1 / 18

Automating Security in the Cloud

Automating Security in the Cloud. Modernizing Technology Governance Tim Sandage, AWS Sr. Security Partner Strategist. Problem Statement. Increasing complexity (mobility, system connectivity, etc.) causes increasing difficulty in managing risk and security and demonstrating compliance.

joanfranklin
Download Presentation

Automating Security in the Cloud

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automating Security in the Cloud • Modernizing Technology Governance • Tim Sandage, AWS • Sr. Security Partner Strategist

  2. Problem Statement Increasing complexity (mobility, system connectivity, etc.) causes increasing difficulty in managing risk and security and demonstrating compliance.

  3. Current State – Technology Governance

  4. Issues – Technology Governance The majority of technology governance processes relies predominantly on administrative and operational security controls with LIMITEDtechnology enforcement. Risk AWS has an opportunity to innovate and advance Technology Governance Services.

  5. Security by Design Security by Design (SbD) is a security assurance approach that formalizes AWS account design, automates security controls, and streamlines auditing. Instead of relying on auditing security retroactively, SbD provides security control built in throughout the AWS IT management process. Identity & Access Management Trusted Advisor CloudWatch Cloud HSM Key Management Service Config Rules Directory Service CloudTrail

  6. Security by Design - Design Principles Developing new risk mitigation capabilities, which go beyond global security frameworks, by treating risks, eliminating manual processes, optimizing evidence and audit ratifications processes through rigid automation • Build security in every layer • Design for failures • Implement auto-healing • Think parallel • Plan for Breach • Don't fear constraints • Leverage different storage options • Design for cost • Treat Infrastructure as Code • Modular • Versioned • Constrained

  7. SbD - Modernizing Technology Governance (MTG)

  8. SbD – Rationalize Security Requirements AWS has partnered with CIS Benchmarks to create consensus-based, best-practice security configuration guides which will align to multiple security frameworks globally. • The Benchmarks are: • Recommended technical control rules/values for hardening operating systems, middle ware and software applications, and network devices; • Distributed free of charge by CIS in .PDF format • Used by thousands of enterprises as the basis for security configuration policies and the de facto standard for IT configuration best practices. https://www.cisecurity.org/

  9. SbD – AWS CIS Benchmark Scope Elastic Load Balancing Identity & Access Management EC2 VPC CloudTrail CloudWatch Direct Connect S3 VPN Gateway Route 53 Glacier Cloud HSM Key Management Service Config & Config Rules SNS Amazon Elastic Block Store CloudFront Foundational Benchmark Three-tier Web Architecture

  10. Define Data Protections and Controls

  11. Document Security Architecture https://getcompliant.allgress.com/gc

  12. SbD – Automate Security Operations Automate deployments, provisioning, and configurations of the AWS customer environments

  13. Continuous Monitoring –Splunk

  14. Splunk App for AWS – Visualize & Monitor

  15. SbD - Modernizing Technology Governance (MTG) Automate Governance Automate Deployments Automate Security Operations Continuous Compliance

  16. Closing the loop - SbD - Modernizing Technology Governance • Result: Reliable technical implementation and enforcement of operational and administrative controls

  17. Questions?

More Related