Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automating Security in the Cloud

Published byMichael Horn Modified over 5 years ago

Similar presentations

Presentation on theme: "Automating Security in the Cloud"— Presentation transcript:

1 Automating Security in the Cloud
Modernizing Technology Governance Tim Sandage, AWS Sr. Security Partner Strategist

2 Problem Statement Increasing complexity (mobility, system connectivity, etc.) causes increasing difficulty in managing risk and security and demonstrating compliance.

3 Current State – Technology Governance
Policies Procedures and Guidelines Standards Manual governance structure includes policies, standards, and procedures. Key governance questions What do I have? How it is performing? Who is controlling it? What is it costing me? Is it secure and compliant? Are changes occurring with the right processes and protections?

4 Issues – Technology Governance
The majority of technology governance processes relies predominantly on administrative and operational security controls with LIMITED technology enforcement. Assets Threat Vulnerability Risk AWS has an opportunity to innovate and advance Technology Governance Services.

5

6 Identity & Access Management Key Management Service
Security by Design Security by Design (SbD) is a security assurance approach that formalizes AWS account design, automates security controls, and streamlines auditing. Instead of relying on auditing security retroactively, SbD provides security control built in throughout the AWS IT management process. Identity & Access Management Trusted Advisor CloudWatch By utilizing Security by Design CloudFormation templates, AWS security services and constraining services in the cloud through complaint design. Cloud HSM Key Management Service Config Rules Directory Service CloudTrail

7 Security by Design - Design Principles
Developing new risk mitigation capabilities, which go beyond global security frameworks, by treating risks, eliminating manual processes, optimizing evidence and audit ratifications processes through rigid automation Build security in every layer Design for failures Implement auto-healing Think parallel Plan for Breach Don't fear constraints Leverage different storage options Design for cost Treat Infrastructure as Code Modular Versioned Constrained

8 SbD - Modernizing Technology Governance (MTG)
Workshop: Moving workloads Workshop: Strategy and Playbook Workshop: Run books Workshop: Testing/ Game Days

9 SbD – Rationalize Security Requirements
AWS has partnered with CIS Benchmarks to create consensus-based, best-practice security configuration guides which will align to multiple security frameworks globally. The Benchmarks are: Recommended technical control rules/values for hardening operating systems, middle ware and software applications, and network devices; Distributed free of charge by CIS in .PDF format Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices. (many benchmarks are also available to CIS Security Benchmarks Members in XCCDF, a machine-readable XML format for use with benchmark assessment tools and Members' custom scripts);

10 SbD – AWS CIS Benchmark Scope
Elastic Load Balancing Identity & Access Management CloudTrail CloudWatch EC2 VPC Direct Connect S3 VPN Gateway Cloud HSM Glacier Route 53 Key Management Service Config & Config Rules SNS Amazon Elastic Block Store CloudFront Foundational Benchmark Three-tier Web Architecture

11 Define Data Protections and Controls

12 Document Security Architecture

13 SbD – Automate Security Operations
Automate deployments, provisioning, and configurations of the AWS customer environments Enables the ability to bring up an entire environment automatically. Deploy servers, configure networking, assign storage. Manage configuration and access. Track and maintain different versions of the code. Audit changes.

14 Continuous Monitoring –Splunk

15 Splunk App for AWS – Visualize & Monitor

16 SbD - Modernizing Technology Governance (MTG)
Automate Governance Automate Deployments Automate Security Operations Continuous Compliance

17 Closing the loop - SbD - Modernizing Technology Governance
Result: Reliable technical implementation and enforcement of operational and administrative controls Thanks, Tim. As you saw, we showed you how to create a golden environment, making only that configuration available via Service Catalog, and then granting permissions to launch those environments. To reemphasize: Security by Design architecture is authoritative. It provides reliable operation of certain controls and allows for continuous and real-time auditing capability. It is essentially scripting your governance policy. The result is a huge win in the security assurance, governance, security and compliance space: you get reliable implementation of what was previously just written in books as a policy. You get enforceable security and compliance. You have functional governance.

18 Questions?

Download ppt "Automating Security in the Cloud"

Similar presentations

A Ridiculously Easy & Seriously Powerful SQL Cloud Database Itamar Haber AVP Ops & Solutions.

A Ridiculously Easy & Seriously Powerful SQL Cloud Database Itamar Haber AVP Ops & Solutions.
1 NETE4631 Cloud deployment models and migration Lecture Notes #4.

1 NETE4631 Cloud deployment models and migration Lecture Notes #4.
Infrastructure as a Service (IaaS) Amazon EC2

Infrastructure as a Service (IaaS) Amazon EC2
Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005

Computer Associates Solutions Managing eBusiness Catalin Matei, April 12, 2005
“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)

“ Does Cloud Computing Offer a Viable Option for the Control of Statistical Data: How Safe Are Clouds” Federal Committee for Statistical Methodology (FCSM)
© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.

© 2009 IBM Corporation Delivering Quality Service with IBM Service Management April 13 th, 2009.
Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.

Successful Deployment and Solid Management … Close Relatives Tim Sinclair, General Manager, Windows Enterprise Management.
AWS Simple Icons v15.9 AWS Simple Icons: Usage Guidelines Check to make sure you have the most recent set of AWS Simple Icons This version was last updated.

AWS Simple Icons v15.9 AWS Simple Icons: Usage Guidelines Check to make sure you have the most recent set of AWS Simple Icons This version was last updated.
SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.
12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,
Software. Using Automated Tools to Effectively Manage Tomorrow’s Data Center Stephen Elliot Vice President of Strategy Virtualization and Service Automation.

Software. Using Automated Tools to Effectively Manage Tomorrow’s Data Center Stephen Elliot Vice President of Strategy Virtualization and Service Automation.
Microsoft Management Seminar Series SMS 2003 Change Management.

Microsoft Management Seminar Series SMS 2003 Change Management.
CMI Cloud Solutions Overview. 2 Experts in Cloud Architecture Architect and deploy complex AWS and SoftLayer environments (EC2, EBS, ELB, RDS, Route 53,

CMI Cloud Solutions Overview. 2 Experts in Cloud Architecture Architect and deploy complex AWS and SoftLayer environments (EC2, EBS, ELB, RDS, Route 53,
Alfresco Enterprise on Azure Shah Rahman Founder and CEO, CloudlyIO.

Alfresco Enterprise on Azure Shah Rahman Founder and CEO, CloudlyIO.
Bridging The Gap between Development and Production Kevin Sangwell Infrastructure Architect Microsoft Regional Head Quarters.

Bridging The Gap between Development and Production Kevin Sangwell Infrastructure Architect Microsoft Regional Head Quarters.
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Darren Thayre, AWS Professional Services Succeeding with AWS by delivering high.

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Darren Thayre, AWS Professional Services Succeeding with AWS by delivering high.
Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Deploying Docker Datacenter on AWS © 2016, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Architecting Enterprise Workloads on AWS Mike Pfeiffer.

Architecting Enterprise Workloads on AWS Mike Pfeiffer.
If it’s not automated, it’s broken!

If it’s not automated, it’s broken!
AWS BEST PRACTICES Module 3: Security in AWS July 2017.

AWS BEST PRACTICES Module 3: Security in AWS July 2017.

Similar presentations

Ads by Google