(dvo206) how to securely scale teams, workloads, and budgets
TRANSCRIPT
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Jim Hoover, Chief Information Security Officer
Matt Yanchyshyn, Sr. Manager, Solutions Architecture
Adam Boyle, Director of Product Management, Cloud Workload Security
October 2015
DVO206
Lessons from a CISOHow to Securely Scale Teams,
Workloads, and Budgets
Takeaways
Scale workload security
Level up security teams
Improve CxO visibility
Jim Hoover, CISO
3,500+Customers in the cloud
8+ PBData in the Infor cloud
45m+Users
6300+Sites
Infor at Scale in the Cloud
Iron to APIs
Data Center Security Challenges
Lots of different groups
Lots of different tools
Nothing speaking the same language
“Security in the Cloud” Concerns
Tools
Security controls
Compliance
The Infor Security Stack in AWS Cloud
AWS cloud
Shared
responsibility
Compliance
Best Practices for Large-Scale Security
1. Segment your AWS environment
2. Control access and segregate duties
3. Monitor for unexpected behavior
Your organization
Project Teams Marketing
Business Units Reporting
Web &
Mobile
Dev / Test Analytics
Internal
Enterprise
Apps
Amazon S3
Amazon
Glacier
Storage/
Backup
Large-Scale Security Best Practice #1
Segment your AWS environment
• Multi-factor authentication
• Federation and single sign-on
• Fine-grained access control
• Restrict human access
AWSaccount owner
Network management
Security management
Server management
Storage management
Large-Scale Security Best Practice #2
Control access, segregate duties
• AWS CloudTrail• API and console usage
• AWS Config• Infrastructure history and changes
• Amazon CloudWatch• Resource metrics and log monitoring
• AWS Billing and Cost Management
Large-Scale Security Best Practice #3
Monitor for unexpected behavior
Team Works
Data Center Security Operations Challenges
Security team Application teams
Security Operations Skill Development
Security ops Cloud security DevOps
Security Operations in AWS Cloud
Cloud security DevOps Application teams
AWS Security Rock Star Cookbook
1. AWS-specific security knowledge
• https://aws.amazon.com/security
2. Analytics: Threat intelligence; log analysis at scale
• https://aws.amazon.com/big-data
3. DevSecOps: The ability to quickly and continuously
respond to new threats as they emerge
• https://aws.amazon.com/training/course-descriptions/devops-
engineering
CxO Visibility
CxO Visibility at Scale
CISO CIO COO CFO
In Summary
Simplicity & visibility = scale
SecOps: Do more with less
CxO: Visibility & compliance
Thank you!
Come see us at Booth #1004
http://aws.trendmicro.com
Remember to complete
your evaluations!