SlideShare uma empresa Scribd logo

AWS Initiate: Security framework shakedown

Transferir como PPTX, PDF
Amazon Web Services LATAM
Amazon Web Services LATAM

AWS Initiate day in Brasilia - Security Framework Shakedown: Mapeie sua jornada com as melhores práticas da AWS

Internet
1 de 31
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FrameworkemSegurançaparaaNuvem MapeiesuajornadacomasmelhorespráticasdaAWS MelissaRavanini ArquitetadeSoluções ravanini@amazon.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Cloud Adoption Framework: perspectiva de segurança • AWS Well-Architected Framework: pilar de segurança
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSshared responsibilitymodel
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWScloudadoptionframework
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Definaaestratégia Identifique os workloads que moverão para a numve Identifique stakeholders
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Entregueumprogramadesegurança Racionalize em cima dos seus requisitos de segurança Defina proteção e controles de segurança para seus dados Documente sua arquitetura de segurança
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cartografiadesegurança
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operaçõesdesegurançarobustas Deploy da arquitetura Automação Monitoramento contínuo Testes e Gamedays
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ident. e controle acesso Controles e detecção Segurança Infraestrutura Proteção de dados Resposta a incidentes Semana 1 Semana 2 Semana 5Semana 3 Semana 4 Exemplo de uma Jornada em Segurança
https://console.aws.amazon.com/wellarchitected
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OqueéoframeworkWell-ArchitecteddaAWS? Pilares Princípios de design Perguntas
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PilaresdoWell-ArchitecteddaAWS Seguranç a Confiabilidade Eficiência em performance Otimização de custos Excelência operacional
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTrustedAdvisor https://console.aws.amazon.com/trustedadvisor
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:fortecontrolede identidade Acesso Root nunca deveria ser utilizado Considere AWS Organizations Implemente política de troca de senha Centralize identidades Audite periodicamente
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cross-accountAccess https://docs.aws.amazon.com/pt_br/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSSingleSign-On(SSO) Serviço AWS GRATUITO de single sign-on (SSO) para centralizer a gestão de acesso à contas AWS e aplicações de negócio Centralize a gestão do acesso à múltiplas contas AWS Fácil de habilitar e usar Use suas identidades atuais Acesso SSO a aplicações SAML
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:fortecontrolede identidade Nunca armazene credenciais ou senhas em código Reforce o uso de MFA Use papéis do IAM para serviços Estabeleça poíticas de menor privilégio Use credenciais temporárias
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:habilite rastreabilidade Considere Amazon GuardDuty Configure log de aplicação e infraestrutura Centralize usando um SIEM Monitore proativamente Reveja regularmente novidades e melhores práticas
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AmazonGuard Duty https://console.aws.amazon.com/guardduty/
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:proteçãoderede Amazon CloudFront + AWS WAF Amazon VPC e security groups Conectividade privada– Transit Gateway, VPN, AWS Direct Connect Endpoints dos serviços Reforce permissão a nível de serviço
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como:proteçãonacamada derede Bucket Instâncias Região VPC Usuários https://amzn.to/2PbHOpz Automação de WAF www.example.com
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:apliquesegurançaem todasas camadas Proteja sistemas operacionais e mude configurações padrão Use anti-malware + ferramentas de detecção de intrusão Escaneie sua infraestrutura Escaneie seu código Instale patches contra vulnerabilidades
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como:automatize verificações AWS Config  Config Rules https://console.aws.amazon.com/config
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como:gestãoautomatizada Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
Obrigada!

Recomendados

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Amazon Web Services LATAM
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
Amazon Web Services LATAM
 
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Amazon Web Services
 
AWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito Amazon
Amazon Web Services LATAM
 
AWS Media & Entertainment Symposium -- Los Angeles 2019
AWS Media & Entertainment Symposium -- Los Angeles 2019AWS Media & Entertainment Symposium -- Los Angeles 2019
AWS Media & Entertainment Symposium -- Los Angeles 2019
Amazon Web Services
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparada
Amazon Web Services LATAM
 
AWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do Cliente
AWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do ClienteAWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do Cliente
AWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do Cliente
Amazon Web Services LATAM
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Amazon Web Services
 

Recomendados

Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Security framework shakedown_-_chart_your_journey_with_aws_best_practices_ini...
Amazon Web Services LATAM
 
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
AWS Initiate - Security Framework Shakedown: Mapeie sua jornada com as melhor...
Amazon Web Services LATAM
 
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019 Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Leadership session: Aspirational security - SEP318-L - AWS re:Inforce 2019
Amazon Web Services
 
AWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito AmazonAWS Initiate - DevOps do Jeito Amazon
AWS Initiate - DevOps do Jeito Amazon
Amazon Web Services LATAM
 
AWS Media & Entertainment Symposium -- Los Angeles 2019
AWS Media & Entertainment Symposium -- Los Angeles 2019AWS Media & Entertainment Symposium -- Los Angeles 2019
AWS Media & Entertainment Symposium -- Los Angeles 2019
Amazon Web Services
 
AWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparadaAWS Initiate - Landing Zone: Como saber se sua base está preparada
AWS Initiate - Landing Zone: Como saber se sua base está preparada
Amazon Web Services LATAM
 
AWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do Cliente
AWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do ClienteAWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do Cliente
AWS Initiate - A Cultura de Inovação da Amazon direcionada ao sucesso do Cliente
Amazon Web Services LATAM
 
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019 Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Privacy by design on AWS - FND202-R - AWS re:Inforce 2019
Amazon Web Services
 
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon Web Services
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Amazon Web Services
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
Amazon Web Services
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Amazon Web Services
 
Using Mobile to Engage Your Audience
Using Mobile to Engage Your AudienceUsing Mobile to Engage Your Audience
Using Mobile to Engage Your Audience
Amazon Web Services
 
Store of the Future: Smart Shopping
Store of the Future: Smart Shopping Store of the Future: Smart Shopping
Store of the Future: Smart Shopping
Amazon Web Services
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
Amazon Web Services
 
IoT from Cloud to Edge & Back Again - WebSummit 2018
IoT from Cloud to Edge & Back Again - WebSummit 2018IoT from Cloud to Edge & Back Again - WebSummit 2018
IoT from Cloud to Edge & Back Again - WebSummit 2018
Boaz Ziniman
 
Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...
Amazon Web Services
 
Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1
Amazon Web Services
 
Launching applications the Amazon Way
Launching applications the Amazon WayLaunching applications the Amazon Way
Launching applications the Amazon Way
Amazon Web Services
 
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
Amazon Web Services
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Amazon Web Services
 
GDPR: Security & Data Protection at the Core of Your Strategy
GDPR: Security & Data Protection at the Core of Your StrategyGDPR: Security & Data Protection at the Core of Your Strategy
GDPR: Security & Data Protection at the Core of Your Strategy
Amazon Web Services
 
AWS Security Week: Why Your Customers Care About Compliance
AWS Security Week: Why Your Customers Care About ComplianceAWS Security Week: Why Your Customers Care About Compliance
AWS Security Week: Why Your Customers Care About Compliance
Amazon Web Services
 
Are you Well-Architected?
Are you Well-Architected?Are you Well-Architected?
Are you Well-Architected?
Amazon Web Services
 
Innovation and Startups Today
Innovation and Startups TodayInnovation and Startups Today
Innovation and Startups Today
Amazon Web Services
 
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Amazon Web Services
 
On a trail with Amazon Detective | LCloud
On a trail with Amazon Detective | LCloudOn a trail with Amazon Detective | LCloud
On a trail with Amazon Detective | LCloud
LCloud
 
AWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation WorkshopAWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation Workshop
Amazon Web Services
 
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Amazon Web Services LATAM
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
Amazon Web Services
 

Mais conteúdo relacionado

Mais procurados

How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
Amazon Web Services
 
Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...
Amazon Web Services
 
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
Amazon Web Services
 
GDPR: Security & Data Protection at the Core of Your Strategy
GDPR: Security & Data Protection at the Core of Your StrategyGDPR: Security & Data Protection at the Core of Your Strategy
GDPR: Security & Data Protection at the Core of Your Strategy
Amazon Web Services
 

Mais procurados (20)

Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019 Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
Amazon FreeRTOS security best practices - FND212 - AWS re:Inforce 2019
 
Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019 Cloud control fitness - GRC202 - AWS re:Inforce 2019
Cloud control fitness - GRC202 - AWS re:Inforce 2019
 
How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...How Dow Jones uses AWS to create a secure perimeter around its web properties...
How Dow Jones uses AWS to create a secure perimeter around its web properties...
 
Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019 Implementing your landing zone - FND210 - AWS re:Inforce 2019
Implementing your landing zone - FND210 - AWS re:Inforce 2019
 
Using Mobile to Engage Your Audience
Using Mobile to Engage Your AudienceUsing Mobile to Engage Your Audience
Using Mobile to Engage Your Audience
 
Store of the Future: Smart Shopping
Store of the Future: Smart Shopping Store of the Future: Smart Shopping
Store of the Future: Smart Shopping
 
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your CloudAWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
AWS Security Week: Humans & Data Don’t Mix - Best Practices to Secure Your Cloud
 
IoT from Cloud to Edge & Back Again - WebSummit 2018
IoT from Cloud to Edge & Back Again - WebSummit 2018IoT from Cloud to Edge & Back Again - WebSummit 2018
IoT from Cloud to Edge & Back Again - WebSummit 2018
 
Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...Best practices for privileged access & secrets management in the cloud - DEM0...
Best practices for privileged access & secrets management in the cloud - DEM0...
 
Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1 Secure Your Customer Data from Day 1
Secure Your Customer Data from Day 1
 
Launching applications the Amazon Way
Launching applications the Amazon WayLaunching applications the Amazon Way
Launching applications the Amazon Way
 
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
How to Automate Security Learning at Scale (ANT335-S) - AWS re:Invent 2018
 
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
Threat detection on AWS: An introduction to Amazon GuardDuty - FND216 - AWS r...
 
GDPR: Security & Data Protection at the Core of Your Strategy
GDPR: Security & Data Protection at the Core of Your StrategyGDPR: Security & Data Protection at the Core of Your Strategy
GDPR: Security & Data Protection at the Core of Your Strategy
 
AWS Security Week: Why Your Customers Care About Compliance
AWS Security Week: Why Your Customers Care About ComplianceAWS Security Week: Why Your Customers Care About Compliance
AWS Security Week: Why Your Customers Care About Compliance
 
Are you Well-Architected?
Are you Well-Architected?Are you Well-Architected?
Are you Well-Architected?
 
Innovation and Startups Today
Innovation and Startups TodayInnovation and Startups Today
Innovation and Startups Today
 
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...Building the Organisation of the Future: Leveraging Artificial Intelligence a...
Building the Organisation of the Future: Leveraging Artificial Intelligence a...
 
On a trail with Amazon Detective | LCloud
On a trail with Amazon Detective | LCloudOn a trail with Amazon Detective | LCloud
On a trail with Amazon Detective | LCloud
 
AWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation WorkshopAWS Security Week: Threat Detection & Remediation Workshop
AWS Security Week: Threat Detection & Remediation Workshop
 

Semelhante a AWS Initiate: Security framework shakedown

Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Amazon Web Services
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
Amazon Web Services Korea
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Amazon Web Services
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Amazon Web Services
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
Amazon Web Services
 

Semelhante a AWS Initiate: Security framework shakedown (20)

Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWSSecurity Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
Security Framework Shakedown- Mapeie sua jornada com as melhores práticas da AWS
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon WayInitiate Edinburgh 2019 - Moving to DevOps the Amazon Way
Initiate Edinburgh 2019 - Moving to DevOps the Amazon Way
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
Leadership session - Governance, risk, and compliance - GRC326-L - AWS re:Inf...
 
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
Introduction to the Well-Architected Framework and Tool - SVC212 - Santa Clar...
 
So You Want to be Well-Architected?
So You Want to be Well-Architected?So You Want to be Well-Architected?
So You Want to be Well-Architected?
 
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
e커머스 통합운영 자동화 사례 및 보안강화 방안 - 양수연 상무, 삼성SDS / 임선진 팀장, 삼성SDS :: AWS Summit Seou...
 
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
Using AMS to get FSI Regulated Workloads on the Cloud, Fast - AWS Summit Sydn...
 
How to Do it Right - Your First 90 Days - AWS Summit Sydney 2018
How to Do it Right - Your First 90 Days - AWS Summit Sydney 2018How to Do it Right - Your First 90 Days - AWS Summit Sydney 2018
How to Do it Right - Your First 90 Days - AWS Summit Sydney 2018
 
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
Secure Your Data with Recommended Best Practices Enabled by AWS Security and ...
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...Security at the speed of cloud: How to think about it & how you can do it now...
Security at the speed of cloud: How to think about it & how you can do it now...
 
Are you Well Architected?
Are you Well Architected?Are you Well Architected?
Are you Well Architected?
 
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
Presenting Radar: Validation and remediation of AWS cloud resources - GRC343 ...
 
Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...Capital One case study: Addressing compliance and security within AWS - FND21...
Capital One case study: Addressing compliance and security within AWS - FND21...
 
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
In the cloud, the name of the game is securability! - SEP303 - AWS re:Inforce...
 
Simplify front end apps.pdf
Simplify front end apps.pdfSimplify front end apps.pdf
Simplify front end apps.pdf
 
AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3AWSome Day Online Conference 2018 - Module 3
AWSome Day Online Conference 2018 - Module 3
 

Mais de Amazon Web Services LATAM

Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
Amazon Web Services LATAM
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
Amazon Web Services LATAM
 

Mais de Amazon Web Services LATAM (20)

AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvemAWS para terceiro setor - Sessão 1 - Introdução à nuvem
AWS para terceiro setor - Sessão 1 - Introdução à nuvem
 
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e BackupAWS para terceiro setor - Sessão 2 - Armazenamento e Backup
AWS para terceiro setor - Sessão 2 - Armazenamento e Backup
 
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
AWS para terceiro setor - Sessão 3 - Protegendo seus dados.
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
 
Automatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWSAutomatize seu processo de entrega de software com CI/CD na AWS
Automatize seu processo de entrega de software com CI/CD na AWS
 
Cómo empezar con Amazon EKS
Cómo empezar con Amazon EKSCómo empezar con Amazon EKS
Cómo empezar con Amazon EKS
 
Como começar com Amazon EKS
Como começar com Amazon EKSComo começar com Amazon EKS
Como começar com Amazon EKS
 
Ransomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWSRansomware: como recuperar os seus dados na nuvem AWS
Ransomware: como recuperar os seus dados na nuvem AWS
 
Ransomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWSRansomware: cómo recuperar sus datos en la nube de AWS
Ransomware: cómo recuperar sus datos en la nube de AWS
 
Ransomware: Estratégias de Mitigação
Ransomware: Estratégias de MitigaçãoRansomware: Estratégias de Mitigação
Ransomware: Estratégias de Mitigação
 
Ransomware: Estratégias de Mitigación
Ransomware: Estratégias de MitigaciónRansomware: Estratégias de Mitigación
Ransomware: Estratégias de Mitigación
 
Aprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWSAprenda a migrar y transferir datos al usar la nube de AWS
Aprenda a migrar y transferir datos al usar la nube de AWS
 
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWSAprenda como migrar e transferir dados ao utilizar a nuvem da AWS
Aprenda como migrar e transferir dados ao utilizar a nuvem da AWS
 
Cómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administradosCómo mover a un almacenamiento de archivos administrados
Cómo mover a un almacenamiento de archivos administrados
 
Simplifique su BI con AWS
Simplifique su BI con AWSSimplifique su BI con AWS
Simplifique su BI con AWS
 
Simplifique o seu BI com a AWS
Simplifique o seu BI com a AWSSimplifique o seu BI com a AWS
Simplifique o seu BI com a AWS
 
Os benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWSOs benefícios de migrar seus workloads de Big Data para a AWS
Os benefícios de migrar seus workloads de Big Data para a AWS
 

Último

call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
ydyuyu
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 

Último (20)

Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime BalliaBallia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
Ballia Escorts Service Girl ^ 9332606886, WhatsApp Anytime Ballia
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
Tadepalligudem Escorts Service Girl ^ 9332606886, WhatsApp Anytime Tadepallig...
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 

AWS Initiate: Security framework shakedown

  • 1.
  • 2. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. FrameworkemSegurançaparaaNuvem MapeiesuajornadacomasmelhorespráticasdaAWS MelissaRavanini ArquitetadeSoluções ravanini@amazon.com
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda • Cloud Adoption Framework: perspectiva de segurança • AWS Well-Architected Framework: pilar de segurança
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSshared responsibilitymodel
  • 6.
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWScloudadoptionframework
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Definaaestratégia Identifique os workloads que moverão para a numve Identifique stakeholders
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Entregueumprogramadesegurança Racionalize em cima dos seus requisitos de segurança Defina proteção e controles de segurança para seus dados Documente sua arquitetura de segurança
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cartografiadesegurança
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Operaçõesdesegurançarobustas Deploy da arquitetura Automação Monitoramento contínuo Testes e Gamedays
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Ident. e controle acesso Controles e detecção Segurança Infraestrutura Proteção de dados Resposta a incidentes Semana 1 Semana 2 Semana 5Semana 3 Semana 4 Exemplo de uma Jornada em Segurança
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. OqueéoframeworkWell-ArchitecteddaAWS? Pilares Princípios de design Perguntas
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. PilaresdoWell-ArchitecteddaAWS Seguranç a Confiabilidade Eficiência em performance Otimização de custos Excelência operacional
  • 16. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWSTrustedAdvisor https://console.aws.amazon.com/trustedadvisor
  • 17.
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:fortecontrolede identidade Acesso Root nunca deveria ser utilizado Considere AWS Organizations Implemente política de troca de senha Centralize identidades Audite periodicamente
  • 19. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Cross-accountAccess https://docs.aws.amazon.com/pt_br/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWSSingleSign-On(SSO) Serviço AWS GRATUITO de single sign-on (SSO) para centralizer a gestão de acesso à contas AWS e aplicações de negócio Centralize a gestão do acesso à múltiplas contas AWS Fácil de habilitar e usar Use suas identidades atuais Acesso SSO a aplicações SAML
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:fortecontrolede identidade Nunca armazene credenciais ou senhas em código Reforce o uso de MFA Use papéis do IAM para serviços Estabeleça poíticas de menor privilégio Use credenciais temporárias
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:habilite rastreabilidade Considere Amazon GuardDuty Configure log de aplicação e infraestrutura Centralize usando um SIEM Monitore proativamente Reveja regularmente novidades e melhores práticas
  • 24. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AmazonGuard Duty https://console.aws.amazon.com/guardduty/
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:proteçãoderede Amazon CloudFront + AWS WAF Amazon VPC e security groups Conectividade privada– Transit Gateway, VPN, AWS Direct Connect Endpoints dos serviços Reforce permissão a nível de serviço
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como:proteçãonacamada derede Bucket Instâncias Região VPC Usuários https://amzn.to/2PbHOpz Automação de WAF www.example.com
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Melhorespráticas:apliquesegurançaem todasas camadas Proteja sistemas operacionais e mude configurações padrão Use anti-malware + ferramentas de detecção de intrusão Escaneie sua infraestrutura Escaneie seu código Instale patches contra vulnerabilidades
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como:automatize verificações AWS Config  Config Rules https://console.aws.amazon.com/config
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Como:gestãoautomatizada Automation Patch manager State manager https://amzn.to/2AaOwSg https://amzn.to/2DSTLdK https://amzn.to/2Qihzxm
  • 30.

Notas do Editor

  1. x
  2. x
  3. Se você não tem um check list de controle de segurança, escolha algum, como por exemplo o ISO ou o NIST, ou Central for Internet Security, Security Controls…
  4. Pensando em metodologia ágil, temos sprints semanais… IAM: não esquecer de falar Federação Infra: WAF, SG, Route Tables, ACLs, Data protection: Encryption in transit and at rest Response plans e procedures: alarmes, monitoramento, notificações
  5. Monitoramento de credenciais -> veja se estão usando
  6. Se você está usando roles, você já está usando credenciais temporárias via STS (security token service)
  7. GuardDuty: free-tier; VPC Flow logs, DNS logs, Cloud Trail logs Cloudwatch logs and alerts SIEM: Security Information and Event Management
  8. Marketplace Inspector
  9. OWASP (open source): Open Web Application Security Project