S U M M I T - Amazon Web Services

3y ago
114 Views
5 Downloads
1.24 MB
36 Pages
Last View : 10d ago
Last Download : 4m ago
Upload by : Kian Swinton
Transcription

SUMMITBerlin

SessionIDCloud Security: Myths &OpportunitiesTim RainsEMEA Regional Leader Security & ComplianceWorldwide Public SectorAmazon Web ServicesSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AgendaMyth #1: Attacks are getting more advanced.Myth #2: On-premises IT is more secure than the Cloud Myth #3: Data Residency Means Better Security Opportunity: Higher Levels of Security AssuranceOpportunity: InnovationSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Related breakoutsEnterprise SecurityJavier Ribelles, AWSHow to Migrate a Highly Regulated Workload to AWSLucas Shaughnessy, Fraugster LtdIntegrated AWS Idendity and Access Management &Organizations - New FeaturesMarcus Fritsche, AWSSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Examples of Advanced MalwareZeus/Zbot (2007): very successful information stealing TrojanConficker (2008): novel payload distribution mechanismStuxnet (2010): state sponsored cyber-kinetic attackFlame (2012): cryptographic attack enabling forged certificateDuqu 2.0 (2014-2015): advanced persistence capabilities using multiplezero-day vulnerabilities Triton (2016-2017): attack framework to reprogram industrial controlsystems SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Historically Large Publicly Disclosed Data BreachesTop 10 breaches 40% occurred in 2018 80% occurred in the last 2 yearsTop 25 breachesSUMMIT Average 298,084,000 records Greater than population of everycountry except top 3 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Security Organizations Breached RSA SecurityKaspersky LabUS National Security Agency (NSA)DigiNotar certificate authorityEtc.SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Attacker Motivations NotorietyProfitMilitary espionageEconomic espionageHacktivismForeign policy goals via information warfare, cultural manipulation, etc.Etc.SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Attacker Tactics for Initial Compromise1.2.3.4.5.Unpatched vulnerabilitiesSecurity misconfigurationsWeak, leaked, stolen passwordsSocial engineeringInsider threatSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Least Privilege Access to DataSecurity best practiceStart with a minimum set of permissionsGrant additional permissions as necessaryDefine only the required set of permissionsWhat actions a particular service supportsWhat collection of API actions are required for the specific taskWhat permissions are required to perform those actionsSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Confidentiality, Integrity, Availability of DataConfidentiality Controlled, authorized access Preventing exposure, leakage, and theftIntegrity Trustworthy, coherent data Preventing corruption and unauthorized modificationAvailability Reliable, timely access Preventing denial of service at the data layerSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Attacker Tactics for Initial mised-and-tools-to-protect-yourself/SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Zoom In: AWS RegionSample RegionAvailabilityZone AAvailabilityZone BZoom In: AWS AZSample Availability ZoneDatacenterAvailabilityZone CDatacenterDatacenter Independent Geographic Areas, isolated from other Regions (security boundary) Customer chooses in which Region(s) to deploy services Regions are comprised of multiple Availability Zones (AZs), which enables the deployment of HighAvailability Architecture AZs are Independent Failure Zones; Physically separated; On separate Low Risk Flood Plains Discrete Uninterruptible Power Supply (UPS); Onsite backup generation facilities Built for Continuous AvailabilitySUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS Global Infrastructure60 Availability Zones within 20 geographic regions around the world,with announced plans for 12 more Availability Zones and four moreAWS RegionsRegion & Number of Availability ZonesAWS GovCloudEUIreland (3)US-East (3)Frankfurt (3)US-West (3)London (3)US WestParis (3)Oregon (3)Sweden (3)Northern California (3)Asia PacificUS EastSingapore (3)N. Virginia (6), Ohio (3) Sydney (3), Tokyo (4),Seoul (2), Mumbai (2)CanadaOsaka-Local (1)Central (2)ChinaSouth AmericaSão Paulo (3)Beijing (2)Ningxia (3)Announced RegionsBahrain, Hong Kong SAR, Cape Town, MilanSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS CloudFront & Route 53 Edge InfrastructureAmazon CloudFront uses a global network of 160 Points of Presence (149 EdgeLocations and 11 Regional Edge Caches) in 65 cities across 29 countriesSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Myth #2: On-premises IT is more secure than the CloudOn-premisesOn AWSBig PerimeterEnd-to-End OwnershipBuild it all yourselfServer-centric approachDe-centralised AdministrationFocus on physical assetsMultiple (manual) processesSUMMITMicro-PerimetersOwn just enoughFocus on your core valuesService-Centric approachCentral control plane (API)Focus on protecting dataEverything is automated 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Advantages of the API Authoritative - the interface to, and between, AWS servicesAuditable – always know what, and who, is doing whatSecure – verified integrity, authenticated, no covert channelsFast - can be read and manipulated in sub-second timePrecise – defines the state of all infrastructure and servicesEvolving – continuously improvingUniform - provides consistency across disparate componentsAutomatable - enables some really cool capabilitiesSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Attacker Tactics for Initial Compromise1.2.3.4.5.Unpatched vulnerabilitiesSecurity misconfigurationsWeak, leaked, stolen passwordsSocial engineeringInsider threatPhysical location of data doesn’t mitigate any of theseSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Data Residency Does Not Provide Better Security1. Most threats are exploited remotely2. Manual processes present risk of human errorSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Why Unauthorized Risk is Lower in the CloudPreventing unauthorized access requires practicing proper security hygiene and implementing robustpreventive and detective capabilities.1.Encryption - Appropriately encrypting data can make it unreadable if compromised.2.Tokenization – A sequence of data that represents sensitive information and is undecipherablewithout a tokenization system.3.Data Decomposition – Reducing data sets into unrecognizable fragments that are stored in adistributed fashion so that any compromise would yield insignificant data.4.Cyber Deception Defense – Deception solutions use highly sophisticated traps and decoys topresent an attacker with the perception that they have infiltrated the system while in realitydiverting them to a highly controlled environment.SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Broad Accreditations & CertificationsPSNSOC 1SOC 2SOC 3GLACIER VAULT LOCK& SEC RULE 17A-4(F)SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Security AssuranceOn AWSOn-premisesStart with bare concretePeriodic checksWorkload-specific compliancechecksMust keep pace and invest insecurity innovationHeterogeneous governanceprocesses and toolsTypically reactiveSUMMITStart on accredited servicesContinuous monitoringCompliance approach basedon all workload scenariosSecurity innovation drivesbroad complianceIntegrated governanceprocesses and toolsFocus on prevention 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Innovation First standard public telephone kiosk introduced byUK Post Office, produced in concrete, in 1920 and wasdesignated K1 (Kiosk No.1) First red telephone box, constructed in cast iron, deployedin the UK in 1926, called K2 (Kiosk No.2) K3-K8 models introduced 1930-1968 After privatisation in 1982, British Telecom began toreplace most of the existing boxes with modern models BT was reported to have stopped making telephone boxesin January 2001 Public telephone kiosks obsolete less than 100 years afterintroductionSource: https://en.wikipedia.org/wiki/Red telephone boxSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AWS Pace of InnovationSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.COMES TO LONDON

Serverless means SUMMITNo servers to provisionor manageScales with usageNever pay for idleAvailability and faulttolerance built in 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

AI & MLVISIONAI Se r vi c e sM L Se r vi c e und ithms MarketplaceNEWRLTrainingOptimizationNEWM L Fr a m e wo r k s I n f ra stru ctu reP3FRAMEW 5C5nDeploymentHostingNEWElastic inferenceINFRASTRUCTUREInferentiaAWS Greengrass

“The future is already here — it's justnot very evenly distributed.”William GibsonAuthorSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

count-the-value-of-innovation/SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Thank you!Tim Rainsrainstim@amazon.co.ukSUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

SUMMIT 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Amazon SageMaker Amazon Transcribe Amazon Polly Amazon Lex CHATBOTS Amazon Rekognition Image Amazon Rekognition Video VISION SPEECH Amazon Comprehend Amazon Translate LANGUAGES P3 P3dn C5 C5n Elastic inference Inferentia AWS Greengrass NEW NEW Ground Truth Notebooks Algorithms Marketplace RL Training Optimization Deployment Hosting N E W AI & ML

Related Documents:

Texts of Wow Rosh Hashana II 5780 - Congregation Shearith Israel, Atlanta Georgia Wow ׳ג ׳א:׳א תישארב (א) ׃ץרֶָֽאָּהָּ תאֵֵ֥וְּ םִימִַׁ֖שַָּה תאֵֵ֥ םיקִִ֑לֹאֱ ארָָּ֣ Îָּ תישִִׁ֖ארֵ Îְּ(ב) חַורְָּ֣ו ם

Independent Personal Pronouns Personal Pronouns in Hebrew Person, Gender, Number Singular Person, Gender, Number Plural 3ms (he, it) א ִוה 3mp (they) Sֵה ,הַָּ֫ ֵה 3fs (she, it) א O ה 3fp (they) Uֵה , הַָּ֫ ֵה 2ms (you) הָּ תַא2mp (you all) Sֶּ תַא 2fs (you) ְ תַא 2fp (you

Korean also has a formality system built into the language. That is, the way one speaks to an older person who deserves high respect would be different than the way one speaks to a friend. There are many ways words in a sentence can change depending on the formality of the situation, but the two most common, basic and important things to be aware of are: 1) There are two ways to say “I” or .

2.1 ASTM Standards: 3 C 670 Practice for Preparing Precision and Bias Statements for Test Methods for Construction Materials E4Practices for Force Verification of Testing Machines E74Practice of Calibration of Force-Measuring Instru-ments for Verifying the Force Indication of Testing Ma-chines 3. Summary of Test Method 3.1 A metal insert is either cast into fresh concrete or installed into .

Didaktisierung zu Beste Freunde A2 Leseheft, Blauer Mond ISBN 978-3-19-081052-9 2018 Hueber Verlag Autorin: Marion Techmer 2 Blauer Mond

APPENDIX I ARCHITECTS AND DESIGNERS’ BIOGRAPHIES Architects at the University of Stirling 1.1 Robert Matthew Johnson-Marshall and Partners Robert Hogg Matthew was born in Edinburgh in 1906 and was educated at the then Edinburgh Institution (now Stewarts Melville College). He trained to be an architect at the Edinburgh College of Art, gaining his diploma in 1930. Upon graduation Matthew .

The Principles catalog captures principles of the business and architecture principles that describe what a "good" solution or architecture should look like. Principles are used to evaluate and agree an outcome for architecture decision points. Principles are also used as a tool to assist in architectural governance of change initiatives. The Principles catalog contains the following metamodel .

Cambridge International Teacher Guide, schemes of work and other published resources. Each sub-strand has a blue reporting code, e.g. Nn. These codes appear in Checkpoint feedback reports. Stages 1 and 2 are not assessed and so do not have reporting codes. Similarly, Problem solving is not assessed separately and so does not have a reporting code. Cambridge Primary Mathematics 0845 Curriculum .