SlideShare uma empresa Scribd logo

Best Practices for Security at Scale

Amazon Web Services
Amazon Web Services

This talk showcases the "best of the best" practices for operating securely at scale on AWS, taken from real customer examples. It introduces the AWS Security Best Practices whitepaper and covers a range of security recommendations for Identity and Access Management, Logging and Monitoring, Infrastructure Security, and Data Protection. It incorporates practical examples found in the Center for Internet Security’s CIS AWS Foundation and CIS AWS Three-Tier Web Architecture benchmarks. Come learn how to "Just Turn It On!" Speakers: Phil Rodrigues, Security Solutions Architect, Amazon Web Services Michael Fuller, Principal Systems Engineer, Atlassian

Tecnologia
1 de 27
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Phil Rodrigues Security Solutions Architect Amazon Web Services Level 200 Best Practices for Security at Scale Michael Fuller Principal Systems Engineer Atlassian © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Best of the Best” tips for Security in the Cloud
Agenda • Sources of Best Practices • A Bad Day • Best of the Best Practices – Infrastructure Security – Data Protection – Identity and Access Management – Logging and Monitoring • Tools and Automation • At Scale with Atlassian
Sources of Best Practices AWS Cloud Adoption Framework (CAF) AWS Security Best Practices Centre for Internet Security (CIS) Benchmarks How to move to the cloud securely including the “Core Five Epics”: • Identity and Access Management • Logging and Monitoring • Infrastructure Security • Data Protection • Incident Response Whitepaper with 44 best practices including: • Identity and Access Management (10 best practices) • Logging and Monitoring (4) • Infrastructure Security (15) • Data Protection (15) 148 detailed recommendations for configuration and auditing covering: • “AWS Foundations” with 52 checks aligned to AWS Best Practices • “AWS Three-Tier Web Architecture” with 96 checks for web applications
CIS Benchmarks: What, Why, Check, Fix
A is for “Andy” and B is for “Bill” Andy follows best practices Bill does NOT follow best practices :-) :-(
Bill’sBadDay S3 Bucket “Website Images” Web Server InstanceInternet AWS Account Internet Gateway Bill S3 Bucket “Data Backup” Internal Data Service
S3 Bucket “Data Backup” Internal Data ServiceBad Person S3 Bucket “Website Images” Web Server InstanceInternet AWS Account Internet Gateway 1 2 3 4 5 Bill’sBadDay Bill 1 Access the vulnerable web application 2 Pivot to the data service 3 Delete the website image files 4 Change permissions to the data backup 5 Download the data backup
S3 Bucket “Website Images” Web Server InstanceInternet AWS Account Internet Gateway Bill’sBadDay Bill No web application protection 2 No segmentation 3 One account 4 All permissions granted 5 Sensitive data not encrypted 1 6 No logging, monitoring, alerting … now let’s help Andy have a great day! :-) Andy S3 Bucket “Data Backup” Internal Data Service
Best of the Best Practices: Infrastructure Security 1) Create a Threat Prevention Layer using AWS Edge Services 2) Create network zones with Virtual Private Clouds (VPCs) and Security Groups 3) Manage vulnerabilities through patching and scanning Use the 70 worldwide points of presence in the AWS Edge Network to provide scalability, protect from denial of service attacks, and protect from web application attacks. Implement security controls at the boundaries of hosts and virtual networks within the cloud environment to enforce access policy. Test virtual machine images and snapshots for operating system and application vulnerabilities throughout the build pipeline and into the operational environment. AWS WAFAWS Shield Amazon CloudFront AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark Security Group Amazon Inspector
InfrastructureSecurity AWS WAF AWS Shield S3 Bucket “Website Images” Amazon CloudFront Internet AWS Account Internet Gateway 1 Andy Web Server Instance Security Group Security Group Amazon Inspector S3 Bucket “Data Backup” Internal Data Service
Best of the Best Practices: Data Protection 4) Encrypt data at rest (with the occasional exception) 5) Use server-side encryption with provider managed keys 6) Encrypt data in transit (with no exceptions) AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS KMS Data Encryption Key AWS KMS Amazon S3 Amazon CloudFront Internet Gateway SSL / TLS / HTTPS Enabling encryption at rest helps ensure the confidentiality and integrity of data. Consider encrypting everything that is not public. AWS Key Management Service (KMS) is seamlessly integrated with 18 other AWS services. You can use a default master key or select a custom master key, both managed by AWS. Encryption of data in transit provides protection from accidental disclosure, verifies the integrity of the data, and can be used to validate the remote connection.
AWS WAF AWS KMS AWS Shield S3 Bucket “Website Images” Amazon CloudFront AWS KMS Data Encryption Key Internet Internet Gateway 2 Andy Amazon Inspector S3 Bucket “Data Backup” Internal Data Service DataProtection AWS Account
Best of the Best Practices: Identity and Access Mgmt 7) Use multiple AWS accounts to reduce blast radius 8) Use limited roles and grant temporary security credentials 9) Federate to an existing identity service AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark Production Staging Temporary Security Credentials IAM IAM MFA token AWS Directory Service IAM Roles AWS accounts provide administrative isolation between workloads across different lines of business, regions, stages of production and types of data classification. IAM roles and temporary security credentials mean you don't always have to manage long-term credentials and IAM users for each entity that requires access to a resource. Control access to AWS resources, and manage the authentication and authorisation process without needing to re-create all your corporate users as IAM users.
AWS WAF AWS Shield Temporary Security Credentials IAM S3 Bucket “Website Images” Amazon CloudFront MFA token Internet AWS Account AWS Account Internet Gateway 3 Andy Amazon Inspector AWS Directory Service S3 Bucket “Database Backup” AWS KMS AWS KMS Data Encryption Key Internal Data Service IdentityandAccessManagement
Best of the Best Practices: Logging and Monitoring 10) Turn on logging in all accounts, for all services, in all regions 11) Use the AWS platform’s built-in monitoring and alerting features 12) Use a separate AWS account to fetch and store copies of all logs AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Config Amazon CloudWatch AWS CloudTrail CloudWatch Alarms Production Security The AWS API history in CloudTrail enables security analysis, resource change tracking, and compliance auditing. CloudWatch collects and tracks metrics and monitors log files. Monitoring a broad range of sources will ensure that unexpected occurrences are detected. Establish alarms and notifications for anomalous or sensitive account activity. Configuring a security account to copy logs to a separate bucket ensures access to information which can be useful in security incident response workflows.
AWS WAF AWS KMS AWS Shield Temporary Security Credentials IAM S3 Bucket “Website Images” S3 Bucket “Database Backup” Amazon CloudFront MFA token AWS KMS Data Encryption Key Internet AWS Account AWS Account Internet Gateway 4Andy AWS Config Amazon CloudWatch AWS CloudTrail Amazon Inspector AWS Directory Service Internal Data Service LoggingandMonitoring
AWS WAF AWS KMS AWS Shield Temporary Security Credentials IAM S3 Bucket “Website Images” Amazon CloudFront MFA token Web Server Instance AWS KMS Data Encryption Key Internet AWS Account AWS Account Security Group Security Group Internet Gateway Andy AWS Config Amazon CloudWatch AWS CloudTrail Amazon Inspector AWS Directory Service S3 Bucket “Data Backup” Internal Data Service BestPractices
Tools and Automation Amazon Inspector Amazon CloudWatch Events AWS Config Rules An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. A monitoring service for AWS cloud resources and the applications you run on AWS. You can easily build workflows that automatically take actions you define, such as invoking an AWS Lambda function, when an event of interest occurs. A fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. AWS re:Invent 2016: “5 Security Automation Improvements You Can Make by Using Amazon CloudWatch Events and AWS Config Rules” (SAC401)
At Scale with
IAM • Issue: At scale we have too many IAM Users • Solution: IAM identity federation • Benefits: – Large reduction in the number of IAM users – Benefit from our existing staff account processes • Issue: IAM users are still required in some cases • Solution: Monitoring and automation around IAM users • Benefits: – Poorly configured or inactive IAM users automatically disabled and removed
CloudTrail • Issue: Impaired visibility has a negative impact on security, cost, and compliance • Solution: – Enable log sources – Automate configuration – Log integrity checking – Monitoring log events • Benefit: – Visibility of actions and activity – Alarming and automation
AWS Config (or similar) • Issue: Insecure resource configurations • Solution: – AWS Config-like service – Automate detection and reporting • Benefit: – History of resource configuration – Near real-time identification of configuration violations – Alarming and automation of operations and security
AWS WAF AWS KMS AWS Shield Temporary Security Credentials IAM AWS Config S3 Bucket “Website Images” S3 Bucket “Data Backup” Amazon CloudFront MFA token AWS KMS Data Encryption Key Internet AWS Account AWS Account Internet Gateway Amazon CloudWatch AWS CloudTrail Amazon Inspector AWS Directory Service AutomatedConfigurationChecks Security Group Internal Data Service
Tools at Scale NCC Scout 2: Audit an account for Security Issues https://nccgroup.github.io/Scout2/ CloudSploit: Automated AWS Security and Configuration Management https://cloudsploit.com/ … and many more
Prepare your Umbrella Before it Rains turn it on
Resources AWS Security Best Practices White Paper http://bit.ly/AWSBest CIS AWS Security Foundations Benchmark http://bit.ly/AWSCIS CIS AWS Three-Tier Web Architecture Benchmark http://bit.ly/AWSCIS3T Code 08 = LXN1bW1p
Thank you!

Recomendados

Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Amazon Web Services
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Amazon Web Services
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtHelen Rogers
 
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...Amazon Web Services
 
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...Amazon Web Services
 
AWS Enterprise Day | Running Critical Business Applications on AWS
AWS Enterprise Day | Running Critical Business Applications on AWSAWS Enterprise Day | Running Critical Business Applications on AWS
AWS Enterprise Day | Running Critical Business Applications on AWSAmazon Web Services
 

Recomendados

Application Migrations
Application MigrationsApplication Migrations
Application MigrationsAmazon Web Services
 
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...
Is AWS GovCloud (US) Right for Your Regulated Workload? | AWS Public Sector S...Amazon Web Services
 
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...
Adaptive Cloud Security: Game-Changing Cloud Security and Compliance Automati...Amazon Web Services
 
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016
Governance Strategies for Cloud Transformation | AWS Public Sector Summit 2016Amazon Web Services
 
Security Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtSecurity Best Practices_John Hildebrandt
Security Best Practices_John HildebrandtHelen Rogers
 
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...
How Can I Build a Landing Zone & Extend my Operations into AWS to Support my ...Amazon Web Services
 
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...
AWS Partner Webcast - Step by Step Plan to Update and Migrate Microsoft Wind...Amazon Web Services
 
AWS Enterprise Day | Running Critical Business Applications on AWS
AWS Enterprise Day | Running Critical Business Applications on AWSAWS Enterprise Day | Running Critical Business Applications on AWS
AWS Enterprise Day | Running Critical Business Applications on AWSAmazon Web Services
 
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...Amazon Web Services
 
Career Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergCareer Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergHelen Rogers
 
AWS Server Migration Service - A Quick Primer
AWS Server Migration Service - A Quick PrimerAWS Server Migration Service - A Quick Primer
AWS Server Migration Service - A Quick PrimerAli Asgar Juzer
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Amazon Web Services
 
Building Serverless Applications with AWS Chalice
Building Serverless Applications with AWS ChaliceBuilding Serverless Applications with AWS Chalice
Building Serverless Applications with AWS ChaliceAmazon Web Services
 
Geospatial Workloads on AWS_Herman Coomans
Geospatial Workloads on AWS_Herman CoomansGeospatial Workloads on AWS_Herman Coomans
Geospatial Workloads on AWS_Herman CoomansHelen Rogers
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016Amazon Web Services
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Amazon Web Services
 
Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Amazon Web Services
 
Aws cloud adoption_framework
Aws cloud adoption_frameworkAws cloud adoption_framework
Aws cloud adoption_frameworkIBM India Pvt Ltd
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Amazon Web Services
 
Deliver Desktop Applications with Amazon AppStream and Workspaces
Deliver Desktop Applications with Amazon AppStream and WorkspacesDeliver Desktop Applications with Amazon AppStream and Workspaces
Deliver Desktop Applications with Amazon AppStream and WorkspacesAmazon Web Services
 
How to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
How to Migrate and Protect Your Workloads With Zero Disruption and No Data LossHow to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
How to Migrate and Protect Your Workloads With Zero Disruption and No Data LossAmazon Web Services
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCAmazon Web Services
 
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...Amazon Web Services
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
 
Strategic Approaches to AWS Enterprise Application Migration
Strategic Approaches to AWS Enterprise Application MigrationStrategic Approaches to AWS Enterprise Application Migration
Strategic Approaches to AWS Enterprise Application MigrationAmazon Web Services
 
Start Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessStart Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessAmazon Web Services
 
Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale Amazon Web Services
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...Amazon Web Services
 
Career Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergCareer Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergHelen Rogers
 
AWS Server Migration Service - A Quick Primer
AWS Server Migration Service - A Quick PrimerAWS Server Migration Service - A Quick Primer
AWS Server Migration Service - A Quick PrimerAli Asgar Juzer
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneAmazon Web Services
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Amazon Web Services
 
Building Serverless Applications with AWS Chalice
Building Serverless Applications with AWS ChaliceBuilding Serverless Applications with AWS Chalice
Building Serverless Applications with AWS ChaliceAmazon Web Services
 
Geospatial Workloads on AWS_Herman Coomans
Geospatial Workloads on AWS_Herman CoomansGeospatial Workloads on AWS_Herman Coomans
Geospatial Workloads on AWS_Herman CoomansHelen Rogers
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016Amazon Web Services
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Amazon Web Services
 
Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Amazon Web Services
 
Aws cloud adoption_framework
Aws cloud adoption_frameworkAws cloud adoption_framework
Aws cloud adoption_frameworkIBM India Pvt Ltd
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfAmazon Web Services
 
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Amazon Web Services
 
Deliver Desktop Applications with Amazon AppStream and Workspaces
Deliver Desktop Applications with Amazon AppStream and WorkspacesDeliver Desktop Applications with Amazon AppStream and Workspaces
Deliver Desktop Applications with Amazon AppStream and WorkspacesAmazon Web Services
 
How to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
How to Migrate and Protect Your Workloads With Zero Disruption and No Data LossHow to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
How to Migrate and Protect Your Workloads With Zero Disruption and No Data LossAmazon Web Services
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCAmazon Web Services
 
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...Amazon Web Services
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Amazon Web Services
 
Strategic Approaches to AWS Enterprise Application Migration
Strategic Approaches to AWS Enterprise Application MigrationStrategic Approaches to AWS Enterprise Application Migration
Strategic Approaches to AWS Enterprise Application MigrationAmazon Web Services
 
Start Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessStart Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessAmazon Web Services
 

Mais procurados (20)

AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
AWS re:Invent 2016: The Cloud Is Enterprise Ready: How the University of Ariz...
 
Career Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunbergCareer Pathways to AWS_ FrancesGrunberg
Career Pathways to AWS_ FrancesGrunberg
 
AWS Server Migration Service - A Quick Primer
AWS Server Migration Service - A Quick PrimerAWS Server Migration Service - A Quick Primer
AWS Server Migration Service - A Quick Primer
 
Simplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing ZoneSimplify & Standardise your migration to AWS with a Migration Landing Zone
Simplify & Standardise your migration to AWS with a Migration Landing Zone
 
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
Mission (Not) Impossible: NIST 800-53 High Impact Controls on AWS | AWS Publi...
 
Building Serverless Applications with AWS Chalice
Building Serverless Applications with AWS ChaliceBuilding Serverless Applications with AWS Chalice
Building Serverless Applications with AWS Chalice
 
Geospatial Workloads on AWS_Herman Coomans
Geospatial Workloads on AWS_Herman CoomansGeospatial Workloads on AWS_Herman Coomans
Geospatial Workloads on AWS_Herman Coomans
 
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
So You’ve Decided to Buy Cloud, Now What? | AWS Public Sector Summit 2016
 
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
Transitioning to the Next Generation Hybrid Cloud Operating Model- AWS Summit...
 
Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?Getting Started: What Should My Enterprise Do in the First 90 Days?
Getting Started: What Should My Enterprise Do in the First 90 Days?
 
Aws cloud adoption_framework
Aws cloud adoption_frameworkAws cloud adoption_framework
Aws cloud adoption_framework
 
Following Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdfFollowing Well Architected Frameworks - Lunch and Learn.pdf
Following Well Architected Frameworks - Lunch and Learn.pdf
 
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
Migrating Enterprise Applications to AWS: Best Practices & Techniques (ENT303...
 
Deliver Desktop Applications with Amazon AppStream and Workspaces
Deliver Desktop Applications with Amazon AppStream and WorkspacesDeliver Desktop Applications with Amazon AppStream and Workspaces
Deliver Desktop Applications with Amazon AppStream and Workspaces
 
How to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
How to Migrate and Protect Your Workloads With Zero Disruption and No Data LossHow to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
How to Migrate and Protect Your Workloads With Zero Disruption and No Data Loss
 
Large-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSCLarge-Scale AWS Migrations with CSC
Large-Scale AWS Migrations with CSC
 
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
AWS re:Invent 2016: Fueling Migration: Shortcutting your Application Portfoli...
 
Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...Cloud Governance and Provisioning Management using AWS Management Tools and S...
Cloud Governance and Provisioning Management using AWS Management Tools and S...
 
Strategic Approaches to AWS Enterprise Application Migration
Strategic Approaches to AWS Enterprise Application MigrationStrategic Approaches to AWS Enterprise Application Migration
Strategic Approaches to AWS Enterprise Application Migration
 
Start Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - BusinessStart Your Digital Revolution with AWS - Business
Start Your Digital Revolution with AWS - Business
 

Semelhante a Best Practices for Security at Scale

Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale Amazon Web Services
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Amazon Web Services
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtHelen Rogers
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...Amazon Web Services
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudAmazon Web Services
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice Alert Logic
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAlienVault
 
Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Amazon Web Services
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...Amazon Web Services
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Semelhante a Best Practices for Security at Scale (20)

Best Practices for Security at Scale
Best Practices for Security at Scale Best Practices for Security at Scale
Best Practices for Security at Scale
 
Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017Security Best Practices - Transformation Day Public Sector London 2017
Security Best Practices - Transformation Day Public Sector London 2017
 
Security and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John HildebrandtSecurity and Compliance Better on AWS_John Hildebrandt
Security and Compliance Better on AWS_John Hildebrandt
 
AWS and the ASD Essential Eight
AWS and the ASD Essential EightAWS and the ASD Essential Eight
AWS and the ASD Essential Eight
 
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
AWS re:Invent 2016: Enabling Enterprise Migrations: Creating an AWS Landing Z...
 
Sicurezza e Compliance nel Cloud
Sicurezza e Compliance nel CloudSicurezza e Compliance nel Cloud
Sicurezza e Compliance nel Cloud
 
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
CSS17: Atlanta - The AWS Shared Responsibility Model in Practice
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
Understanding AWS Security
Understanding AWS SecurityUnderstanding AWS Security
Understanding AWS Security
 
Advanced AWS Security Workshop
Advanced AWS Security WorkshopAdvanced AWS Security Workshop
Advanced AWS Security Workshop
 
AWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & ResponseAWS Security Best Practices for Effective Threat Detection & Response
AWS Security Best Practices for Effective Threat Detection & Response
 
Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.Security Automation: Spend Less Time Securing Your Applications.
Security Automation: Spend Less Time Securing Your Applications.
 
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017 AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
AWS Security Enabiling Fintech Pace Security AWS Summit SG 2017
 
Security & Compliance
Security & Compliance Security & Compliance
Security & Compliance
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
AWS re:Invent 2016: Automating and Scaling Infrastructure Administration with...
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 
Security & Compliance in AWS
Security & Compliance in AWSSecurity & Compliance in AWS
Security & Compliance in AWS
 

Mais de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Mais de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Último

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

Último (20)

08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

Best Practices for Security at Scale

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Phil Rodrigues Security Solutions Architect Amazon Web Services Level 200 Best Practices for Security at Scale Michael Fuller Principal Systems Engineer Atlassian © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. “Best of the Best” tips for Security in the Cloud
  • 2. Agenda • Sources of Best Practices • A Bad Day • Best of the Best Practices – Infrastructure Security – Data Protection – Identity and Access Management – Logging and Monitoring • Tools and Automation • At Scale with Atlassian
  • 3. Sources of Best Practices AWS Cloud Adoption Framework (CAF) AWS Security Best Practices Centre for Internet Security (CIS) Benchmarks How to move to the cloud securely including the “Core Five Epics”: • Identity and Access Management • Logging and Monitoring • Infrastructure Security • Data Protection • Incident Response Whitepaper with 44 best practices including: • Identity and Access Management (10 best practices) • Logging and Monitoring (4) • Infrastructure Security (15) • Data Protection (15) 148 detailed recommendations for configuration and auditing covering: • “AWS Foundations” with 52 checks aligned to AWS Best Practices • “AWS Three-Tier Web Architecture” with 96 checks for web applications
  • 4. CIS Benchmarks: What, Why, Check, Fix
  • 5. A is for “Andy” and B is for “Bill” Andy follows best practices Bill does NOT follow best practices :-) :-(
  • 6. Bill’sBadDay S3 Bucket “Website Images” Web Server InstanceInternet AWS Account Internet Gateway Bill S3 Bucket “Data Backup” Internal Data Service
  • 7. S3 Bucket “Data Backup” Internal Data ServiceBad Person S3 Bucket “Website Images” Web Server InstanceInternet AWS Account Internet Gateway 1 2 3 4 5 Bill’sBadDay Bill 1 Access the vulnerable web application 2 Pivot to the data service 3 Delete the website image files 4 Change permissions to the data backup 5 Download the data backup
  • 8. S3 Bucket “Website Images” Web Server InstanceInternet AWS Account Internet Gateway Bill’sBadDay Bill No web application protection 2 No segmentation 3 One account 4 All permissions granted 5 Sensitive data not encrypted 1 6 No logging, monitoring, alerting … now let’s help Andy have a great day! :-) Andy S3 Bucket “Data Backup” Internal Data Service
  • 9. Best of the Best Practices: Infrastructure Security 1) Create a Threat Prevention Layer using AWS Edge Services 2) Create network zones with Virtual Private Clouds (VPCs) and Security Groups 3) Manage vulnerabilities through patching and scanning Use the 70 worldwide points of presence in the AWS Edge Network to provide scalability, protect from denial of service attacks, and protect from web application attacks. Implement security controls at the boundaries of hosts and virtual networks within the cloud environment to enforce access policy. Test virtual machine images and snapshots for operating system and application vulnerabilities throughout the build pipeline and into the operational environment. AWS WAFAWS Shield Amazon CloudFront AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark Security Group Amazon Inspector
  • 10. InfrastructureSecurity AWS WAF AWS Shield S3 Bucket “Website Images” Amazon CloudFront Internet AWS Account Internet Gateway 1 Andy Web Server Instance Security Group Security Group Amazon Inspector S3 Bucket “Data Backup” Internal Data Service
  • 11. Best of the Best Practices: Data Protection 4) Encrypt data at rest (with the occasional exception) 5) Use server-side encryption with provider managed keys 6) Encrypt data in transit (with no exceptions) AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS KMS Data Encryption Key AWS KMS Amazon S3 Amazon CloudFront Internet Gateway SSL / TLS / HTTPS Enabling encryption at rest helps ensure the confidentiality and integrity of data. Consider encrypting everything that is not public. AWS Key Management Service (KMS) is seamlessly integrated with 18 other AWS services. You can use a default master key or select a custom master key, both managed by AWS. Encryption of data in transit provides protection from accidental disclosure, verifies the integrity of the data, and can be used to validate the remote connection.
  • 12. AWS WAF AWS KMS AWS Shield S3 Bucket “Website Images” Amazon CloudFront AWS KMS Data Encryption Key Internet Internet Gateway 2 Andy Amazon Inspector S3 Bucket “Data Backup” Internal Data Service DataProtection AWS Account
  • 13. Best of the Best Practices: Identity and Access Mgmt 7) Use multiple AWS accounts to reduce blast radius 8) Use limited roles and grant temporary security credentials 9) Federate to an existing identity service AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark Production Staging Temporary Security Credentials IAM IAM MFA token AWS Directory Service IAM Roles AWS accounts provide administrative isolation between workloads across different lines of business, regions, stages of production and types of data classification. IAM roles and temporary security credentials mean you don't always have to manage long-term credentials and IAM users for each entity that requires access to a resource. Control access to AWS resources, and manage the authentication and authorisation process without needing to re-create all your corporate users as IAM users.
  • 14. AWS WAF AWS Shield Temporary Security Credentials IAM S3 Bucket “Website Images” Amazon CloudFront MFA token Internet AWS Account AWS Account Internet Gateway 3 Andy Amazon Inspector AWS Directory Service S3 Bucket “Database Backup” AWS KMS AWS KMS Data Encryption Key Internal Data Service IdentityandAccessManagement
  • 15. Best of the Best Practices: Logging and Monitoring 10) Turn on logging in all accounts, for all services, in all regions 11) Use the AWS platform’s built-in monitoring and alerting features 12) Use a separate AWS account to fetch and store copies of all logs AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Best Practices Paper CIS Web-Tier Benchmark CIS Foundation Benchmark AWS Config Amazon CloudWatch AWS CloudTrail CloudWatch Alarms Production Security The AWS API history in CloudTrail enables security analysis, resource change tracking, and compliance auditing. CloudWatch collects and tracks metrics and monitors log files. Monitoring a broad range of sources will ensure that unexpected occurrences are detected. Establish alarms and notifications for anomalous or sensitive account activity. Configuring a security account to copy logs to a separate bucket ensures access to information which can be useful in security incident response workflows.
  • 16. AWS WAF AWS KMS AWS Shield Temporary Security Credentials IAM S3 Bucket “Website Images” S3 Bucket “Database Backup” Amazon CloudFront MFA token AWS KMS Data Encryption Key Internet AWS Account AWS Account Internet Gateway 4Andy AWS Config Amazon CloudWatch AWS CloudTrail Amazon Inspector AWS Directory Service Internal Data Service LoggingandMonitoring
  • 17. AWS WAF AWS KMS AWS Shield Temporary Security Credentials IAM S3 Bucket “Website Images” Amazon CloudFront MFA token Web Server Instance AWS KMS Data Encryption Key Internet AWS Account AWS Account Security Group Security Group Internet Gateway Andy AWS Config Amazon CloudWatch AWS CloudTrail Amazon Inspector AWS Directory Service S3 Bucket “Data Backup” Internal Data Service BestPractices
  • 18. Tools and Automation Amazon Inspector Amazon CloudWatch Events AWS Config Rules An automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for vulnerabilities or deviations from best practices. A monitoring service for AWS cloud resources and the applications you run on AWS. You can easily build workflows that automatically take actions you define, such as invoking an AWS Lambda function, when an event of interest occurs. A fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications. Config Rules enables you to create rules that automatically check the configuration of AWS resources recorded by AWS Config. AWS re:Invent 2016: “5 Security Automation Improvements You Can Make by Using Amazon CloudWatch Events and AWS Config Rules” (SAC401)
  • 20. IAM • Issue: At scale we have too many IAM Users • Solution: IAM identity federation • Benefits: – Large reduction in the number of IAM users – Benefit from our existing staff account processes • Issue: IAM users are still required in some cases • Solution: Monitoring and automation around IAM users • Benefits: – Poorly configured or inactive IAM users automatically disabled and removed
  • 21. CloudTrail • Issue: Impaired visibility has a negative impact on security, cost, and compliance • Solution: – Enable log sources – Automate configuration – Log integrity checking – Monitoring log events • Benefit: – Visibility of actions and activity – Alarming and automation
  • 22. AWS Config (or similar) • Issue: Insecure resource configurations • Solution: – AWS Config-like service – Automate detection and reporting • Benefit: – History of resource configuration – Near real-time identification of configuration violations – Alarming and automation of operations and security
  • 23. AWS WAF AWS KMS AWS Shield Temporary Security Credentials IAM AWS Config S3 Bucket “Website Images” S3 Bucket “Data Backup” Amazon CloudFront MFA token AWS KMS Data Encryption Key Internet AWS Account AWS Account Internet Gateway Amazon CloudWatch AWS CloudTrail Amazon Inspector AWS Directory Service AutomatedConfigurationChecks Security Group Internal Data Service
  • 24. Tools at Scale NCC Scout 2: Audit an account for Security Issues https://nccgroup.github.io/Scout2/ CloudSploit: Automated AWS Security and Configuration Management https://cloudsploit.com/ … and many more
  • 25. Prepare your Umbrella Before it Rains turn it on
  • 26. Resources AWS Security Best Practices White Paper http://bit.ly/AWSBest CIS AWS Security Foundations Benchmark http://bit.ly/AWSCIS CIS AWS Three-Tier Web Architecture Benchmark http://bit.ly/AWSCIS3T Code 08 = LXN1bW1p