AWS Summit Paris - Keynote Slides

1. AWSSummit2013 Navigating the Cloud

2. AWS Summit, June 25th Adam Selipsky, Vice-President, AWS Networking Reception and Partner Expo Breakout Tracks 9:00 - 11:00 Lunch and Partner Expo12:00 - 13:30 13:30 - 17:30 17:30 - 19:00 Bill Murray, General Manager, Security, AWS11:00 - 12:00

3. Gold Sponsors Silver Sponsors Visit our Partner & Solution Expo

4. Announcing: AWS French User Group

5. #awssummit Join the Conversation

6. AWSSummit2013 Innovation Powered by the AWS Cloud Adam Selipsky Vice-President, AWS

7. 7YearsYoung Amazon S3 launched: March 14th 2006

8. Broad&DeepServicestoSupportVirtuallyAnyCloudWorkload Compute Networking Storage & CDN Database App Services Management Amazon EC2 Amazon EMR Amazon ELB Amazon Route 53 Amazon VPC AWS Direct Connect Amazon S3 Amazon Glacier Amazon EBS AWS Import/Exp Amazon RDS Amazon DynamoDB Amazon Elasticache Amazon RedShift Amazon CloudSearch Amazon SWF Amazon SQS Amazon SNS Amazon SES Amazon Elastic Transcoder AWS IAM Amazon CloudWatch AWS Elastic Beanstalk AWS Cloudformation AWS Data Pipeline AWS OpsWorks AWS CloudHSM AWS Trusted Advisor AWS Marketplace AWS Premium Support AWS Professional Services AWS Training

9. 2007 2008 2009 2010 2011 2012 159 82 61 48 24 9 Including: AWS Oregon Region Elastic Beanstalk (Beta) Amazon SES (Beta) AWS CloudFormation Amazon RDS for Oracle AWS Direct Connect AWS GovCloud (US) Including: Amazon SNS Amazon CloudFront Amazon Route 53 S3 Bucket Policies RDS Multi-AZ Support RDS Reserved Databases AWS Import/Export Including: Amazon RDS Amazon VPC Amazon EMR EC2 Auto Scaling Including: 6 new Direct Connect Sites DynamoDB RDS in VPC AWS Trusted Advisor CloudFormation in VPC AWS Storage Gateway Amazon Glacier Cost Allocation Tagging CloudFront Live Streaming Amazon CloudSearch AWS Marketplace Red Hat Reserved Instances New EC2 Instance Types Multi-AZ Oracle RDS RDS SQL Server EC2 RI Marketplace AWSServiceLaunches& FeatureUpdates

10. January February March 21 18 14 Including: AWS Management Console Tablet and Mobile Support Elastic Transcoder Price reduction for Amazon EC2, global expansion of M3 Standard Instances, and reduced data transfer pricing. Including: Amazon Redshift Available to All Customers AWS OpsWorks IAM Role and Auto Scaling Support for Amazon CloudWatch Monitoring Scripts for Linux Amazon SQS and SNS Announce Lower Prices and Expanded Free Tiers - 50% price drop for SQS Including: New Lower Pricing for Amazon EC2 Reserved Instances AWS Free Usage Tier Now Includes Amazon ElastiCache Amazon DynamoDB Reduces Prices AWS Elastic Beanstalk for Node.js Amazon RDS now supports 3TB and 30,000 Provisioned IOPS per database instance Announcing EBS-Optimized Support for Additional Instance Types 53AWSServiceLaunches&Feature Updatesthisyear

11. AWSGlobalInfrastructure 9 regions 25 availability zones 38 edge locations

12. $5.2B retail business 7,800 employees A whole lot of servers 2003

13. 2012 Every day, AWS adds enough server capacity to power this $5B enterprise $5.2B retail business 7,800 employees A whole lot of servers 2003

14. HundredsofThousandsofCustomersin190Countries

15. Free steak campaign Facebook page Mars exploration ops Consumer social app Ticket pricing optimization SAP & Sharepoint Securities Trading Data Archiving Gene sequencing Marketing web site Interactive TV apps Financial markets analytics R&D data analysis Consumer social app Big data analytics Web site & media sharing Disaster recovery Media streaming Web and mobile apps Streaming webcasts Facebook app Consumer social app EveryImaginableUseCase

16. ComprehensiveSecurityCapabilitiestoSupportVirtually AnyWorkload VPC Direct connect Dedicated instances Identity & Access Management S3 Encryption Security groups for EC2 and VPC Network ACL Multi-Factor Authentication CloudHSM RDS Oracle transparent encryption

17. Certifications&AccreditationsforWorkloadsthatMatter “Amazon Virtual Private Cloud offers an additional level of security and an ability to integrate with other aspects of our infrastructure.” Dr. Michael Miller, Head of HPC for R&D

18. 35 Price Reductions Since 2006 The AWS Price Reduction Philosophy Ecosystem Global Footprint New Features New ServicesInfrastructure Innovation More AWS Usage More Infrastructure Economies of Scale Lower Infrastructure Costs Reduced Prices More Customers

19. AWS Trusted Advisor Cost optimizations Security & Availability checks Performance recommendations 329,000 recommendations $22M in annualized savings To: AWS Customer From: Amazon Web Services Subject: Potential Cost Savings Dear Customer, We have identified $49,000 of potential savings in your current AWS deployment. -Amazon Web Services To: AWS Customer From: Amazon Web Services Subject: Potential Cost Savings Dear Customer, We have identified $49,000 of potential savings in your current AWS deployment. -Amazon Web Services To: AWS Customer From: Amazon Web Services Subject: Potential Cost Savings Dear Customer, We have identified $49,000 of potential savings in your current AWS deployment. -Amazon Web Services Obsessed with Helping Customers Save Money

20. ThrivingPartnerEcosystem Consulting Partners Technology Partners

21. AWSMarketplace:BuySoftwarePre-ConfiguredtoRunonAWS Growth since Jan 1, 2013 25 categories 778 product listings Active customers Usage per customer 102% 53%

22. Whyarecustomers adoptingcloudcomputing?

23. 1. TradeCapitalExpenseforVariableExpense On-Premises $0 to get started Pay as you go Source: IDC Whitepaper, sponsored by Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.” July 2012 Average of 400 servers replaced per customer

24. 2.LowerVariableExpenseThanCompaniesCanDoThemselves Source: IDC Whitepaper, sponsored by Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.” July 2012 70% lower 5 year TCO per app AWS On- premises $3.01M $0.90M 50% reduction in analytics costs Saved $34M on SmartHub app $3M reduction in hosting costs

25. 3.YouDon’tNeedtoGuessCapacity Self Hosting Waste Customer Dissatisfaction Actual demand Predicted Demand Rigid Actual demand Elastic The Cloud

26. 4.DramaticallyIncreaseSpeed&Agility Old World: Infrastructure in Weeks

27. 4.DramaticallyIncreaseSpeed&Agility Add New Dev Environment Add New Production Environment Add New Environment in Japan Add 1,000 Servers Remove 1,000 servers Number of Instances 1,000 Instance Type M3 Extra Large Availability Zone US-West-2b Launch aws.amazon.com/managementconsole AWS: Infrastructure in MinutesOld World: Infrastructure in Weeks

28. “We reduced application deployment times from 2 months to 3 days.” “Time to deploy went from weeks to hours.” Source: IDC Whitepaper, sponsored by Amazon, “The Business Value of Amazon Web Services Accelerates Over Time.” July 2012 Overall Deployment Integration Testing Development 0 100% 200% 300% 400% 500% 600% ImprovedEfficiency Comparison of developer efficiency with AWS and in-house alternatives 5X Faster

29. IncreaseInnovationWhenExperimentationIsFastandLowRisk Old world: AWS: Experiment infrequently Failure is expensive Less innovation Near $0 Experiment often Fail quickly at a low cost More innovation

30. Thierry de Vallois Director of Technology

31. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Sujets de la présentation Faciliter la connaissance par le grand public de nos projets ferroviaires grâce à la cartographie Réaliser ponctuellement un grand nombre de calculs à un coût accessible dans un temps raisonnable

32. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National La naissance du projet Chapitre 1

33. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Une idée chemine au sein de nos équipes Une mission de RFF nFaciliter l’accès aux propositions de tracés d’un grand projet ferroviaire aux différentes étapes de la consultation Une cible nLe Grand Public Les contributeurs internes nL’équipe métier en charge du projet nLe géomaticien régional nL’équipe SI en charge de l’offre cartographique nL’équipe SI en charge de l’innovation Des échanges à l’origine d’une idée nOffrir sur le site internet du projet la possibilité de naviguer dans nos données cartographiques

34. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National La déclinaison du besoin Les données à présenter nLes données décrivant l’environnement : ⎯carte de la France entière : routes et photos nLes données RFF ⎯Le réseau existant ⎯Le projet : tracés, photos aériennes le long du tracé Les fonctions à offrir nSe localiser nSe déplacer sur la carte nZoomer nAfficher, masquer des données

35. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National D’une idée à Un service Chapitre 2

36. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Une proposition d’expérimentation L’équipe innovation SI propose l’essai du Cloud Le service de fourniture de données d’arrière- plan Offre de services BingMap Le service de recherche d’une localisation Offre de services BingMap Le service de fourniture des données RFF de type vecteur Offre IAAS de AWS supportant une solution ARCGIS SERVER de l’éditeur ESRI Le service de fourniture des données RFF de type image Offre de stockage d’AWS Le service de restitution à l’utilisateur final Solution 1 : Développement sur la base du client javascript de la société ESRI Solution 2 (retenue): Développement sur la base du client javascript de la société Microsoft

37. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Convaincre en interne pour lancer le projet Le DSI Le RSSI L’architecte Le responsable de la production

38. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Des exigences inhabituelles Le public nLes internautes et non des utilisateurs identifiés de notre SI disponibilité nLe service fonctionne en mode 24h/24 et 7j/7 nUne sensibilité très forte dans la semaine qui suit la publication de nouvelles données La sollicitation nLa capacité à absorber de forts pics de charge sur de courtes périodes L’ergonomie nIntuitive et fluide (similaire à notre expérience sur Internet) Le déploiement nLa capacité de déployer rapidement le service pour tous les projets RFF qui en ont besoin

39. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Situation deux ans après l’expérimentation LES SITES EN PRODUCTION nNotre site institutionnel nUn site projet LES SITES PREVUS nMise en production d’un site projet pour juillet 2013 avec orthophotos nDéploiement d’une carte interactive analogue sur 7 autres sites de grands projets d’ici fin 2013

40. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Développement en cours d’un nouvel usage Chapitre 3

41. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Besoins de capacités de calculs Le problème nEffectuer un calcul d’itinéraire sur le réseau ferré pour tous les trains prévus sur un an environ 4 fois par an Les dimensions du problèmes nConnaître le descriptif de l’infrastructure ferroviaire et ses évolutions jour par jour sur la période de calcul nEffectuer environ 6 000 000 de calculs d’itinéraires

42. / Utilisations du Cloud Computing dans le cadre du Réseau Ferré National Plus vite, sans investir Le recours au Cloud : nLa disponibilité de n serveurs pour distribuer les calculs nUn coût fonction juste du temps de calcul nPas d’investissements pour une infrastructure temporaire Situation des résultats obtenus : n12 heures sur 10 serveurs au lieu de 4 jours sur un seul nUne facture de 100 $ pour 6 000 000 de calculs Retour d’expérience : nAdapter non seulement sa gestion de production informatique, mais aussi ses techniques de développement

43. Utilisations du Cloud Computing dans le cadre du Réseau Ferré National A bientôt Sur nos lignes

44. / Titre de la présentation Merci!

45. 5. StopSpendingMoneyonUndifferentiatedHeavyLifting buy and install new hardware set up and configure new software build new data centers so you don’t have to... Data Centers Power Cooling Cabling Networking Racks Servers Storage Labor We take care of...

46. 6.GoGlobalinMinutes

47. TheBenefitsofCloudComputing ✔ ✔ ✔ ✔ ✔ Replace CapEx with OpEx Lower Overall Costs No More Guessing Capacity Agility / Speed / Innovation Shift Focus to Differentiation Go Global in Minutes ✔

48. Pierre-Alexandre Stanislas Chief Technology Officer

49. Présenta)on de Millésima • Négociant en vin fondé en 1983, basé à Bordeaux • 2 500 000 bouteilles en stock • 70 000 clients par)culiers livrés dans 120 pays • CA 40 M€ • Mul)canal • Panier moyen de 2000€ • Premier site e-‐commerce en 1999

50. Oops! My Mistake... • Lancement d'un site Magento USA ﬁn 2009 • DIY • Trés bon ROI • Rm -‐rf / • Get a team

51. Let's get serious • Bascule de nos 14 sites sous Magento début 2010 • Hébergeur physique "spécialisé" • Contrat de 3 ans • Catastrophe: Don't get Married in Vegas!

52. Eﬃciency • Hébergeur de renommée interna)onale • Trés gros Hardware & equipes qualiﬁées • Tenta)ve de Hack et choix Cornélien! • Toujours pas adapté à nos besoins

53. Test and Learn • Début 2012 le web fait 60% du CA et 80% des nouveaux clients • Et le Cloud? Pourquoi pas mes lequel? • Test de 2 "grands" Cloud • Test de l'infogérance • And the Winners are...

54. AWS + eNovance • Scalabilité : Hardware à la demande • Préproduc)on === Produc)on • Facture plus légère • Support devops 24/7 en Français • Plus de sueurs froide aux annonces du Marke)ng • Don’t Worry be Happy!

55. Merci!

56. AWSAdoptioninthe Enterprise

57. EnterprisesareAdoptingAWStoAchievetheBenefitsof theCloud ✔ ✔ ✔ ✔ ✔ ✔ Replace CapEx with OpEx Lower Overall Costs No More Guessing Capacity Agility / Speed / Innovation Shift Focus to Differentiation Go Global in Minutes

58. TheBenefitsOfTheCloudAreOnlyPossibleINTHE CLOUD “Private” Cloud x x x xx x ✔ ✔ ✔ ✔ ✔ ✔ Replace CapEx with OpEx Lower Overall Costs No More Guessing Capacity Agility / Speed / Innovation Shift Focus to Differentiation Go Global in Minutes

59. Forrester Foresights Survey Data , Q3 2012 Self-service Portals 24% Resource Automation 27% Resource Tracking 29% Cost Chargeback 14% CustomersareStrugglingtoDeliveronPromisesofthe “PrivateCloud”Vendors Have you implemented these cloud features?

60. ManyEnterprisesWorrythatThesearetheOnlyTwo Choices Build a “private” cloud Rip and replace with AWS #1 #2

61. The Good News is that the Cloud isn’t an ‘All or Nothing’ Choice Corporate Data Centers On-Premises Resources Cloud Resources Seamless Integration

62. Active Directory Network Configuration Encryption Back-up Appliances Users & Access Rules Your Private Network HSM Appliance Cloud back-ups AWS Direct Connect Your On- Premise Apps Your Cloud Apps Integrating AWS with Your Existing On-Premises Infrastructure Corporate Data Centers

63. Schneider Electric Delivers Apps Globally with AWS

64. OurEcosystemAllowsYoutoUseYourExisting ManagementTools Single Pane of Glass On-Premises Datacenters Management Tool Partners

65. How Enterprises Are Using AWS

66. Strategy1:CloudforDevelopment&TestEnvironments SAP Reduced deployment time from weeks to days Oracle Enterprise Applications Reduced dev & test environment costs SAP 70% reduction in operational costs

67. Strategy2:BuildNewAppsfortheCloud Faster to build Facebook App Global Web Sites Mobile Streaming Social Games Consumer apps Genetic Sequencing Marketing Campaigns Less expensive to run Distributed architectures for high availability Easier to manage Financial record archiving

68. Canal+ Runs Key Customer Apps on AWS Le Grand Journal iPad App

69. Analytics Backup Storage Gateway Elastic Map Reduce RedShift Amazon S3 Strategy 3: Use Cloud to Make Existing On-Premises Apps Better ... Corporate Data Centers App 1 App 2 App N

70. Strategy4:NewAppsPoweredbyBothCloud&On- PremisesResources AWS serves up application content & data Integration back to Samsung data centers for financial transactions Corporate Data Centers Hybrid App

71. Le Figaro Powers its iOS & Android Apps with AWS

72. Strategy5:MigrateExistingEnterpriseAppstotheCloud 1/3 of servers migrated to AWS Customer payments, content delivery & web sites 1 - 1.5M GBP saved in last 2 years Expects to save additional 3M GBP in the next 3 years as they move to 75% AWS App Corporate Data Centers

73. Sean Burke Chief Technology Officer

74. Profile 2012 World leader in building materials Major player in the cement, aggregates and concrete industries We contribute to the construction of cities throughout the world with innovative solutions, providing cities with more housing, and make them more compact, more durable, more beautiful and better connected Operating in 64 countries 65,000 employees €15.8 billion of annual sales 1,570 production sites Listed on the Paris Stock Exchange 74

75. Presentation name or chapter Date | A well-balanced geographical portfolio 75 North America €3,375m 8,821 Latin America €961m 2,609 Middle East and Africa €4,283m 19,644 Western Europe €3,181m 11,448 Central and Eastern Europe €1,270m 7,041 Asia €2,746m 14,774 Annual sales Employees

76. |Building Better Cities| |May 2013| Our markets 76 HOUSING ROADS RAILWAYS BRIDGES INFRASTRUCTURE PRIVATE/PUBLIC BUILDINGS On all these markets, we provide innovative and environmentally- friendly solutions.

77. §The State of Global Economy §Long Term Stagnation in the Developed World §Rapid Growth in the Developing World (BRICs, etc) §Lafarge’s Financial Position §High Level of Indebtedness post ORASCOM in 2008 ( €17 bn in 2008) §Share Price Collapse and down grading to “Junk” status Economic Context

78. Architectural Context Technology Debt §Hardware…..Long term under-investment §Software….Too many legacy versions in production Lack of consistent architecture §Data Centres…. Too many §Software…. Too much Lack of business confidence §Failure of services during critical business periods

79. Strategic Directions §Consolidate and decommission where we can ( Create critical mass ) §Lease don’t buy (CAPEX to OPEX) §Move to the cloud ( Pay for use ) §Partner ( Share risk ) 79

80. CTO Vision Simplified Physical Infrastructure (Data Centres, Networks) Logical Infrastructure (Middleware, Identity and Access Management, DB’s) Application Bricks Security Governance

81. CTO Vision Security Governance Physical Infrastructure Middleware ( OS’s, DB’s, etc) Identity Management and Access Rights Management Service ( Employee Provisioning ) Employee ID In House DCPublic Cloud Private ( On / Off Premise) ERP (Test) ERP (Dev) ERP (Prod) HRIS Email Social Net- working Content Manage- ment CRM Internet, Intranet (Portals, etc) Consistent Management Tools Consistent User Experience

82. Lafarge’s AWS Experience §Initiative driven by: § stability problems created by ageing hardware platforms § lack of bandwidth during the DC consolidation §Group Institutional Sites migrated during 2010 and 2011 § ROI under 3 months § Mirroring in place for key sites §Group Internet Sites migrated during 2012 § ROI under 12 months § Permanent VPN in place betz §Circa 50 VMs in production §Key Success Factors § Partnership and technical support from Edifixio § Clarity of Roles and Responsibilities §Future Plans § Platform modernisation with migration from Websphere to Drupal 82

83. Thank You! 83

84. Strategy6:All-in 10,000s of EC2 instances in multiple regions & zones 100s of middle tier services & applications ~70 billion events per day At peak consumes 1/3 of US Internet bandwidth

85. Whathavewebeen workingon?

86. ComputeServices Amazon EC2 Auto Scaling Amazon Elastic Load Balancing Actual EC2 Linux Windows Hi I/O instances Reserved Instance Marketplace Next gen standard instances EC2 EC2 EC2 EC2 A EC2 B EC2 C Elastic load balancer

87. TotalAmazonElasticMapReduce(EMR)Clusters LaunchedbyCustomers 0 1,500,000 3,000,000 4,500,000 6,000,000 5/22/2010 7/3/2010 8/14/2010 9/25/2010 11/6/2010 12/18/2010 1/29/2011 3/12/2011 4/23/2011 6/4/2011 7/16/2011 8/27/2011 10/8/2011 11/19/2011 12/31/2011 2/11/2012 3/24/2012 5/5/2012 6/16/2012 7/28/2012 9/8/2012 10/20/2012 12/01/2012 1/12/2013 2/23/2013 4/6/2013 5.5 M clusters launched since May 2010

88. Amazon VPC EC2 EC2 EC2EC2 Amazon Route 53 Availability Zone B Availability Zone A AWS Direct Connect Los Angeles Singapore Japan London Sao Paolo New York Sydney AWSNetworkingServices

89. Amazon S3 AWS Storage Gateway Amazon EBS images videos files binaries snapshots S3 EC2 EBS Your datacenter compute storage Provisioned IOPS images videos files binaries snapshots Amazon Glacier StorageServices

90. Easily archive files from on- premises or directly from Amazon S3 $0.01 per GB per month Designed for 11 9s of durability, just like Amazon S3Amazon Glacier images videos files binaries snapshots S3 NAS AmazonGlacier

91. Q4 2006 Q1 2007 Q2 2007 Q3 2007 Q4 2007 Q1 2008 Q2 2008 Q3 2008 Q4 2008 Q1 2009 Q2 2009 Q3 2009 Q4 2009 Q1 2010 Q2 2010 Q3 2010 Q4 2010 Q1 2011 Q2 2011 Q3 2011 Q4 2011 Q1 2012 Q2 2012 Q3 2012 Q4 2012 Q1 2013 1,100,000 Million peak requests/sec AmazonS3:Over2TrillionTotalObjects

92. DatabaseServices Amazon DynamoDB Amazon RDS AWS ElastiCache NoSQLSQL MySQL Oracle MS SQL Server 0 0 0 0 0 0 0 IOPS 0 0 0 0 0 0 0 IOPS EC2web server memcached cluster database Amazon RedShift BI Tools S3 Node Node Node

93. Data warehouse as a service Scale from hundreds of gigabytes to a petabyte or more Use your existing SQL-based tools Pay as you go $999/TB/Year 10GigE (HPC) Amazon S3 Ingestion Backup Restore Node Node Node Node Standard BI Tools JDBC/ODBC AmazonRedShift

94. Amazon CloudFront Amazon CloudSearch Amazon SES Amazon Simple Workflow Amazon SQS Amazon SNS HTTP Email SMS A B C D E F Amazon Elastic MapReduce AWSApplicationServices

95. AWS Management Console Amazon CloudWatch AWS IAM EC2 EBS RDS ELB Users Roles Access Permissions AWS Elastic Beanstalk AWS CloudFormation Java PHP Python .NET Ruby Web App SharePoint SAP Deployment&Administration

96. Integrated application management solution for ops- minded developers and IT admins Model, control and automate applications of nearly any scale and complexity Management Console, SDKs, or CLI No additional cost AWSOpsWorks

97. AWSCloudHSM Dedicated access to HSM appliances managed & monitored by AWS, but you control the keys Increase performance for applications that use HSMs for key storage or encryption Comply with stringent regulatory and contractual requirements for key protection EC2 Instance AWS CloudHSM AWS CloudHSM

98. Howtochooseacloudvendor

99. Thank You!

101. AWSSummit2013 Innovation Powered by the AWS Cloud Bill Murray General Manager, Security, AWS

102. CloudSecurityis: •Universal •Visible •Auditable •Transparent •Shared •Familiar

103. UniversalCloudSecurity Every Customer Has Access to the Same Security Capabilities, and Gets to Choose What’s Right for Their Business •Governments •Financial Sector •Pharmaceuticals •Entertainment •Start-Ups •Social Media •Home Users

104. AWS allows you to see your entire infrastructure at the click of a mouse. Can you map your current network? VisibleCloudSecurity This Or This?

105. AuditableCloudSecurity How do you know AWS is right for your business? 3rd Party Audits •Independent auditors Artifacts •Plans, Policies and Procedures Logs •Obtained •Retained •Analyzed

106. TransparentCloudSecurity Choose the audit/certification that’s right for you: •ISO-27001 •SOC-1, SOC-2 •FedRAMP •PCI

107. Control Objective 1: Security Organization •Who we are •Proper control & access within the organization Control Objective 2: Amazon User Access •How we vet our staff •Minimization of access Security&ComplianceControlObjectives

108. Control Objective 3: Logical Security •Our staff start with no systems access •Need-based access grants •Rigorous systems separation •Systems access grants regularly re-evaluated & automatically revoked Security&ComplianceControlObjectives

109. Control Objective 4: Secure Data Handling •Storage media destroyed before being permitted outside our datacenters •Media destruction consistent with US Dept. of Defense Directive 5220.22 Control Objective 5: Physical Security and Environmental Safeguards •Keeping our facilities safe •Maintaining the physical operating parameters of our datacenters Security&ComplianceControlObjectives

110. Control Objective 6: Change Management •Continuous Operation Control Objective 7: Data Integrity, Availability and Redundancy •Ensuring your data remains safe, intact & available Control Objective 8: Incident Handling •Processes & procedures for mitigating and managing potential issues Security&ComplianceControlObjectives

111. •Let AWS do the heavy lifting •This is what we do – and we do it all the time •As the AWS customer you can focus on your business and not be distracted by the muck SharedResponsibility AWS •Facilities •Physical Security •Physical Infrastructure •Network Infrastructure •Virtualization Infrastructure Customer •Choice of Guest OS •Application Configuration Options •Account Management flexibility •Security Groups •Network ACLs

112. •Large non-descript facilities •Robust perimeter controls •2 factor authentication for entry •Controlled, need-based access for AWS employees •All access is logged and reviewed PhysicalSecurity

113. Asia%Paciﬁc%(Sydney)% PhysicalSecurity DistributedRegions–MultipleAvailabilityZones

114. NetworkSecurity •DDoS attacks defended at the border •Man in the Middle attacks •SSL endpoints •IP Spoofing prohibited •Port scanning prohibited •Packet Sniffing prevented

115. AmazonEC2Security Host operating system •Individual SSH keyed logins via bastion host for AWS admins •All accesses logged and audited Guest operating system •Customer controlled at root level •AWS admins cannot log in •Customer-generated keypairs Stateful firewall •Mandatory inbound firewall, default deny mode Signed API calls •Require X.509 certificate or customer’s secret AWS key

116. AmazonVirtualPrivateCloud(VPC) •Create a logically isolated environment in Amazon’s highly scalable infrastructure •Specify your private IP address range into one or more public or private subnets •Control inbound and outbound access to and from individual subnets using stateless Network Access Control Lists •Protect your Instances with stateful filters for inbound and outbound traffic using Security Groups •Bridge your VPC and your onsite IT infrastructure with an industry standard encrypted VPN connection and/or AWS Direct Connect

117. AmazonVirtualPrivateCloud(VPC) Customer’s* Network* Amazon* Web*Services* Cloud* Secure&VPN&Connec-on& over&the&Internet& Subnets( Customer’s*isolated* AWS*resources* Amazon VPC Architecture Router( VPN(Gateway( !Internet! NAT( AWS&Direct&Connect&–& Dedicated&Path/Bandwidth&

118. AmazonVPC-DedicatedInstances •Option to ensure physical hosts are not shared with other customers •$10/hr flat fee per Region + small hourly charge •Can identify specific Instances as dedicated •Optionally configure entire VPC as dedicated

119. Customers have requirements that require them to use specific encryption key management procedures not previously possible on AWS •Requirements are based on contractual or regulatory mandates for keeping encryption keys stored in a specific manner or with specific access controls •Good key management is critical Customers want to run applications and store data in AWS but previously had to retain keys in HSMs in on-premises datacenters •Applications may slow down due to network latency •Requires several DCs to provide high availability, disaster recovery and durability of keys CustomerChallenge: Encryption

120. •AWS offers several data protection mechanisms including access control, encryption, etc. •AWS CloudHSM complements existing AWS data protection and encryption solutions •With AWS CloudHSM customers can: •Encrypt data inside AWS •Store keys in AWS within a Hardware Security Module •Decide how to encrypt data – the AWS CloudHSM implements cryptographic functions and key storage for customer applications •Use third party validated hardware for key storage AWSDataProtectionSolutions

121. WhatisAWSCloudHSM? •Customers receive dedicated access to HSM appliances •HSMs are physically located in AWS datacenters – in close network proximity to Amazon EC2 instances •Physically managed and monitored by AWS, but customers control their own keys •HSMs are inside customer’s VPC – dedicated to the customer and isolated from the rest of the network AWS CloudHSM

122. AWSCloudHSMServiceHighlights •Secure Key Storage – customers retain control of their own keys and cryptographic operations on the HSM •Contractual and Regulatory Compliance – helps customers comply with the most stringent regulatory and contractual requirements for key protection •Reliable and Durable Key Storage – AWS CloudHSMs are located in multiple Availability Zones and Regions to help customers build highly available applications that require secure key storage •Simple and Secure Connectivity – AWS CloudHSMs are in the customer’s VPC •Better Application Performance – reduce network latency and increase the performance of AWS applications that use HSMs

123. AWSDeploymentModels Logical Server and Application Isolation Granular Information Access Policy Logical Network Isolation Physical server Isolation Government Only Physical Network and Facility Isolation ITAR Compliant (US Persons Only) Sample Workloads Commercial Cloud ü ü Public facing apps. Web sites, Dev test etc. Virtual Private Cloud (VPC) ü ü ü ü Data Center extension, TIC environment, email, FISMA low and Moderate AWS GovCloud (US) ü ü ü ü ü ü US Persons Compliant and Government Specific Apps.

124. Everything You Do Now Can Be Done in the Cloud •Intrusion Detection •Intrusion Prevention •Packet Capture •Firewalls •Access Control Lists •Multi-Factor Authentication •Identity and Access Management FamiliarCloudSecurity

125. AWSSecurityResources •http://aws.amazon.com/security/ •Security Whitepaper •Risk and Compliance Whitepaper •Regularly Updated •Feedback is welcome

126. Thank You!

AWS Summit Paris - Keynote Slides

Esté a ler uma amostra.

Confira estes a seguir

AWS Summit Paris - Keynote Slides

Mais Conteúdo rRelacionado

Diapositivos para si (20)

Quem viu também gostou (20)

Semelhante a AWS Summit Paris - Keynote Slides (20)

Mais de Amazon Web Services (20)

Mais recentes (20)