Professional Documents
Culture Documents
DEM01-S - Armor Cloud Security - Continuous Security & Compliance in The Public Cloud
DEM01-S - Armor Cloud Security - Continuous Security & Compliance in The Public Cloud
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
• The transformative force of the cloud
• The challenges facing the modern cloud CISO
• Using the cloud to your security advantage
• Secure cloud infrastructure as code
• CWPP + CSPM + CASB – The cloud security trinity
• 3 major takeaways
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
Digital disruption scale
DD1:
Enhance
MDRs
Performance
MSSP
CWPP
Speed to value
SECaaS Simplicity
Flexibility
Lower cost
Time
In the future, everything
becomes a “workload”
How we’re evolving
OS OS OS OS
something new!
Amazon Elastic
Container Service AWS
CloudFormation
Secure, cloud-native infrastructure
AWS Cloud
Amazon
AWS WAF Amazon Route 53
CloudFront
AWS CloudTrail
Benefits of infrastructure as code and security as
code for clients
Distribution
Simplification Standardization
of confirmed Disaster Out-of-the-box
& repeatability with benefits of
golden image recovery compliance
of deployment customizability
deployments
Limits complex Ease of sharing and Start simple, and Customize Validated
deployment tasks collaboration build over time resources compliance controls
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
The accidental: Misconfiguration
September 17
December 20
February 18
September
February 3
February 5
June 20
May 30
August
June 8
June
2017 2018
Dow Jones Deep Root Nice Recruiting Patient Home Accenture Alteryx MBM Bongo Local Box GoDaddy
& Company Analytics Systems vendor Monitoring – Company International -
– – – Corp Experian – – Scraped
RNC Verizon TigerSwan Walmart FedEx content
The accidental
386M 6 out of 11 100% 57% of survey respondents
# of records exposed # of incidents that of incidents involved were either “concerned or very concerned that in the next 12 months,
involved data exposed an unsecured Amazon S3 misconfigured systems, such as server workloads and cloud services,
via an affiliate, partner, bucket on AWS could lead to a successful attack that threatened their infrastructure, data
or “customer” assets, and business operations.”*
Drift/risk
Cloud security
posture management
(CSPM) tools act
as checks and Adhere to policy
balances on
overall adherence
to security policy Drift/risk
Strengths: Posture management
Brute force
Managing an
increasing attack
surface that is
fundamentally Web
application
681M attacks, IoT
1,200 organizations attacks
unfamiliar to many attacks
IT and IT security
professionals
Vulnerability
exploits
Strengths: Workload protection
1,427 36 18.1%
# of distinct # of distinct cloud File uploads into
cloud services that services that an cloud-based services
an average average employee that contained
enterprise uses uses at work sensitive data
Source: https://www.skyhighnetworks.com/cloud-security-blog/12-must-know-statistics-on-cloud-usage-in-the-enterprise/
Strengths: Access brokerage
Capabilities
24/7 management
Insider threat detection Native tools integration IAM and integrations
and monitoring
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.