SlideShare uma empresa Scribd logo

AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019

Amazon Web Services
Amazon Web Services

In this workshop, senior security management, IT, and business executive teams participate in an experiential exercise that illuminates the key decision points of a successful and secure cloud journey. During the team-based, game-like simulation, participants leverage an industry case study and make strategic decisions and investments around security, risk, and compliance. Participants experience the impact of these investments and decisions on the critical aspects of their secure cloud adoption. They also learn applicable decision and investment approaches to specific secure cloud adoption journeys. They walk through real-life examples, receive practical advice from AWS facilitators, and they leave with an understanding of the major success factors for building security, risk, and compliance in the cloud. This workshop is designed for executives who are leading a secure cloud journey, including the CISO, senior security and risk management leaders, and CIO/CTO. Non-IT participants who are key to executing the cloud security strategy are also encouraged to attend.

1 de 44
Baixar para ler offline
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Executive Security Simulation Gili Lev Cloud Executive Security Advisor AWS F N D 2 0 1
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Duration Session 10 min. Welcome: Opening note, key principles 45 min. Simulation round 1 5 min. Simulation 1 debrief 40 min. Simulation round 2 5 min. Simulation 2 debrief 15 min. Secure journey key points, epics program
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud Adoption Framework (AWS CAF) The AWS CAF helps organizations understand how cloud adoption transforms the way they work by identifying the stakeholders that are critical to cloud adoption and grouping them into six perspectives
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CAF security perspective Security Perspective Directive Preventative Detective Responsive
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Project Foundation Migration Reinvention Discovery Targeted At scale Clientvalue Cloud adoption over time Enterprise stages of AWS adoption
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS stages of cloud adoption Customer Cloud Center of Excellence (CCOE) Project Foundation Migration Reinvention Innovation Retire tech debt Value Time Discovery AWS CAF
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Experience what it takes to lead a secure cloud journey for your organization A competitive, immersive experience The AWS Executive Security Simulation is an engaging exercise that illuminates keys to success for enabling a secure cloud journey for your organization For security leaders driving major change The simulation is best delivered in person to participants leading a secure cloud journey, including the CISO, senior security management, and other CxOs Impactful lessons and experience Participants walk away with an understanding of the major success factors for delivering security in the cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What to expect from the session UNDERSTANDING REAL CUSTOMER EXPERIENCES – You will be reviewing the case study and experience scenarios and their impacts to accomplish a secure cloud migration EXPERIENTIAL WORKSHOP –Based on real experience and observation, you will be actively participating with table teammates LEADERSHIP DECISION MAKERS – You and your table teammatesare an IT Security Leadership Team A COMPETITION – You will be competing against the other tables GOAL – Progress your organization through the stages of adoption in a secure and compliant manner. Understand the key success factors for a secure cloud journey LEADERSHIP DECISION MAKERS – You and your table teammates are an IT Security Leadership Team
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Striking a balance RealitySimplicity
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 1 2 3 4 5
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Participant guide
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Event, option, and consequence cards
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. What did I learn in round 1 that I will take back to my company? 2. Identify three actionable items. What will I do next? In two days (just something) In two weeks (kick something off) In two months (tangible progress/results) Round 1 debrief
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Round 2 debrief What are my lessons learned from today’s journey?
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Round 2 debrief I will select 3 strategic initiatives that require the most attention in my organization, and I will put them into practice.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS pace of innovation AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 90 services that range from compute, storage, networking, database, analytics, application services, deployment, management, developer, mobile, Internet of Things (IoT), artificial intelligence (AI), security, hybrid, and enterprise applications. AWS has launched a total of 4,343 new features and/or services since inception in 2006. 2012 160 1,017 1,957 516 2014 2016 2018
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security team Operations Application security Engineering Aligned for agility
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. and Move fast Stay secure
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security is a shared responsibility AWS foundation services Compute Storage Database Networking AWS global infrastructure Regions Availability zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, identity and access management Operating system, network, and firewall configuration Customer content AWS is responsible for the security of the cloud Customers are responsible for their security and compliance in the cloud
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Infrastructure services Customer content Platform and application management Operating system, network, and firewall configuration Client-side data encryption and data integrity authentication Network traffic protection encryption/ integrity/identity Server-side encryption file system and/or data Optional – opaque data: 0s and 1s (in transit/at rest) CustomerIAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability zones Regions AWS global infrastructure Foundation services Managed by customers Managed by AWS
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Container services Client-side data encryption and data integrity authentication Network traffic protection encryption/integrity/identity Optional – opaque data: 0s and 1s (in transit/at rest) Customer IAMAWSIAM NetworkingDatabasesStorageCompute Edge locations Availability zones RegionsAWS global infrastructure Foundation services Managed by customers Managed by AWS Platform and application management Firewall configuration Operating system and network configuration Customer content AWS endpoints
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Abstracted services Client-side data encryption and data integrity authentication AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability zones Regions AWS global infrastructure Foundation services Managed by customers Optional – opaque data: 0s and 1s (in transit/at rest) Data protection provided by the platform for data at rest Network traffic protection provided by the platform protection of data in transit Platform and application management Operating system, network, and firewall configuration Customer content AWS endpoints Managed by AWS
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand First sprint example Define the account structure, and implement the core set of best practices
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand First sprint example Define the account structure, and implement the core set of best practices Second sprint example Implement federation
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand First sprint example Define the account structure, and implement the core set of best practices Second sprint example Implement federation Third sprint example Expand account management to cater to multiple accounts
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CAF security perspective Increase agility and ability to perform actions faster and at a larger scale while validating information security principles and ensuring that your environment maintains a strong security footing Core 5 • IAM • Detective controls • Infrastructure security • Data protection • Incident response
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Account governance & ownership AWS Organizations AWS Identity and Access Management Policy-based management for multiple AWS accounts with security and automation settings Securely control access to AWS services and resources for your users Amazon Cognito Mobile sign-up, sign-in, and access control with various IdPs via SAML 2.0 ✓ MFA ✓ Root ✓ Federation
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Audit and visibility AWS CloudTrail AWS Config Amazon CloudWatch VPC flow logs Record AWS API calls Enable governance, compliance, & auditing Monitor resources and your applications on AWS; collect metrics, set alarms, and automatically react to changes Resource inventory, configuration history, and configuration change notifications to enable security and governance Capture information about the IP traffic going to and from network interfaces in your VPC Account Resources Network Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure protection Amazon VPC AWS CloudFormation Security groups AWS WAF AWS Shield Stateful host-based firewalls for explicit traffic control Provision your resources in a safe, predictable manner Infrastructure as code is your source of truth Provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define Managed DDoS protection service that safeguards web applications running on AWS Protects your web applications from common web exploits, ensuring availability and security R e s o u r c e s N e t w o r k Amazon Inspector Automatically assesses applications for vulnerabilities or deviations from best practices
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Data protection • Deep integration with AWS services • AWS CloudTrail • AWS SDK for application encryption AWSKMS • Tamper-resistant secure key storage for cryptographic operations • Standards-compliant • FIPS 140-2 Level 3 Amazon CloudHSM V2AWS Certificate Manager • Provision, manage, and deploy TLS certificates • Use with Elastic Load Balancing (ELB) or Amazon CloudFront distribution Machine learning- powered security service to discover, classify, and protect sensitive data AmazonMacie
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Auditability AWS Config rule AWS Trusted Advisor Create rules that automatically take action in response to changes in your environment Real-time guidance to provision your resources following AWS best practices • Reduce cost • Increase performance • Improve security AWS Lambda Serverless compute service that runs code so that you can scale your programmed, automated response to incidents
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting to the cloud is a journey. Your journey will be unique.
Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Gili Lev gililev@amazon.com

Recomendados

Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...Simplilearn
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOpsShiva Narayanaswamy
 

Recomendados

Fundamentals of AWS Security
Fundamentals of AWS SecurityFundamentals of AWS Security
Fundamentals of AWS SecurityAmazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWS Encryption and Key Management in AWS
Encryption and Key Management in AWS Amazon Web Services
 
Security Architectures on AWS
Security Architectures on AWSSecurity Architectures on AWS
Security Architectures on AWSAmazon Web Services
 
AWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAWS Multi-Account Architecture and Best Practices
AWS Multi-Account Architecture and Best PracticesAmazon Web Services
 
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...
AWS S3 | Tutorial For Beginners | AWS S3 Bucket Tutorial | AWS Tutorial For B...Simplilearn
 
Deep Dive on Amazon S3
Deep Dive on Amazon S3Deep Dive on Amazon S3
Deep Dive on Amazon S3Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWSAmazon Web Services
 
AWS Security and SecOps
AWS Security and SecOpsAWS Security and SecOps
AWS Security and SecOpsShiva Narayanaswamy
 
AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Amazon Web Services Korea
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct ConnectAmazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security HubAmazon Web Services
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zoneIgor Ivanovic
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Martin Yan
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best PracticesAmazon Web Services
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWSsampath439572
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS SecurityAmazon Web Services
 
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018Amazon Web Services
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the CloudAmazon Web Services
 
Google Anthos - Azure Stack - AWS Outposts :Comparison
Google Anthos - Azure Stack - AWS Outposts :ComparisonGoogle Anthos - Azure Stack - AWS Outposts :Comparison
Google Anthos - Azure Stack - AWS Outposts :ComparisonKrishna-Kumar
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & ComplianceAmazon Web Services
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM IntroductionAmazon Web Services
 
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAmazon Web Services
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing ZoneAmazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 

Mais conteúdo relacionado

Mais procurados

AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019Amazon Web Services
 
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Amazon Web Services Korea
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018Amazon Web Services
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct ConnectAmazon Web Services
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAmazon Web Services
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerAmazon Web Services
 
Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Martin Yan
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWSsampath439572
 
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018Amazon Web Services
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the CloudAmazon Web Services
 
Google Anthos - Azure Stack - AWS Outposts :Comparison
Google Anthos - Azure Stack - AWS Outposts :ComparisonGoogle Anthos - Azure Stack - AWS Outposts :Comparison
Google Anthos - Azure Stack - AWS Outposts :ComparisonKrishna-Kumar
 
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAmazon Web Services
 

Mais procurados (20)

AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019AWS Core Services Overview, Immersion Day Huntsville 2019
AWS Core Services Overview, Immersion Day Huntsville 2019
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
Arm 기반의 AWS Graviton 프로세서로 구동되는 AWS 인스턴스 살펴보기 - 김종선, AWS솔루션즈 아키텍트:: AWS Summi...
 
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
AWS Direct Connect: Deep Dive (NET403) - AWS re:Invent 2018
 
(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect(ARC402) Double Redundancy With AWS Direct Connect
(ARC402) Double Redundancy With AWS Direct Connect
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Aws landing zone
Aws landing zoneAws landing zone
Aws landing zone
 
AWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & ComplianceAWS Security Week: Security, Identity, & Compliance
AWS Security Week: Security, Identity, & Compliance
 
Introduction to AWS Secrets Manager
Introduction to AWS Secrets ManagerIntroduction to AWS Secrets Manager
Introduction to AWS Secrets Manager
 
Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)Aws 101 A walk-through the aws cloud (2013)
Aws 101 A walk-through the aws cloud (2013)
 
AWS Security Best Practices
AWS Security Best PracticesAWS Security Best Practices
AWS Security Best Practices
 
AWS Data Analytics on AWS
AWS Data Analytics on AWSAWS Data Analytics on AWS
AWS Data Analytics on AWS
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
Module 2: Core AWS Compute and Storage Services - Virtual AWSome Day June 2018
 
Being Well-Architected in the Cloud
Being Well-Architected in the CloudBeing Well-Architected in the Cloud
Being Well-Architected in the Cloud
 
Google Anthos - Azure Stack - AWS Outposts :Comparison
Google Anthos - Azure Stack - AWS Outposts :ComparisonGoogle Anthos - Azure Stack - AWS Outposts :Comparison
Google Anthos - Azure Stack - AWS Outposts :Comparison
 
AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
 
IAM Introduction
IAM IntroductionIAM Introduction
IAM Introduction
 
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdfAWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
AWSome Day Online Conference 2019 - Module 5 AWS Pricing and Support.pdf
 
Setting Up a Landing Zone
Setting Up a Landing ZoneSetting Up a Landing Zone
Setting Up a Landing Zone
 

Semelhante a AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019

Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitAmazon Web Services
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveAmazon Web Services
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftAmazon Web Services
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloudAmazon Web Services
 
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...Amazon Web Services Korea
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Amazon Web Services
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Amazon Web Services
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Authority to Operate on AWS: Compliance as Code
Authority to Operate on AWS: Compliance as CodeAuthority to Operate on AWS: Compliance as Code
Authority to Operate on AWS: Compliance as CodeAmazon Web Services
 
AWS Webinar - Becoming a Cloud-First Healthcare Provider
AWS Webinar - Becoming a Cloud-First Healthcare Provider AWS Webinar - Becoming a Cloud-First Healthcare Provider
AWS Webinar - Becoming a Cloud-First Healthcare Provider Amazon Web Services
 
Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...Amazon Web Services
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Amazon Web Services
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWSAmazon Web Services
 

Semelhante a AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019 (20)

Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS SummitCarry security with you to the cloud - DEM14-SR - New York AWS Summit
Carry security with you to the cloud - DEM14-SR - New York AWS Summit
 
How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...How to act on your security and compliance alerts with AWS Security Hub - FND...
How to act on your security and compliance alerts with AWS Security Hub - FND...
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloud
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To Insure
 
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_haveHow_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
How_to_build_your_cloud_enablement_engine_with_the_people_you_already_have
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up Loft
 
Elevate your security with the cloud
Elevate your security with the cloudElevate your security with the cloud
Elevate your security with the cloud
 
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
엔터프라이즈의 효과적인 클라우드 도입을 위한 전략 및 적용 사례-신규진 프로페셔널 서비스 리드, AWS/고병률 데이터베이스 아키텍트, 삼성...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
Safeguard the Integrity of Your Code for Fast and Secure Deployments - SVC206...
 
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...Safeguarding the integrity of your code for fast, secure deployments - SVC301...
Safeguarding the integrity of your code for fast, secure deployments - SVC301...
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Authority to Operate on AWS: Compliance as Code
Authority to Operate on AWS: Compliance as CodeAuthority to Operate on AWS: Compliance as Code
Authority to Operate on AWS: Compliance as Code
 
AWS Webinar - Becoming a Cloud-First Healthcare Provider
AWS Webinar - Becoming a Cloud-First Healthcare Provider AWS Webinar - Becoming a Cloud-First Healthcare Provider
AWS Webinar - Becoming a Cloud-First Healthcare Provider
 
Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...Take action on your security & compliance alerts with AWS Security Hub - SEC2...
Take action on your security & compliance alerts with AWS Security Hub - SEC2...
 
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019
 
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS ...
 
Scaling threat detection and response on AWS
Scaling threat detection and response on AWSScaling threat detection and response on AWS
Scaling threat detection and response on AWS
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

AWS Executive Security Simulation - FND201-R - AWS re:Inforce 2019

  • 1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Executive Security Simulation Gili Lev Cloud Executive Security Advisor AWS F N D 2 0 1
  • 2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Duration Session 10 min. Welcome: Opening note, key principles 45 min. Simulation round 1 5 min. Simulation 1 debrief 40 min. Simulation round 2 5 min. Simulation 2 debrief 15 min. Secure journey key points, epics program
  • 3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud Adoption Framework (AWS CAF) The AWS CAF helps organizations understand how cloud adoption transforms the way they work by identifying the stakeholders that are critical to cloud adoption and grouping them into six perspectives
  • 4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CAF security perspective Security Perspective Directive Preventative Detective Responsive
  • 5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Project Foundation Migration Reinvention Discovery Targeted At scale Clientvalue Cloud adoption over time Enterprise stages of AWS adoption
  • 6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS stages of cloud adoption Customer Cloud Center of Excellence (CCOE) Project Foundation Migration Reinvention Innovation Retire tech debt Value Time Discovery AWS CAF
  • 7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Experience what it takes to lead a secure cloud journey for your organization A competitive, immersive experience The AWS Executive Security Simulation is an engaging exercise that illuminates keys to success for enabling a secure cloud journey for your organization For security leaders driving major change The simulation is best delivered in person to participants leading a secure cloud journey, including the CISO, senior security management, and other CxOs Impactful lessons and experience Participants walk away with an understanding of the major success factors for delivering security in the cloud
  • 8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. What to expect from the session UNDERSTANDING REAL CUSTOMER EXPERIENCES – You will be reviewing the case study and experience scenarios and their impacts to accomplish a secure cloud migration EXPERIENTIAL WORKSHOP –Based on real experience and observation, you will be actively participating with table teammates LEADERSHIP DECISION MAKERS – You and your table teammatesare an IT Security Leadership Team A COMPETITION – You will be competing against the other tables GOAL – Progress your organization through the stages of adoption in a secure and compliant manner. Understand the key success factors for a secure cloud journey LEADERSHIP DECISION MAKERS – You and your table teammates are an IT Security Leadership Team
  • 9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Striking a balance RealitySimplicity
  • 10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 1 2 3 4 5
  • 11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Participant guide
  • 12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Event, option, and consequence cards
  • 13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. 1. What did I learn in round 1 that I will take back to my company? 2. Identify three actionable items. What will I do next? In two days (just something) In two weeks (kick something off) In two months (tangible progress/results) Round 1 debrief
  • 15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Round 2 debrief What are my lessons learned from today’s journey?
  • 17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Round 2 debrief I will select 3 strategic initiatives that require the most attention in my organization, and I will put them into practice.
  • 18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS pace of innovation AWS has been continually expanding its services to support virtually any cloud workload, and it now has more than 90 services that range from compute, storage, networking, database, analytics, application services, deployment, management, developer, mobile, Internet of Things (IoT), artificial intelligence (AI), security, hybrid, and enterprise applications. AWS has launched a total of 4,343 new features and/or services since inception in 2006. 2012 160 1,017 1,957 516 2014 2016 2018
  • 19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security team Operations Application security Engineering Aligned for agility
  • 20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Security ownership as part of DNA • Promotes culture of “everyone is an owner” for security • Makes security a stakeholder in business success • Enables easier and smoother communication Distributed Embedded
  • 21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. and Move fast Stay secure
  • 22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Security is a shared responsibility AWS foundation services Compute Storage Database Networking AWS global infrastructure Regions Availability zones Edge locations Client-side data encryption Server-side data encryption Network traffic protection Platform, applications, identity and access management Operating system, network, and firewall configuration Customer content AWS is responsible for the security of the cloud Customers are responsible for their security and compliance in the cloud
  • 24. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Infrastructure services Customer content Platform and application management Operating system, network, and firewall configuration Client-side data encryption and data integrity authentication Network traffic protection encryption/ integrity/identity Server-side encryption file system and/or data Optional – opaque data: 0s and 1s (in transit/at rest) CustomerIAM AWS endpoints AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability zones Regions AWS global infrastructure Foundation services Managed by customers Managed by AWS
  • 25. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Container services Client-side data encryption and data integrity authentication Network traffic protection encryption/integrity/identity Optional – opaque data: 0s and 1s (in transit/at rest) Customer IAMAWSIAM NetworkingDatabasesStorageCompute Edge locations Availability zones RegionsAWS global infrastructure Foundation services Managed by customers Managed by AWS Platform and application management Firewall configuration Operating system and network configuration Customer content AWS endpoints
  • 26. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.S U M M I T Abstracted services Client-side data encryption and data integrity authentication AWSIAM NetworkingDatabasesStorageCompute Edge locations Availability zones Regions AWS global infrastructure Foundation services Managed by customers Optional – opaque data: 0s and 1s (in transit/at rest) Data protection provided by the platform for data at rest Network traffic protection provided by the platform protection of data in transit Platform and application management Operating system, network, and firewall configuration Customer content AWS endpoints Managed by AWS
  • 27. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 28. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand
  • 29. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand First sprint example Define the account structure, and implement the core set of best practices
  • 30. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand First sprint example Define the account structure, and implement the core set of best practices Second sprint example Implement federation
  • 31. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS security epics Frequent iteration via sprints leads to increased maturity while retaining flexibility to adapt to business pace and demand First sprint example Define the account structure, and implement the core set of best practices Second sprint example Implement federation Third sprint example Expand account management to cater to multiple accounts
  • 32. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS CAF security perspective Increase agility and ability to perform actions faster and at a larger scale while validating information security principles and ensuring that your environment maintains a strong security footing Core 5 • IAM • Detective controls • Infrastructure security • Data protection • Incident response
  • 33. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 34. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Account governance & ownership AWS Organizations AWS Identity and Access Management Policy-based management for multiple AWS accounts with security and automation settings Securely control access to AWS services and resources for your users Amazon Cognito Mobile sign-up, sign-in, and access control with various IdPs via SAML 2.0 ✓ MFA ✓ Root ✓ Federation
  • 35. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 36. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Audit and visibility AWS CloudTrail AWS Config Amazon CloudWatch VPC flow logs Record AWS API calls Enable governance, compliance, & auditing Monitor resources and your applications on AWS; collect metrics, set alarms, and automatically react to changes Resource inventory, configuration history, and configuration change notifications to enable security and governance Capture information about the IP traffic going to and from network interfaces in your VPC Account Resources Network Amazon GuardDuty Intelligent threat detection and continuous monitoring to protect your AWS accounts and workloads
  • 37. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 38. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure protection Amazon VPC AWS CloudFormation Security groups AWS WAF AWS Shield Stateful host-based firewalls for explicit traffic control Provision your resources in a safe, predictable manner Infrastructure as code is your source of truth Provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define Managed DDoS protection service that safeguards web applications running on AWS Protects your web applications from common web exploits, ensuring availability and security R e s o u r c e s N e t w o r k Amazon Inspector Automatically assesses applications for vulnerabilities or deviations from best practices
  • 39. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 40. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Data protection • Deep integration with AWS services • AWS CloudTrail • AWS SDK for application encryption AWSKMS • Tamper-resistant secure key storage for cryptographic operations • Standards-compliant • FIPS 140-2 Level 3 Amazon CloudHSM V2AWS Certificate Manager • Provision, manage, and deploy TLS certificates • Use with Elastic Load Balancing (ELB) or Amazon CloudFront distribution Machine learning- powered security service to discover, classify, and protect sensitive data AmazonMacie
  • 41. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 42. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Auditability AWS Config rule AWS Trusted Advisor Create rules that automatically take action in response to changes in your environment Real-time guidance to provision your resources following AWS best practices • Reduce cost • Increase performance • Improve security AWS Lambda Serverless compute service that runs code so that you can scale your programmed, automated response to incidents
  • 43. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Getting to the cloud is a journey. Your journey will be unique.
  • 44. Thank you! © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved. Gili Lev gililev@amazon.com