Anúncio
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud

Check these out next

I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
Amazon Web Services
Lessons & Use-Cases at Scale - Dr. Pete Stanski
Lessons & Use-Cases at Scale - Dr. Pete Stanski
Amazon Web Services
AWS Summit London 2016 Keynote
AWS Summit London 2016 Keynote
Amazon Web Services
SEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the Cloud
Amazon Web Services
AWS Innovate 2016: Digital Workloads on Amazon Web Services- Santanu Dutt
AWS Innovate 2016: Digital Workloads on Amazon Web Services- Santanu Dutt
Amazon Web Services Korea
AWS re:Invent 2016: Automating Cloud Management and Deployment for a Diverse ...
AWS re:Invent 2016: Automating Cloud Management and Deployment for a Diverse ...
Amazon Web Services
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Amazon Web Services
Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017
Amazon Web Services
1 de 43

Keeping Developers and Auditors Happy in the Cloud

24 de Jun de 2016
Baixar para ler offline
Tecnologia

Often times, developers and auditors can be at odds. The agile, fast-moving environments that developers enjoy will typically give auditors heartburn. The more controlled and stable environments that auditors prefer to demonstrate and maintain compliance are traditionally not friendly to developers or innovation. In this session, we will look at the intersection where developers and auditors meet by discussing techniques, tools, and concepts that appeal to both. Topics covered will include shared responsibility, using compartmentalization and micro-services for scope control, immutable infrastructure, and continuous security testing.

Amazon Web Services
Amazon Web Services
Anúncio
Anúncio
Anúncio

Recomendados

DevOps at Amazon: A Look at Our Tools and ProcessesDevOps at Amazon: A Look at Our Tools and Processes
DevOps at Amazon: A Look at Our Tools and ProcessesAmazon Web Services1.2K visualizações45 slides
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...
Partner Solutions: Rackspace - Rethinking Your Migration Strategy to Maximize...Amazon Web Services766 visualizações39 slides
Digital Workloads on AWSDigital Workloads on AWS
Digital Workloads on AWSAmazon Web Services932 visualizações49 slides
New AchitecturesNew Achitectures
New AchitecturesAmazon Web Services1.4K visualizações18 slides
Accelerate Your Mobile Development Journey with AWSAccelerate Your Mobile Development Journey with AWS
Accelerate Your Mobile Development Journey with AWSAmazon Web Services405 visualizações38 slides
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliCasi reali di Mass Migration nel Cloud: benefici tangibili ed intangibili
Casi reali di Mass Migration nel Cloud: benefici tangibili ed intangibiliAmazon Web Services1.3K visualizações39 slides

Mais conteúdo relacionado

Apresentações para você(20)

I servizi AWS per le applicazioni mobili: sviluppo, test e produzioneI servizi AWS per le applicazioni mobili: sviluppo, test e produzione
I servizi AWS per le applicazioni mobili: sviluppo, test e produzione
Amazon Web Services1.1K visualizações
Lessons & Use-Cases at Scale - Dr. Pete StanskiLessons & Use-Cases at Scale - Dr. Pete Stanski
Lessons & Use-Cases at Scale - Dr. Pete Stanski
Amazon Web Services1.1K visualizações
AWS Summit London 2016 Keynote AWS Summit London 2016 Keynote
AWS Summit London 2016 Keynote
Amazon Web Services2.3K visualizações
SEC307 Automating Security and Compliance Response in the CloudSEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the Cloud
Amazon Web Services210 visualizações
AWS Innovate 2016: Digital Workloads on Amazon Web Services- Santanu DuttAWS Innovate 2016: Digital Workloads on Amazon Web Services- Santanu Dutt
AWS Innovate 2016: Digital Workloads on Amazon Web Services- Santanu Dutt
Amazon Web Services Korea499 visualizações
AWS re:Invent 2016: Automating Cloud Management and Deployment for a Diverse ...AWS re:Invent 2016: Automating Cloud Management and Deployment for a Diverse ...
AWS re:Invent 2016: Automating Cloud Management and Deployment for a Diverse ...
Amazon Web Services1.9K visualizações
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Monitoring, Hold the Infrastructure - Getting the Most out of AWS Lambda - AW...
Amazon Web Services490 visualizações
Easy Analytics with AWS - AWS Summit Bahrain 2017Easy Analytics with AWS - AWS Summit Bahrain 2017
Easy Analytics with AWS - AWS Summit Bahrain 2017
Amazon Web Services430 visualizações
Serverless solutions - AWS Summit SG 2017 Serverless solutions - AWS Summit SG 2017
Serverless solutions - AWS Summit SG 2017
Amazon Web Services768 visualizações
Accelerating innovation and reducing cost using cloud based software procurementAccelerating innovation and reducing cost using cloud based software procurement
Accelerating innovation and reducing cost using cloud based software procurement
Amazon Web Services245 visualizações
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
DevOps für mittlere Unternehmen und Großunternehmen - AWS Cloud Web Day für M...
AWS Germany574 visualizações
SEC307 Automating Security and Compliance Response in the CloudSEC307 Automating Security and Compliance Response in the Cloud
SEC307 Automating Security and Compliance Response in the Cloud
Amazon Web Services330 visualizações
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
AWS Partner Presentation - Digicomp - AWSome Day Zurich 112016
Amazon Web Services2.4K visualizações
An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016
An Introduction to AWS GovCloud (US) | AWS Public Sector Summit 2016
Amazon Web Services2.6K visualizações
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
Delivering DevOps on AWS: Accelerating Software Delivery with AWS Developer T...
Amazon Web Services586 visualizações
Compute Without Servers – Building Applications with AWS LambdaCompute Without Servers – Building Applications with AWS Lambda
Compute Without Servers – Building Applications with AWS Lambda
Amazon Web Services910 visualizações
Microservizi e container Docker in produzione: strumenti e consigliMicroservizi e container Docker in produzione: strumenti e consigli
Microservizi e container Docker in produzione: strumenti e consigli
Amazon Web Services1.1K visualizações
Protecting Our Data on AWSProtecting Our Data on AWS
Protecting Our Data on AWS
Amazon Web Services987 visualizações
AWS Keynote 1 - AWS Enterprise Summit - Hong KongAWS Keynote 1 - AWS Enterprise Summit - Hong Kong
AWS Keynote 1 - AWS Enterprise Summit - Hong Kong
Amazon Web Services573 visualizações
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Building a Data Processing Pipeline on AWS - AWS Summit SG 2017
Amazon Web Services495 visualizações

Destaque(20)

AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
AWS re:Invent 2016: Embracing DevSecOps while Improving Compliance and Securi...
Amazon Web Services2.2K visualizações
RoboCop: Bringing Law and Order to CI/CDRoboCop: Bringing Law and Order to CI/CD
RoboCop: Bringing Law and Order to CI/CD
Franklin Mosley800 visualizações
DevSecOps Singapore introductionDevSecOps Singapore introduction
DevSecOps Singapore introduction
Stefan Streichsbier453 visualizações
Dev seccon london 2016 intelliment securityDev seccon london 2016 intelliment security
Dev seccon london 2016 intelliment security
DevSecCon297 visualizações
Jakob Holderbaum - Managing Shared secrets using basic Unix toolsJakob Holderbaum - Managing Shared secrets using basic Unix tools
Jakob Holderbaum - Managing Shared secrets using basic Unix tools
DevSecCon355 visualizações
DevSecOps SG Introduction - August MeetupDevSecOps SG Introduction - August Meetup
DevSecOps SG Introduction - August Meetup
DevSecOpsSg141 visualizações
Vulnerability Advisor Deep Dive (Dec 2016)Vulnerability Advisor Deep Dive (Dec 2016)
Vulnerability Advisor Deep Dive (Dec 2016)
Canturk Isci586 visualizações
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & RecoveryCLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
CLOUD SECURITY ESSENTIALS 2.0 Full Stack Hacking & Recovery
Priyanka Aash2.7K visualizações
Rugged DevOps: Aligning Your Team and Your Powers for SuccessRugged DevOps: Aligning Your Team and Your Powers for Success
Rugged DevOps: Aligning Your Team and Your Powers for Success
SeniorStoryteller412 visualizações
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller451 visualizações
The End of Security as We Know It - Shannon LietzThe End of Security as We Know It - Shannon Lietz
The End of Security as We Know It - Shannon Lietz
SeniorStoryteller436 visualizações
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dom & Tom NYC Healthcare Cloud Meetup Case Study (5/4)
Dominic Tancredi966 visualizações
Continuous Security - Thunderplains 2016Continuous Security - Thunderplains 2016
Continuous Security - Thunderplains 2016
Adam Baldwin460 visualizações
The Art of Identifying Vulnerabilities - CascadiaFest 2015The Art of Identifying Vulnerabilities - CascadiaFest 2015
The Art of Identifying Vulnerabilities - CascadiaFest 2015
Adam Baldwin819 visualizações
Evident io Continuous Compliance - Mar 2017Evident io Continuous Compliance - Mar 2017
Evident io Continuous Compliance - Mar 2017
Sebastian Taphanel CISSP-ISSEP511 visualizações
How can i find my security blind spots ulf mattsson - aug 2016How can i find my security blind spots ulf mattsson - aug 2016
How can i find my security blind spots ulf mattsson - aug 2016
Ulf Mattsson621 visualizações
Null application security in an agile worldNull application security in an agile world
Null application security in an agile world
Stefan Streichsbier392 visualizações
Cloudsolutionday 2016: Compliance and cost controlling on AWSCloudsolutionday 2016: Compliance and cost controlling on AWS
Cloudsolutionday 2016: Compliance and cost controlling on AWS
AWS Vietnam Community201 visualizações
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Myths and realities of data security and compliance - Isaca Alanta - ulf matt...
Ulf Mattsson629 visualizações
The Changing Landscape of Information SecurityThe Changing Landscape of Information Security
The Changing Landscape of Information Security
DevSecOpsSg150 visualizações
Anúncio

Similar a Keeping Developers and Auditors Happy in the Cloud(20)

Keeping Developers and Auditors Happy in the Cloud Keeping Developers and Auditors Happy in the Cloud
Keeping Developers and Auditors Happy in the Cloud
Amazon Web Services743 visualizações
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
Amazon Web Services1.1K visualizações
Application Delivery PatternsApplication Delivery Patterns
Application Delivery Patterns
Shiva Narayanaswamy513 visualizações
Improving Security Agility using DevSecOpsImproving Security Agility using DevSecOps
Improving Security Agility using DevSecOps
Amazon Web Services391 visualizações
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
DevOps on Windows: How to Deploy Complex Windows Workloads | AWS Public Secto...
Amazon Web Services2.1K visualizações
AWS_DevOpsAWS_DevOps
AWS_DevOps
David Chapman475 visualizações
Application Delivery Patterns for Developers - Technical 401Application Delivery Patterns for Developers - Technical 401
Application Delivery Patterns for Developers - Technical 401
Amazon Web Services878 visualizações
How We Should Think About SecurityHow We Should Think About Security
How We Should Think About Security
Amazon Web Services521 visualizações
OpsWorks for Chef Automate - Auckland AWS OpsWorks for Chef Automate - Auckland AWS
OpsWorks for Chef Automate - Auckland AWS
Matt Ray483 visualizações
Datatree.io Webinar: Continuous Integration & Delivery for Agile TeamsDatatree.io Webinar: Continuous Integration & Delivery for Agile Teams
Datatree.io Webinar: Continuous Integration & Delivery for Agile Teams
Tara Walker271 visualizações
DevOps on AWS - Building Systems to Deliver FasterDevOps on AWS - Building Systems to Deliver Faster
DevOps on AWS - Building Systems to Deliver Faster
Amazon Web Services2.1K visualizações
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Building a DevOps Culture in Public Sector | AWS Public Sector Summit 2017
Amazon Web Services1.4K visualizações
State of Infrastructure as Code - AutomaCon 2016State of Infrastructure as Code - AutomaCon 2016
State of Infrastructure as Code - AutomaCon 2016
Amazon Web Services4.5K visualizações
Devops on AWSDevops on AWS
Devops on AWS
AWS Riyadh User Group510 visualizações
DevOps in Amazon.com DevOps in Amazon.com
DevOps in Amazon.com
Amazon Web Services1.4K visualizações
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Dev Ops on AWS - Accelerating Software Delivery - AWS-Summit SG 2017
Amazon Web Services1.6K visualizações
Implementing DevSecOpsImplementing DevSecOps
Implementing DevSecOps
Amazon Web Services1.5K visualizações
Aws dev ops pdfAws dev ops pdf
Aws dev ops pdf
saifam61 visualizações
Using AWS Well Architectured Framework for Software Architecture Evaluations ...Using AWS Well Architectured Framework for Software Architecture Evaluations ...
Using AWS Well Architectured Framework for Software Architecture Evaluations ...
Alexandr Savchenko193 visualizações
AWS Summit Auckland - Application Delivery Patterns for DevelopersAWS Summit Auckland - Application Delivery Patterns for Developers
AWS Summit Auckland - Application Delivery Patterns for Developers
Amazon Web Services482 visualizações

Mais de Amazon Web Services(20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services26.4K visualizações
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services5.6K visualizações
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
Amazon Web Services4.1K visualizações
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services2.8K visualizações
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
Amazon Web Services1.8K visualizações
Open banking as a serviceOpen banking as a service
Open banking as a service
Amazon Web Services6.7K visualizações
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Amazon Web Services3.3K visualizações
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services2.6K visualizações
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services1.6K visualizações
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
Amazon Web Services3.1K visualizações
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services1.3K visualizações
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services1.9K visualizações
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services1.5K visualizações
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services1.5K visualizações
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services2.4K visualizações
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services1.3K visualizações
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services1.4K visualizações
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
Amazon Web Services881 visualizações
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services657 visualizações
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
Amazon Web Services2.6K visualizações
Anúncio

Último(20)

Balance Kafka Cluster with Zero Data Movement with Haochen Li & Yaodong YangBalance Kafka Cluster with Zero Data Movement with Haochen Li & Yaodong Yang
Balance Kafka Cluster with Zero Data Movement with Haochen Li & Yaodong Yang
HostedbyConfluent0 visão
JupyChat - Michigan PythonJupyChat - Michigan Python
JupyChat - Michigan Python
Eli Wilson0 visão
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
Memory Matters: Drift Detection with a Low Memory Footprint for ML Models on ...
HostedbyConfluent0 visão
Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...
Bench, a Framework for Benchmarking Kafka Using K8s and OpenMessaging Benchma...
HostedbyConfluent0 visão
proposal (2).pdfproposal (2).pdf
proposal (2).pdf
mennaHendy0 visão
Our Business Goals.pdfOur Business Goals.pdf
Our Business Goals.pdf
mennaHendy0 visão
Deep Dive into Kafka Connect Protocol with Catalin PopDeep Dive into Kafka Connect Protocol with Catalin Pop
Deep Dive into Kafka Connect Protocol with Catalin Pop
HostedbyConfluent0 visão
Apache Flink on Kafka: Reliable Data Pipelines Everyone Can Code with Ela DemirApache Flink on Kafka: Reliable Data Pipelines Everyone Can Code with Ela Demir
Apache Flink on Kafka: Reliable Data Pipelines Everyone Can Code with Ela Demir
HostedbyConfluent0 visão
Future Tech Insights.pdfFuture Tech Insights.pdf
Future Tech Insights.pdf
JackHung290 visão
Plant Disease Detection.pptxPlant Disease Detection.pptx
Plant Disease Detection.pptx
vikasmittal920 visão
Dataflows for Machine Learning Operations with Alex Rakowski & Andrei PaleyesDataflows for Machine Learning Operations with Alex Rakowski & Andrei Paleyes
Dataflows for Machine Learning Operations with Alex Rakowski & Andrei Paleyes
HostedbyConfluent0 visão
Learnings From Shipping 1000+ Streaming Data Pipelines To Production with Hak...Learnings From Shipping 1000+ Streaming Data Pipelines To Production with Hak...
Learnings From Shipping 1000+ Streaming Data Pipelines To Production with Hak...
HostedbyConfluent0 visão
Digital Marketing Plan.pdfDigital Marketing Plan.pdf
Digital Marketing Plan.pdf
mennaHendy0 visão
What to do if Your Kafka Streams App Gets OOMKilled? with Andrey SerebryanskiyWhat to do if Your Kafka Streams App Gets OOMKilled? with Andrey Serebryanskiy
What to do if Your Kafka Streams App Gets OOMKilled? with Andrey Serebryanskiy
HostedbyConfluent0 visão
Will AI take over our jobs .pptxWill AI take over our jobs .pptx
Will AI take over our jobs .pptx
Alfredo Mancera0 visão
Material Requisition for 2" Autonomous Robotic Fire Suppression System for We...Material Requisition for 2" Autonomous Robotic Fire Suppression System for We...
Material Requisition for 2" Autonomous Robotic Fire Suppression System for We...
RogerJames250 visão
Safeguarding - Protecting Your Kafka from Misbehaving Clients with Tom ScottSafeguarding - Protecting Your Kafka from Misbehaving Clients with Tom Scott
Safeguarding - Protecting Your Kafka from Misbehaving Clients with Tom Scott
HostedbyConfluent0 visão
A Practical Guide To End-to-End Tracing In Event Driven Architectures with Ro...A Practical Guide To End-to-End Tracing In Event Driven Architectures with Ro...
A Practical Guide To End-to-End Tracing In Event Driven Architectures with Ro...
HostedbyConfluent0 visão
jsday 2023: Build ChatGPT over SMS in Italyjsday 2023: Build ChatGPT over SMS in Italy
jsday 2023: Build ChatGPT over SMS in Italy
Elizabeth (Lizzie) Siegle0 visão
Lesson-01.pptxLesson-01.pptx
Lesson-01.pptx
ssuserc24e050 visão

Keeping Developers and Auditors Happy in the Cloud

  1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. bjwagner@amazon.com June 16, 2016 • Enterprise Summit • Hong Kong Keeping Developers and Auditors Happy in the Cloud Brian Wagner, AWS Security Consultant
  2. The Cloud from a Developer Perspective
  3. The Cloud from an Auditor Perspective
  4. The Problem
  5. Incentives and Perspectives Developers Incentives   Speed   Features Want   Freedom to innovate   New technology Auditors Incentives   Compliance with regulatory obligations   Verifiable processes Want   Well-known technology   Predictability and stability
  6. The Solution
  7. “You build it, you run it.” -Werner Vogels, Amazon CTO (June 2006)
  8. Traditional Deployment developers releasetestbuild delivery pipeline stack
  9. developers delivery pipelinesservices releasetestbuild releasetestbuild releasetestbuild releasetestbuild releasetestbuild releasetestbuild You Build It, You Run It
  10. AWS Assurance Programs
  11. How Does that Help?
  12. Four Pillars 1.  Undifferentiated heavy lifting and shared responsibility 2.  Traceability in development 3.  Continuous security visibility 4.  Compartmentalization
  13. Four Pillars 1.  Undifferentiated heavy lifting and shared responsibility 2.  Traceability in development 3.  Continuous security visibility 4.  Compartmentalization
  14. Vulnerability Management
  15. Data Backups
  16. Traditional Data Backup
  17. Data Backup in the Cloud
  18. Four Pillars 1.  Undifferentiated heavy lifting and shared responsibility 2.  Traceability in development 3.  Continuous security visibility 4.  Compartmentalization
  19. Common Audit Requirements for Software Development   Review changes.   Track changes.   Test changes.   Deploy only approved code.   For all actions:   Who did it?   When?
  20. AWS Config AWS Config is a fully managed service that provides you with an inventory of your AWS resources, lets you audit the resource configuration history and notifies you of resource configuration changes.
  21. Continuous Change Recording Changing Resources AWS Config History Stream Snapshot (ex. 2014-11-05) AWS Config
  22. Audit logs for all operations Store/ Archive Troubleshoot Monitor & Alarm You are making API calls... On a growing set of AWS services around the world.. CloudTrail is continuously recording API calls
  23. Four Pillars 1.  Undifferentiated heavy lifting and shared responsibility 2.  Traceability in development 3.  Continuous security visibility 4.  Compartmentalization
  24. DevOps
  25. Infrastructure as Code is a practice by where traditional infrastructure management techniques are supplemented and often replaced by using code based tools and software development techniques.
  26. Infrastructure-as-code workflow code version control code review integrate “It’s all software”
  27. Development Lifecycle — DevOps Delivery Pipeline
  28. DevSecOps
  29. Where to Start? •  Guidelines? •  Checklists? •  1-pagers? •  6-pagers? •  Full documents? Security as Code
  30. Security as Code is Easy with AWS AWS provides all the APIs!   Programmatically test environments   Determine state of environment at a specific point in time   Repeatable processes   Scalable operations
  31. Development Lifecycle — DevOps Delivery Pipeline Security as Code
  32. How Can We Learn DevSecOps? Start Here Security as Code? Security as Ops? Compliance Ops? Science? Experiment: Automate Policy Governance Experiment: Detection via Security Operations Experiment: Compliance via DevSecOps Toolkit Experiment: Science via Profiling DevSecOps DevOps + Security
  33. Four Pillars 1.  Undifferentiated heavy lifting and shared responsibility 2.  Traceability in development 3.  Continuous security visibility 4.  Compartmentalization
  34. amazon.com 2001
  35. Traditional Deployment developers releasetestbuild delivery pipeline stack
  36. amazon.com 2009   Service-Oriented Architecture (SOA)   Single-purpose   Connect only through APIs   “Microservices”
  37. Example Microservice
  38. amazon.com 2009   Two-pizza teams   Full ownership   Full accountability   Aligned incentives   “DevOps”
  39. developers delivery pipelinesservices releasetestbuild releasetestbuild releasetestbuild releasetestbuild releasetestbuild releasetestbuild You Build It, You Run It
  40. Keep Developers and Auditors Happy
  41. Thank You! Brian Wagner, AWS Security Consultant
Anúncio