LIFT OFF 2017: AWS and Cloud Computing
-
Upload
robert-herjavec -
Category
Technology
-
view
423 -
download
0
Transcript of LIFT OFF 2017: AWS and Cloud Computing
Tim SandageSenior Security Partner Strategist, Amazon Web Services
Cloud Computing - How Does it Work?
Security Benefits Expert Guidance Product Features Compliance
Cloud Computing provides a simple and secure way to access servers, storage, databases and a broad set of application services over the Internet.
AWS “Shared Responsibility” model illustrated
AWS Global InfrastructureAWS Cloud operates 42 Availability Zones within 16 geographic Regions around the world.
Canada Edge locations:• Montreal, QC • Toronto, ON
Cloud Computing Security?
Yes, when deployed Correctly…
• Focus - Promotes culture of “everyone is an owner” for security• Prioritize - Makes security a stakeholder in business success• Enables - Easier and smoother communication
Distributed Embedded
AWS Cloud Security
“We worked closely with the Amazon team to develop a security model, which we believe enables us to operate more securely in the public cloud than we can even in our data centers.”
Rob Alexander CIO, Capital One
Cloud Computing Trends
Hybrid Cloud Computing
Cloud Services Brokerage
Cloud Friendly Decision
Frameworks
Application Design Cloud-Optimized
AWS Reports, Certifications & Accreditations
https://aws.amazon.com/compliance/
Traditional Security Approaches…
Defense in Depth• Multi level security
• Physical security of the data centers• Network security• System security• Data security
DATA
AWS Security by DesignSecurity by Design (SbD) is a security assurance approach that formalizes AWS account design, automates security controls, and streamlines auditing.
Instead of relying on auditing security retroactively, SbD provides security control built in throughout the AWS IT management process.
Identity & Access Management
CloudTrail
CloudWatch
Config Rules
Trusted Advisor
Cloud HSMKey Management Service
Directory Service
Security by Design - Design Principles
• Build security in every layer • Design for failures • Implement auto-healing • Think parallel • Plan for Breach
• Don't fear constraints • Leverage different storage options • Design for cost • Treat Infrastructure as Code
• Modular• Versioned• Constrained
Developing new risk mitigation capabilities, which go beyond global security frameworks, by treating risks, eliminating manual processes, optimizing evidence and audit ratifications processes through rigid automation
SbD - Modernizing Technology Governance (MTG)
1.2 Identify Your Workloads Moving to AWS
2.1 Rationalize Security Requirements
2.2 Define Data Protections and Controls
2.3 Document Security Architecture
3.1 Build/deploy Security Architecture
1. Decide what to do (Strategy)
2. Analyze and Document (outside of AWS)
1.1 Identify Stakeholders
3. Automate, Deploy & Monitor
3.2 Automate Security Operations
4. Certify
3.3 Continuous Monitor
4.1 Audit and Certification
3.4 Testing and Game Days
Automating - Security RequirementsAWS has partnered with CIS Benchmarks to create consensus-based, technical security configuration guide which align to multiple security frameworks globally.
https://www.cisecurity.org/
The Benchmarks are:
Technical security control rules/values for hardening AWS services, auditing and remediate configurations.
Security Automation Building BlocksAutomate deployments, provisioning, and configurations of the AWS customer environments
CloudFormation Service CatalogStack
Template
Instances AppsResourcesStack
Stack
Design Package
Products Portfolios
DeployConstrain
Identity & Access Management
Set Permissions
Splunk App for AWSEC2
EMR
Kinesis
R53
VPC
ELB
S3
CloudFront
CloudTrail
CloudWatch
RedshiftSNS
API Gateway
Config
RDS
CF
IAM
Lambda
Explore Analyze Dashboard Alert Act
AWS Data Sources
Comprehensive AWS Visibility
SbD - Modernizing Technology Governance (MTG)
Automate Governance
Automate Deployments
Automate Security Operations
Continuous Compliance
Thank You!