Security in the Cloud - AWS Symposium 2014 - Washington D.C.

Post on 15-Jan-2015

930 views 3 download

Preview:

Click to see full reader

Tags:

Report this document
SHARE

description

Stephen Schmidt, AWS CISO and VP of Security Engineering, provides an overview of innovations in cloud security and the importance of security as an enabler for innovation in enterprises, but particularly in government and other highly regulated industries and segments.

transcript

Security in the Cloud

Stephen E. Schmidt,

Vice President, Security Engineering &

Chief Information Security Officer

AWS Government, Education, and Nonprofits Symposium Washington, DC | June 24, 2014 - June 26, 2014

8th BirthdayLaunched on March 14th, 2006

Startups on AWS

Enterprises on AWS

Public Sector on AWS

System Integrators on AWS

ISVs on AWS

Why are enterprises & government adopting cloud computing and AWS so quickly?

The primary reason enterprises &

governments are moving so quickly to

AWS and the cloud

#1: Agility

Why does agility matter?

Old World: Infrastructure in weeks

Enterprises & Government Can’t Afford to Be Slow

A Culture of Innovation: Experiment Often & Fail Without Risk

Regions Availability Zones Content Delivery POPs

#2: Platform Breadth and Depth

10 regions26 availability zones51 edge locations

It’s Not Just Having Services in a Couple of Regions…

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Direct ConnectRoute 53

VPCNetworking

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Direct ConnectRoute 53

VPCNetworking

Analytics

Data Pipeline

Redshift

EMRKinesis

SWFSNS SQS CloudSearchSES AppStreamCloudFront

Application Services

WorkSpaces

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface

Direct ConnectRoute 53

VPCNetworking

Analytics

Data Pipeline

Redshift

EMRKinesis

SWFSNS SQS CloudSearchSES AppStreamCloudFront

Application Services

WorkSpaces

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Elastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net

OpsWorks CloudFormationContainers & Deployment (PaaS)

Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface

Direct ConnectRoute 53

VPC

Networking

Analytics

Data Pipeline

Redshift

EMRKinesis

SWFSNS SQS CloudSearchSES AppStreamCloudFront

Application Services

WorkSpaces

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Technology Partners Consulting Partners AWS MarketplaceEcosystemElastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net

OpsWorks CloudFormationContainers & Deployment (PaaS)

Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface

Direct ConnectRoute 53

VPCNetworking

Analytics

Data Pipeline

Redshift

EMRKinesis

SWFSNS SQS CloudSearchSES AppStreamCloudFront

Application Services

WorkSpaces

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Support CertificationTrainingProfessional Services

Technology Partners Consulting Partners AWS MarketplaceEcosystemElastic Beanstalk for Java, Node.js, Python, Ruby, PHP and .Net

OpsWorks CloudFormationContainers & Deployment (PaaS)

Management &AdministrationIAM CloudWatchCloudTrail APIs and SDKsManagement ConsoleCloud HSM Command Line Interface

Direct ConnectRoute 53

VPCNetworking

Analytics

Data Pipeline

Redshift

EMRKinesis

SWFSNS SQS CloudSearchSES AppStreamCloudFront

Application Services

WorkSpaces

Regions Availability Zones Content Delivery POPs

Storage GatewayS3 EBS Glacier Import/Export DynamoDB ElastiCache

StorageCompute Databases

RDS

MySQL, PostgreSQL

Oracle, SQL ServerElastic Load BalancerEC2 Auto Scaling

#2: Platform Breadth and Depth

Security is Our No.1 PriorityComprehensive Security Capabilities to Support Virtually Any Workload

PEOPLE & PROCEDURES

NETWORK SECURITY

PHYSICAL SECURITY

PLATFORM SECURITY

“[Enterprise customers are] skipping the years of early getting-their-feet-wet, and immediately jumping in with more significant projects, with more ambitious goals…”

“Increasingly, organizations are asking what can’t go to the cloud, rather than what can…”

“As 2014 dawns, we’re moving into an era of truly mainstream adoption of cloud…”

• SECURITY IS SHARED

WHAT NEEDS TO BE DONE TO KEEP THE SYSTEM SAFE

WHAT WE DO

FOR YOU

WHAT YOU DO YOURSELF

• EVERY CUSTOMER HAS ACCESS TO THE SAME SECURITY CAPABILITIES

• CHOOSE WHAT’S RIGHT FOR YOUR WORKLOAD

• CLOUD SECURITY OFFERS MORE

• VISIBILITY• AUDITABILITY• CONTROL

• MORE VISIBILITY

• CAN YOU MAP YOUR NETWORK?

• WHAT IS IN YOUR ENVIRONMENT RIGHT NOW?

• MORE AUDITABILITY

• SECURITY CONTROL OBJECTIVES

• 1. SECURITY ORGANIZATION• 2. AMAZON USER ACCESS• 3. LOGICAL SECURITY• 4. SECURE DATA HANDLING• 5. PHYSICAL SECURITY AND ENV. SAFEGUARDS• 6. CHANGE MANAGEMENT• 7. DATA INTEGRITY, AVAILABILITY AND REDUNDANCY• 8. INCIDENT HANDLING

• MORE CONTROL

Defense in DepthMulti level security

• Physical security of the data centers• Network security• System security• Data security

DATA

• LEAST PRIVILEGE PRINCIPLE

• AT AWS

• LEAST PRIVILEGE PRINCIPLECONFINE ROLES ONLY TO THE MATERIALREQUIRED TO DO SPECIFIC WORK

• LEAST PRIVILEGE PRINCIPLESEPARATE NETWORKS FOR CORPORATE WORK VS. ACCESSING CUSTOMER DATA

• LEAST PRIVILEGE PRINCIPLEMUST HAVE A BUSINESS NEED-TO-KNOW ABOUT SENSITIVE INFORMATION LIKE DATACENTER LOCATIONS

• LEAST PRIVILEGE PRINCIPLEMUST HAVE A BUSINESS NEED-TO-KNOW IN ORDER TO ACCESS DATACENTERS

• SIMPLE SECURITY CONTROLSARE THE EASIEST TO GET RIGHT, EASIEST TO AUDIT, AND EASIEST TO ENFORCE

• IDC Survey

• Attitudes and Perceptions Around Security and Cloud Services• Nearly 60% of organizations agreed that CSPs [Cloud Service

Providers] provide better security than their own IT organization

• Source: IDC 2013 U.S. Cloud Security Survey• Doc #242836, September 2013

• “Based on our experience, I believe that we can be even more secure in the AWS cloud than in our own data centers”

Tom Soderstrom – CTO – NASA JPL

AWS Security

Stephen E. Schmidt, Chief Information Security Officer

Thank You!

Top related

Deploying a containerized web application with AWS Cloud ... · aws-elasticbeanstalk aws-elasticloadbalancing aws-elasticloadbalancingv2 aws-elasticloadbalancingv2-targets aws-elasticsearch
Documents
May 2018 May Technical Meeting Inside This Issue Thursday ... · AWS CWI Seminar AWS CWI Exam FabTech Canada AWS West Michigan Golf Outing Leadership Symposium AWS Detroit Golf Outing
Documents
Federal Compliance Deep Dive: FISMA, FedRAMP, and Beyond - AWS Symposium 2014 - Washington D.C.
Technology
GIS on AWS Deep Dive - AWS Symposium 2014 - Washington D.C.
Travel
AWS Public Sector Symposium 2014 Canberra | Managing Seasonal Workloads on AWS
Technology
Disaster Recovery in the Cloud: A Case Study - AWS Washington D.C. Symposium 2014 - Partner Presentation - City of Asheville
Technology
AWS Government, Education, and Nonprofits Symposium London, United Kingdom Luncheon Address - Zoouniverse
Technology
Welcome to the AWS Cloud - AWS Symposium 2014 - Washington D.C.
Technology
How Public Sector Entities are Advancing Their Security and Governance Capabilities with AWS - AWS Washington D.C. 2014
Technology
AWS as a Data Platform - AWS Symposium 2014 - Washington D.C.
Business
D.C. McShan, M. Upadhyaya, and I. Shah Pacific Symposium ... · Symbolic Inference of Xenobiotic Metabolism D.C. McShan, M. Upadhyaya, and I. Shah Pacific Symposium on Biocomputing
Documents
2016 AWS Media & Entertainment Cloud Symposium - New York, NY: May 18, 2016
Technology
02 amazon workspaces aws wwps dc symposium - halachmi - version 1 5
Documents
AABPA FALL SYMPOSIUM...AABPA FALL SYMPOSIUM November 17, 1989 Four Seasons Hotel 2800 Pennsylvania Avenue, N.W. Washington, D.C. (Foggy Bottom Metro Stop) "FUTURE TRENDS IN BUDGETARY
Documents
Updating Security Operations for the Cloud - AWS Symposium 2014 - Washington D.C. - Partner Presentation - TrendMicro
Technology
AWS GovCloud (US) Fundamentals: Past, Present, and Future - AWS Symposium 2014 - Washington D.C.
Technology
Washington, D.C. The Total Cost of (Non) Ownership in the ...d36cz9buwru1tt.cloudfront.net/...Total-Cost-of-Non-Ownership-in-the-AWS-Cloud-final.pdf-Amazon Web Services To: AWS Customer
Documents
Big Data on AWS - AWS Washington D.C. Symposium 2014
Technology
F5 Government Symposium 2018 AWS and F5 Deep …...AWS and F5 Deep Dive Ryan Johnson Federal System Engineer 4/4/2018 User PRIVATE CLOUD PUBLIC CLOUD HYBRID CLOUD On premises Off premises
Documents
Presented at the: Second Symposium Innovations in Freight Demand Modeling & Data Improvement SHRP2 Strategic Highway Research Program Washington, D.C.
Documents

Copyright © 2018 DOCUMENTS