Secure Your New Public Cloud

21st Century IT Security

Cloud Security

Shared Responsibility Model

CUSTOMER DATA

PLATFORM & APPLICATION MANAGEMENT

OPPERATING SYSTEM, NETWORK, & FIREWALL CONFIGURATION

CLIENT-SIDE DATA ENCRYPTION & DATA INTEGRITY AUTHENTICATION

SERVER-SIDE ENCRYPTION(FILE SYSTEM AND/OR DATA)

NETWORK TRAFFIC PROTECTION(ENCRYPTION/INTEGRITY/IDENTITY)

OPTIONAL – OPAQUE DATA: 0S & 1S (IN TRANSIT/AT REST)

FOUNDATION SERVICES

AWS GLOBAL INFRASTRUCTURE

AWS

ENDP

OINT

S AWS IAM

CUSTOMER IAM

COMPUTE STORAGE DATABASES NETWORKING

REGIONS AVAILABILITY ZONES

EDGE LOCATIONS

Managed by AWS Customers

Managed by Amazon Web Services

Shared Responsibility Model

CUSTOMER DATA

PLATFORM & APPLICATION MANAGEMENT

OPPERATING SYSTEM, NETWORK, & FIREWALL CONFIGURATION

CLIENT-SIDE DATA ENCRYPTION & DATA INTEGRITY AUTHENTICATION

SERVER-SIDE ENCRYPTION(FILE SYSTEM AND/OR DATA)

NETWORK TRAFFIC PROTECTION(ENCRYPTION/INTEGRITY/IDENTITY)

OPTIONAL – OPAQUE DATA: 0S & 1S (IN TRANSIT/AT REST)

FOUNDATION SERVICES

AWS GLOBAL INFRASTRUCTURE

AWS

ENDP

OINT

S AWS IAM

CUSTOMER IAM

COMPUTE STORAGE DATABASES NETWORKING

REGIONS AVAILABILITY ZONES

EDGE LOCATIONS

Managed by AWS Customers

Managed by Amazon Web Services

Security IN the Cloud

Security OF the Cloud

MORE VISIBILITYMORE CONTROL

MORE AUDITABILITYMORE AGILITY

Security is Visible

Who is accessing the resources?Who took what action?

§ When?§ From where?§ What did they do?§ Logs Logs Logs

EVERYTHING IS AN API CALL.

EVERYTHING GENERATES LOGS.

TERABYTES OF LOGS A DAY…

21st Century IT Security

Intelligent Security

Protect Sensitive Data: Macie

Protect Sensitive Data: Macie

AWS Shield: Managed DDoS Protection

CloudWatch Alert:More than 1,000

Open Connections to ELB from a single IP

Log an incident

WAF Rule: block source

Wait 1 hour

Remove WAF Rule

AWS WAF

AWS ELB

S3 Evidence Repository

ForensicsSave Logs

CloudWatch

Automated Incident Response: DDoS Attack

Intelligent Threat Detection: GuardDuty

Intelligent Threat Detection: GuardDuty

Cloud is Simply Better: Personal Data Protection & GDPR

Automated Incident Response: Infected Instance

Guard Duty Report: Instance ID

i-1234567890abcdef0

Log an incident

Isolate the Instance from the

network

Shut down instance

S3 Evidence Repository

Memory Dump

Disk Dump

Forensics

Establishing Secure Cloud Services

ISO 27001PCI/DSS

Personal Data Protection

CSP

Com

plia

nce,

Thre

at a

nd G

ap

Anal

ysis

Secu

rity

Stra

tegy

Desig

n

Secu

rity

Prog

ram

me

Desig

n

Secu

rity

Play

book

Impl

emen

tatio

n&

Test

ing

Secure & Compliant Cloud

Systems & Applications

Risk Management

Security Operations & Management

Legacy Cloud Systems &

Applications

Cloud Security

ConsiderationsPREPARE

PREVENT

DETECT

RESPOND

HeleCloud Company Overview

Maidenhead, UK1 Bell Street, Maidenhead, Berkshire, SL6 1BU, UK,

+44 20 3286 2227office@helecloud.com

Thank you!

Dob@helecloud.com