AWS Config Rules benefits Continuous monitoring for unexpected changes Shared compliance across your organization Simplified management of configuration changes
Security by Design - SbD • Systematic approach to ensure security • Formalizes AWS account design • Automates security controls • Streamlines auditing • Provides control insights throughout the IT management process AWS CloudTrail AWS CloudHSM AWS IAM AWS KMS AWS Config
GoldBase - Scripting your governance policy Set of CloudFormation Templates & Reference Arhcitectures that accelerate compliance with PCI, EU Personal Data Protection, HIPAA, FFIEC, FISMA, CJIS Result: Reliable technical implementation of administrative controls
What is Inspector? • Application security assessment • Selectable built-in rules • Security findings • Guidance and management • Automatable via APIs
Rule packages • CVE (common vulnerabilities and exposures) • Network security best practices • Authentication best practices • Operating system security best practices • Application security best practices • PCI DSS 3.0 readiness
Getting started
Prioritized findings
Detailed remediation recommendations
What is AWS WAF? Application DDoS Good users Bad guys Web server Database AWS WAF AWS WAF rules: 1: BLOCK requests from bad guys. 2: ALLOW requests from good guys. Types of conditions in rules: 1: Source IP/range 2: String Match 3: SQL Injection
Why AWS WAF? Application DDoS, Vulnerabilities, Abuse Good users Bad guys Web server Database
AWS WAF Partner integrations • Alert Logic, Trend Micro, and Imperva integrating with AWS WAF • Offer additional detection and threat intelligence • Dynamically modify rulesets of AWS WAF for increased protection
S2N – AWS Implementation of TLS • Small: • ~6,000 lines of code, all audited • ~80% less memory consumed • Fast: • 12% faster • Simple: • Avoid rarely used options/extensions
VPC Flow Logs
Flow Log Record Structure Event-Version Account Number ENI-ID Source-IP Destination-IP SourcePort Destination-Port Protocol Number Number of Packets Number of Bytes Start-Time Window End-Time Window Action State 2 123456789 eni-31607853 172.16.0.10 172.16.0.172 80 41707 6 1 40 1440402534 1440402589 ACCEPT OK
AWS Certificate Manager (ACM) makes it easy to provision, manage, deploy, and renew SSL/TLS certificates on the AWS platform. Introducing AWS Certificate Manager
AWS Certificate Manager • Provision trusted SSL/TLS certificates from AWS for use with AWS resources: • Elastic Load Balancing • Amazon CloudFront distributions • AWS handles the “maths and maintenance” • Key pair and CSR generation • Managed renewal and deployment • Domain validation (DV) through email • Available through AWS Management console, CLI, or API
AWS Certificate Manager (ACM) Benefits • Protect and secure websites and applications • Provision certificates quickly and easily • Free • Managed certificate renewal • Secure key management • Centrally manage certificates on the AWS Cloud • Integrated with other AWS Cloud Services
ACM Use Cases • Help meet regulatory compliance requirements for encryption of data in transit • PCI, FedRAMP and HIPAA • Minimize downtime and outages • Improve search rankings by using SSL/TLS
ACM-Provided Certificates Domain names • Single domain name: www.example.com • Wildcard domain names: *.example.com • Combination of wildcard and non-wildcard names • Multiple domain names in the same certificate (up to 10) ACM-provided certificates are managed • Private keys are generated, protected, and managed • ACM-provided certificates cannot be used on EC2 instances or on-premises servers • Can be used with AWS services, such as ELB and CloudFront Algorithms • RSA 2048 and SHA-256
What is available at launch? • SSL/TLS certificates for use with AWS services (ELB and CloudFront) • Availability in US-East (N. Virginia) • Domain validation via email • Console, API, CLI • Integration with ELB and CloudFront • Managed renewal and deployment
What is NOT available at launch? • Availability in additional regions • Certificates for use on EC2 • “Take home” certificates that can be used anywhere • Cross-region certificates • Cross-account access to certificates • CloudTrail logging of ACM API calls • Tagging • Certificates for email, code signing, or any other purpose except SSL/TLS termination
Certification & Education • Security Fundamentals on AWS • free, online course for security auditors and analysts • Security Operations on AWS • 3-day class for Security engineers, architects, analysts, and auditors • AWS Certification • Security is part of all AWS exams
Rich Security Capabilities in the Cloud Prepare Prevent Detect Respond
o AWS Security Solutions Architects o AWS Professional Services o AWS Secure by Design & GoldBase o AWS Security Best Practices o Partner Professional Services o AWS Training and Certification o Understand Compliance Requirements Prepare
o Use IAM – consider MFA, roles, federation, SSO o Implement Amazon WAF o Leverage S2N for secure TLS connections o Implement Config Rules to enforce compliance o Implement Amazon Inspector to identify vulnerabilities early on Prevent
o CloudTrail enabled across all accounts and services o Consider Config & Config Rules logs o Inspector can be used as a detective tool o Trusted Advisor goes beyond just security o Use CloudWatch logs o VPC Flow Logs give insight into intended and unintended communication taking place into your VPC o Look at partner log management and security monitoring solutions Detect
o Be Prepared: o Develop, acquire or hire Security Incident Response capabilities o Test preparedness via game days o Automated response and containment is always better than manual response o AWS supports forensic investigations o Leverage AWS Support for best results o Talk to our security partners Respond
Be Secure & Compliant in the Cloud!
Thank you!

Recommended

Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 

Recommended

Network Security and Access Control in AWS
Network Security and Access Control in AWSNetwork Security and Access Control in AWS
Network Security and Access Control in AWSAmazon Web Services
 
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013
AWS Security – Keynote Address (SEC101) | AWS re:Invent 2013Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS Security Getting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 
AWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAWS Enterprise Summit Netherlands - Keynote
AWS Enterprise Summit Netherlands - KeynoteAmazon Web Services
 
Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Security Architecture recommendations for your new AWS operation - Pop-up Lof...
Security Architecture recommendations for your new AWS operation - Pop-up Lof...Amazon Web Services
 
What's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinWhat's (nearly) new | AWS Security Roadshow Dublin
What's (nearly) new | AWS Security Roadshow DublinAmazon Web Services
 
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Encryption and key management in AWS (SEC304) | AWS re:Invent 2013
Encryption and key management in AWS (SEC304) | AWS re:Invent 2013Amazon Web Services
 
Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended PracticesAmazon Web Services
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance SummitAmazon Web Services
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
AWS APAC Webinar Week - Getting The Most From EC2
AWS APAC Webinar Week - Getting The Most From EC2AWS APAC Webinar Week - Getting The Most From EC2
AWS APAC Webinar Week - Getting The Most From EC2Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential EightAmazon Web Services
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS Amazon Web Services
 
AWS business essentials - Toronto
AWS business essentials - TorontoAWS business essentials - Toronto
AWS business essentials - TorontoAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWSAmazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowAmazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance FrameworkAmazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 
Andy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAndy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAmazon Web Services
 
AWS Customer Presentation : PBS - AWS Summit 2012 - NYC
AWS Customer Presentation : PBS - AWS Summit 2012 - NYCAWS Customer Presentation : PBS - AWS Summit 2012 - NYC
AWS Customer Presentation : PBS - AWS Summit 2012 - NYCAmazon Web Services
 

More Related Content

What's hot

Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rsAmazon Web Services
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended PracticesAmazon Web Services
 
AWS APAC Webinar Week - Getting The Most From EC2
AWS APAC Webinar Week - Getting The Most From EC2AWS APAC Webinar Week - Getting The Most From EC2
AWS APAC Webinar Week - Getting The Most From EC2Amazon Web Services
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAmazon Web Services
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Amazon Web Services
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity OptionsAmazon Web Services
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS Amazon Web Services
 
AWS business essentials - Toronto
AWS business essentials - TorontoAWS business essentials - Toronto
AWS business essentials - TorontoAmazon Web Services
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the EnterpriseAmazon Web Services
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWSAmazon Web Services
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowAmazon Web Services
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWSAmazon Web Services
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesAmazon Web Services
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance FrameworkAmazon Web Services
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile DevelopersAmazon Web Services
 

What's hot (20)

Getting started with aws security toronto rs
Getting started with aws security toronto rsGetting started with aws security toronto rs
Getting started with aws security toronto rs
 
IAM Recommended Practices
IAM Recommended PracticesIAM Recommended Practices
IAM Recommended Practices
 
(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit(GEN117) AWS Compliance Summit
(GEN117) AWS Compliance Summit
 
Security Day IAM Recommended Practices
Security Day IAM Recommended PracticesSecurity Day IAM Recommended Practices
Security Day IAM Recommended Practices
 
AWS APAC Webinar Week - Getting The Most From EC2
AWS APAC Webinar Week - Getting The Most From EC2AWS APAC Webinar Week - Getting The Most From EC2
AWS APAC Webinar Week - Getting The Most From EC2
 
AWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing ZoneAWS Enterprise Summit Netherlands - Creating a Landing Zone
AWS Enterprise Summit Netherlands - Creating a Landing Zone
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential Eight
 
Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0Compliance in the cloud using sb d toronto-summit-v1.0
Compliance in the cloud using sb d toronto-summit-v1.0
 
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
 
AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS AWS Webcast - Highly Available SQL Server on AWS
AWS Webcast - Highly Available SQL Server on AWS
 
AWS business essentials - Toronto
AWS business essentials - TorontoAWS business essentials - Toronto
AWS business essentials - Toronto
 
(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise(SEC303) Architecting for End-To-End Security in the Enterprise
(SEC303) Architecting for End-To-End Security in the Enterprise
 
(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS(SEC301) Strategies for Protecting Data Using Encryption in AWS
(SEC301) Strategies for Protecting Data Using Encryption in AWS
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
What's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security RoadshowWhat's (nearly) new | AWS Security Roadshow
What's (nearly) new | AWS Security Roadshow
 
(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS(SEC304) Architecting for HIPAA Compliance on AWS
(SEC304) Architecting for HIPAA Compliance on AWS
 
Getting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute ServicesGetting Started with Amazon EC2 and Compute Services
Getting Started with Amazon EC2 and Compute Services
 
Reading the AWS Compliance Framework
Reading the AWS Compliance FrameworkReading the AWS Compliance Framework
Reading the AWS Compliance Framework
 
Announcements for Mobile Developers
Announcements for Mobile DevelopersAnnouncements for Mobile Developers
Announcements for Mobile Developers
 

Viewers also liked

Andy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAndy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAmazon Web Services
 
AWS Customer Presentation : PBS - AWS Summit 2012 - NYC
AWS Customer Presentation : PBS - AWS Summit 2012 - NYCAWS Customer Presentation : PBS - AWS Summit 2012 - NYC
AWS Customer Presentation : PBS - AWS Summit 2012 - NYCAmazon Web Services
 
Webinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFrontWebinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFrontAmazon Web Services
 
CPN202 More for Less - AWS re: Invent 2012
CPN202 More for Less - AWS re: Invent 2012CPN202 More for Less - AWS re: Invent 2012
CPN202 More for Less - AWS re: Invent 2012Amazon Web Services
 
AWS Summit - Brisbane 2014 - Keynote
AWS Summit - Brisbane 2014 - KeynoteAWS Summit - Brisbane 2014 - Keynote
AWS Summit - Brisbane 2014 - KeynoteAmazon Web Services
 
Amazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Web Services
 
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANA
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANAAWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANA
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANAAmazon Web Services
 
AWS for Start-ups - Case Study - Go Squared
AWS for Start-ups - Case Study - Go SquaredAWS for Start-ups - Case Study - Go Squared
AWS for Start-ups - Case Study - Go SquaredAmazon Web Services
 
Unlocking the Value of your Data Featuring AWS Enterprise Use Cases
Unlocking the Value of your Data Featuring AWS Enterprise Use CasesUnlocking the Value of your Data Featuring AWS Enterprise Use Cases
Unlocking the Value of your Data Featuring AWS Enterprise Use CasesAmazon Web Services
 
AWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAmazon Web Services
 
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L... AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...Amazon Web Services
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶Amazon Web Services
 
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...Amazon Web Services
 
SVC105 AWS Messaging - AWS re: Invent 2012
SVC105 AWS Messaging - AWS re: Invent 2012SVC105 AWS Messaging - AWS re: Invent 2012
SVC105 AWS Messaging - AWS re: Invent 2012Amazon Web Services
 
REA Sydney Customer Appreciation Day
REA Sydney Customer Appreciation DayREA Sydney Customer Appreciation Day
REA Sydney Customer Appreciation DayAmazon Web Services
 
AWS July Webinar Series - Getting Started with Amazon DynamoDB
AWS July Webinar Series - Getting Started with Amazon DynamoDBAWS July Webinar Series - Getting Started with Amazon DynamoDB
AWS July Webinar Series - Getting Started with Amazon DynamoDBAmazon Web Services
 

Viewers also liked (20)

Andy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation DayAndy Jassy Keynote Sydney Customer Appreciation Day
Andy Jassy Keynote Sydney Customer Appreciation Day
 
AWS Customer Presentation : PBS - AWS Summit 2012 - NYC
AWS Customer Presentation : PBS - AWS Summit 2012 - NYCAWS Customer Presentation : PBS - AWS Summit 2012 - NYC
AWS Customer Presentation : PBS - AWS Summit 2012 - NYC
 
Webinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFrontWebinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFront
 
CPN202 More for Less - AWS re: Invent 2012
CPN202 More for Less - AWS re: Invent 2012CPN202 More for Less - AWS re: Invent 2012
CPN202 More for Less - AWS re: Invent 2012
 
NoSQL like there is No Tomorrow
NoSQL like there is No TomorrowNoSQL like there is No Tomorrow
NoSQL like there is No Tomorrow
 
AWS Summit - Brisbane 2014 - Keynote
AWS Summit - Brisbane 2014 - KeynoteAWS Summit - Brisbane 2014 - Keynote
AWS Summit - Brisbane 2014 - Keynote
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
Amazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart ApplicationsAmazon Machine Learning: Empowering Developers to Build Smart Applications
Amazon Machine Learning: Empowering Developers to Build Smart Applications
 
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANA
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANAAWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANA
AWS Partner Webcast - Make Decisions Faster with AWS and SAP on HANA
 
AWS for Start-ups - Case Study - Go Squared
AWS for Start-ups - Case Study - Go SquaredAWS for Start-ups - Case Study - Go Squared
AWS for Start-ups - Case Study - Go Squared
 
Unlocking the Value of your Data Featuring AWS Enterprise Use Cases
Unlocking the Value of your Data Featuring AWS Enterprise Use CasesUnlocking the Value of your Data Featuring AWS Enterprise Use Cases
Unlocking the Value of your Data Featuring AWS Enterprise Use Cases
 
AWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyteAWS Customer Presentation - ORbyte
AWS Customer Presentation - ORbyte
 
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L... AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
AWS Government, Education, and Nonprofits Symposium London, United Kingdom L...
 
Mobile Application Development
Mobile Application DevelopmentMobile Application Development
Mobile Application Development
 
善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶善用分析與推播訊息增加及留住用戶
善用分析與推播訊息增加及留住用戶
 
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
AWS Webcast - Accelerating Application Performance Using In-Memory Caching in...
 
SVC105 AWS Messaging - AWS re: Invent 2012
SVC105 AWS Messaging - AWS re: Invent 2012SVC105 AWS Messaging - AWS re: Invent 2012
SVC105 AWS Messaging - AWS re: Invent 2012
 
REA Sydney Customer Appreciation Day
REA Sydney Customer Appreciation DayREA Sydney Customer Appreciation Day
REA Sydney Customer Appreciation Day
 
AWS July Webinar Series - Getting Started with Amazon DynamoDB
AWS July Webinar Series - Getting Started with Amazon DynamoDBAWS July Webinar Series - Getting Started with Amazon DynamoDB
AWS July Webinar Series - Getting Started with Amazon DynamoDB
 
Amazon federal registry 2.0
Amazon federal registry 2.0Amazon federal registry 2.0
Amazon federal registry 2.0
 

Similar to Security Day What's (nearly) New

Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) NewAmazon Web Services
 
Security & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel AvivSecurity & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel AvivAmazon Web Services
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAmazon Web Services
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAmazon Web Services
 
How to Achieve PCI DSS Compliance on AWS
How to Achieve PCI DSS Compliance on AWS How to Achieve PCI DSS Compliance on AWS
How to Achieve PCI DSS Compliance on AWSAmazon Web Services
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?AWS Germany
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersJames Strong
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?Amazon Web Services
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPTAmazon Web Services
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
Security and Compliance – Most Commonly Asked Questions - Technical 101
Security and Compliance – Most Commonly Asked Questions - Technical 101Security and Compliance – Most Commonly Asked Questions - Technical 101
Security and Compliance – Most Commonly Asked Questions - Technical 101Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...Amazon Web Services
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS SecurityAmazon Web Services
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & ComplianceAmazon Web Services
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Amazon Web Services
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Jeremy Gray
 

Similar to Security Day What's (nearly) New (20)

Security Day What's (nearly) New
Security Day What's (nearly) NewSecurity Day What's (nearly) New
Security Day What's (nearly) New
 
Security & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel AvivSecurity & Compliance in the cloud - Pop-up Loft Tel Aviv
Security & Compliance in the cloud - Pop-up Loft Tel Aviv
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
AWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the CloudAWS Enterprise Summit London 2015 | Security in the Cloud
AWS Enterprise Summit London 2015 | Security in the Cloud
 
AWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program OverviewAWS Shared Responsibility Model & Compliance Program Overview
AWS Shared Responsibility Model & Compliance Program Overview
 
How to Achieve PCI DSS Compliance on AWS
How to Achieve PCI DSS Compliance on AWS How to Achieve PCI DSS Compliance on AWS
How to Achieve PCI DSS Compliance on AWS
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3
 
Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?Warum ist Cloud-Sicherheit und Compliance wichtig?
Warum ist Cloud-Sicherheit und Compliance wichtig?
 
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS BuildersAWS Cloud Governance & Security through Automation - Atlanta AWS Builders
AWS Cloud Governance & Security through Automation - Atlanta AWS Builders
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?(SEC201) How Should We All Think About Security?
(SEC201) How Should We All Think About Security?
 
Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT Automate the Provisioning of Secure Developer Environments on AWS PPT
Automate the Provisioning of Secure Developer Environments on AWS PPT
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
Security and Compliance – Most Commonly Asked Questions - Technical 101
Security and Compliance – Most Commonly Asked Questions - Technical 101Security and Compliance – Most Commonly Asked Questions - Technical 101
Security and Compliance – Most Commonly Asked Questions - Technical 101
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
AWS re:Invent 2016: Chalk Talk: Applying Security-by-Design to Drive Complian...
 
Getting Started With AWS Security
Getting Started With AWS SecurityGetting Started With AWS Security
Getting Started With AWS Security
 
Palo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & CompliancePalo Alto Networks: Protection for Security & Compliance
Palo Alto Networks: Protection for Security & Compliance
 
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
Automating Compliance Defense in the Cloud - Toronto FSI Symposium - October ...
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Recently uploaded

Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceDamini Dixit
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escortdlhescort
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLkapoorjyoti4444
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876dlhescort
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon investment
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...rajveerescorts2022
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsIndeedSEO
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...amitlee9823
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756dollysharma2066
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentationuneakwhite
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...lizamodels9
 

Recently uploaded (20)

Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort ServiceMalegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
Malegaon Call Girls Service ☎ ️82500–77686 ☎️ Enjoy 24/7 Escort Service
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂EscortCall Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
Call Girls In Nangloi Rly Metro ꧂…….95996 … 13876 Enjoy ꧂Escort
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Falcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business GrowthFalcon Invoice Discounting: Empowering Your Business Growth
Falcon Invoice Discounting: Empowering Your Business Growth
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
Russian Call Girls In Rajiv Chowk Gurgaon ❤️8448577510 ⊹Best Escorts Service ...
 

Security Day What's (nearly) New

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Dave Walker SpecialistSolutions Architect,Security & Compliance EMEA 28/01/16 What’s (nearly) New? London
  • 2. Cloud Security Principles Compliance o Issued 1 Apr 2014 by the CESG o They replace the Business Impact Levels model (BIL: IL1-IL5+) o Distributed certification model o Risk-based approach: suitability for purpose o New protective marking mechanisms o AWS Whitepaper Available
  • 3. Cyber Essentials Plus Compliance in Dublin This is to certify that Amazon Web Services (Scope limited to Dublin Region) 60 Holborn Viaduct London EC1A 2FD Has been assessed by Zia Rehman for Perspective Risk Ltd against the Cyber Essentials Scheme Test Specification Level of certification: Cyber Essentials PLUS Scope: Cyber Essentials Plus of external Dublin network perimeter, sample desktop and mobile devices Certification date: August 7th, 2015 Recommended re-assessment date: August 6th, 2016 Certificate no.: 2864877880893798 This Certificate confirms that the organisation named was assessed against the Cyber Essentials RequirementsThis Certificate confirms that the organisation named was assessed against the Cyber Essentials Requirements dated June 2014, and at the time of testing, the organisation's ICT defences were assessed to meet thedated June 2014, and at the time of testing, the organisation's ICT defences were assessed to meet the Requirements. Cyber Essentials Certification indicates that the organisation has implemented a sensible baseline ofRequirements. Cyber Essentials Certification indicates that the organisation has implemented a sensible baseline of organisational cyber security only, and implies no guarantee of effective defence against commodity cyber attacksorganisational cyber security only, and implies no guarantee of effective defence against commodity cyber attacks circumventing this baseline. Organisations are recommended to define and understand the risks to theircircumventing this baseline. Organisations are recommended to define and understand the risks to their organisation and take all appropriate action to mitigate or reduce any issues, which may require a greater degree oforganisation and take all appropriate action to mitigate or reduce any issues, which may require a greater degree of rigour or technical investment than is required for Cyber Essentials alone.rigour or technical investment than is required for Cyber Essentials alone. Cyber Essentials Plus is a UK Government-backed, industry- supported certification scheme that helps organisations demonstrate security against common cyber attacks. The ‘Plus’ scheme benefits from independent testing and validation compared to the baseline ‘Cyber Essentials’ scheme that is self- attested.
  • 4. ISO 27018 Based on certification examination in conformity with defined requirements in ISO/IEC17021:2011 and ISO/IEC 27006:2011, the Information Security Management System as defined and implemented by headquartered in Seattle, Washington, United States of America, certified under certification number [2013-009], is also compliant with the requirements as stated in the standard: EY CertifyPoint will, according to the certification agreement dated October 23, 2014, perform surveillance audits and acknowledge the certificate until the expiration date of this certificate or the expiration of the related ISMS certificate with number [2013-009]. *This certificate is applicable for the assets, services and locations as described in the scoping section on the back of this certificate, with regard to the specific requirements for information security and protection of personally identifiable information (PII) as stated in Statement of Applicability version 2015,01, approved on September 15, 2015. ISO/IEC 27018:2014 Issue date of certificate: October 1, 2015 Expiration date of certificate: November 12, 2016 Amazon Web Services, Inc.* Certificate Certificate number: 2015-016 Certified by EY CertifyPoint since: October 1, 2015 © Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V. headquartered at Antonio Vivaldistraat 150, 1083 HP Amsterdam, The Netherlands. All rights reserved. Drs. R. Toppen RA Director EY CertifyPoint DIGITAL COPY1/3 o Customers control their content. o Customers' content will not be used for any unauthorized purposes. o Physical media is destroyed prior to leaving AWS data centers. o AWS provides customers the means to delete their content. o AWS doesn’t disclose customers' content
  • 5. ISO 27017 Based on certification examination in conformity with defined requirements in ISO/IEC17021:2011 and ISO/IEC 27006:2011, the Information Security Management System as defined and implemented by headquartered in Seattle, Washington, United States of America, certified under certification number [2013-009], is also compliant with the requirements as stated in the standard: EY CertifyPoint will, according to the certification agreement dated October 23, 2014, perform surveillance audits and acknowledge the certificate until the expiration date of this certificate or the expiration of the related ISMS certificate with number [2013-009]. *This certificate is applicable for the assets, services and locations as described in the scoping section on the back of this certificate, with regard to the specific requirements for information security and protection of personally identifiable information (PII) as stated in Statement of Applicability version 2015,01, approved on September 15, 2015. ISO/IEC 27018:2014 Issue date of certificate: October 1, 2015 Expiration date of certificate: November 12, 2016 Amazon Web Services, Inc.* Certificate Certificate number: 2015-016 Certified by EY CertifyPoint since: October 1, 2015 © Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V. headquartered at Antonio Vivaldistraat 150, 1083 HP Amsterdam, The Netherlands. All rights reserved. Drs. R. Toppen RA Director EY CertifyPoint DIGITAL COPY1/3 o Newest ISO code of practice o Builds on top of ISO 27002 o Information security controls specific to Cloud services o Scope includes all AWS Regions and edge locations
  • 6. AWS Security Tools AWS Trusted Advisor AWS Config Rules Amazon Inspector Periodic evaluation of alignment with AWS Best Practices. Not just Security-related. Create rules that govern configuration of your AWS resources. Continuous evaluation. Security insightsinto your applications. Runs on EC2 instances; on-demand scans AWS Compliance AWS: Security of the cloud Customer: Security in the cloud
  • 8. AWS Config Rules features Flexible rules evaluated continuously and retroactively Dashboard and reports for common goals Customizable remediation API automation
  • 9. AWS Config Rules Broad ecosystem of solutions
  • 10. AWS Config Rules benefits Continuous monitoring for unexpected changes Shared compliance across your organization Simplified management of configuration changes
  • 11. Security by Design - SbD • Systematic approach to ensure security • Formalizes AWS account design • Automates security controls • Streamlines auditing • Provides control insights throughout the IT management process AWS CloudTrail AWS CloudHSM AWS IAM AWS KMS AWS Config
  • 12. GoldBase - Scripting your governance policy Set of CloudFormation Templates & Reference Arhcitectures that accelerate compliance with PCI, EU Personal Data Protection, HIPAA, FFIEC, FISMA, CJIS Result: Reliable technical implementation of administrative controls
  • 13. What is Inspector? • Application security assessment • Selectable built-in rules • Security findings • Guidance and management • Automatable via APIs
  • 14. Rule packages • CVE (common vulnerabilities and exposures) • Network security best practices • Authentication best practices • Operating system security best practices • Application security best practices • PCI DSS 3.0 readiness
  • 18. What is AWS WAF? Application DDoS Good users Bad guys Web server Database AWS WAF AWS WAF rules: 1: BLOCK requests from bad guys. 2: ALLOW requests from good guys. Types of conditions in rules: 1: Source IP/range 2: String Match 3: SQL Injection
  • 19. Why AWS WAF? Application DDoS, Vulnerabilities, Abuse Good users Bad guys Web server Database
  • 20. AWS WAF Partner integrations • Alert Logic, Trend Micro, and Imperva integrating with AWS WAF • Offer additional detection and threat intelligence • Dynamically modify rulesets of AWS WAF for increased protection
  • 21. S2N – AWS Implementation of TLS • Small: • ~6,000 lines of code, all audited • ~80% less memory consumed • Fast: • 12% faster • Simple: • Avoid rarely used options/extensions
  • 23. Flow Log Record Structure Event-Version Account Number ENI-ID Source-IP Destination-IP SourcePort Destination-Port Protocol Number Number of Packets Number of Bytes Start-Time Window End-Time Window Action State 2 123456789 eni-31607853 172.16.0.10 172.16.0.172 80 41707 6 1 40 1440402534 1440402589 ACCEPT OK
  • 24. AWS Certificate Manager (ACM) makes it easy to provision, manage, deploy, and renew SSL/TLS certificates on the AWS platform. Introducing AWS Certificate Manager
  • 25. AWS Certificate Manager • Provision trusted SSL/TLS certificates from AWS for use with AWS resources: • Elastic Load Balancing • Amazon CloudFront distributions • AWS handles the “maths and maintenance” • Key pair and CSR generation • Managed renewal and deployment • Domain validation (DV) through email • Available through AWS Management console, CLI, or API
  • 26. AWS Certificate Manager (ACM) Benefits • Protect and secure websites and applications • Provision certificates quickly and easily • Free • Managed certificate renewal • Secure key management • Centrally manage certificates on the AWS Cloud • Integrated with other AWS Cloud Services
  • 27. ACM Use Cases • Help meet regulatory compliance requirements for encryption of data in transit • PCI, FedRAMP and HIPAA • Minimize downtime and outages • Improve search rankings by using SSL/TLS
  • 28. ACM-Provided Certificates Domain names • Single domain name: www.example.com • Wildcard domain names: *.example.com • Combination of wildcard and non-wildcard names • Multiple domain names in the same certificate (up to 10) ACM-provided certificates are managed • Private keys are generated, protected, and managed • ACM-provided certificates cannot be used on EC2 instances or on-premises servers • Can be used with AWS services, such as ELB and CloudFront Algorithms • RSA 2048 and SHA-256
  • 29. What is available at launch? • SSL/TLS certificates for use with AWS services (ELB and CloudFront) • Availability in US-East (N. Virginia) • Domain validation via email • Console, API, CLI • Integration with ELB and CloudFront • Managed renewal and deployment
  • 30. What is NOT available at launch? • Availability in additional regions • Certificates for use on EC2 • “Take home” certificates that can be used anywhere • Cross-region certificates • Cross-account access to certificates • CloudTrail logging of ACM API calls • Tagging • Certificates for email, code signing, or any other purpose except SSL/TLS termination
  • 31. Certification & Education • Security Fundamentals on AWS • free, online course for security auditors and analysts • Security Operations on AWS • 3-day class for Security engineers, architects, analysts, and auditors • AWS Certification • Security is part of all AWS exams
  • 32. Rich Security Capabilities in the Cloud Prepare Prevent Detect Respond
  • 33. o AWS Security Solutions Architects o AWS Professional Services o AWS Secure by Design & GoldBase o AWS Security Best Practices o Partner Professional Services o AWS Training and Certification o Understand Compliance Requirements Prepare
  • 34. o Use IAM – consider MFA, roles, federation, SSO o Implement Amazon WAF o Leverage S2N for secure TLS connections o Implement Config Rules to enforce compliance o Implement Amazon Inspector to identify vulnerabilities early on Prevent
  • 35. o CloudTrail enabled across all accounts and services o Consider Config & Config Rules logs o Inspector can be used as a detective tool o Trusted Advisor goes beyond just security o Use CloudWatch logs o VPC Flow Logs give insight into intended and unintended communication taking place into your VPC o Look at partner log management and security monitoring solutions Detect
  • 36. o Be Prepared: o Develop, acquire or hire Security Incident Response capabilities o Test preparedness via game days o Automated response and containment is always better than manual response o AWS supports forensic investigations o Leverage AWS Support for best results o Talk to our security partners Respond
  • 37.
  • 38. Be Secure & Compliant in the Cloud!