Upload
amazon-web-services
View
3.241
Download
0
Embed Size (px)
Citation preview
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Colin Bodell - Time Inc.
Chris Nicodemo - Time Inc.
Derek Uzzle - Alert Logic
October 2015
SEC203
Journey to Securing
Time Inc.’s Move to the Cloud
Six Benefits of Moving to the Cloud
Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money on running and maintaining data centers
Go global in minutes
1 2 3 4Identify
Security
Disciplines
& Outcomes
Evaluate use
of AWS
Design
Security
Program for
AWS
Implement
Security
Program
Framework for Securely Migrating to the Cloud
1 2 3 4Identify
Security
Disciplines
& Outcomes
Evaluate Use
of AWS
Design
Security
Program for
AWS
Implement
Security
Program
Framework for Securely Migrating to the Cloud
Identify Security Disciplines
• Access management
• Application security
• Data security
• InfoSec governance and oversight
• Network security
• System security
1 Identify Security Disciplines & Outcomes
Identify Desired Security Outcomes
• Standards and processes
• Intrusion detection
• Log collection and correlation
• Vulnerability assessment
• Firewall (security group) rule
management
• Web application protection (WAF)
• 24/7 SOC
• Asset discovery and configuration
auditing
• File integrity monitoring
• Antivirus
1 Identify Security Disciplines & Outcomes
1 2 3 4Identify
Security
Disciplines
& Outcomes
Evaluate Use
of AWS
Design
Security
Program for
AWS
Implement
Security
Program
Framework for Securely Migrating to the Cloud
State of Time Inc. (July 2014)
• Non-cloud deployments
• Co-location, on-premises, and hosted data centers
• Three disparate divisions deployed in AWS
• E-commerce
• Web digital properties
• API-based Social Tracking Tool
• In planning stages
• Magazine subscription
• Internal corporate applications/back-office systems
• Big data compute
2 Evaluate use of AWS
Characteristics of New AWS Adopters
• Infrastructure is already in production
• Dynamic and growing environment
• Autonomy: no central gatekeeper
• Working with traditional security tools that typically do
not transfer well
2 Evaluate use of AWS
1 2 3 4Identify
Security
Disciplines
& Outcomes
Evaluate Use
of AWS
Design
Security
Program for
AWS
Implement
Security
Program
Framework for Securely Migrating to the Cloud
Time Inc.’s Keys to Success
• Conduct risk assessment
• Understand new AWS concepts
• Seek managed security solutions
• Internal partnerships
• Define requirements
3 Design Security Program for AWS
Conduct Risk Assessment
• Assured AWS environment was secured
• Performed security assessment on the design and identified
security gaps
3 Design Security Program for AWS
Understand New AWS Security Concepts
• New security considerations in AWS
• VPC = New concept of perimeter
• Security groups = Stateful firewall
• AWS CloudTrail = Log AWS activity
• AWS IAM = Fine-grained access
control
• AWS KMS = Encryption key
management
3 Design Security Program for AWS
Define Requirements
What are we
protecting?
Application
SystemsNetwork
3 Design Security Program for AWS
Time Inc.’s Requirements
Hard Requirements
• Intrusion Detection System (IDS)
• Vulnerability Scanning
• Logging Collection, Correlation and Monitoring
• Web Application Firewall
• 24x7 SOC from Managed Security Service Provider
• AWS account services auditing and compliance
Soft Requirements
• Velocity
• Disparate Groups
• Align with DevOps Model
• Long-Term Strategic Partnership
3 Design Security Program for AWS
Security Outcomes/Solutions
3 Design Security Program for AWS
OUTCOMES SOLUTIONS
Standards and Processes Time Inc. Security Policy
Intrusion Detection Alert Logic
Log Collection and Correlation Alert Logic
Vulnerability Assessment Qualys
Firewall (Security Group) Rule Management Algosec/Dome9
Web Application Protection (WAF) Alert Logic
24/7 SOC Alert Logic
Asset Discovery and Configuration Auditing Alert Logic
File Integrity Monitoring Tripwire
Antivirus TrendMicro
Seek Managed Security Solutions
Log Monitoring Web Application Firewall
Intrusion Detection System
3 Design Security Program for AWS
Products Automation
and Analysis
People and
Processes
Applications
Systems
Networks
Components of a Comprehensive Security & Compliance Solution
IDS
Vulnerability Scanning
Web Application Firewall
Log Management
Threat
Intelligence
Skilled staff capable of:
• Provisioning
• Monitoring
• Configuration and tuning
• Researching incidents and
emerging threats
• Defining remediation steps
Big Data
Analytics
Security
Research
3 Design Security Program for AWS
1 2 3 4Identify
Security
Disciplines
& Outcomes
Evaluate Use
of AWS
Design
Security
Program for
AWS
Implement
Security
Program
Framework for Securely Migrating to the Cloud
Implement Security Program
• Partnership approach• Business and security team
• Review security framework• Policies
• Reference architectures
• Outcomes mapped to solutions
• Communicate • Webinars
• Wiki/intranet
• Key stakeholders
• Trust but verify• Monitor
State of Time Inc. (Today)
Non-cloud deployments
AWS deployments
• Six disparate divisions deployed in AWS• Web digital properties - 50%
• API-based Social Tracking Tool - 100%
• Internal applications - 35%
• Big data applications - 50%
• Time Inc. UK - 100%
• New acquisitions - 90-95%
• Three in current deployment • Magazine subscriptions
• E-commerce
• Customer service systems
2 Evaluate use of AWS
Contact us:
Derek Uzzle
Sr. Sales Engineer
Alert Logic – Booth #209
Chris Nicodemo
Global Application Security and
Architecture
Time Inc.
Visit http://alrt.co/1PkJR01 for additional content