Security Day - Intro
-
Upload
amazon-web-services -
Category
Business
-
view
2.113 -
download
0
Transcript of Security Day - Intro
AWS Security Day Welcome
9:00 Welcome & Keynote
9:30 The AWS Shared Security Responsibility Model in Practice
10:10 FIRE ALARM TEST
10:20 Break
10:45 IAM Best Practices
11:30 Encryption Options on AWS
12:30 Lunch
13:30 AWS Logging, Analysis and Alerting
14:30 Account Separation and Mandatory Access Control
15:30 What’s New: Web Application Firewall, Config Rules, Inspector
16:30 Q &A + Close
Today’s Session Plan
Feedback.
It’s really important
to us
#AWS
#SecurityDay
Over 1 Million Active Customers
“Active customer” is defined as a non-Amazon customer with AWS account usage activity in the past month, including the free tier
2 0 0 8 2 0 0 9 2 0 1 0 2 0 1 1 2 0 1 2 2 0 1 3 2 0 1 52 0 14
Startup Customers
http://aws.amazon.com/solutions/case-studies/
Meerkat
Enterprise Customers
http://aws.amazon.com/solutions/case-studies/
ISV Partners
http://aws.amazon.com/solutions/case-studies/
Gartner“MagicQuadrantforCloudInfrastructureasaService,”LydiaLeong,DouglasToombs,BobGill,GregorPetri,TinyHaynes,May28,2014.ThisMagicQuadrantgraphicwaspublishedbyGartner,Inc.aspartofalargerresearchnoteandshouldbeevaluatedinthecontextoftheenMrereport.TheGartnerreportisavailableathNp://aws.amazon.com/resources/analyst-reports/.Gartnerdoesnotendorseanyvendor,productorservicedepictedinitsresearchpublicaMons,anddoesnotadvisetechnologyuserstoselectonlythosevendorswiththehighestraMngs.GartnerresearchpublicaMonsconsistoftheopinionsofGartner'sresearchorganizaMonandshouldnotbeconstruedasstatementsoffact.GartnerdisclaimsallwarranMes,expressedorimplied,withrespecttothisresearch,includinganywarranMesofmerchantabilityorfitnessforaparMcularpurpose.
Gartner Magic Quadrant Cloud Infrastructure as a Service
Cloud Has Become The New Normal
What Are The Patterns Of This New Normal?
Start-ups Build Businesses From Scratch In The Cloud
1
No legacy Lower cost structureNo dependencies
SMove quickly
Building All Applications In The Cloud
Disrupt Long Standing Industries, Quickly
Hotels Storage Gaming
Collaboration Matchmaking
Speed Is Not Just For Start-ups: Companies of All Sizes Move Faster Than Ever Before
2
It’s Impossible To Stay Competitive Today Without The Cloud
In The Old Days…
Spend millions for expensive, inflexible, slow-moving infrastructure that is
#FrozenInTime
Old World
Large upfront capital investment
Basic compute and storage only
Responsible for feature upgrades
Slow to get new capabilities
Low, variable cost
Broad and deep platform
New features arrive daily
Ready to use
Enterprises Are Using The Cloud For New Apps & Digital Transformation
StatCast App platform Healthcare E-commerce
Digital Personal Finance Web Digital content
Customers Want Access To The Sunday Roast with all the Trimmings
3
Key Components Of Agility
+ =
Quick to provision
Don’t have to reinvent the wheel
Vast infrastructure technology platform
Vast Infrastructure Technology Platform
RegionsAvailability Zones
Points of Presence
INFRASTRUCTURE
CORE SERVICES
Compute VMs, Auto-scaling, & Load Balancing
Storage Object, Blocks, Archivals, Import/Export
Databases Relational, NoSQL, Caching, Migration
Networking VPC, DX, DNSCDN
Vast Infrastructure Technology Platform
ENTERPRISE APPS
DEVELOPMENT & OPERATIONSMOBILE SERVICESAPP SERVICESANALYTICS
Data Warehousing
Hadoop/Spark
Streaming Data Collection
Machine Learning
Elastic Search
Virtual Desktops
Sharing & Collaboration
Corporate Email
Backup
Queuing & Notifications
Workflow
Search
Transcoding
One-click App Deployment
Identity
Sync
Single Integrated Console
Push Notifications
DevOps Resource Management
Application Lifecycle Management
Containers
Triggers
Resource Templates
TECHNICAL & BUSINESS SUPPORT
Account Management
Support
Professional Services
Training & Certification
Security & Pricing Reports
Partner Ecosystem
Solutions Architects
MARKETPLACE
Business AppsBusiness Intelligence DatabasesDevOps Tools NetworkingSecurity Storage
Access Control
Identity Management
Key Management & Storage
Monitoring & Logs
Assessment & Reporting
Resource & Usage Auditing
SECURITY & COMPLIANCE
Configuration Compliance
Web Application Firewall
HYBRID ARCHITECTURE
Data Backups
Integrated App Deployments
Direct Connect
Identity Federation
Integrated Resource Management
Integrated Networking
API Gateway
IoT
Rules Engine
Device Shadows
Device SDKs
Registry
Device Gateway
Streaming Data Analysis
Business Intelligence
Mobile Analytics
RegionsAvailability Zones
Points of Presence
INFRASTRUCTURE
CORE SERVICES
Compute VMs, Auto-scaling, & Load Balancing
Storage Object, Blocks, Archivals, Import/Export
Databases Relational, NoSQL, Caching, Migration
Networking VPC, DX, DNSCDN
Expansive Services With Depth of Functionality
Compute Databases Encryption Access Control
General Purpose (M4)
Compute Optimized (C4)
Memory Optimized (R3)
High Memory (X1)
GPU Optimized (G2)
Storage Optimized (D2)
IO Optimized (I2)
Low Cost, Burst-able Performance (T2)
Dedicated Instances
RDS For MySQL
RDS For SQL Server
RDS For Oracle
RDS For PostgreSQL
RDS For MariaDB
RDS For Amazon Aurora
Multi-AZ Synchronous Replication
Read Replica Support
Server-side Object Encryption
Customer Controlled Keys
Dedicated HSMs
Integrated Key Management
Key Usage Auditing
Identity Policies
Location Policies
Time-based Policies
Individual API Calls
Key Rotation
Temporary Credentials
Policy Simulator
AWS Rapid Pace Of Innovation 722 major new features and services launched in 2014
2009
48
159
722
82
2011 2013 2015
Invention Is Continuous
4
For Example, Consider Compute…
m1.small General Purpose (M3)
Compute Optimized (C4)
Memory Optimized (R3)
GPU Optimized (G2)
Storage Optimized (D2)
IO Optimized (I2)
Low cost, burst-able performance (T2)
New
Building With Smaller Blocks
Quicker to build Lower costEasier to adapt and update
</> </></>
Shrinking Compute To Atomic Scale With AWS Lambda
AWS Lambda: An Event Driven Computing Service
Events from AWS services Cloud Functions in Node.js
Automatic execution with no servers to provision
How Are Customers Using AWS Lambda?
Data triggers Stream processing Indexing & synchronization
1100
111 1
1
00
00
0 1100
111 1
1
00
00
01100
111 1
1
00
00
0 1100
111 1
1
00
00
0
IoT Server-free back-end
us-west-2
ELB
ELB
Bidders
Ad Servers
us-east-1
ELB
ELB
Bidders
Ad Servers
eu-west-1
ELB
ELB
Bidders
Ad Servers
ap-southeast-1
ELB
ELB
Bidders
Ad Servers
ap-northeast-1
ELB
ELB
Bidders
Ad Servers
Kinesis
S3
60B Events/Day
600k Files/Day
SQS
SQS
SQS
SQS
Machine Learning
Analytics
Dynamic Creatives
Profiles
DynamoDB
us-west-2
DynamoDB
us-east-1
DynamoDB
eu-west-1
DynamoDB
ap-southeast-1
DynamoDB
ap-northeast-1
Learning more about AWS
aws.amazon.com/blogs/aws
aws.amazon.com/new
@AWScloud @AWS_UKI
Let’s Get Started
@IanMmmm
Ian Massingham
AWS Technology Evangelist