SlideShare ist ein Scribd-Unternehmen logo

Strengthen Your Organizations Security and Privacy.pdf

Amazon Web Services
Amazon Web Services

Security is top priority at AWS. All Amazon Web Services (AWS) customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. In this session, Ryan Jaeger, senior solutions architect and security specialist, AWS, will discuss the four common challenges that CISOs and their security teams struggle with and why cybersecurity is becoming a driving force behind commercial cloud adoption. We will also share best practices and learnings from our customers on additional security measures organizations should explore to meet regulatory and compliance requirements and safeguard their environment.

1 von 36
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Strengthen Your Organization’s Security and Privacy Using the AWS Cloud Ryan Jaeger Senior Solutions Architect Amazon Web Services
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is Cloud Computing? Private Datacenter / Colocation Compute / Storage / or Network Hardware Virtual Infrastructure Grow and Shrink Capacity on-demand Only pay for what you use $ $ $
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud No Up Front Expense Pay for what you Use Improve Time to Market & Agility Scale Up and Down Self-Service Infrastructure Equipment Resources and Administration Contracts Cost Traditional Infrastructure
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Millions of active customers every month across 190 countries Public Sector 6,500+ government agencies 11,000+ educational institutions 29,000+ non-profit organizations Primary drivers for moving to the cloud $ Move from capital expense to variable expense Elasticity, Stop guessing capacity Increased agility Go global in minutes Breadth of services
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gain faster, deeper insights with analytics Ensure security, compliance and resiliency Adopt modern application development practices Migrate and free-up resources Bridge skills and experience gaps rapidly How to reach your business goals with AWS
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Canadian Public Sector AWS Customers
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traditional on-premises security model Compute Storage Database Networking Regions Availability zones Edge locations
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Working together https://aws.amazon.com/compliance/shared-responsibility-model/ Security in the Cloud is a Shared Responsibility Customer Data Platform & Application Management Operating System, Network & Firewall Configuration Client Side Data Encryption & Data Integrity Authentication Server Side Encryption File System and / or Data Network Traffic Protection Encryption / Integrity / Identity Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWSIAMCustomerIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Security in The Cloud Security of The Cloud
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer Data Platform & Application Management Operating System, Network & Firewall Configuration Client Side Data Encryption & Data Integrity Authentication Server Side Encryption File System and / or Data Network Traffic Protection Encryption / Integrity / Identity Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWS IAM CustomerIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Customer Data Client Side Data Encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWS IAM CustomerIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Firewall Configuration Operating System & Network Configuration Platform & Application Management Customer Data Client Side Data Encryption & Data Integrity Authentication Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWSIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Operating System & Network Configuration Platform & Application Management Server Side Encryption Provided By The Platform Protection of Data at Rest Network Traffic Protection Provided By The Platform Protection of Data in Transit Infrastructure Services Abstracted Services Working together Shared Responsibility is not Static. Container Services Customer AWS Service Providers Software Vendors Other 3rd Parties https://aws.amazon.com/compliance/shared-responsibility-model/
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility – alternative view
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Privacy | Maintaining Customer Trust AWS delivers services to millions of active customers over 190 countries
© 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Encryption at scaleMeet data residency requirements build compliant infrastructure Comply with local data privacy laws Highest standards for privacy
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Privacy British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) sets out the access and privacy rights of individuals as they relate to the public sector. 30.1 - A public body must ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada Supporting Features: • AWS Region: Canada. You choose the AWS Region(s) in which your content is stored and the type of storage.1 • AWS Direct Connect: The primary fiber path between the Vancouver Direct Connect site and the AWS Canada (Central) Region complies with Freedom of Information and Protection of Privacy Act (FOIPPA) requirements.2 • Encryption: You choose how your content is secured. We offer you strong encryption for your content in transit and at rest, and we provide you with the option to manage your own encryption keys. • AWS complies with ISO 27018, a code of practice that focuses on protection of personal data in the cloud. • All AWS services GDPR ready.3
What is risk? Risk is commonly defined as: risk = impact * likelihood Where: • Impact: defines ‘how bad’ things can get, the worst-case scenario. • Likelihood: defines the probable frequency, or rate at which the impacts we assessed may occur.
Standard scales help us reason Scale Scoring • How much attention, impact, effort? • What is our target remediation time? • Gives a common language to use. https://www.youtube.com/watch?v=E1NaYN_fJUo
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is security traditionally so hard? Lack of Visibility Low degree of Automation Lack of Resiliency Defense-in-Depth Challenges
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Four Security Benefits of the Cloud • Increased visibility • Increased availability and resiliency • True Defense-in-Depth • Ability to automate for governance and Security Operations
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Means of obtaining Visibility Use of resource tags CLI Describe Console Business Intelligence Tools API Queries
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Region Announced Regions Spain, Jakarta, Milan, Cape Town, Osaka Scale globally with resilience in every regionThe largest global foot print consistently built with a multi-AZ and multi-datacenter design AWS Availability Zone (AZ)AWS Region A Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. Transit Transit AZ AZ AZ AZ Datacenter Datacenter Datacenter
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense-in-Depth in AWS at the Perimeter DDoS Protection Web Application Firewall VPN Gateway Secure DevOps Comms VPC w/ Subnet ACLs Stateless Firewall Internet Gateway Path to Public Internet (Not present by default) Signature & Behavioral-based Intrusion Detection System using Machine Learning Private Fiber Between AWS & Customer Partner Solutions Firewall, IDS/IPS, WAF VPC AWS Cloud AWS Region Public Subnet Web Server App Subnet DB Subnet DB Primary App Server AWS Marketplace
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense-in-Depth in AWS between Workloads VPC w/ Subnet ACLs Stateless Firewall VPC 1 AWS Cloud AWS Region Public Subnet Web Server App Subnet DB Subnet DB Primary App Server VPC w/ Subnet ACLs Stateless Firewall VPC 2 Public Subnet Web Server App Subnet DB Subnet DB Primary App Server VPC Peering (Private network connection between VPCs) Internet gateway w/ VPN (Public path to Internet) Default No Communications Between VPCs Private Link (1-way secure comms)
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense-in-Depth in AWS inside the Workload Signature & Behavioral-based Intrusion Detection System using Machine Learning VPC AWS Cloud AWS Region Web Security Group App Security Group DB Security Group DB Server 3rd Party EPS OS Anti-virus, Firewall, Host Intrusion Protection System AWS Marketplace Security & Compliance assessment Event Management and Alerting API Logging Operational View & Control of ResourcesStatefull Firewall between Each application tier Does NOT allow peer-to- peer communications by default Web Servers App Servers
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate - Remove Humans from the Data
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty IDS Reconnaissance Instance recon: • Port probe / accepted comm • Port scan (intra-VPC) • Brute force attack (IP) • Drop point (IP) • Tor communications • Account recon • Tor API call (failed) Instance compromise • C&C activity • Malicious domain request • EC2 on threat list • Drop point IP • Malicious comms (ASIS) • Bitcoin mining • Outbound DDoS • Spambot activity • Outbound SSH brute force • Unusual network port • Unusual traffic volume/direction • Unusual DNS requests Account compromise • Malicious API call (bad IP) • Tor API call (accepted) • CloudTrail disabled • Password policy change • Instance launch unusual • Region activity unusual • Suspicious console login • Unusual ISP caller • Mutating API calls (create, update, delete) • High volume of describe calls • Unusual IAM user added • Detections in gray are signature based, state-less findings • Detections in blue are behavioral, state- full findings / anomaly detections
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CAF perspectives and executing each step Applying the framework to drive cloud adoption Envision  Clarify business outcomes and align with organizational goals  Define measurable success criteria (metrics)  Demonstrate how technology will enable business outcomes Alignment  Identify critical-to-success stakeholders  Foster stakeholder consensus and alignment  Understand how stakeholders will benefit from cloud  Create a comprehensive Action Plan Launch  Execute your cloud projects  Start the incremental business value of leveraging the cloud  Proactively address stakeholders’ questions, concerns, and blockers Realize value  Recognize ongoing incremental business value  Continually evaluate cloud strategy and align with envisioned outcomes  Identify additional cloud projects that deliver value 1 2 3 4 2 34 1
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. The security perspective Focused on: • Managing access and authorization • Aligning cloud security controls with current security requirements • Compliance
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Launch & Scale Goals Business Outcomes Innovation Migration Align Launch Scale Optimize Deliver and Operationalize Security on AWS Workshop AWS Jam SRC Blueprint Identity & Access Mgt Data Protection Logging & Monitoring Infrastructure Security Incident Response 5 Core Security Epics Accelerator Engagements Deliver solutions based on a specific scope & objective aligned with security / product teams Operationalize and automate to optimize coverage and efficiency for each security epic Security Incident Response Simulation Security Assessment
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudTrail Logs (Customer Dependent) Respond SwiftlyGain VisibilityEncrypt Your DataProtect Your Cloud InfraControl Systems Access Security Epics Accelerator Engagements Tailored to Customer Identity & Access Mgt Logging & Monitoring Infrastructure Security Data Protection Incident Response Security Design & Build: AWS Accounts and IAM Cloud Directory or Set Up Federation AWS Users Access Control Lifecycle Approach Privileged Access Management (Marketplace Partner) VPC Perimeter, Subnet, SG Definition Account Level Security Baselines Monitoring AWS Config DDOS and WAF Setup Centralize Key Management with AWS KMS Centralize CloudTrail Security Logs Visibility with GuardDuty / Security Hub Encryption Key Management Approach Forensic Instance Definition Automated Response with Lambda Privileged Access Management (System Manager) VPC Flow Logs + DNS Logs (Independent)CloudTrail Logs (Customer Dependent) Automate Patching Approach with Systems Manager Host Level Security Baselines Monitoring AWS Config Endpoint Protection (Marketplace Partner) AWSLandingZone Security SIEM and SOC (Marketplace Partner) OperationalizeIAM Privileged Access Management Web Application Defense Host Hardening EC2 Incident Response SOC Integration Key Management Centralized Visibility SRC Blueprint Engagements are guided by target state architecture design and Cloud Security Strategy aligned with customer.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. cloud more secure
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to Action • AWS Cloud Adoption Framework - Security Perspective • AWS Well-Architected Framework - Security Pillar • Tagging Best Practices • AWS Security Best Practices • AWS Security Incident Response Guide • Aligning to the NIST CSF in the AWS Cloud • AWS Governance at Scale • Amazon Web Services: Risk and Compliance
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Training Resources Onlinematerials AWS Security Workshops • 5 workshops at 200 and 300-level complexity • Aligned with the NIST Cybersecurity Framework • https://awssecworkshops.com/workshops/ AWS Security Fundamentals (2 hours) • https://aws.amazon.com/training/course-descriptions/security- fundamentals/ AWS Well-Architected Security Labs • https://wellarchitectedlabs.com/Security/README.html
© 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Empfohlen

Enterprise workloads on AWS
Enterprise workloads on AWSEnterprise workloads on AWS
Enterprise workloads on AWSAmazon Web Services
 
Open Data on AWS
Open Data on AWSOpen Data on AWS
Open Data on AWSAmazon Web Services
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PAAmazon Web Services
 
Big Data e Inteligencia Artificial en AWS
Big Data e Inteligencia Artificial en AWSBig Data e Inteligencia Artificial en AWS
Big Data e Inteligencia Artificial en AWSAmazon Web Services
 
‘Smart Place’ Essentials: IoT Networks and Platforms
‘Smart Place’ Essentials: IoT Networks and Platforms‘Smart Place’ Essentials: IoT Networks and Platforms
‘Smart Place’ Essentials: IoT Networks and PlatformsAmazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
AWS G-Cloud 12 - Partner Seminar
AWS G-Cloud 12 - Partner SeminarAWS G-Cloud 12 - Partner Seminar
AWS G-Cloud 12 - Partner SeminarAmazon Web Services
 
Education : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsEducation : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsAmazon Web Services
 

Empfohlen

Enterprise workloads on AWS
Enterprise workloads on AWSEnterprise workloads on AWS
Enterprise workloads on AWSAmazon Web Services
 
Open Data on AWS
Open Data on AWSOpen Data on AWS
Open Data on AWSAmazon Web Services
 
Cloud ibrido nella PA
Cloud ibrido nella PACloud ibrido nella PA
Cloud ibrido nella PAAmazon Web Services
 
Big Data e Inteligencia Artificial en AWS
Big Data e Inteligencia Artificial en AWSBig Data e Inteligencia Artificial en AWS
Big Data e Inteligencia Artificial en AWSAmazon Web Services
 
‘Smart Place’ Essentials: IoT Networks and Platforms
‘Smart Place’ Essentials: IoT Networks and Platforms‘Smart Place’ Essentials: IoT Networks and Platforms
‘Smart Place’ Essentials: IoT Networks and PlatformsAmazon Web Services
 
Architecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentArchitecting security and governance across your AWS environment
Architecting security and governance across your AWS environmentAmazon Web Services
 
AWS G-Cloud 12 - Partner Seminar
AWS G-Cloud 12 - Partner SeminarAWS G-Cloud 12 - Partner Seminar
AWS G-Cloud 12 - Partner SeminarAmazon Web Services
 
Education : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsEducation : Digital transformation & AWS Foundations
Education : Digital transformation & AWS FoundationsAmazon Web Services
 
Preparing Your Data for Cloud Analytics & AI/ML
Preparing Your Data for Cloud Analytics & AI/MLPreparing Your Data for Cloud Analytics & AI/ML
Preparing Your Data for Cloud Analytics & AI/MLAmazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWSAmazon Web Services
 
Keynote: Introduction to AWS
Keynote: Introduction to AWS Keynote: Introduction to AWS
Keynote: Introduction to AWS Amazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用Amazon Web Services
 
Driving Digital Transformation for Citizen Services
Driving Digital Transformation for Citizen Services Driving Digital Transformation for Citizen Services
Driving Digital Transformation for Citizen Services Amazon Web Services
 
Democratizing AI
Democratizing AIDemocratizing AI
Democratizing AIAmazon Web Services
 
Migrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudMigrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudAmazon Web Services
 
AWS最新區塊鏈服務與應用
AWS最新區塊鏈服務與應用AWS最新區塊鏈服務與應用
AWS最新區塊鏈服務與應用Amazon Web Services
 
AWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAmazon Web Services
 
Analysing Data in Real-time
Analysing Data in Real-timeAnalysing Data in Real-time
Analysing Data in Real-timeAmazon Web Services
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration WorkshopAmazon Web Services
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Amazon Web Services
 
Lambda Function Security
Lambda Function SecurityLambda Function Security
Lambda Function SecurityAmazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
Enterprise Cloud Adoption
Enterprise Cloud Adoption Enterprise Cloud Adoption
Enterprise Cloud Adoption Tom Laszewski
 
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Amazon Web Services
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveAmazon Web Services
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Amazon Web Services
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep DiveAmazon Web Services
 
20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCUMarcia Villalba
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Preparing Your Data for Cloud Analytics & AI/ML
Preparing Your Data for Cloud Analytics & AI/MLPreparing Your Data for Cloud Analytics & AI/ML
Preparing Your Data for Cloud Analytics & AI/MLAmazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用Amazon Web Services
 
Driving Digital Transformation for Citizen Services
Driving Digital Transformation for Citizen Services Driving Digital Transformation for Citizen Services
Driving Digital Transformation for Citizen Services Amazon Web Services
 
Migrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudMigrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudAmazon Web Services
 
AWS最新區塊鏈服務與應用
AWS最新區塊鏈服務與應用AWS最新區塊鏈服務與應用
AWS最新區塊鏈服務與應用Amazon Web Services
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
Enterprise Cloud Adoption
Enterprise Cloud Adoption Enterprise Cloud Adoption
Enterprise Cloud Adoption Tom Laszewski
 
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Amazon Web Services
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveAmazon Web Services
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Amazon Web Services
 

Was ist angesagt? (20)

Preparing Your Data for Cloud Analytics & AI/ML
Preparing Your Data for Cloud Analytics & AI/MLPreparing Your Data for Cloud Analytics & AI/ML
Preparing Your Data for Cloud Analytics & AI/ML
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Keynote: Introduction to AWS
Keynote: Introduction to AWS Keynote: Introduction to AWS
Keynote: Introduction to AWS
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用人工智慧雲服務與金融服務應用
人工智慧雲服務與金融服務應用
 
Driving Digital Transformation for Citizen Services
Driving Digital Transformation for Citizen Services Driving Digital Transformation for Citizen Services
Driving Digital Transformation for Citizen Services
 
Democratizing AI
Democratizing AIDemocratizing AI
Democratizing AI
 
Migrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_CloudMigrating_Large_Scale_Data_Sets_to_the_Cloud
Migrating_Large_Scale_Data_Sets_to_the_Cloud
 
AWS最新區塊鏈服務與應用
AWS最新區塊鏈服務與應用AWS最新區塊鏈服務與應用
AWS最新區塊鏈服務與應用
 
AWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCASAWS-Education-Day-for-HKMA-FCAS
AWS-Education-Day-for-HKMA-FCAS
 
Analysing Data in Real-time
Analysing Data in Real-timeAnalysing Data in Real-time
Analysing Data in Real-time
 
Cloud Migration Workshop
Cloud Migration WorkshopCloud Migration Workshop
Cloud Migration Workshop
 
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...Enabling Transformation through Agility & Innovation - AWS Transformation Day...
Enabling Transformation through Agility & Innovation - AWS Transformation Day...
 
Lambda Function Security
Lambda Function SecurityLambda Function Security
Lambda Function Security
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
Enterprise Cloud Adoption
Enterprise Cloud Adoption Enterprise Cloud Adoption
Enterprise Cloud Adoption
 
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
Transforming your Business Ops Team for Cloud - AWS Summit Sydney 2018
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
 
Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration Stages of Adoption leading to Complete Migration
Stages of Adoption leading to Complete Migration
 
AWS Security Deep Dive
AWS Security Deep DiveAWS Security Deep Dive
AWS Security Deep Dive
 

Ähnlich wie Strengthen Your Organizations Security and Privacy.pdf

20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCUMarcia Villalba
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksAmazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecurityAmazon Web Services
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWSAWS Summits
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAmazon Web Services
 
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAmazon Web Services
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewEagleDream Technologies
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityCobus Bernard
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWSAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAmazon Web Services
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeAlert Logic
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAmazon Web Services
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceAmazon Web Services
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application securityRobSutter2
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAmazon Web Services
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAmazon Web Services
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftAmazon Web Services
 

Ähnlich wie Strengthen Your Organizations Security and Privacy.pdf (20)

20200513 - CloudComputing UCU
20200513 - CloudComputing UCU20200513 - CloudComputing UCU
20200513 - CloudComputing UCU
 
Protect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced AttacksProtect your applications from DDoS/BOT & Advanced Attacks
Protect your applications from DDoS/BOT & Advanced Attacks
 
Secure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on SecuritySecure & Automate AWS Deployments with Next-Generation on Security
Secure & Automate AWS Deployments with Next-Generation on Security
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS CloudAWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
AWSome Day Online 2020_Modul 1: Pengenalan AWS Cloud
 
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS CloudAWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
AWSome Day Online 2020_โมดูล 1: แนะนำเบื้องต้นเกี่ยวกับ AWS Cloud
 
AWS_Security_Essentials
AWS_Security_EssentialsAWS_Security_Essentials
AWS_Security_Essentials
 
Pitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overviewPitt Immersion Day Module 5 - security overview
Pitt Immersion Day Module 5 - security overview
 
AWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: SecurityAWS SSA Webinar 11 - Getting started on AWS: Security
AWS SSA Webinar 11 - Getting started on AWS: Security
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
Building a Secured Network environment on AWS
Building a Secured Network environment on AWSBuilding a Secured Network environment on AWS
Building a Secured Network environment on AWS
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPCAWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
AWS Initiate Day Dublin 2019 – Security and Compliance in your VPC
 
The AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in PracticeThe AWS Shared Responsibility Model in Practice
The AWS Shared Responsibility Model in Practice
 
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud AndaAWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
AWSome Day Online 2020_Modul 4: Mengamankan aplikasi cloud Anda
 
Sicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practiceSicurezza in AWS automazione e best practice
Sicurezza in AWS automazione e best practice
 
Serverless-First Function: Serverless application security
Serverless-First Function: Serverless application securityServerless-First Function: Serverless application security
Serverless-First Function: Serverless application security
 
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPCAWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
AWS Initiate Day Manchester 2019 – AWS Security Compliance in your VPC
 
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณAWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
AWSome Day Online 2020_โมดูล 4: การรักษาความปลอดภัยแอปพลิเคชันบนระบบคลาวด์ของคุณ
 
Introduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF LoftIntroduction to AWS Security: Security Week at the SF Loft
Introduction to AWS Security: Security Week at the SF Loft
 

Mehr von Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 

Mehr von Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 

Strengthen Your Organizations Security and Privacy.pdf

  • 1. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Strengthen Your Organization’s Security and Privacy Using the AWS Cloud Ryan Jaeger Senior Solutions Architect Amazon Web Services
  • 2. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 3. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. What is Cloud Computing? Private Datacenter / Colocation Compute / Storage / or Network Hardware Virtual Infrastructure Grow and Shrink Capacity on-demand Only pay for what you use $ $ $
  • 4. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud No Up Front Expense Pay for what you Use Improve Time to Market & Agility Scale Up and Down Self-Service Infrastructure Equipment Resources and Administration Contracts Cost Traditional Infrastructure
  • 5. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Millions of active customers every month across 190 countries Public Sector 6,500+ government agencies 11,000+ educational institutions 29,000+ non-profit organizations Primary drivers for moving to the cloud $ Move from capital expense to variable expense Elasticity, Stop guessing capacity Increased agility Go global in minutes Breadth of services
  • 6. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Gain faster, deeper insights with analytics Ensure security, compliance and resiliency Adopt modern application development practices Migrate and free-up resources Bridge skills and experience gaps rapidly How to reach your business goals with AWS
  • 7. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Canadian Public Sector AWS Customers
  • 8. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traditional on-premises security model Compute Storage Database Networking Regions Availability zones Edge locations
  • 9. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Working together https://aws.amazon.com/compliance/shared-responsibility-model/ Security in the Cloud is a Shared Responsibility Customer Data Platform & Application Management Operating System, Network & Firewall Configuration Client Side Data Encryption & Data Integrity Authentication Server Side Encryption File System and / or Data Network Traffic Protection Encryption / Integrity / Identity Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWSIAMCustomerIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Security in The Cloud Security of The Cloud
  • 10. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer Data Platform & Application Management Operating System, Network & Firewall Configuration Client Side Data Encryption & Data Integrity Authentication Server Side Encryption File System and / or Data Network Traffic Protection Encryption / Integrity / Identity Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWS IAM CustomerIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Customer Data Client Side Data Encryption & Data Integrity Authentication Network Traffic Protection Encryption / Integrity / Identity Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWS IAM CustomerIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Firewall Configuration Operating System & Network Configuration Platform & Application Management Customer Data Client Side Data Encryption & Data Integrity Authentication Optional – Opaque Data: 0s and 1s (In Transit and At Rest) Foundation Services AWS Global Infrastructure AWS Endpoints AWSIAM Compute Storage Databases Networking Regions Availability Zones Edge Locations Operating System & Network Configuration Platform & Application Management Server Side Encryption Provided By The Platform Protection of Data at Rest Network Traffic Protection Provided By The Platform Protection of Data in Transit Infrastructure Services Abstracted Services Working together Shared Responsibility is not Static. Container Services Customer AWS Service Providers Software Vendors Other 3rd Parties https://aws.amazon.com/compliance/shared-responsibility-model/
  • 11. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared Responsibility – alternative view
  • 12. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Privacy | Maintaining Customer Trust AWS delivers services to millions of active customers over 190 countries
  • 13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential Encryption at scaleMeet data residency requirements build compliant infrastructure Comply with local data privacy laws Highest standards for privacy
  • 14. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Data Privacy British Columbia's Freedom of Information and Protection of Privacy Act (FIPPA) sets out the access and privacy rights of individuals as they relate to the public sector. 30.1 - A public body must ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada Supporting Features: • AWS Region: Canada. You choose the AWS Region(s) in which your content is stored and the type of storage.1 • AWS Direct Connect: The primary fiber path between the Vancouver Direct Connect site and the AWS Canada (Central) Region complies with Freedom of Information and Protection of Privacy Act (FOIPPA) requirements.2 • Encryption: You choose how your content is secured. We offer you strong encryption for your content in transit and at rest, and we provide you with the option to manage your own encryption keys. • AWS complies with ISO 27018, a code of practice that focuses on protection of personal data in the cloud. • All AWS services GDPR ready.3
  • 15. What is risk? Risk is commonly defined as: risk = impact * likelihood Where: • Impact: defines ‘how bad’ things can get, the worst-case scenario. • Likelihood: defines the probable frequency, or rate at which the impacts we assessed may occur.
  • 16. Standard scales help us reason Scale Scoring • How much attention, impact, effort? • What is our target remediation time? • Gives a common language to use. https://www.youtube.com/watch?v=E1NaYN_fJUo
  • 17. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 18. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why is security traditionally so hard? Lack of Visibility Low degree of Automation Lack of Resiliency Defense-in-Depth Challenges
  • 19. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Four Security Benefits of the Cloud • Increased visibility • Increased availability and resiliency • True Defense-in-Depth • Ability to automate for governance and Security Operations
  • 20. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Means of obtaining Visibility Use of resource tags CLI Describe Console Business Intelligence Tools API Queries
  • 21. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Region Announced Regions Spain, Jakarta, Milan, Cape Town, Osaka Scale globally with resilience in every regionThe largest global foot print consistently built with a multi-AZ and multi-datacenter design AWS Availability Zone (AZ)AWS Region A Region is a physical location in the world where we have multiple Availability Zones. Availability Zones consist of one or more discrete data centers, each with redundant power, networking, and connectivity, housed in separate facilities. Transit Transit AZ AZ AZ AZ Datacenter Datacenter Datacenter
  • 22. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense-in-Depth in AWS at the Perimeter DDoS Protection Web Application Firewall VPN Gateway Secure DevOps Comms VPC w/ Subnet ACLs Stateless Firewall Internet Gateway Path to Public Internet (Not present by default) Signature & Behavioral-based Intrusion Detection System using Machine Learning Private Fiber Between AWS & Customer Partner Solutions Firewall, IDS/IPS, WAF VPC AWS Cloud AWS Region Public Subnet Web Server App Subnet DB Subnet DB Primary App Server AWS Marketplace
  • 23. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense-in-Depth in AWS between Workloads VPC w/ Subnet ACLs Stateless Firewall VPC 1 AWS Cloud AWS Region Public Subnet Web Server App Subnet DB Subnet DB Primary App Server VPC w/ Subnet ACLs Stateless Firewall VPC 2 Public Subnet Web Server App Subnet DB Subnet DB Primary App Server VPC Peering (Private network connection between VPCs) Internet gateway w/ VPN (Public path to Internet) Default No Communications Between VPCs Private Link (1-way secure comms)
  • 24. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Defense-in-Depth in AWS inside the Workload Signature & Behavioral-based Intrusion Detection System using Machine Learning VPC AWS Cloud AWS Region Web Security Group App Security Group DB Security Group DB Server 3rd Party EPS OS Anti-virus, Firewall, Host Intrusion Protection System AWS Marketplace Security & Compliance assessment Event Management and Alerting API Logging Operational View & Control of ResourcesStatefull Firewall between Each application tier Does NOT allow peer-to- peer communications by default Web Servers App Servers
  • 25. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate - Remove Humans from the Data
  • 26. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon GuardDuty IDS Reconnaissance Instance recon: • Port probe / accepted comm • Port scan (intra-VPC) • Brute force attack (IP) • Drop point (IP) • Tor communications • Account recon • Tor API call (failed) Instance compromise • C&C activity • Malicious domain request • EC2 on threat list • Drop point IP • Malicious comms (ASIS) • Bitcoin mining • Outbound DDoS • Spambot activity • Outbound SSH brute force • Unusual network port • Unusual traffic volume/direction • Unusual DNS requests Account compromise • Malicious API call (bad IP) • Tor API call (accepted) • CloudTrail disabled • Password policy change • Instance launch unusual • Region activity unusual • Suspicious console login • Unusual ISP caller • Mutating API calls (create, update, delete) • High volume of describe calls • Unusual IAM user added • Detections in gray are signature based, state-less findings • Detections in blue are behavioral, state- full findings / anomaly detections
  • 27. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 28. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CAF perspectives and executing each step Applying the framework to drive cloud adoption Envision  Clarify business outcomes and align with organizational goals  Define measurable success criteria (metrics)  Demonstrate how technology will enable business outcomes Alignment  Identify critical-to-success stakeholders  Foster stakeholder consensus and alignment  Understand how stakeholders will benefit from cloud  Create a comprehensive Action Plan Launch  Execute your cloud projects  Start the incremental business value of leveraging the cloud  Proactively address stakeholders’ questions, concerns, and blockers Realize value  Recognize ongoing incremental business value  Continually evaluate cloud strategy and align with envisioned outcomes  Identify additional cloud projects that deliver value 1 2 3 4 2 34 1
  • 29. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. The security perspective Focused on: • Managing access and authorization • Aligning cloud security controls with current security requirements • Compliance
  • 30. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Launch & Scale Goals Business Outcomes Innovation Migration Align Launch Scale Optimize Deliver and Operationalize Security on AWS Workshop AWS Jam SRC Blueprint Identity & Access Mgt Data Protection Logging & Monitoring Infrastructure Security Incident Response 5 Core Security Epics Accelerator Engagements Deliver solutions based on a specific scope & objective aligned with security / product teams Operationalize and automate to optimize coverage and efficiency for each security epic Security Incident Response Simulation Security Assessment
  • 31. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. CloudTrail Logs (Customer Dependent) Respond SwiftlyGain VisibilityEncrypt Your DataProtect Your Cloud InfraControl Systems Access Security Epics Accelerator Engagements Tailored to Customer Identity & Access Mgt Logging & Monitoring Infrastructure Security Data Protection Incident Response Security Design & Build: AWS Accounts and IAM Cloud Directory or Set Up Federation AWS Users Access Control Lifecycle Approach Privileged Access Management (Marketplace Partner) VPC Perimeter, Subnet, SG Definition Account Level Security Baselines Monitoring AWS Config DDOS and WAF Setup Centralize Key Management with AWS KMS Centralize CloudTrail Security Logs Visibility with GuardDuty / Security Hub Encryption Key Management Approach Forensic Instance Definition Automated Response with Lambda Privileged Access Management (System Manager) VPC Flow Logs + DNS Logs (Independent)CloudTrail Logs (Customer Dependent) Automate Patching Approach with Systems Manager Host Level Security Baselines Monitoring AWS Config Endpoint Protection (Marketplace Partner) AWSLandingZone Security SIEM and SOC (Marketplace Partner) OperationalizeIAM Privileged Access Management Web Application Defense Host Hardening EC2 Incident Response SOC Integration Key Management Centralized Visibility SRC Blueprint Engagements are guided by target state architecture design and Cloud Security Strategy aligned with customer.
  • 32. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. cloud more secure
  • 33. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Call to Action • AWS Cloud Adoption Framework - Security Perspective • AWS Well-Architected Framework - Security Pillar • Tagging Best Practices • AWS Security Best Practices • AWS Security Incident Response Guide • Aligning to the NIST CSF in the AWS Cloud • AWS Governance at Scale • Amazon Web Services: Risk and Compliance
  • 35. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Training Resources Onlinematerials AWS Security Workshops • 5 workshops at 200 and 300-level complexity • Aligned with the NIST Cybersecurity Framework • https://awssecworkshops.com/workshops/ AWS Security Fundamentals (2 hours) • https://aws.amazon.com/training/course-descriptions/security- fundamentals/ AWS Well-Architected Security Labs • https://wellarchitectedlabs.com/Security/README.html
  • 36. © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved. Thank you! © 2020, Amazon Web Services, Inc. or its affiliates. All rights reserved.