© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

Jim Hoover, Chief Information Security Officer

Matt Yanchyshyn, Sr. Manager, Solutions Architecture

Adam Boyle, Director of Product Management, Cloud Workload Security

October 2015

DVO206

Lessons from a CISOHow to Securely Scale Teams,

Workloads, and Budgets

Takeaways

Scale workload security

Level up security teams

Improve CxO visibility

Jim Hoover, CISO

3,500+Customers in the cloud

8+ PBData in the Infor cloud

45m+Users

6300+Sites

Infor at Scale in the Cloud

Iron to APIs

Data Center Security Challenges

Lots of different groups

Lots of different tools

Nothing speaking the same language

“Security in the Cloud” Concerns

Tools

Security controls

Compliance

The Infor Security Stack in AWS Cloud

AWS cloud

Shared

responsibility

Compliance

Best Practices for Large-Scale Security

1. Segment your AWS environment

2. Control access and segregate duties

3. Monitor for unexpected behavior

Your organization

Project Teams Marketing

Business Units Reporting

Web &

Mobile

Dev / Test Analytics

Internal

Enterprise

Apps

Amazon S3

Amazon

Glacier

Storage/

Backup

Large-Scale Security Best Practice #1

Segment your AWS environment

• Multi-factor authentication

• Federation and single sign-on

• Fine-grained access control

• Restrict human access

AWSaccount owner

Network management

Security management

Server management

Storage management

Large-Scale Security Best Practice #2

Control access, segregate duties

• AWS CloudTrail• API and console usage

• AWS Config• Infrastructure history and changes

• Amazon CloudWatch• Resource metrics and log monitoring

• AWS Billing and Cost Management

Large-Scale Security Best Practice #3

Monitor for unexpected behavior

Team Works

Data Center Security Operations Challenges

Security team Application teams

Security Operations Skill Development

Security ops Cloud security DevOps

Security Operations in AWS Cloud

Cloud security DevOps Application teams

AWS Security Rock Star Cookbook

1. AWS-specific security knowledge

• https://aws.amazon.com/security

2. Analytics: Threat intelligence; log analysis at scale

• https://aws.amazon.com/big-data

3. DevSecOps: The ability to quickly and continuously

respond to new threats as they emerge

• https://aws.amazon.com/training/course-descriptions/devops-

engineering

CxO Visibility

CxO Visibility at Scale

CISO CIO COO CFO

In Summary

Simplicity & visibility = scale

SecOps: Do more with less

CxO: Visibility & compliance

Thank you!

Come see us at Booth #1004

http://aws.trendmicro.com

Remember to complete

your evaluations!