Ultra Secure Cloud Data Center on AWS
description
Transcript of Ultra Secure Cloud Data Center on AWS
Ultra Secure Data Centeron Amazon Cloud
Lahav Savir, Architect & CEOEmind systems [email protected]
About
Lahav Savir• 15+ years in on-line industry• Architect and CEO @ Emind Systems
Emind Systems (est. 2006)• Boutique system integrator• AWS solution provider• 100+ AWS customers
Amazon (AWS) Certification
Amazon Solution Provider& Consulting Partner
https://aws.amazon.com/solution-providers/si/emind-systems-ltd
What is secure data center ?
• Isolated and controlled• Firewalled• Secure access– VPN– SSL
• Audited• Intrusion detection &
prevention• Configuration analysis
• Data encryption• Antivirus• Frequent updates• User management– One time password
• One spot for monitoring– Centralized alerts and
notifications
• Regulatory compliance
Emind’s best practice
Access Management
• Control the data flow– AWS VPC– ACL– Routing– Handle all in/out traffic
• Access control– Security groups
• Identity access management– One-time-password– AWS IAM with MFA
ACL & Routing in the VPC
7
Emind’s best practice
8
VPC
IAM
Traffic
Traffic Control
• Log in / out traffic• Terminate encrypted connection• Sanitize in / out packets– Real-time decisions– Accept / reject connections– Rate limiting
9
Emind’s best practiceVPC
IAM
TrafficEncryption
Sanitize
Anomalies detection
• Host based IDS– Detect configuration changes– Track running processes– Track file access– Resource access– Detect abnormal behavior !
• OS hardening• App cleanup
Emind’s best practiceVPC
IAM
TrafficEncryption
Sanitize
Host IDS
Hardening
Data Protection
• In-flight– SSL encryption– IPSec
• In-rest– Storage level encryption– Data base encryption
Emind’s best practiceVPC
IAM
TrafficEncryption
Sanitize
Host IDS
Hardening
Data Enc.
Data Enc.
Data aggregation
• Need to aggregate– VPN access logs– Traffic audit logs– Network IDS logs– Host IDS logs– Anti virus logs
• Detect patterns
15
Emind’s best practiceVPC
IAM
TrafficEncryption
Sanitize
Host IDS
Hardening
Data Enc.
Data Enc.
Aggregate
Aggregate
Security lifecycle management
• Ongoing log discovery & analysis– Access – Traffic– IDS– Anti virus– Encryption keys
• Act on analysis result• Revel and solve cloud infrastructure settings• Make them all orchestrate together !
17
• goCloud – Emind’s optimal road to the cloud– Secure cloud architecture– Scalable & high-availability design– Customized system deployment– Orchestrating cloud and software– Cloud operation team– Monitoring and alerting– 24x7 SLA
18