SlideShare ist ein Scribd-Unternehmen logo

Getting Started with AWS Security

Amazon Web Services
Amazon Web Services

Amazon Web Services offers a wide range of tools and features to help you to meet your security objectives. These tools mirror the familiar controls you deploy within your on-premises environments. Amazon Web Services provides security-specific tools and features across network security, configuration management, access control and data security. In addition, Amazon Web Services provides monitoring and logging tools to provide full visibility into what is happening in your environment. In this session, you will get introduced to the range of security tools and features that Amazon Web Services offers, and the latest security innovations coming from Amazon Web Services. Andrew Watts-Curnow, Cloud Architect - Professional Services, ASEAN

Technologie
1 von 33
Downloaden Sie, um offline zu lesen
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Andrew Watts-Curnow, AWS Professional Services April 2016 Getting Started with AWS Security
Shared Security Model • Shared Responsibility – Let AWS do the heavy lifting – Focus on what’s most valuable to your business • Customer • Choice of Guest OS • Application Configuration Options • Account Management flexibility • Security Groups • ACLs • Identity Management • AWS • Facility operations • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualisation Infrastructure • Hardware lifecycle management
Amazon EC2 Shared Security Model: Infrastructure Services
Such as Amazon S3, Amazon DynamoDB, and Amazon Kinesis Shared Security Model: Abstract Services
WHAT’S IN YOUR ENVIRONMENT? RIGHT NOW?
VPC: Private, isolated network on the AWS cloud AvailabilityZoneA AvailabilityZoneB AWS Virtual Private Cloud • Private and logically isolated section of the AWS cloud • You choose a private IP range for your VPC • Segment this into subnets to deploy your compute instances AWS network security • AWS network will prevent spoofing and other common layer 2 attacks • You cannot sniff anything but your own EC2 host network interface • Control all external routing and connectivity
VPC = Virtual Private Cloud Your virtual data center on AWS Block of IPs that define your network (typically RFC 1918) Can span multiple AZs Default VPCs VPC Availability Zone A Availability Zone B VPC CIDR: 10.1.0.0 /16
Range of IPs in your VPC IP range Lives inside an AZ Can provide security at the subnet or network level with access control lists (ACLs) Can route at the subnet level Default VPC subnets VPC subnet Subnet Availability Zone A Subnet Availability Zone B 10.1.1.0/24 10.1.10.0/24 VPC CIDR: 10.1.0.0 /16
NACL = network access control list An optional layer of security that acts as a firewall for a subnet A numbered list of rules that we evaluate in order ACLs are stateless and have separate inbound and outbound rules Network access control list Availability Zone A Availability Zone B VPC CIDR: 10.1.0.0 /16 VPC Subnet with ACL VPC Subnet with ACL VPC Subnet with ACL
A security group acts as a virtual firewall for your EC2 instance An EC2 instance can have up to five security groups Security groups act at the instance level, not the subnet level Security groups are stateful Security groups Availability Zone A Availability Zone B Subnet: 10.1.1.0/24 Subnet: 10.1.10.0/24 Security Group EC2 EC2EC2EC2
AWS WAF: Web Application Firewall
AWS WAF in action AWS Management ConsoleAdmins Developers AWS API Web app in CloudFront Define rules Deploy protection AWS WAF
AWS WAF Partner integrations • Alert Logic, Trend Micro, and Imperva integrating with AWS WAF • Offer additional detection and threat intelligence • Dynamically modify rulesets of AWS WAF for increased protection
Trusted advisor
Trusted advisor
Amazon Inspector • Vulnerability Assessment Service • Built from the ground up to support Dev/Ops Model • Automatable via API’s • AWS Context Aware • Static & Dynamic Telemetry • Integrated with CI/CD tools • On-Demand Pricing model • CVE & CIS Rules Packages • AWS AppSec Best Practices
Prioritized findings
Detailed remediation recommendations
AWS Key Management Service Encryption key management and compliance made easy One-click Encryption of server and database storage Centralized key management (create, delete, view, set policies) Enforced, automatic key rotation Visibility into any changes via CloudTrail
AWS Key Management Service
CloudWatch Logs: Centralize Your Logs Send existing system, application, and custom log files to CloudWatch Logs via our agent, and monitor these logs in near real-time. This can help you better understand and operate your systems and applications, and you can store your logs using highly durable, low-cost storage for later access
AWS Config: Record AWS Environment Changes AWS Config records AWS environment configuration and changes information for your account. Snapshots answer the question “What did my environment look like, at time x?” History answers the question “What changes have happened, to infrastructure element I over time?” Continuous ChangeRecordingChanging Resources History Stream Snapshot (ex. 2014-11-05) AWS Config
CloudTrail: Record AWS API Calls AWS CloudTrail records AWS API calls for your account and delivers log files to you. The recorded information includes caller identity, time, the source IP address, parameters, and the response returned by the AWS service. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
IAM: Identity and Access Management With AWS IAM you get to control who can do what in your AWS environment and from where Fine-grained control of your AWS cloud with two-factor authentication Integrated with your existing corporate directory using SAML 2.0 and single sign-on AWS account owner Network management Security management Server management Storage management
Compliance at AWS AWS is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run applications on our PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. Singapore Multi-Tier Cloud Security Standard (MTCS SS 584) Level-3 (CSP) certification. This certification gives organizations the clarity to utilize AWS to host and process their highly confidential data in Singapore. The Multi-Tier Cloud Security (MTCS) Singapore standard is developed under the Information Technology Standards Committee (ITSC).
Security Community Partner ecosystemCustomer ecosystemAWS Platform & Tools
Resources
aws.amazon.com/security/
AWS Training & Certification Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/ self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS
“Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers.” -Tom Soderstrom, CTO, NASA JPL
Getting Started with AWS Security

Empfohlen

Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Windows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate TorontoWindows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate TorontoAmazon Web Services
 
Security & Compliance (Part 1)
Security & Compliance (Part 1)Security & Compliance (Part 1)
Security & Compliance (Part 1)Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
FS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud SecurityFS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud SecurityAmazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 

Empfohlen

Hybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsHybrid IT with Amazon Web Services: Best of Both Worlds
Hybrid IT with Amazon Web Services: Best of Both WorldsAmazon Web Services
 
3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero 3 Secrets to Becoming a Cloud Security Superhero
3 Secrets to Becoming a Cloud Security Superhero Amazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 
Windows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate TorontoWindows Workloads on AWS - AWS Innovate Toronto
Windows Workloads on AWS - AWS Innovate TorontoAmazon Web Services
 
Security & Compliance (Part 1)
Security & Compliance (Part 1)Security & Compliance (Part 1)
Security & Compliance (Part 1)Amazon Web Services
 
Security & Compliance (Part 2)
Security & Compliance (Part 2)Security & Compliance (Part 2)
Security & Compliance (Part 2)Amazon Web Services
 
FS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud SecurityFS-ISAC 2017 Amazon Web Services & Cloud Security
FS-ISAC 2017 Amazon Web Services & Cloud SecurityAmazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance Amazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
Architecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsArchitecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsAmazon Web Services
 
Securing enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSSecuring enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSAmazon Web Services
 
Introduction to Cloud Computing and AWS
Introduction to Cloud Computing and AWSIntroduction to Cloud Computing and AWS
Introduction to Cloud Computing and AWSFaisal Ahmed Farooqui
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS WorkloadsAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
AWS Intro & History
AWS Intro & HistoryAWS Intro & History
AWS Intro & HistoryAmazon Web Services
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWSAmazon Web Services
 
AWS Account Best Practices
AWS Account Best PracticesAWS Account Best Practices
AWS Account Best PracticesAmazon Web Services
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSAmazon Web Services
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAmazon Web Services
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersAmazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & ComplianceAmazon Web Services
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS SecurityAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicAmazon Web Services
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Amazon Web Services
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
Architecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsArchitecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsAmazon Web Services
 
Securing enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSSecuring enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSAmazon Web Services
 
Introduction to Cloud Computing and AWS
Introduction to Cloud Computing and AWSIntroduction to Cloud Computing and AWS
Introduction to Cloud Computing and AWSFaisal Ahmed Farooqui
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS WorkloadsAmazon Web Services
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWSAmazon Web Services
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSAmazon Web Services
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAmazon Web Services
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorAmazon Web Services
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Amazon Web Services
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersAmazon Web Services
 

Was ist angesagt? (20)

Real-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo LogicReal-time Visibility at Scale with Sumo Logic
Real-time Visibility at Scale with Sumo Logic
 
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
Innovating IAM Protection for AWS with Dome9 - Session Sponsored by Dome9
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
Architecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi AccountsArchitecting Security and Governance Across Multi Accounts
Architecting Security and Governance Across Multi Accounts
 
Securing enterprise big data workloads on AWS
Securing enterprise big data workloads on AWSSecuring enterprise big data workloads on AWS
Securing enterprise big data workloads on AWS
 
Introduction to Cloud Computing and AWS
Introduction to Cloud Computing and AWSIntroduction to Cloud Computing and AWS
Introduction to Cloud Computing and AWS
 
Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads Check Point Software Technologies: Secure Your AWS Workloads
Check Point Software Technologies: Secure Your AWS Workloads
 
Building Secure Architectures on AWS
Building Secure Architectures on AWSBuilding Secure Architectures on AWS
Building Secure Architectures on AWS
 
AWS Intro & History
AWS Intro & HistoryAWS Intro & History
AWS Intro & History
 
Compliance with AWS
Compliance with AWSCompliance with AWS
Compliance with AWS
 
AWS Account Best Practices
AWS Account Best PracticesAWS Account Best Practices
AWS Account Best Practices
 
Barracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWSBarracuda WAF: Scalable Security for Applications on AWS
Barracuda WAF: Scalable Security for Applications on AWS
 
AWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by DesignAWS Enterprise Summit Netherlands - Infosec by Design
AWS Enterprise Summit Netherlands - Infosec by Design
 
Demystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public SectorDemystifying Cloud Security: Lessons Learned for the Public Sector
Demystifying Cloud Security: Lessons Learned for the Public Sector
 
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
Cloud ID Management of North Carolina Department of Public Instruction (SEC10...
 
Scaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million UsersScaling on AWS for the First 10 Million Users
Scaling on AWS for the First 10 Million Users
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 

Andere mochten auch

Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)Amazon Web Services
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)Amazon Web Services
 
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAmazon Web Services
 
Webinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFrontWebinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFrontAmazon Web Services
 
More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...
More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...
More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...Amazon Web Services
 
Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....
Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....
Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....Amazon Web Services
 
AWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMediaAWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMediaAmazon Web Services
 
AWS Canberra WWPS Summit 2013 - AWS for Web Applications
AWS Canberra WWPS Summit 2013 - AWS for Web ApplicationsAWS Canberra WWPS Summit 2013 - AWS for Web Applications
AWS Canberra WWPS Summit 2013 - AWS for Web ApplicationsAmazon Web Services
 
Delivering High Performance Content
Delivering High Performance ContentDelivering High Performance Content
Delivering High Performance ContentAmazon Web Services
 
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...Amazon Web Services
 
STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012
STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012
STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012Amazon Web Services
 
(DEV303) Practical DynamoDB Programming in Java
(DEV303) Practical DynamoDB Programming in Java(DEV303) Practical DynamoDB Programming in Java
(DEV303) Practical DynamoDB Programming in JavaAmazon Web Services
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesAmazon Web Services
 
Everything You Need to Develop Apps Faster and Scale to Millions of Users
Everything You Need to Develop Apps Faster and Scale to Millions of UsersEverything You Need to Develop Apps Faster and Scale to Millions of Users
Everything You Need to Develop Apps Faster and Scale to Millions of UsersAmazon Web Services
 

Andere mochten auch (20)

AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Protecting Your Data in AWS
Protecting Your Data in AWSProtecting Your Data in AWS
Protecting Your Data in AWS
 
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
AWS re:Invent 2016: AWS Partners and Data Privacy (GPST303)
 
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
AWS re:Invent 2016: Amazon EC2 Foundations (CMP203)
 
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWSAWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS
 
Webinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFrontWebinar: Delivering Static and Dynamic Content Using CloudFront
Webinar: Delivering Static and Dynamic Content Using CloudFront
 
Analytics in the Cloud
Analytics in the CloudAnalytics in the Cloud
Analytics in the Cloud
 
More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...
More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...
More Nines for Your Dimes: Improving Availability and Lowering Costs using Au...
 
Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....
Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....
Scale and Reach: Always Up - Always On - AWS Symposium 2014 - Washington D.C....
 
AWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMediaAWS Customer Success Story - DotAndMedia
AWS Customer Success Story - DotAndMedia
 
AWS Canberra WWPS Summit 2013 - AWS for Web Applications
AWS Canberra WWPS Summit 2013 - AWS for Web ApplicationsAWS Canberra WWPS Summit 2013 - AWS for Web Applications
AWS Canberra WWPS Summit 2013 - AWS for Web Applications
 
Delivering High Performance Content
Delivering High Performance ContentDelivering High Performance Content
Delivering High Performance Content
 
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
Globus Genomics: How Science-as-a-Service is Accelerating Discovery (BDT310) ...
 
AWS Lunch and Learn - Security
AWS Lunch and Learn - SecurityAWS Lunch and Learn - Security
AWS Lunch and Learn - Security
 
STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012
STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012
STP205 Making it Big Without Breaking the Bank - AWS re: Invent 2012
 
(DEV303) Practical DynamoDB Programming in Java
(DEV303) Practical DynamoDB Programming in Java(DEV303) Practical DynamoDB Programming in Java
(DEV303) Practical DynamoDB Programming in Java
 
Leveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business ServicesLeveraging Hybid IT for More Robust Business Services
Leveraging Hybid IT for More Robust Business Services
 
Everything You Need to Develop Apps Faster and Scale to Millions of Users
Everything You Need to Develop Apps Faster and Scale to Millions of UsersEverything You Need to Develop Apps Faster and Scale to Millions of Users
Everything You Need to Develop Apps Faster and Scale to Millions of Users
 

Ähnlich wie Getting Started with AWS Security

Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial ServicesAmazon Web Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at ScaleAmazon Web Services
 
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도Amazon Web Services Korea
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWSAmazon Web Services
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Amazon Web Services
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtHelen Rogers
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Amazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAmazon Web Services
 

Ähnlich wie Getting Started with AWS Security (20)

Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
AWS Security for Financial Services
AWS Security for Financial ServicesAWS Security for Financial Services
AWS Security for Financial Services
 
Network Security and Access Control within AWS
Network Security and Access Control within AWS Network Security and Access Control within AWS
Network Security and Access Control within AWS
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Best Practices for Security at Scale
Best Practices for Security at ScaleBest Practices for Security at Scale
Best Practices for Security at Scale
 
Deep Dive: Hybrid Architectures
Deep Dive: Hybrid ArchitecturesDeep Dive: Hybrid Architectures
Deep Dive: Hybrid Architectures
 
Staying Secure in the Cloud
Staying Secure in the CloudStaying Secure in the Cloud
Staying Secure in the Cloud
 
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
AWS Enterprise Summit - 클라우드에서의 보안 - 양승도
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
 
Secure your critical workload on AWS
Secure your critical workload on AWSSecure your critical workload on AWS
Secure your critical workload on AWS
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOps
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2Getting Started with Windows Workloads on Amazon EC2
Getting Started with Windows Workloads on Amazon EC2
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John Hildebrandt
 
Understanding AWS Security
Understanding AWS Security Understanding AWS Security
Understanding AWS Security
 
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
Secure Your AWS Account and Your Organization's Accounts - SID202 - Chicago A...
 
Intro & Security Update
Intro & Security UpdateIntro & Security Update
Intro & Security Update
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman ShakeelAWS Cloud Controls for Security - Usman Shakeel
AWS Cloud Controls for Security - Usman Shakeel
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Kürzlich hochgeladen

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 

Kürzlich hochgeladen (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 

Getting Started with AWS Security

  • 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Andrew Watts-Curnow, AWS Professional Services April 2016 Getting Started with AWS Security
  • 2. Shared Security Model • Shared Responsibility – Let AWS do the heavy lifting – Focus on what’s most valuable to your business • Customer • Choice of Guest OS • Application Configuration Options • Account Management flexibility • Security Groups • ACLs • Identity Management • AWS • Facility operations • Physical Security • Physical Infrastructure • Network Infrastructure • Virtualisation Infrastructure • Hardware lifecycle management
  • 3. Amazon EC2 Shared Security Model: Infrastructure Services
  • 4. Such as Amazon S3, Amazon DynamoDB, and Amazon Kinesis Shared Security Model: Abstract Services
  • 5. WHAT’S IN YOUR ENVIRONMENT? RIGHT NOW?
  • 6.
  • 7.
  • 8. VPC: Private, isolated network on the AWS cloud AvailabilityZoneA AvailabilityZoneB AWS Virtual Private Cloud • Private and logically isolated section of the AWS cloud • You choose a private IP range for your VPC • Segment this into subnets to deploy your compute instances AWS network security • AWS network will prevent spoofing and other common layer 2 attacks • You cannot sniff anything but your own EC2 host network interface • Control all external routing and connectivity
  • 9. VPC = Virtual Private Cloud Your virtual data center on AWS Block of IPs that define your network (typically RFC 1918) Can span multiple AZs Default VPCs VPC Availability Zone A Availability Zone B VPC CIDR: 10.1.0.0 /16
  • 10. Range of IPs in your VPC IP range Lives inside an AZ Can provide security at the subnet or network level with access control lists (ACLs) Can route at the subnet level Default VPC subnets VPC subnet Subnet Availability Zone A Subnet Availability Zone B 10.1.1.0/24 10.1.10.0/24 VPC CIDR: 10.1.0.0 /16
  • 11. NACL = network access control list An optional layer of security that acts as a firewall for a subnet A numbered list of rules that we evaluate in order ACLs are stateless and have separate inbound and outbound rules Network access control list Availability Zone A Availability Zone B VPC CIDR: 10.1.0.0 /16 VPC Subnet with ACL VPC Subnet with ACL VPC Subnet with ACL
  • 12. A security group acts as a virtual firewall for your EC2 instance An EC2 instance can have up to five security groups Security groups act at the instance level, not the subnet level Security groups are stateful Security groups Availability Zone A Availability Zone B Subnet: 10.1.1.0/24 Subnet: 10.1.10.0/24 Security Group EC2 EC2EC2EC2
  • 13. AWS WAF: Web Application Firewall
  • 14. AWS WAF in action AWS Management ConsoleAdmins Developers AWS API Web app in CloudFront Define rules Deploy protection AWS WAF
  • 15. AWS WAF Partner integrations • Alert Logic, Trend Micro, and Imperva integrating with AWS WAF • Offer additional detection and threat intelligence • Dynamically modify rulesets of AWS WAF for increased protection
  • 18. Amazon Inspector • Vulnerability Assessment Service • Built from the ground up to support Dev/Ops Model • Automatable via API’s • AWS Context Aware • Static & Dynamic Telemetry • Integrated with CI/CD tools • On-Demand Pricing model • CVE & CIS Rules Packages • AWS AppSec Best Practices
  • 21. AWS Key Management Service Encryption key management and compliance made easy One-click Encryption of server and database storage Centralized key management (create, delete, view, set policies) Enforced, automatic key rotation Visibility into any changes via CloudTrail
  • 23. CloudWatch Logs: Centralize Your Logs Send existing system, application, and custom log files to CloudWatch Logs via our agent, and monitor these logs in near real-time. This can help you better understand and operate your systems and applications, and you can store your logs using highly durable, low-cost storage for later access
  • 24. AWS Config: Record AWS Environment Changes AWS Config records AWS environment configuration and changes information for your account. Snapshots answer the question “What did my environment look like, at time x?” History answers the question “What changes have happened, to infrastructure element I over time?” Continuous ChangeRecordingChanging Resources History Stream Snapshot (ex. 2014-11-05) AWS Config
  • 25. CloudTrail: Record AWS API Calls AWS CloudTrail records AWS API calls for your account and delivers log files to you. The recorded information includes caller identity, time, the source IP address, parameters, and the response returned by the AWS service. The AWS API call history produced by CloudTrail enables security analysis, resource change tracking, and compliance auditing.
  • 26. IAM: Identity and Access Management With AWS IAM you get to control who can do what in your AWS environment and from where Fine-grained control of your AWS cloud with two-factor authentication Integrated with your existing corporate directory using SAML 2.0 and single sign-on AWS account owner Network management Security management Server management Storage management
  • 27. Compliance at AWS AWS is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run applications on our PCI-compliant technology infrastructure for storing, processing, and transmitting credit card information in the cloud. Singapore Multi-Tier Cloud Security Standard (MTCS SS 584) Level-3 (CSP) certification. This certification gives organizations the clarity to utilize AWS to host and process their highly confidential data in Singapore. The Multi-Tier Cloud Security (MTCS) Singapore standard is developed under the Information Technology Standards Committee (ITSC).
  • 28. Security Community Partner ecosystemCustomer ecosystemAWS Platform & Tools
  • 31. AWS Training & Certification Certification aws.amazon.com/certification Self-Paced Labs aws.amazon.com/training/ self-paced-labs Try products, gain new skills, and get hands-on practice working with AWS technologies aws.amazon.com/training Training Validate your proven skills and expertise with the AWS platform Build technical expertise to design and operate scalable, efficient applications on AWS
  • 32. “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers.” -Tom Soderstrom, CTO, NASA JPL