26 SEP,2024
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Security fundamentals in AWS
Frank Phillis Julian Ju
Senior Security Specialist SA Senior Edge Services Specialist SA
AWS AWS
(he/him) (he/him)
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Session agenda
Cloud myths and misconceptions
Build, migrate and modernize securely on AWS
AWS Shared Responsibility Model
Security capabilities
Call to action
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Cloud myths and misconceptions
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Cloud myths and misconceptions
I have digital sovereignty requirements…
Can AWS access my data?
Am I or AWS responsible for securing my data?
Is the cloud less secure than on-premises?
I have compliance requirements… can I still use AWS?
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Build, migrate and
modernize securely
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Build, migrate and modernize securely
“There’s no compression algorithm for experience.” — Andy Jassy
Most compliance programs Move fast and stay secure The world’s most
of any cloud comprehensive cloud
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Proven security to accelerate innovation
The most secure Security automation that End-to-end security
infrastructure drives speed and agility and guidance
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�The most secure infrastructure
Challenge
Build on a cloud that provides the security and
confidence to accelerate innovation
AWS approach
• 143 security and compliance certifications
• Secure-by-design
• Most operational experience
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Security automation that drives speed and
agility
Challenge
Automate security checks to continually enforce
controls and mathematically prove the highest
levels of security
AWS approach
• Provable security
• Automatically detect security events
• Security automation at scale
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�End-to-end security and guidance
Challenge
Implement every step of your organization’s
optimal security posture
AWS approach
• 300+ security services and features
• Thousands of security solutions on AWS
Marketplace
• Open source security
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�AWS Shared Responsibility Model
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�AWS Shared Responsibility Model
Customer responsibility is
Security ‘IN’
determined by the AWS Cloud
the cloud services they select.
Security ‘OF’ AWS is responsible for protecting
the infrastructure that runs all
the cloud services offered in the AWS Cloud.
Customers
AWS
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Security capabilities
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�AWS security, identity, and compliance
Identity and access Detection and Network and Data Compliance
management response application protection protection
AWS Artifact
AWS Identity and AWS Security Hub AWS Firewall Manager Amazon Macie
Access Management AWS Audit Manager
(AWS IAM) Amazon GuardDuty AWS Network Firewall AWS Key Management
Service (AWS KMS)
AWS IAM Identity Amazon Security Lake AWS Shield
Center AWS CloudHSM
Amazon Inspector AWS Web Application
AWS Organizations Firewall (AWS WAF) AWS Certificate Manager
Amazon Macie
AWS Directory Service Amazon Virtual Private AWS Private CA
Amazon Detective
Cloud
Amazon Cognito AWS Secrets Manager
Amazon CloudWatch (Amazon VPC)
AWS Resource Access AWS Payment
AWS Config AWS PrivateLink
Manager Cryptography
AWS CloudTrail AWS Systems Manager
Amazon Verified Server-side encryption
Permissions AWS Verified Access
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Identity and access management
Securely manage and govern access for your customers, workforce, and workloads
Many applications Many users Many permissions
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
� Identity and access management
Securely manage and govern access for your customers, workforce, and workloads
AWS Cloud
AWS Organizations
Amazon Cognito AWS Identity and Access AWS IAM Identity Center
Management (AWS IAM)
Workforce
External users
users
Authenticated
user
Public app Logs
Account Account Account
Workforce Workforce
app 1 app 2
Permissions Permissions Permissions
Amazon Verified Permissions
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Detection and response
Continuously detect and respond to security risks to help protect your workloads at scale
Lack of visibility Fragmented security Difficult to distinguish
information signals from noise
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Detection and response
Continuously detect and respond to security risks to help protect your workloads at scale
AWS Cloud
AWS Organizations
VPC
Users
Logs
AWS Security Hub
Application
Amazon GuardDuty
Security
team
Amazon Inspector Amazon EventBridge
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Network and application protection
Enforce fine-grained security policy at every network control point
Multiple resources Broad range of risks Lack of centralized
control
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Network and application protection
Enforce fine-grained security policy at every network control point
AWS Cloud
AWS Organizations
VPC
Users
Amazon
Public subnet Private subnet
Route 53
Security group Security group
Amazon
CloudFront
Application Database
AWS Shield
Malicious
client
AWS WAF AWS Firewall
Manager
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Data protection
Build with comprehensive data protection in the cloud
Controlling and Meeting the security Ever increasing scale
managing access to requirement
sensitive data
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Data protection
Build with comprehensive data protection in the cloud
AWS Cloud
AWS KMS
key
Amazon CloudFront Amazon Simple Storage
Service (Amazon S3)
Amazon Macie
Virtual private cloud (VPC)
AWS Certificate
Manager (ACM) Availability Zone 1 Availability Zone 2
Application Load Application Load Balancer Application Load
Balancer Balancer
AWS KMS
Instances Auto Scaling group Instances key
AWS Key Management
Amazon RDS Multi-AZ Service (AWS KMS)
deployment AWS KMS
Multi-AZ Multi-AZ key
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Compliance
Automate continuous compliance and auditing at scale
Audit data must be Remediating non- Manual audit data
collected from compliance across collection makes
multiple sources multiple systems continual assessment
difficult
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Compliance, management and governance
Automate continuous compliance and auditing at scale
AWS Cloud
AWS Organizations
Services and resources
AWS Trusted Advisor
Amazon Virtual Private Amazon CloudFront Amazon Elastic Compute
Cloud (Amazon VPC) Cloud (Amazon EC2)
AWS Config
Security
checklist
Amazon Simple Storage Amazon Relational Database AWS Certificate
Service (Amazon S3) Service (Amazon RDS) Manager (ACM) AWS Security Hub
AWS Firewall Manager
AWS Artifact AWS Audit Manager
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Call to action
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Call to action
• Learn more about AWS security: https://aws.amazon.com/security/
• Check the latest news on AWS What’s New: https://aws.amazon.com/about-aws/whats-
new/security_identity_and_compliance/
• Hands-on learning with AWS Workshops: https://workshops.aws/
• Dive deeper with AWS Well-Architected Framework:
https://docs.aws.amazon.com/wellarchitected/latest/security-pillar/
• Participate in Activation Days for hands-on workshops and best practices from SMEs:
https://awsactivationdays.splashthat.com/
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Visit the Migrate. Modernize. Build. resource hub
Dive deeper into these resources:
• 6 steps to success with generative AI
• Understanding the costs of generative AI
• 5 ways a secure cloud infrastructure drives innovation
• 10 ways to optimize costs and innovate with AWS
• Containers and serverless recommendation guide https://tinyurl.com/migrate-modernize-build
• Running Windows workloads on AWS: Your questions answered
• Top 10 reasons to choose AWS for SAP
… and more!
Visit resource hub
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�AWS Training and Certification
Access 600+ free digital courses with AWS Skill Builder
Focus on the cloud skills and services that are most relevant to you across
30+ AWS solutions, including digital self-paced learning plans and ramp-up
guides
• Build your future in the AWS Cloud at your own pace
https://skillbuilder.aws/
• Advance your skills and knowledge with learning plans
• Validate your cloud expertise with AWS Certification
Learn your way skillbuilder.aws »
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Thank you for attending AWS Innovate – Migrate. Modernize. Build.
We hope you found it interesting! A kind reminder to complete the survey.
Let us know what you thought of today’s event and how we can improve the event
experience for you in the future.
aws-apj-marketing@amazon.com
twitter.com/AWSCloud
facebook.com/AmazonWebServices
youtube.com/user/AmazonWebServices
linkedin.com/company/amazon-web-services
twitch.tv/aws
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
�Thank you!
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2024, Amazon Web Services, Inc. or its affiliates. All rights reserved.
