Upload File

devsecops on the aws cloud - ciso-mba.comciso-mba.com/docs/logicworks - aws chicago summit.pdf ·...

  • Home
  • Documents
  • DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud
15
DevSecOps on the AWS Cloud Matthew Sharp Chief Information Security Officer www.logicworks.com

Upload: hahuong

Post on 22-Apr-2018

226 views

Category:

Documents


5 download

Report

TRANSCRIPT

Page 1: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

DevSecOps on the AWS Cloud

Matthew SharpChief Information Security Officer

www.logicworks.com

Page 2: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud
Page 3: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

The pace of innovation has dramatically accelerated, and security teams struggle to keep up.

The days when IT managed monolithic, infrequently modified systems are long gone.

Page 4: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

The pace of innovation has dramatically accelerated, and security teams struggle to keep up.

Trust needs to move at the speed of business.

Automate.

Page 5: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 5

About Us

We design, build, automate, and manage enterprise AWS clouds.Matt Sharp

CISO

• Served for 10+ years as a strategic advisor to CISOs of Fortune 500 and global institutions

• Former Head of Global Security at Crocs• Certified Cloud Security Professional

(CSSP)• AWS Certified Solutions Architect -

Associate

Cloud Migration

24/7 Management

Cloud Automation

Cloud Security

Page 6: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 6

How many in the room are business / developers / operations / security?

About You…

Page 7: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 7

About You…

How many of you relate to the observation that security may be a bottleneck in the DevOps process?

Page 8: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 8

Failing to Keep Pace – A Case Study

Financial Services CompanyBusiness Drivers: Agility and Cost

1. Security is late to the table

2. Tools invalidate business hypothesis

3. Team is unable to automate

Page 9: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 9

Failing to Keep Pace – A Case Study

Financial Services CompanyBusiness Drivers: Agility and Cost

1. Security is late to the table

2. Tools invalidate business hypothesis

3. Team is unable to automate

Cultural Adjustments

Evaluate Tooling Assumptions

Skills / Team Composition and Tools

Page 10: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 10

Solution: Adjust cultural mindset of both Security and DevOps teams.

1. Security Late to the Table

Security DevOps

• Apply a business-oriented filter

• Re-evaluate the staffing model – how does this fit with 2 pizza teams?

• Read Phoenix Project, DevOps Handbook and/or Visible Ops Security

• Engage the security team early (so they can think & plan)

• Encourage skills development / engage security in hackathon

• Offer to help build automation

• Appreciate staffing challenges

Page 11: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 11

2. Tools Invalidate Business Goals

All Security Tools Must:• Scale up / down economically• Integrate with automation (i.e., Puppet,

AWS CloudFormation)• Congruent with existing security• Support the business assumptions• Independently evaluated for the cloud

(AWS Security Competency)• API support

https://aws.amazon.com/security/partner-solutions/

Solution: Re-evaluate existing tooling assumptions.

Security DevOps

• Automation can provide assurances –educate your auditors

• Seek first to understand – you will always have the advantage resulting from information asymmetry

• DevOps look at the API

Page 12: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 12

3. Team is Unable to Automate

Solution: Change staffing structure and prioritize development to automate.

Embed Security in DevOps Embed DevOps in Security

• Centralized Security vs. Special Ops Securityo Centralized must have dev

skillso Special Ops can influence

development to create automation

• Automation / Scriptingo Use native AWS toolso Use automation whenever

possibleo Security needs skills to write

AWS Lambda functions (Python / Java / C#)

Security DevOps

https://aws.amazon.com/waf/

Page 13: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 13

Security Automation: Components

Feature Tool Security Groups CloudFormation

Network ACL (Firewall) CloudFormation

Subnet Sizing CloudFormation

Naming CloudFormation, Configuration Management

Authentication Configuration Management

Encryption CloudFormation (S3),Configuration Management

Anti-Virus Configuration Management

Hosts/Users Configuration Management

Software Versions Configuration Management

Log Shipping / Aggregator Configuration Management

Page 14: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

©2017 Logicworks. All rights reserved. 14

Summary

Trust needs to move at the speed of

business

Automation is the key

Security & DevOps must collaborate to get there

Shortcut the evolution – engage Logicworks!

Page 15: DevSecOps on the AWS Cloud - ciso-mba.comciso-mba.com/docs/Logicworks - AWS Chicago Summit.pdf · • Former Head of Global Security at Crocs ... Solutions Architect - Associate Cloud

Questions?

Come by Booth #319 to Meet Our Team


2017 mba.com Prospective Students Survey Report › - › media › files › gmac › research › ... · The mba.com Prospective Students Survey Report 2017 is a product of the

Consuming The DataLake€¦ · AWS KMS AWS CloudTrail Manage & Secure AWS IAM Amazon CloudWatch AWS Snowball AWS Storage Gateway Amazon Kinesis Data Firehose AWS Direct Connect AWS

AWS Lambda + AWS Cloudformation

Deploying a containerized web application with AWS Cloud ... · aws-elasticbeanstalk aws-elasticloadbalancing aws-elasticloadbalancingv2 aws-elasticloadbalancingv2-targets aws-elasticsearch

Career Aspirations: mba.com Prospective Students …...Career Aspirations: mba.com Prospective Students Survey 2019 is a product of the Graduate Management Admission Council (GMAC),

2012 mba.com Prospective Students Survey Report

Is Business School Worth It? - mba.com

SAP on AWS Webinar - Sprinklr · PDF file · 2017-10-16SAP on AWS Webinar Deployment of SAP Solutions on AWS ... AWS AWS IAM CloudTrail AWS Quick Starts AWS Service Catalog ... Follows

[AWSマイスターシリーズ] AWS OpsWorks

Security on AWS - resources.trendmicro.com IAM Amazon CloudWatch AWS CloudTrail AWS Config AWS CloudFormation AWS Trusted Advisor

Infrastructure Security in a Cloud DevOps Worldciso-mba.com/docs/Logicworks-Infrastructure-Security... · 2017-07-28 · Infrastructure Security in a Cloud DevOps World. How to Automate

AWS Webcast - AWS 101 - Journey to the AWS Cloud: Introduction to AWS

mba.com Registrants Follow-Up Survey€¦ · The mba.com Registrants Survey is a product of the Graduate Management Admission Council® (GMAC®), a global nonprofit education organization

2014 mba.com Prospective Students Survey Report...This 2014 mba.com Prospective Students Survey Report explores the motivations, behaviors, program choices, and intended career outcomes

Home - VOX - 本日のアジェンダ...AWS Transfer for SFTP AWS Snowball AWS Snowball Edge AWS DataSync AWS Snowmobile AWS Direct Connect AWS Marketplace 3rd Party Application Amazon

The Resource For All Your Welding, Gases and Safety Supplies! · AWS PHB-4 AWS PHB-5 AWS PHB-6 AWS PHB-7 AWS PHB-8 AWS D1.1/D1.1M AWS FMC AWS FMDM AWS FMPK Everyday Pocket Handbook

[AWSマイスターシリーズ] AWS CloudFormation

LogicWorks 4 Tutorialacademic.uprm.edu/rpalomera/INEL4205/LogicWorks 4... · Web viewBasic Digital-Gate devices A logic gate is an elementary building block of a digital circuit

Financing your future - mba.com

[AWSマイスターシリーズ] AWS CLI / AWS Tools for Windows PowerShell

AWS Black Belt Tech シリーズ 2015 - AWS CodeCommit & AWS CodePipeline & AWS CodeDeploy

LO_ · Web viewDescribe AWS Elastic Beanstalk. AWS CloudFormation Describe AWS CloudFormation. AWS Identity and Access Management (IAM) Describe AWS IAM. AWS Cross Cloud Service Feature

2012 mba.com Prospective Students Survey ReportMBA.coM PRoSPEcTIVE STUDENTS SURVEy • 2011–2012 R egistration on mba.com—the portal to the Graduate Management Admission Test ®

How to Use LogicWorks

2016 mba.com Prospective Students Survey Report/media/Files/gmac/Research/... · 2016-05-09 · 2016 mba.com Prospective Students Survey Report 4 2016 Graduate Management Admission

AWS ParallelCluster - AWS ParallelCluster User Guide · 2020-06-12 · AWS ParallelCluster AWS ParallelCluster User Guide What Is AWS ParallelCluster AWS ParallelCluster is an AWS-supported

CMPT 250: Computer Architecture Using LogicWorks 5ssa121/personal/summer08/Tutorial1.pdf · CMPT 250: Computer Architecture Using LogicWorks ... 1 bit Full Adder entity myFullAdder

Career Expectations - mba.com Prospective Students Survey 2018 · 2018-06-22 · mba.com Prospective Student Survey 2018 The Career Expectations, mba.com Prospective Students Survey

Aws se-aws 경험기

AWS Security & Compliance - Matrix · AWS Security & Compliance CJ Moses ... AWS IAM Amazon VPC AWS Direct Connect AWS Storage Gateway AWS$Public$Sector $!!! LEAST!PRIVILEGE!PRINCIPLE!

2017 mba.com Prospective Students Survey Report · The mba.com Prospective Students Survey Report 2017 is a product of the Graduate Management Admission Council (GMAC), a nonprofit

Exemplos de desenvolvimento com a ferramenta LogicWorks 4.0

mba.com Registrants Survey 2008 Survey Report

AWS パートナープログラムの ご紹介...AWSビジネスプロフェッショナル認定(AWS Business Professional Online) AWSテクニカルプロフェッショナル認定(AWS

Gestion des identités et autorisations sur AWS, quelles ...... · AWS IAM, AWS Directory Service, AWS Secrets Manager, Amazon Cognito, AWS Single Sign- On (SSO), AWS Organizations,