O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

AWS - Security & Compliance

158 visualizações

Publicada em

El sector de los servicios financieros atrae a algunas de las amenazas de seguridad de la información más hostiles y es una de las industrias más reguladas del mundo. AWS es consciente de estas obligaciones y ha colaborado con las organizaciones de servicios financieros más complejas con el fin de cumplir los requisitos de seguridad y conformidad en cada uno de los pasos de su viaje a la nube. La protección de sus datos es la mayor prioridad de AWS y nuestra infraestructura global está diseñada y administrada de acuerdo con las prácticas recomendadas de seguridad, así como varias normas de conformidad.

Publicada em: Tecnologia
  • Seja o primeiro a comentar

AWS - Security & Compliance

  1. 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Leandro Bennaton LATAM Compliance Strategist Jan/2018 AWS – Security & Compliance SBIF - REGULATION
  2. 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. externalización de servicios Cloud Computing SBIF Capítulo 20-7 27/12/2017
  3. 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Familiar Security Model Validated and driven by customers’ security experts Benefits all customers PEOPLE & PROCESS SYSTEM NETWORK PHYSICAL AWS Security is Job Zero
  4. 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 49 Availability Zones – +101 Edge Locations AWS Global Infrastructure Worldwide Global Standardization
  5. 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. 18 Regions – 49 Availability Zones – +101 Edge Locations AWS Global Infrastructure Availability Zone A Availability Zone B Availability Zone C AZ DataCenter 1 DataCenter 2 DataCenter n
  6. 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Freedom of choice Microsoft Windows Server 2016, 2012, 2008, and 2003 Red Hat Enterprise Linux Amazon Linux SUSE Linux Ubuntu OS Database Microsoft SQL Server Oracle Amazon Aurora PostgreSQL MySQL MariaDB Amazon DynamoDB Databases SQL, NoSQL, Caching Compute
  7. 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Your Datacenter Fully Featured Compute Resource & Deployment Management Common Controls for Security & Access Integrated Networking Data Integration & Life Cycle Management Flexible hybrid options AWS Different forms of implementation Amazon Web Services
  8. 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Different forms of implementation Your Datacenter Amazon Web Services Comcast’s IT strategy focuses on combining its own data centers and AWS as the cornerstone of its next-generation TV service, X1. This has allowed them to rapidly scale interactive, on-demand content to millions of viewers. Data Integration Network Integration Integrated Identity & Access Resource & Deployment Management Devices & Edge Systems
  9. 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. IaaS – Infrastructure as a service AWS CloudTrail Amazon CloudWatch Amazon Inspector Amazon SNS AWS Artifact AWS KMS AWS IAM Amazon VPC AWS Shield AWS WAF AWS CloudFormatio n AWS Service Catalog AWS Organizations AWS Config AWS Trusted Advisor
  10. 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance
  11. 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Compliance Program Independent audits recognized worldwide Worldwide Global Standardization Secure Infrastructure
  12. 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS a deep set of cloud security tools Virtual Private Cloud Isolated cloud resources Web Application Firewall Filter Malicious Web Traffic Shield DDoS protection Networking Key Management Service Manage creation and control of encryption keys CloudHSM Hardware-based key storage Server-Side Encryption Flexible data encryption options Encryption IAM Manage user access and encryption keys SAML Federation SAML 2.0 support to allow on- prem identity integration Directory Service Host and manage Microsoft Active Directory Organizations Manage settings for multiple accounts Identity & Management Direct Connect Dedicated connection, your Datacenter and AWS Certificate Manager Provision, manage, and deploy SSL/TSL certificates
  13. 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS a deep set of cloud security tools Service Catalog Create and use standardized products Config Track resource inventory and changes CloudTrail Track user activity and API usage CloudWatch Monitor resources and applications Artifact Self-service for AWS’ compliance reports Compliance Inspector Analyze application security Macie Machine learning service to help customers prevent data loss in AWS GuardDuty Intelligent Threat Detection in the AWS Cloud Cognito User Sign Up & Sign In
  14. 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Infrastructure Security Logging & Monitoring Identity & Access Control Configuration & Vulnerability Analysis Data Protection AWS Marketplace
  15. 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You are in control of privacy You retain full ownership and control of your content  Choose the AWS Sao Paulo Region and AWS will not replicate it elsewhere unless you choose to do so.  Control format, accuracy, and encryption any way that you choose.  Control who can access content.  Control content lifecycle and disposal.
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Encryption Data at Transit and Rest EBS Volume Encryption EBS Encryption Filesystem Tools AWS Marketplace/Partner Object Encryption S3 Server Side Encryption (SSE) S3 SSE w/ Customer Provided Keys Client-Side Encryption Database Encryption Redshift Encryption RDS PostgreSQL KMS RDS MYSQL KMS RDS ORACLE TDE/HSM RDS MSSQL TDE AWS Whitepaper Securing Data at Rest with Encryption End-to-end SSL/TLS
  17. 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. You get to control who can do what in your AWS environment when and from where Fine-grained control of your AWS cloud with multi-factor authentication Integrate with an existing Active Directory using federation and single sign-on AWS account owner Network management Security management Server management Storage management Control access and segregate duties everywhere
  18. 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OR Move Fast Stay Secure
  19. 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AND Move Fast Stay Secure
  20. 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS – Capital One DEVSECOPS
  21. 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Reference architecture https://aws.amazon.com/architecture/
  22. 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. https://example.com AWS Edge Locations AWS WAF Amazon Route 53 Amazon CloudFront AWS Shield Advanced CloudTrail us-east-1a us-east-1bProxies NAT RDS DB DMZSubnet PrivateSubnet PrivateSubnet Proxies Bastion RDS DB AWS Config CloudWatch Alarms Archive Logs Bucket S3 Lifecycle Policies to Glacier PrivateSubnet PrivateSubnet AWS Account Virtual Private Cloud (VPC) Cyber Security Well-Architected via a NIST High Quick Start High availability with multi-AZ deployments - fault tolerance solution Failover occurs automatically in response to the most important failure scenarios
  23. 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Worldwide | N. America | LATAM | UK/IR | EMEA | APAC | Japan | China Leandro Bennaton LATAM Compliance Strategist bennaton@amazon.com

×