© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Ronny Fauth, Daniel WoitheDB Systel GmbH
18.05.2017, Berlin
Large Scale Enterprise Account Management
Agenda
Introduction
Cloud adoption at Deutsche Bahn
Paradigm shifts in IT security
Basic security principles
Access security architecture
Why we are here
iX 5/2017
More than just a technical migration
Vertical Operating Model
Distribution SharedResponsiblity
vDC vDC
vDC vDC
vDC vDC
vDC vDC
vDC
vDC
vDC
vDC
Security concepts need to adopt these changes.
Paradigm shifts in IT security
Decentralization changes security models
Physical security controls are obsolete
Basic security principles
Security by Default – Four security principles
Access Control & Isolation
Identity Federation
Multi Factor Authentication
Short Living Credentials
Access security architecture
Access Security Architecture
Identity Federation
AWS Console
SAML 2.0Roles from AD Group
Group Name: Account-Nr. + IAM Role
MFA
IAM
Short Living Credentials
MFA
CLI / SDK
STS
IAM
SAML 2.0Roles from AD Group
Group Name: Account + Role
scripts forcredential retrieval
Access Control & Isolation
AWS Console
MFA
CLI / SDK
Instances
AdminAccess
MFA
Demo
Thank you!