Journey Through The Cloud - Security Best Practices

by Brigid Johnson, Product Management Manager, AWS How to Use IAM Roles to Grant Access to AWS: Customers use IAM roles to delegate access to services, applications, accounts, and federated users using temporary credentials. We will start by defining use cases for IAM roles, tools to use IAM roles in your account, and techniques to manage role permissions. We will cover how customers can use roles to grant access to AWS. Using demonstrations, we will learn how to monitor roles across accounts, grant cross account access, and scope down permissions for a particular entity. This session will cover how to use roles for developers building applications on AWS and for administrators controlling and monitoring access. Level 300

You may already know that you can use Amazon CloudWatch to view graphs of your AWS resources like Amazon Elastic Compute Cloud instances or Amazon Simple Storage Service. But, did you know that you can monitor your on-premises servers with Amazon CloudWatch Logs? Or, that you can integrate CloudWatch Logs with Elasticsearch for powerful visualization and analysis? This session will offer a tour of the latest monitoring and automation capabilities that we’ve added, how you can get even more done with Amazon CloudWatch.

Data protection is the highest priority for any organisation, so we answer common questions about GDPR, data residency, freedom of information, and privacy. We also address security-related compliance, risk management strategies, and best practices for securing data on AWS.

Identity and access management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons. IAM enables you to securely control access to your application or product services and resources for your users.

This document discusses securing web applications with AWS WAF. It begins by explaining why a web application firewall (WAF) is needed to protect against bad users and application vulnerabilities while allowing good users. It then defines what AWS WAF is, noting that it allows users to block or allow web requests and monitor security events. AWS WAF provides APIs and a console for easy configuration of rules to protect websites and content while integrating with development workflows. The document outlines the steps to set up AWS WAF, including creating a web ACL, adding rules and match conditions, and assigning it to CloudFront. It notes the pay-as-you-go pricing model for AWS WAF.

Learn how AWS IAM enables you to control who can do what in your AWS environment. We discuss how IAM provides flexible access control that helps you maintain security while adapting to your evolving business needs. Wel review how to integrate AWS IAM with your existing identity directories via identity federation. We outline some of the unique challenges that make providing IAM for the cloud a little different. And throughout the presentation, we highlight recent features that make it even easier to manage the security of your workloads on the cloud.

In this edureka tutorial, we will show you how to use the AWS IAM service to secure your AWS account and the application that you will be connecting to it. Below are the topics we will cover in this tutorial: 1. Why do we need Access Management? 2. What is AWS IAM? 3. Components of IAM 4. Multi-Factor Authentication 5. Hands-on

This session is focused on diving into the AWS IAM policy categories to understand the differences, learn how the policy evaluation logic works, and go over some best practices. We will then walk through how to use permission boundaries to truly delegate administration in AWS.

The document discusses network design and capabilities for Amazon VPC. It provides an overview of VPC functionality including creating an internet-connected VPC with subnets in different Availability Zones and assigning IP address ranges and routing. It also covers security groups, connecting VPCs through peering or to on-premises networks using VPN or AWS Direct Connect, and restricting internet access through routing or NAT gateways.

by Apurv Awasthi, Sr. Technical Product Manager, AWS This session introduces the concepts of AWS Identity and Access Management (IAM) and walks through the tools and strategies you can use to control access to your AWS environment. We describe IAM users, groups, and roles and how to use them. We demonstrate how to create IAM users and roles, and grant them various types of permissions to access AWS APIs and resources. We also cover the concept of trust relationships, and how you can use them to delegate access to your AWS resources. This session covers also covers IAM best practices that can help improve your security posture. We cover how to manage IAM users and roles, and their security credentials. We also explain ways for how you can securely manage you AWS access keys. Using common use cases, we demonstrate how to choose between using IAM users or IAM roles. Finally, we explore how to set permissions to grant least privilege access control in one or more of your AWS accounts. Level 100

The document discusses security best practices for AWS, including implementing a segregated account environment, strong identity and access management, enabling traceability through logging and monitoring, and applying security controls at multiple layers. It provides examples of setting up identity and access management with AWS IAM, implementing detective controls with AWS CloudTrail and GuardDuty, and using network and host-level security features like VPCs, security groups, and AWS WAF.

AWS Security Hub provides a single place to manage security alerts and compliance checks across AWS accounts and services. It integrates findings from AWS services like GuardDuty, Inspector, and Macie as well as many third-party security products. These findings are normalized into a standard format and prioritized. Security Hub also allows users to check compliance with the CIS Benchmark security standard through automated configuration and compliance checks.

AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard. AWS Control Tower is a new AWS service that cloud administrators can use to set up and govern their secure, compliant, multi-account environments on AWS. In this session, we show you how Control Tower automates the creation of a secure and compliant landing zone with best-practice blueprints for a multi-account structure, identity and federated access management, a central log archive, cross-account security audits, and workflows for provisioning accounts with pre-approved configurations. We also discuss guardrails—pre-packaged governance rules created for security, operations, and compliance that you can apply enterprise-wide or to groups of accounts to enforce policies or detect violations. Finally, we show you how to easily manage and monitor all this through the Control Tower dashboard.

AWS is hosting the first FSI Cloud Symposium in Hong Kong, which will take place on Thursday, March 23, 2017 at Grand Hyatt Hotel. The event will bring together FSI customers, industry professional and AWS experts, to explore how to turn the dream of transformation, innovation and acceleration into reality by exploiting Cloud, Voice to Text and IoT technologies. The packed agenda includes expert sessions on a host of pressing issues, such as security and compliance, as well as customer experience sharing on how cloud computing is benefiting the industry. Speaker: Brian Wagner, Security Consultant, Professional Services, AWS

다시보기 영상 링크: https://youtu.be/QGgQOcA3W6w 클라우드로의 마이그레이션이 증가하면서, 퍼블릭 클라우드를 목표로 한 공격도 폭증하고 있습니다. 특히, 클라우드 관리자의 자격증명을 탈취하려는 시도나 탈취된 자격증명을 이용하여 중요정보를 유출하고 대규모로 비트코인 채굴을 시도하는 행위들이 늘어가고 있습니다. AWS로의 이관을 고려하고 있거나 사용중인 고객들이라면, 이와 같이 클라우드의 특성을 활용하여 발생하고 있는 정교한 보안 위협들에 대응하기 위한 방법을 고민하셔야 합니다. 본 세션에서는 이러한 클라우드 네이티브 위협들에 효과적으로 대응하는 기능을 제공하는 GuardDuty, Inspector, Config, SecurityHub와 같은 AWS 보안 서비스들에 대한 설명을 진행합니다.

This AWS training for beginners presentation will help you understand what is AWS (Amazon Web Services), how did AWS become so successful, the services that AWS provides (AWS EC2, Amazon Elastic Beanstalk, Amazon Lightsail, Amazon Lambda, Amazon S3, Amazon Glacier, Amazon EBS, Amazon Elastic File System, Amazon RDS, Amazon Redshift), the future of AWS and a demonstration on deploying a web application in AWS. Amazon Web services (AWS) provide a lot of benefits to a business organization. These benefits allow you to maximize your productivity and enhance efficiency. This AWS tutorial video is ideal for those who aspire to become AWS Certified Solution Architect. Now, let us deep dive into the video to understand what AWS actually is and what are the services that AWS provides to an organization. The below topics are covered in this AWS presentation: 1. What is AWS? 2. How did AWS become so successful? 3. The services AWS provides 4. The future of AWS 5. Use case - Deploying a web application This AWS certification training is designed to help you gain the in-depth understanding of Amazon Web Services (AWS) architectural principles and services. You will learn how cloud computing is redefining the rules of IT architecture and how to design, plan, and scale AWS Cloud implementations with best practices recommended by Amazon. The AWS Cloud platform powers hundreds of thousands of businesses in 190 countries, and AWS certified solution architects take home about $126,000 per year. This AWS certification course will help you learn the key concepts, latest trends, and best practices for working with the AWS architecture – and become industry-ready AWS certified solutions architect to help you qualify for a position as a high-quality AWS professional. The course begins with an overview of the AWS platform before diving into its individual elements: IAM, VPC, EC2, EBS, ELB, CDN, S3, EIP, KMS, Route 53, RDS, Glacier, Snowball, Cloudfront, Dynamo DB, Redshift, Auto Scaling, Cloudwatch, Elastic Cache, CloudTrail, and Security. Those who complete the course will be able to: 1. Formulate solution plans and provide guidance on AWS architectural best practices 2. Design and deploy scalable, highly available, and fault tolerant systems on AWS 3. Identify the lift and shift of an existing on-premises application to AWS 4. Decipher the ingress and egress of data to and from AWS 5. Select the appropriate AWS service based on data, compute, database, or security requirements 6. Estimate AWS costs and identify cost control mechanisms This AWS course is recommended for professionals who want to pursue a career in Cloud computing or develop Cloud applications with AWS. You’ll become an asset to any organization, helping leverage best practices around advanced cloud-based solutions and migrate existing workloads to the cloud. Learn more at: https://www.simplilearn.com

This document provides an overview of AWS Identity and Access Management (IAM) and how it can be used to control access to AWS resources. IAM enables control of who can access AWS accounts and what actions they can perform by creating users, groups, and roles with permissions. The document discusses IAM concepts and common use cases, and includes demonstrations of creating IAM users and groups and assigning permissions through policies.

This document discusses establishing federated interoperability between Active Directory Federation Services (ADFS) and Shibboleth identity providers. It provides overviews of ADFS, Shibboleth, and Windows Live ID technologies. Configuration details are described for enabling ADFS to act as a relying party and Shibboleth to act as an identity provider. Demonstrations show a Shibboleth user accessing a sample application and a SharePoint portal through the federated systems, and passing Windows Live ID claims through Shibboleth to generate access tokens. The document concludes the interoperability was achieved with straightforward configurations and no custom software.

This document provides an overview of best practices for security on AWS. It discusses the shared responsibility model between AWS and customers. It covers identity and access management with IAM, including creating users, permissions, groups, and conditions. It also discusses networking with Amazon VPC, security groups for EC2 instances, and secrets management. Additional topics include encryption, auditing with CloudTrail, passwords, credential rotation, MFA, roles, and reducing root access.

This document provides an overview and agenda for a presentation on single sign-on with Active Directory Federation in Office 365 and SharePoint Online. The presentation covers Office 365 identity management, different identity scenarios including directory sync and ADFS, preparing the Active Directory environment, deploying and configuring ADFS, and best practices. It includes diagrams of common identity architectures and an ADFS farm architecture comparison. The goal is to explain how to implement single sign-on for Office 365 using ADFS federation.

Presentation from Toronto's 2016 Canadian Executive Cloud & DevOps Summit on Friday, November 4th. Speaker: Dave Millier, Chief Executive Officer, Uzado, Inc. Title: Rogue Development: Staying Secure When Moving to the Cloud

This document discusses security best practices when using AWS. It covers the shared responsibility model between AWS and customers, leveraging AWS security features, understanding customer needs to form a security stance, and engaging security assessors early. It provides an overview of identity and access management tools like IAM, security groups, VPCs and direct connects. The document emphasizes applying a "security by design" approach when building on AWS.

The document compares three options for providing identity and access management for Microsoft Online services: 1) MS Online IDs only, 2) MS Online IDs with on-premise directory synchronization, and 3) Federated IDs with on-premise directory synchronization. It provides pros and cons of each option, with the third option being most appropriate for larger enterprises as it allows for single sign-on using on-premise credentials, centralized user management, and password policies controlled on-premise while also enabling co-existence with cloud-based identities. The document also includes diagrams illustrating authentication flows and potential federated identity deployment architectures between an on-premise Active Directory and Microsoft Online services.

Unified Communications are today becoming a must-have for businesses of all sizes. Come and learn how Microsoft hosted Private Cloud UC can provide key benefits to accompany your business in growing your efficiency and scalability.

This document discusses lessons learned from an early multi-cloud journey. It highlights how IT can become more agile and strategic to enable business growth through an IT as a service model and moving to the cloud. Key lessons include standardizing, automating and scaling cloud services; developing a flexible private cloud platform; adopting a holistic multi-cloud orchestration approach; and updating processes and culture to embrace failures as part of innovation. The goal is to deliver an "IT vending machine experience" and become a cloud brokerage service.

This document discusses identity and access management challenges in cloud computing environments and how Forefront Identity Manager (FIM) can help address them. It notes that security is the top concern for cloud adoption and outlines key security issues related to tenant isolation, authentication, authorization, and auditing of access. It then presents FIM as providing the three pillars of identity management - authentication, authorization, and user attributes. The rest of the document provides examples of how FIM can help enhance identity management in a private cloud, including securely managing group membership and roles for access to virtual machines and delegating administration of resources.

The world of computing is moving to the cloud – shared infrastructures, shared systems, instant provisioning and pay-as-you-go services. And users can enjoy anytime, anywhere access to services and their data. But how secure is your data in the cloud and do conventional security products offer the optimal approach to securing your virtualised environments? In this presentation we examine security and performance concerns along your journey to the cloud and explore new technologies from VMware and Trend Micro. These innovations are all ready helping thousands of businesses to address the security challenges with Physical, Virtual and cloud platforms.

Veena Venugopal presented on cloud security and proposed an efficient and secure protocol for data storage in cloud computing. The protocol has three phases - setup, verification, and dynamic operations and verification. In the setup phase, the user encrypts and generates metadata for the file. A third party auditor verifies the integrity of the stored data by generating challenges and checking proofs from the cloud server. The protocol also supports dynamic operations like modification, insertion, and deletion of blocks while maintaining security. It provides confidentiality, public verifiability, and supports efficient dynamic operations on outsourced data in the cloud.

The document summarizes a PhD thesis defense presentation on soCloud, a distributed multi-cloud platform. The presentation covers: 1) The soCloud model, which extends the Service Component Architecture (SCA) model to support annotations for non-functional requirements to deploy components as execution units across multiple clouds. 2) The soCloud platform, which is a distributed component-based PaaS that manages portability, provisioning, elasticity, and high availability across clouds using a reactive architecture. 3) Validation of the soCloud model and platform through modeling applications and providing runtime support to manage applications in multi-cloud environments.

Polycom is a strategic partner with Microsoft that offers integrated audio and visual communication solutions for Microsoft Unified Communications products like Office Communications Server. Polycom has a multi-year development agreement with Microsoft to co-develop interoperable solutions through a three-phase roadmap. This includes supporting real-time video and voice calling between Polycom's HDX video conferencing systems and Microsoft Office Communicator clients, as well as conferencing capabilities with the Polycom RMX.

This document discusses integrating IBM Connections with Active Directory to enable single sign-on for desktop users. It describes Active Directory, Kerberos authentication, and the prerequisites for configuring WebSphere Application Server and Connections to work with Active Directory such that users can authenticate once using their Windows credentials and access Connections and other applications without reauthenticating.

Closing keynote presentation at the Business of the Future Cloud Computing Conference in Athens, Greece on March 10, 2015

The presentation I gave at SyScan 10 Singapore on Private Cloud Security in integral form excluding the exploit videos, outlining the security deltas between "classical" virtualization and private cloud security.

Polycom and Microsoft have a strategic partnership to provide unified communications solutions. Polycom offers integrated voice and visual communication solutions for Microsoft Office Communications Server 2007, Lync Server 2010, and other Microsoft UC components to provide a complete end-to-end UC offering. Polycom solutions work with Microsoft applications like Exchange, SharePoint, and Lync to enable presence-based communication, conferencing, and collaboration across devices. Customers benefit from reduced costs, increased productivity, and a more mobile workforce through integration of voice, video, and collaboration applications.

Security bootcamp-cloud-security-the-journey-has-begun

Dr. John D. Johnson presents on security and privacy surrounding cloud computing at the 2009 InfraGard conference in Springfield, IL.

The document provides an overview of auditing AWS security using the CIS benchmarks and AWS CLI. It discusses setting up security best practices in areas like IAM, monitoring, encryption, and networking. Examples are given of AWS CLI commands that can be used to check and configure security settings for things like enabling MFA, managing credentials and policies, configuring password policies and logging. The goal is to introduce an approach for automating security audits using the AWS CLI to reduce work and human error.

These are the slides from my Security Best Practices Session from the Business Track in AWS AWSome Day that took place in London on January 27th 2016

Slides from the Security Best Practices: AWS AWSome Day Management Track in Q1 2017 AWS AWSome Day Roadshow.

This document provides an overview of security best practices when using AWS. It discusses AWS' shared security responsibility model and outlines key AWS security features such as IAM, encryption, firewalls, and monitoring tools. Recommendations are given for building secure infrastructure on AWS including account management, network segmentation, asset management, and monitoring. Case studies and additional resources are also referenced.

For more training on AWS, visit: https://www.qa.com/amazon AWS Pop-up Loft | London - Introduction to AWS Security by Ian Massingham, Chief Evangelist EMEA, 19 April 2016

The document provides an overview of security best practices when using AWS. It discusses AWS' shared security responsibility model and outlines key AWS security features like role-based access control, encryption, and security groups. It also provides recommendations for building security into applications on AWS, including managing access, encrypting data, hardening operating systems, and using services like CloudTrail and CloudWatch Logs for monitoring.