Post on 15-Apr-2017
ENTERPRISE APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
DataWarehousing
Hadoop/Spark
Streaming Data Collection
Machine Learning
Elastic Search
Virtual Desktops
Sharing & Collaboration
Corporate Email
Backup
Queuing & Notifications
Workflow
Search
Transcoding
One-click App Deployment
Identity
Sync
Single Integrated Console
PushNotifications
DevOps Resource Management
Application Lifecycle Management
Containers
Triggers
Resource Templates
TECHNICAL & BUSINESS SUPPORT
Account Management
Support
Professional Services
Training & Certification
Security & Pricing Reports
Partner Ecosystem
Solutions Architects
MARKETPLACE
Business Apps
Business Intelligence
DatabasesDevOps Tools
NetworkingSecurity Storage
Regions Availability Zones
Points of Presence
INFRASTRUCTURE
CORE SERVICES
ComputeVMs, Auto-scaling, & Load Balancing
StorageObject, Blocks, Archival, Import/Export
DatabasesRelational, NoSQL, Caching, Migration
NetworkingVPC, DX, DNS
CDN
Access Control
Identity Management
Key Management & Storage
Monitoring & Logs
Assessment and reporting
Resource & Usage Auditing
SECURITY & COMPLIANCE
Configuration Compliance
Web application firewall
HYBRID ARCHITECTURE
Data Backups
Integrated App Deployments
DirectConnect
IdentityFederation
IntegratedResource Management
Integrated Networking
API Gateway
IoT
Rules Engine
Device Shadows
Device SDKs
Registry
Device Gateway
Streaming Data Analysis
Business Intelligence
MobileAnalytics
AWS• Micro-Perimeters• Own just enough• Focus on your core value• Service-Centric• Platform Services• Continuously Evolving• Central Control Plane (API)
exactly
GxPISO 13485AS9100ISO/TS 16949
AWSFoundationServices
Compute Storage Database Networking
AWSGlobalInfrastructure Regions
AvailabilityZonesEdgeLocations
AWS is responsible for the security OF
the Cloud
AWSFoundationServices
Compute Storage Database Networking
AWSGlobalInfrastructure Regions
AvailabilityZonesEdgeLocations
Client-sideDataEncryption
Server-sideDataEncryption
NetworkTrafficProtection
Platform,Applications,Identity&AccessManagement
OperatingSystem,Network,&FirewallConfiguration
Customerapplications&contentCu
stom
ers
Customers have their choice of
security configurations IN
the Cloud
AWS is responsible for the security OF
the Cloud
control of privacy
you choose to do so
encryption any way that you choose
access
lifecycle and disposal
Customers retain full ownership and control of their content
US-WEST (Oregon)
EU-WEST (Ireland)
ASIA PAC (Tokyo)
US-WEST (N. California)
SOUTH AMERICA (Sao
Paulo)
US-EAST (Virginia)
AWS GovCloud (US)
ASIA PAC (Sydney)
ASIA PAC (Singapore)
CHINA (Beijing)
EU-CENTRAL (Frankfurt)
you put it
Regions
ASIA PAC (Seoul)
segregate duties
WithAWSIAMyougettocontrolwhocandowhatinyourAWSenvironmentandfromwhere
Fine-grainedcontrolofyourAWScloudwithtwo-factorauthentication
Integrated withyourexistingcorporatedirectoryusingSAML2.0andsinglesign-on
AWS account owner
Network management
Security management
Server management
Storage management
Avai
labi
lity
Zone
A
Avai
labi
lity
Zone
B
AWS Virtual Private Cloud • Provision a logically
isolated section of the AWS cloud
• You choose a private IP range for your VPC
• Segment this into subnets to deploy your compute instances
AWS network security• AWS network will prevent
spoofing and other common layer 2 attacks
• You cannot sniff anything but your own EC2 host network interface
• Control all external routing and connectivity
YOUR AWS ENVIRONMENT
AWSDirect
ConnectYOUR
PREMISES
Digital Websites
Big Data Analytics
Dev and Test
Enterprise Apps
AWSInternet
VPN
First class security and compliancestarts (but doesn’t end!) with encryption
Automatic encryption with managed keys
Bring your own keys
Dedicated hardware security modules
you fully control the keys
Increase performance
Comply with stringent regulatory
single tenant for you
EC2 Instance
AWS CloudHSM
AWS CloudHSM
You can also store your encryption keys in AWS CloudHSM
CloudWatch Logs log everything andmonitor events in those logs• Storage is cheap - collect and keep your logs• Store logs durably in write-only storage• Integration with CloudWatch Metrics and Alarms means you
can continually scan for events you know might be suspicious
IF (detect web attack > 10 in a 1 minute period) ALARM - INCIDENT IN PROGRESSNOTIFY SECURITY
Change as the threat environment changesWhat does agility look like?
• Quickly
within hours • Reacting quicker • Continuous assurance