Upload
truongkhue
View
221
Download
1
Embed Size (px)
Citation preview
1. Why does security come first in
enterprise cloud adoption?
New territory Security is hardAWS job zero
Processes detect
unwanted change
Reduce impact
of failure
Visibility & control
are essential
4. Why so many processes?
No stimulus
and response
Low degree
of automation
Lack of
visibility
5. Why are change detection and low-risk
changes are so difficult?
AWS IAM
Identity & Access Management.
Control who does what in your AWS account with
fine-grained policies.
CHOOSE THE RIGHT MODEL
FOR YOUR NEEDS
Automated – AWS manages encryption
Enabled – user manages encryption using AWS
Client-side – user manages encryption using their own mean
AWS Private Key Management Capabilities
AWS CloudHSMDedicated HSM appliances
Managed and monitored by
AWS, but you control the keys
Increase performance for
applications that use HSMs for
key storage or encryption
Comply with stringent
regulatory and contractual
requirements for key protection
EC2 InstanceAWS CloudHSM
You are making
API calls...On a growing set of
services around the
world…
CloudTrail is
continuously
recording API
calls…
And delivering
log files to you
AWS CloudTrail
Continuous ChangeRecordingChanging
Resources
AWS Config
History
Stream
Snapshot (ex. 2014-11-05)
AWS Config
MAKE SECURITY ACTIONABLE
Automate log reviews with AWS Lambda.
Automatically shutdown non-compliant instances.
Validate changes.
Rollback unapproved changes.
CONTINUOUS DEPLOYMENT
FOR SECURITY
Automated deployments are more secure.
Enables “SSH-less” production environments.
Rapid deployment of security fixes.
Use AWS CodeDeploy.
“… We’ll also see organizations adopt cloud
services for the improved security protections
and compliance controls that they otherwise
could not provide as efficiently or effectively
themselves.”
Security’s Cloud Revolution is Upon Us
Forrester Research, Inc., August 2, 2013
Ohpen is a platform ‘out-of-the-box’ and offers financial service providers a fully integrated, multilingual, web-, front-, mid- and back-end solution for mutual funds and savings accounts.
We are extinguishing legacy software by developing the best mutual fund and savings platform in the world.
The financial services industry shall be freed from on premise legacy software by cloud based administration factories, where you just plug in.
“Based on our experience,
I believe that we can be even
more secure in the AWS cloud
than in our own data centers”
Tom Soderstrom – CTO – NASA JPL
Please rate this session & provide your feedback
Download the AWS Summit App
AWS Summit 2015
#AWSSummit@AWS_UKI