SlideShare a Scribd company logo

Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017

Amazon Web Services
Amazon Web Services

In cloud migrations, the cloud's elastic nature is often touted as a critical capability in delivering on key business initiatives. However, you must account for it in your security and compliance plans or face some real challenges. Always counting on a virtual host to be running, for example, causes issues when that host is rebooted or retired. Managing security and compliance in the cloud is continuous, requiring forethought and automation. Learn how a leading, next generation managed cloud provider uses automation and cloud expertise to manage security and compliance at scale in an ever-changing environment. Through code examples and live demos, we show tools and automation to provide continuous compliance of your cloud infrastructure. Session sponsored by 2nd Watch

1 of 28
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Continuous Compliance on AWS at Scale S I D 3 1 3 N o v e m b e r 2 9 , 2 0 1 7 P e t e r M e i s t e r | p m e i s t e r @ 2 n d w a t c h . c o m 2 n d W a t c h D i r e c t o r , P r o d u c t M a n a g e m e n t L a r s C r o m l e y | l c r o m l e y @ 2 n d w a t c h . c o m 2 n d W a t c h D i r e c t o r o f E n g i n e e r i n g , A u t o m a t i o n
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect in this session • Cloud compliance and security on AWS • Engineering for compliance • Compliance automation • Live demo • Business outcomes and takeaways
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Engineering Compliance & Security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous Compliance & Cloud Security
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Management tools and processes • Maintain and strictly enforce enterprise configuration • Automated procedure to enforce configuration • Analyzing data to derive knowledge for continuous monitoring and compliance Configuration Management
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Unified compliance processes and frameworks • Stronger compliance standards • Catalogs for continuous compliance • Bring the skills from the data center to the cloud Compliance Standards
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Traditional compliance approaches • Risk-based security and compliance framework • People, process and technology • PAG─be prescriptive • Cloud security and continuous monitoring • Security defense in depth • Endpoint to server─protect the entire platform C l o u d S e c u r i t yP o l i c y & P r o c e d u r e Governance, Risk, & Compliance © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Protection improvements • Unplanned changes • Configuration enforcement • Configuration management • Improved reusability • Prescriptive and programmatic management Benefits of Cloud Compliance on AWS
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Engineering for Compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Unique for each organization • Vertical-based coupled to regulatory requirements • Accelerated with tools • InSpec─compliance-as-code • Think compliance by design Building Compliant Environments
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Accelerate and deploy security- focused environments • AWS meets compliance across a broad range • AWS Enterprise Accelerator─compliance offerings • PCI─DSS – NIST─OMB TIC─DoD • AWS CloudFormation templates to support automation and deployment Compliance Templates
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Having the right tools is essential • Combining operations management tools is best practice • Utilize provisioning tools and configuration management tools • Utilize orchestration and automation tools and monitoring tools • AWS CodeDeploy • AWS CodePipeline Operations Tooling
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Reduce complexity of configuring distributed infrastructure and resources • Speed and agility to perform configuration at scale • Puppet, Chef, Ansible, SaltStack provide rich capabilities • Engineering for compliance Configuration Management
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation & Continuous Compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. We had based workload supportability and service level on a set of tags. If new infrastructure was created, we needed to know the environment, service level, who created it, did they follow the approved process, etc.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Specifically, these resources…
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business logic, based on a mutable asset in an environment that encourages ephemeral architecture and elasticity?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What could possibly go wrong?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our Task To leverage AWS Config service, creating a rule to look for our specific tags, alert when those tags are not present, and then apply said tags to said resource
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. def handler(event, context): # log some init stuff log_start_info() # handle debug event arg log_if_debug(event) # for each item, process and remove from queue process(bucket, key) def process(bucket, key): s3 = boto3.resource('s3') obj = s3.get_object(Bucket=bucket,Key=key) body = json.loads(obj['Body'].read()) msg = json.loads(json.loads(msg['raw_event'])['Message']) if msg['configRuleName'] == CONFIG_RULE_NAME and msg['compliance'] == NOT_COMPLIANT # CALL ALERT SERVICE Code
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Building Autonomous Systems
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated Systems Need Love, Too
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Reality
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Live Technical Demo
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business Outcomes • Compliance and security from a 360- degree vision • Security awareness accountability • Continuous CI/CD flow • Continuous compliance is a journey
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways “Digital business is essentially software, which means that organizations that expect to thrive in a digital environment must have an improved competence in software delivery.” – Laurie Wurster, Research Director – Gartner
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! V i s i t u s a t : w w w . 2 n d w a t c h . c o m E n g a g e w i t h u s @ 2 n d w a t c h V i s i t u s a t o u r b o o t h : 1 1 0 4

Recommended

SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 

Recommended

SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...
Protect Your Web Applications from Common Attack Vectors Using AWS WAF - SID3...Amazon Web Services
 
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...
Security at Scale: How Autodesk Leverages Native AWS Technologies to Provide ...Amazon Web Services
 
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017
How Chick-fil-A Embraces DevSecOps on AWS - SID306 - re:Invent 2017Amazon Web Services
 
Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Incident Response in the Cloud - SID319 - re:Invent 2017
Incident Response in the Cloud - SID319 - re:Invent 2017Amazon Web Services
 
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017
Security and DevOps: Agility and Teamwork - SID315 - re:Invent 2017Amazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
ENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationAmazon Web Services
 
The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
SRV318_Research at PNNL Powered by AWS
SRV318_Research at PNNL Powered by AWSSRV318_Research at PNNL Powered by AWS
SRV318_Research at PNNL Powered by AWSAmazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaAmazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Amazon Web Services
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on LabAmazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 
Using AWS to Achieve Both Autonomy and Governance at 3M
Using AWS to Achieve Both Autonomy and Governance at 3MUsing AWS to Achieve Both Autonomy and Governance at 3M
Using AWS to Achieve Both Autonomy and Governance at 3MCasey Lee
 

More Related Content

What's hot

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Amazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
ENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationAmazon Web Services
 
The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017Amazon Web Services
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategyAmazon Web Services
 
SRV318_Research at PNNL Powered by AWS
SRV318_Research at PNNL Powered by AWSSRV318_Research at PNNL Powered by AWS
SRV318_Research at PNNL Powered by AWSAmazon Web Services
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaAmazon Web Services
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Amazon Web Services
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Amazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Amazon Web Services
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 

What's hot (20)

SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
 
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017Moving from the Shadows to the Throne - SID310 - re:Invent 2017
Moving from the Shadows to the Throne - SID310 - re:Invent 2017
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
ENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital TransformationENT227_IoT + Cloud enables Enterprise Digital Transformation
ENT227_IoT + Cloud enables Enterprise Digital Transformation
 
The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017The AWS Philosophy of Security - SID322 - re:Invent 2017
The AWS Philosophy of Security - SID322 - re:Invent 2017
 
SID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account StrategySID331_Architecting Security and Governance Across a Multi-Account Strategy
SID331_Architecting Security and Governance Across a Multi-Account Strategy
 
SRV318_Research at PNNL Powered by AWS
SRV318_Research at PNNL Powered by AWSSRV318_Research at PNNL Powered by AWS
SRV318_Research at PNNL Powered by AWS
 
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM NinjaGPSTEC310_IAM Best Practices and Becoming an IAM Ninja
GPSTEC310_IAM Best Practices and Becoming an IAM Ninja
 
WPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated WorkloadWPS205_Is AWS GovCloud Right for your Regulated Workload
WPS205_Is AWS GovCloud Right for your Regulated Workload
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
Automating DDoS Response in the Cloud - SID324 - re:Invent 2017
 
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
Automating Security and Compliance Testing of Infrastructure-as-Code for DevS...
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through Failure
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
 
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
 
GuardDuty Hands-on Lab
GuardDuty Hands-on LabGuardDuty Hands-on Lab
GuardDuty Hands-on Lab
 
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
 

Similar to Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017

Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Amazon Web Services
 
Using AWS to Achieve Both Autonomy and Governance at 3M
Using AWS to Achieve Both Autonomy and Governance at 3MUsing AWS to Achieve Both Autonomy and Governance at 3M
Using AWS to Achieve Both Autonomy and Governance at 3MCasey Lee
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MAmazon Web Services
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesAmazon Web Services
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAmazon Web Services
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesAmazon Web Services
 
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Amazon Web Services
 
NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017
NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017
NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017Amazon Web Services
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...Amazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
 
Building Manageable Windows Workloads - ARC324 - re:Invent 2017
Building Manageable Windows Workloads - ARC324 - re:Invent 2017Building Manageable Windows Workloads - ARC324 - re:Invent 2017
Building Manageable Windows Workloads - ARC324 - re:Invent 2017Amazon Web Services
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionCloudHealth by VMware
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemAmazon Web Services
 
Building Best Practices and the Right Foundation for your 1st Production Work...
Building Best Practices and the Right Foundation for your 1st Production Work...Building Best Practices and the Right Foundation for your 1st Production Work...
Building Best Practices and the Right Foundation for your 1st Production Work...Amazon Web Services
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...Amazon Web Services
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...Amazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 

Similar to Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017 (20)

Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
Manage Infrastructure Securely at Scale and Eliminate Operational Risks - DEV...
 
Using AWS to Achieve Both Autonomy and Governance at 3M
Using AWS to Achieve Both Autonomy and Governance at 3MUsing AWS to Achieve Both Autonomy and Governance at 3M
Using AWS to Achieve Both Autonomy and Governance at 3M
 
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3MDEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
DEV332_Using AWS to Achieve Both Autonomy and Governance at 3M
 
CON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized ServicesCON320_Monitoring, Logging and Debugging Containerized Services
CON320_Monitoring, Logging and Debugging Containerized Services
 
Adding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps PipelinesAdding the Sec to Your DevOps Pipelines
Adding the Sec to Your DevOps Pipelines
 
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life SciencesGPSTEC306-Continuous Compliance for Healthcare and Life Sciences
GPSTEC306-Continuous Compliance for Healthcare and Life Sciences
 
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
Embrace DevOps and Learn How to Automate Operations - DEV306 - re:Invent 2017
 
NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017
NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017
NEW LAUNCH! Introducing Amazon SageMaker - MCL365 - re:Invent 2017
 
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
FSV308-Culture Shift How to Move a Global Financial Services Organization to ...
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
 
Building Manageable Windows Workloads - ARC324 - re:Invent 2017
Building Manageable Windows Workloads - ARC324 - re:Invent 2017Building Manageable Windows Workloads - ARC324 - re:Invent 2017
Building Manageable Windows Workloads - ARC324 - re:Invent 2017
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
DevOps on AWS
DevOps on AWSDevOps on AWS
DevOps on AWS
 
AWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech SessionAWS re:Invent 2017 | CloudHealth Tech Session
AWS re:Invent 2017 | CloudHealth Tech Session
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Use Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition SystemUse Amazon Rekognition to Build a Facial Recognition System
Use Amazon Rekognition to Build a Facial Recognition System
 
Building Best Practices and the Right Foundation for your 1st Production Work...
Building Best Practices and the Right Foundation for your 1st Production Work...Building Best Practices and the Right Foundation for your 1st Production Work...
Building Best Practices and the Right Foundation for your 1st Production Work...
 
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
How Hess Has Continued to Optimize the AWS Cloud After Migrating - ENT218 - r...
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Continuous Compliance on AWS at Scale - SID313 - re:Invent 2017

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Continuous Compliance on AWS at Scale S I D 3 1 3 N o v e m b e r 2 9 , 2 0 1 7 P e t e r M e i s t e r | p m e i s t e r @ 2 n d w a t c h . c o m 2 n d W a t c h D i r e c t o r , P r o d u c t M a n a g e m e n t L a r s C r o m l e y | l c r o m l e y @ 2 n d w a t c h . c o m 2 n d W a t c h D i r e c t o r o f E n g i n e e r i n g , A u t o m a t i o n
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What to expect in this session • Cloud compliance and security on AWS • Engineering for compliance • Compliance automation • Live demo • Business outcomes and takeaways
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Engineering Compliance & Security
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous Compliance & Cloud Security
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Management tools and processes • Maintain and strictly enforce enterprise configuration • Automated procedure to enforce configuration • Analyzing data to derive knowledge for continuous monitoring and compliance Configuration Management
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Unified compliance processes and frameworks • Stronger compliance standards • Catalogs for continuous compliance • Bring the skills from the data center to the cloud Compliance Standards
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Traditional compliance approaches • Risk-based security and compliance framework • People, process and technology • PAG─be prescriptive • Cloud security and continuous monitoring • Security defense in depth • Endpoint to server─protect the entire platform C l o u d S e c u r i t yP o l i c y & P r o c e d u r e Governance, Risk, & Compliance © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Protection improvements • Unplanned changes • Configuration enforcement • Configuration management • Improved reusability • Prescriptive and programmatic management Benefits of Cloud Compliance on AWS
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Engineering for Compliance
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Unique for each organization • Vertical-based coupled to regulatory requirements • Accelerated with tools • InSpec─compliance-as-code • Think compliance by design Building Compliant Environments
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Accelerate and deploy security- focused environments • AWS meets compliance across a broad range • AWS Enterprise Accelerator─compliance offerings • PCI─DSS – NIST─OMB TIC─DoD • AWS CloudFormation templates to support automation and deployment Compliance Templates
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Having the right tools is essential • Combining operations management tools is best practice • Utilize provisioning tools and configuration management tools • Utilize orchestration and automation tools and monitoring tools • AWS CodeDeploy • AWS CodePipeline Operations Tooling
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • Reduce complexity of configuring distributed infrastructure and resources • Speed and agility to perform configuration at scale • Puppet, Chef, Ansible, SaltStack provide rich capabilities • Engineering for compliance Configuration Management
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automation & Continuous Compliance
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. We had based workload supportability and service level on a set of tags. If new infrastructure was created, we needed to know the environment, service level, who created it, did they follow the approved process, etc.
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Specifically, these resources…
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business logic, based on a mutable asset in an environment that encourages ephemeral architecture and elasticity?
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What could possibly go wrong?
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Our Task To leverage AWS Config service, creating a rule to look for our specific tags, alert when those tags are not present, and then apply said tags to said resource
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. def handler(event, context): # log some init stuff log_start_info() # handle debug event arg log_if_debug(event) # for each item, process and remove from queue process(bucket, key) def process(bucket, key): s3 = boto3.resource('s3') obj = s3.get_object(Bucket=bucket,Key=key) body = json.loads(obj['Body'].read()) msg = json.loads(json.loads(msg['raw_event'])['Message']) if msg['configRuleName'] == CONFIG_RULE_NAME and msg['compliance'] == NOT_COMPLIANT # CALL ALERT SERVICE Code
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Building Autonomous Systems
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Automated Systems Need Love, Too
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Reality
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Live Technical Demo
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Business Outcomes • Compliance and security from a 360- degree vision • Security awareness accountability • Continuous CI/CD flow • Continuous compliance is a journey
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Takeaways “Digital business is essentially software, which means that organizations that expect to thrive in a digital environment must have an improved competence in software delivery.” – Laurie Wurster, Research Director – Gartner
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! V i s i t u s a t : w w w . 2 n d w a t c h . c o m E n g a g e w i t h u s @ 2 n d w a t c h V i s i t u s a t o u r b o o t h : 1 1 0 4