Bulletproof & Xero Presentation - AWS Summit Auckland
-
Upload
bulletproof -
Category
Technology
-
view
930 -
download
1
Transcript of Bulletproof & Xero Presentation - AWS Summit Auckland
![Page 1: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/1.jpg)
![Page 2: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/2.jpg)
How Xero
Accelerated Security
Innovation on AWS
![Page 3: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/3.jpg)
Hello!
Jeremy Vincent
Solution Architect
Bulletproof
Aaron McKeown
Lead Security Architect
Xero
Neil Ramsay
Cloud Engineer
Bulletproof
![Page 4: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/4.jpg)
What can you expect today?
An overview of:
• Xero
• AWS Migration Project
• AWS Security Principles
• Key Project Learnings
• Bulletproof
• Cloud Security Considerations
• Secure by Design Guidance
![Page 5: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/5.jpg)
Who are we?
• Cloud House merged with Bulletproof in 2016
• First Premier Partner in A/NZ
• ASX listed (ASX:BPF)
• Only Premier Partner in NZ
• End-to-end Cloud services provider.
• 700+ customers
• 16+ years of experience
• We help you disrupt, transform and innovate
![Page 6: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/6.jpg)
Aaron McKeown,
Lead Security Architect
How Xero Accelerated Security on AWS
![Page 7: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/7.jpg)
Beautiful cloud-based
accounting softwareConnecting people with the right numbers
anytime, anywhere, on any device
![Page 8: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/8.jpg)
1450+
Staff globally
$474mraised in capital
$202msub revenue FY16
23m+
businesses have interacted
on the Xero platform
$1trincoming and outgoing
transactions in past 12 mths
450mincoming and outgoing
transactions in past 12 mths
All figures shown are in NZD
![Page 9: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/9.jpg)
2009 2010 2011 2012 2013 2014 2015 2016
Paying subscribers
700,000+
Subscribers globally
![Page 10: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/10.jpg)
Public cloud
migrationImproving data protection
Eliminating scheduled downtime
Maintaining and improving security
Support the next wave of growth
Reducing our per customer cost
![Page 11: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/11.jpg)
Security Considerations
in the Cloud
![Page 12: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/12.jpg)
Approach: AWS Cloud Security
Security is a Journey
High Pace of Innovation with Cloud
Automation is key
![Page 13: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/13.jpg)
How?
AWS Cloud Security
Focus on API Security
Fast rate of change
Cloud native systems with
consistent security capabilities
![Page 14: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/14.jpg)
How?
AWS Cloud Security
Focus on API Security
AWS IAM
Fast rate of changeAWS
CloudFormation
Cloud native systems with
consistent security capabilitiesAWS KMS
AWSCloudTrail
AWSConfig
CloudWatchLogs
CloudWatch Alarms
AWS IAM
![Page 15: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/15.jpg)
How?
Automation
Version
ControlCI Server
Package
Builder
Deploy
ServerCommit to
Git/masterOps
Get /
Pull
Code
AMIs
Distributed Builds
Run Tests in parallel
Staging Env
Test Env
Code
Config
Tests
Prod Env
Push
ConfigInstall
Create
Repo
CloudFormation
Templates for Environment
Generate
![Page 16: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/16.jpg)
Xero AWS Security Overview
![Page 17: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/17.jpg)
Key principles
Repeatable and automated build and
management of security systems
Accelerated pace of security innovation
On-demand security infrastructure that works at any scale
![Page 18: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/18.jpg)
Security as a service
VPN
connectivity
Host
Based
Security
Web
Application
Security
and
Delivery
Shared Key
Management
Services
Security
Operations
and
Consulting
Services
Secure
Bastion
Access
Proxy
Services
![Page 19: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/19.jpg)
AWS Security Guidance
Recommendations
![Page 20: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/20.jpg)
Secure by Design
AWS Cloud Security
Account structure VPC structureService mapping
Key services VisibilityLogging/Monitoring Secure Bastions
![Page 21: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/21.jpg)
Secure by Design
Account Structure
![Page 22: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/22.jpg)
Secure by Design
Account Structure
Billing
Non-Production
Development
Shared Services
UAT
Production
ProductionStaging
Shared Services
Identity
Security
![Page 23: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/23.jpg)
Secure by Design
Service Mapping
![Page 24: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/24.jpg)
Secure by Design
Service MappingNon-Production
Development
Shared Services
UAT
Security
Production
Staging
Shared Services
Production
Identity
AWS IAM
AWS KMS
IAM Roles
IAM Roles
IAM Policy
IAM Policy
Billing
IAM Roles
IAM Policy
AWSCloudTrail
AWSConfig
ConfigS3 Bucket
CloudTrailS3 Bucket
CloudTrailGlacier Vault
ConfigGlacier Vault
IAM Users
CloudWatch Logs CloudWatch Alarms
IAM Groups
SNS Email Notifications
![Page 25: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/25.jpg)
Secure by Design
VPC Structure
![Page 26: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/26.jpg)
Secure by Design
VPC Structure
Production
Shared Services
Internet Gateway
DMZ “Public” Zone
Protected “Private” ZoneRouter
VPCPeering
Secure Bastion
WAF
NGFW
ADFS
Amazon CloudFront
VPCPeering
Production
EC2 Workloads
PKI
AD
Staging
EC2 Workloads
Outbound Proxy
NTP DNS
S3 VPC Endpoint
IPSec VPN Connection
Internet
Servers
AmazonRoute 53
VPC Flow Log
S3 VPC Endpoint
VPC Flow Log
Static AssetsS3 Bucket
VPN Gateway
Corporate Data Center
CustomerGateway
VPN Gateway
BackupS3 Bucket
![Page 27: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/27.jpg)
Secure by Design
VPC Peering
Production
Shared Services
Internet Gateway
DMZ “Public” Zone
Protected “Private” ZoneRouter
VPCPeering
Secure Bastion
WAF
NGFW
ADFS
Amazon CloudFront
VPCPeering
Production
EC2 Workloads
PKI
AD
Staging
EC2 Workloads
Outbound Proxy
NTP DNS
S3 VPC Endpoint
IPSec VPN Connection
Internet
Servers
AmazonRoute 53
VPC Flow Log
S3 VPCEndpoint
VPC Flow Log
Static AssetsS3 Bucket
VPN Gateway
Corporate Data Center
CustomerGateway
VPN Gateway
BackupS3 Bucket
![Page 28: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/28.jpg)
Secure by Design
VPC Endpoints
Production
Shared Services
Internet Gateway
DMZ “Public” Zone
Protected “Private” ZoneRouter
VPCPeering
Secure Bastion
WAF
NGFW
ADFS
Amazon CloudFront
VPCPeering
Production
EC2 Workloads
PKI
AD
Staging
EC2 Workloads
Outbound Proxy
NTP DNS
S3 VPC Endpoint
IPSec VPN Connection
Internet
Servers
AmazonRoute 53
VPC Flow Log
S3 VPC Endpoint
VPC Flow Log
Static AssetsS3 Bucket
VPN Gateway
Corporate Data Center
CustomerGateway
VPN Gateway
BackupS3 Bucket
![Page 29: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/29.jpg)
Secure by Design
Key Services
![Page 30: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/30.jpg)
Secure by Design
CloudTrail
CloudTrail Settings
All Regions (Multi-Region setting)
Log File Integrity Validation
Log File Encryption with KMS
S3 Bucket Policy
Restrict Authorised Users to have Read-Only access
Allow Only the CloudTrail service to have Write access
Day One
AWS KMS
AWSCloudTrail
CloudTrailS3 Bucket
CloudTrailGlacier Vault
S3 Lifecycle Rules
![Page 31: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/31.jpg)
Secure by Design
Config
Config Settings
All Regions (No multi-region setting, so Automate)
Enable All available Resource Types for tracking
S3 Bucket Policy
Restrict Authorised Users to have Read-Only access
Allow Only the Config service to have Write access
Day One
AWSConfig
ConfigS3 Bucket
ConfigGlacier Vault
S3 Lifecycle Rules
![Page 32: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/32.jpg)
Secure by Design
Identity and Access Management (IAM)
![Page 33: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/33.jpg)
Secure by Design
Identity and Access Management (IAM)
AWS IAM
Amazon
EC2
AWS Elastic
Beanstalk
AWS
Lambda
Amazon
CloudFrontAmazon
S3
Amazon
DynamoDB
Amazon
RDS
Amazon
Redshift
Amazon
VPC
Amazon
Route 53
![Page 34: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/34.jpg)
Identity and Access Management
![Page 35: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/35.jpg)
IAM for Identity Account: Authentication
![Page 36: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/36.jpg)
IAM for Identity Account: AWS Console
+
![Page 37: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/37.jpg)
IAM for Identity Account: API
+
![Page 38: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/38.jpg)
IAM for Identity Account: MFA for Humans
![Page 39: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/39.jpg)
IAM Roles
Build
Repair
Audit
![Page 40: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/40.jpg)
Identity
IAM Cross Account Roles
Non-Production
Production
![Page 41: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/41.jpg)
IAM Guard Rails
customer
gateway
VPN
gateway
VPN
connection
CloudTrail Config KMS IAM
![Page 42: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/42.jpg)
IAM Roles: Limited Time Only
![Page 43: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/43.jpg)
Secure by Design
Logging and Monitoring
![Page 44: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/44.jpg)
Logging/Monitoring
APIAWS
CloudTrail
CloudWatch Logs
CloudTrailS3 Bucket
CloudTrailGlacier Vault
Lifecycle Rules
AWS Config Config S3 Bucket
ConfigGlacier Vault
Lifecycle Rules
AWSLambda
CloudWatchAlarms
CloudWatchMetric Filters
SNS Email Notifications
Alarm
Amazon ElasticsearchService
OR
![Page 45: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/45.jpg)
Logging/Monitoring…
OS
Network
Storage Access Logs
Access Logs S3 Bucket
Access LogsGlacier Vault
Lifecycle Rules
S3 Bucket
Access Logs
Access Logs S3 Bucket
Access LogsGlacier Vault
Lifecycle Rules
Amazon CloudFront
CloudWatch Logs
CloudWatch Alarms
CloudWatchMetric Filters
SNS Email NotificationsAmazon EC2
Log Events
Elastic LoadBalancing
Access Logs
Access Logs S3 Bucket
Access LogsGlacier Vault
Lifecycle Rules
VPC Flow Log CloudWatch Logs
CloudWatch Alarms
CloudWatchMetric Filters
SNS Email Notifications
Packets Log Events
![Page 46: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/46.jpg)
Secure by Design
Visibility
• CloudTrail, Config and the AWS Console
provide a lot of great information
• Can be hard to find the needle in the
haystack...
• Enter Netflix OSS Security Monkey
“You can’t secure what you don’t know about…”
![Page 47: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/47.jpg)
Secure by Design
Security Monkey
![Page 48: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/48.jpg)
Security Monkey: Overview
![Page 49: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/49.jpg)
Security Monkey: Overview - Search
![Page 50: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/50.jpg)
Security Monkey: Overview - Resources
![Page 51: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/51.jpg)
Security Monkey: Users with Admin
![Page 52: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/52.jpg)
Security Monkey: Users with Admin
![Page 53: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/53.jpg)
Security Monkey: Users with Admin – What Changed?
![Page 54: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/54.jpg)
Security Monkey: VPCs with IGWs
![Page 55: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/55.jpg)
Secure by Design
Secure Bastions
![Page 56: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/56.jpg)
Challenge
Secure Bastions
RDP/SSH
Internet
Internet
Bastion
Your Data
SQLServer
Pivot
![Page 57: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/57.jpg)
Solution
Secure Bastions: Multi-Factor Authentication
RDP
BastionSecureBastion
HTTPS
Internet
![Page 58: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/58.jpg)
Duo Login to Windows
![Page 59: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/59.jpg)
Duo Login to Windows: MFA Prompt
![Page 60: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/60.jpg)
Duo Login to Windows: Duo Mobile App
![Page 61: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/61.jpg)
Duo Login to Linux
![Page 62: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/62.jpg)
Solution
Secure Bastions: Dedicated
SQL Mgmt
RDP
RDP
SQLServer
SQL ToolsServer
SecureBastion
![Page 63: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/63.jpg)
Solution
Secure Bastions: Restrict Network Egress
RDP
SecureBastion
SQL ToolsServer
RDP
SQLServer
Internet
![Page 64: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/64.jpg)
Solution
Secure Bastions: Restrict EC2 Instance Profiles
RDP
SecureBastion
IAM Role
IAM Policy
TemporaryAWS CredsLogged-in
User
“Secure Bastion”EC2 Instance
Profile
Delete RDS SQL DB
![Page 65: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/65.jpg)
Solution
Secure Bastions: Restrict EC2 Instance Profiles
SQL ToolsServer
TemporaryAWS Creds
Logged-inUser
RDP
SecureBastion
IAM Role
IAM Policy
TemporaryAWS CredsLogged-in
User
“Secure Bastion”EC2 Instance
Profile
Delete RDS SQL DB
Create RDS SQL DB
“SQL Tools”EC2 Instance
Profile
![Page 66: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/66.jpg)
Solution
Secure Bastions: Disposable
7 Days
EBS Snapshot
Forensics
SecureBastion
SecureBastion
“Golden Image”AMI
Deploy
![Page 67: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/67.jpg)
Key learnings
![Page 68: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/68.jpg)
Key learnings
Measure and Test, Monitor Everything
Welcome to the cloud -"Where's my span port"?
Security by Design -What's that?
Communication is Key -Who are your spokespeople?
![Page 69: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/69.jpg)
Final takeaways
Repeatable and Automated build and
management of Security Systems
Accelerated pace of security innovation
On-Demand security infrastructure that works at any scale
![Page 70: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/70.jpg)
What can I do today?
![Page 71: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/71.jpg)
Things you can do right now
User MFA Tokens
AWS
Config
AWSCloudTrail
![Page 72: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/72.jpg)
Things you should consider
NetflixSecurity Monkey
DuoMFA
Granular Roles
![Page 73: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/73.jpg)
Only A/NZ AWS Premier Partner at the Summit
![Page 74: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/74.jpg)
Over 700+ Happy Customers
![Page 75: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/75.jpg)
What you can do today
• Visit us at stand: P2
• Contact us to discuss your requirements
[email protected] | 0800 258 773
• Enter our draw to win an Amazon Echo
![Page 76: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/76.jpg)
Beautiful accounting software
www.xero.com
![Page 77: Bulletproof & Xero Presentation - AWS Summit Auckland](https://reader031.fdocuments.in/reader031/viewer/2022030305/58729d331a28ab07208b4f7f/html5/thumbnails/77.jpg)
Thank you
Visit us at stand P2 to ask questions