Enterprise Security Considerations
-
Upload
amazon-web-services -
Category
Technology
-
view
224 -
download
1
description
Transcript of Enterprise Security Considerations
![Page 1: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/1.jpg)
![Page 2: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/2.jpg)
JOB ZERO
![Page 3: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/3.jpg)
Job Zero
Network Security
Physical Security
Platform Security
People & Procedures
![Page 4: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/4.jpg)
Job Zero What We Do
Heavy Lifting
![Page 5: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/5.jpg)
SHARED
![Page 6: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/6.jpg)
constantly improving
AWS Founda+on Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones Edge Loca+ons
AWS is responsible for the security OF
the Cloud
GxP ISO 13485 AS9100 ISO/TS 16949
![Page 7: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/7.jpg)
AWS Founda+on Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones Edge Loca+ons
Client-‐side Data Encryp2on
Server-‐side Data Encryp2on
Network Traffic Protec2on
Pla<orm, Applica2ons, Iden2ty & Access Management
Opera2ng System, Network & Firewall Configura2on
Customer applica2ons & content Cu
stom
ers
shared responsibility
Customers have their choice of
security configurations IN
the Cloud
AWS is responsible for the security OF
the Cloud
![Page 8: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/8.jpg)
FAMILIAR
![Page 9: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/9.jpg)
familiar
– Agility
![Page 10: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/10.jpg)
AWS
![Page 11: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/11.jpg)
The practice of security at AWS is different, but the outcome is familiar:
Focus on your business, not the undifferentiated heavy lifting
This applies within AWS, just as it does for our customers
![Page 12: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/12.jpg)
The practice of security at AWS is different, but the outcome is familiar:
Focus on your business, not the undifferentiated heavy lifting
Make it easier for our customers (internal & external) to do
the “right” thing
![Page 13: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/13.jpg)
The practice of security at AWS is different, but the outcome is familiar:
Apply more effort to the “why” rather than the “how”
Why is what really matters
When something goes wrong, ask the “five why’s”
![Page 14: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/14.jpg)
The practice of security at AWS is different, but the outcome is familiar:
Decentralize - don’t be a bottleneck
It’s human nature to go around a bottleneck
![Page 15: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/15.jpg)
The practice of security at AWS is different, but the outcome is familiar:
So what does your security team look like?
![Page 16: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/16.jpg)
The practice of security at AWS is different, but the outcome is familiar:
Everyone’s an owner
When the problem is “mine” rather than “hers” there’s a much higher likelihood I’ll do
the right thing
![Page 17: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/17.jpg)
Measure constantly, report regularly, & hold senior executives accountable for
security – have them drive the right culture
The practice of security at AWS is different, but the outcome is familiar:
![Page 18: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/18.jpg)
![Page 19: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/19.jpg)
Our Tenets (unless you know better):
![Page 20: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/20.jpg)
Our Tenets (unless you know better):
• We lead AWS in helping prevent unauthorized access to AWS resources: our customers’ or ours. We continuously assess our systems, identify exposures, evaluate risks, and relentlessly drive mitigations.
![Page 21: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/21.jpg)
Our Tenets (unless you know better):
• We are the one-stop shop for all security questions within AWS. In cases where we don’t own the answer, we own getting the question answered.
![Page 22: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/22.jpg)
Our Tenets (unless you know better):
• We build systems and provide recommendations that make it easier to build secure systems than it is to build insecure ones.
![Page 23: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/23.jpg)
![Page 24: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/24.jpg)
Our Culture:
• Saying “no” is a failure
![Page 25: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/25.jpg)
Our Culture:
• Measure measure measure • 5 min metrics are too coarse • 1 min metrics just barely OK
![Page 26: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/26.jpg)
Our Culture:
• Base decisions on facts, metrics & detailed understanding of your environment and adversaries
![Page 27: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/27.jpg)
Our Culture:
• Produce services that others can consume through hardened APIs
![Page 28: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/28.jpg)
Our Culture:
• Test, CONSTANTLY • Inside/outside • Privileged/unprivileged • Black-box/white-box • Vendor/self
![Page 29: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/29.jpg)
Our Culture:
• Proactive monitoring rules the day • What’s “normal” in your environment? • Depending on signatures == waiting to
find out WHEN you’ve been had
![Page 30: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/30.jpg)
Our Culture:
• Collect, digest, disseminate & use intelligence
![Page 31: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/31.jpg)
Our Culture:
• Make your compliance team a part of your security operations
![Page 32: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/32.jpg)
Simple Security Controls
![Page 33: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/33.jpg)
![Page 34: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/34.jpg)
REDUCTION
![Page 35: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/35.jpg)
REDUCTION
![Page 36: Enterprise Security Considerations](https://reader038.fdocuments.us/reader038/viewer/2022103001/55908c1f1a28aba2548b45e8/html5/thumbnails/36.jpg)
BETTER OFF IN AWS