SlideShare une entreprise Scribd logo

Achieve Compliance with Security by Default and By Design

Amazon Web Services
Amazon Web Services

The era of racks filled with hardware is over. The cloud offers numerous benefits, but perhaps the most profound improvement is to security and compliance. When security and compliance is codified, it transforms from an “after-the-fact” struggle, to a proactive, foundational component of the enterprise.However, you cannot merely forklift on-premise security into the cloud. That never works. Security must be written into the deployment and configuration code. Security must adopt DevOps practices. In this presentation, Ignacio Martinez, VP of Compliance at Smartsheet will discuss how his company achieved FedRAMP compliance in record time, with the help of Anitian and Trend Micro. Anitian CEO, Andrew Plato will then describe how using the power and scale of cloud automation can dramatically accelerate security and compliance.

1  sur  44
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Achieve Compliance with Security by Default and By Design 3 1 6 5 7 7 Ignacio Martinez VP, Security, Risk & Compliance Smartsheet Andrew Plato CEO Anitian Jeff Westphal Technical Director Trend Micro
We empower everyone to improve how they work Smartsheet is a registered trademark of Smartsheet Inc. The names and logos of actual companies and products used in this presentation are the trademarks of their respective owners and no endorsement or affiliation is implied by their use.
Work Different Idea to Impact, Fast
Plan & Manage Grids Projects Cards Calendars Provide your organization with a powerful work platform that offers exceptional speed to business value — so you say yes to more ideas, more customers, and more revenue. Automate Workflows Converse.ai API Accelerators Report Dashboards Portals Dynamic Reports Scale Control Center Security Auditability Compliance Accelerators Capture Forms Connectors Integrations The Smartsheet Platform for Work Execution
Demand from Government Agencies
Keeping your data secure is our most important job Data Center Security Smartsheet Gov is built on AWS GovCloud infrastructure, which was designed and managed in alignment with regulations, standards, and best-practices for US Federal Government agencies. Data Security We build security into our product to ensure that your most valuable asset—your data—is protected. We also contract with third-party security professionals to conduct annual security assessments. Encryption Encryption serves as the last and strongest line of defense in a multilayered data security strategy. Smartsheet uses encryption to safeguard your data and help you maintain control over it.
Federal Government Ready FedRAMP In-Process April 2019 FedRAMP Joint Authorization Board P-ATO (planned June 2019) Initial ATO at “Moderate” Multi-factor authentication, CAC PIV & SSO Event Reporting* Directory Integration* Administration Center* Built on the AWS GovCloud (US) Based off NIST Standards Compliant Secure Enterprise Grade *features on product roadmap
Amazon Web Services (AWS) Smartsheet Gov partner • Smartsheet Gov is built on the Amazon Web Services (AWS) GovCloud (US- East) and AWS GovCloud (US-West) Regions, Amazon’s isolated cloud infrastructure and services • Designed to meet U.S. Government and other highly regulated industry security and compliance requirements • Smartsheet available via the Amazon Marketplace • Smartsheet achieved Amazon Partner Network Advanced Tier
Smartsheet is a registered trademark of Smartsheet Inc. The names and logos of actual companies and products used in this presentation are the trademarks of their respective owners and no endorsement or affiliation is implied by their use.
ACHIEVE COMPLIANCE WITH SECURITY BY DEFAULT AND BY DESIGN
THE FEDRAMP JOURNEY IT’S…COMPLICATED
THE FEDRAMP JOURNEYAGENCYPROCESSJABPROCESS
…AND NOW WITH THE MISSING PART • Most organizations need 12-18 months to build out a compliant environment at a cost of $2M or more • Guess work and product integration slow down the process AGENCYPROCESS 12-18 months 0 Build a FedRAMP control environment and onboard apps
…AND NOW WITH COMPLIANCE AUTOMATION ANITIAN COMPLIANCE AUTOMATION CAN REDUCE THE TIME TO COMPLIANCE BY 75% AND THE COST BY 50% AGENCYPROCESS 60 days 0 Build a FedRAMP control environment and onboard apps
PROBLEM 1: COMPLEXITY • Frameworks (like FedRAMP) are onerous, arcane, and difficult to learn • For internal teams, compliance is (at best) guesswork • GRC tools do not solve anything, and create more work • Professional services firms build one-off environments and are motivated to work slowly to maximize billable hours • You are at the mercy of auditor’s interpretations (who may not understand the cloud) • Compliance efforts seldom lead to good security
PROBLEM 2: MISERY • Nobody really wants to do compliance work, it is distracting, unrewarding, and frustrating • Internal compliance talent is difficult to obtain, train, and retain • Compliance slows down development, and therefore time to market (and time to money!)
COMPLIANCE AUTOMATION VISION
WHAT IS COMPLIANCE AUTOMATION? • Automated: Deploys and configures an infrastructure to compliance requirements automatically • Turnkey: Includes all the required security controls (SIEM, IDS/IPS, etc.), policy templates, and configurations • Proven: Uses known-good reference architectures, generates audit artifacts • Guardrails: Continuous monitoring to maintain compliant, secure state • Isolated: Does not co-mingle data, controls, or access with any external party • Flexible: Suitable for a broad range of organizational types
COMPLIANCE AUTOMATION COMPONENTS
COMPLIANCE AUTOMATION ARCHITECTURE
RESPONSIBILITY MATRIX User Access Data management User entitlements Application Configuration Reference Architectures Secure Configurations Security Controls Documentation Templates 24x7 SecOps Storage and databases Physical security Regions and AZs Virtualization security Customer Responsibility Application Systems
COMPLIANCE AUTOMATION HOW IT IS DONE
1. DEPLOY CLOUD REFERENCE ARCHITECTURE • Pre-configured architecture that includes: • Compliance Automation VPC --- -> • One or more application VPCs • Subnets, routes • NAT Gateways • Zero-trust access rights (no discretionary access) • Application load balancers (with FIPS-140 compliant encryption) • All access logged to Cloudtrail • Encrypted S3 buckets • IAM, KMS, etc. auto-configured
2. USE PRE-HARDENED OS IMAGES Center for Internet Security provides an excellent suite of hardened images • RedHat • Windows 2016 • CentOS • …and more • Images are pre-hardened to compliance requirements • Anitian CA adjusts configurations to suit the specific compliance needs • Documentation included with each AMI
3. DEPLOY AUTHENTICATION STACK • Deploy and configure AD cluster on hardened Windows Servers • Install and configure certificate authority • Generate internal certificates • Deploy group policies (for other Windows hosts) • Push certificates, trust rules, and configurations to hosts • Populate AD with required service accounts and generated passwords • Integrate multi-factor authentication (Yubikey, Okta, etc.)
4. CODE AND CONFIGURATION MANAGEMENT Code Repository • Local, secured repository for automation code • Version controlled copies of everything • Integrates into automation stack Configuration Management • Manages configurations and updates for CA stack • Performs some guardrail functions • Can be extended to app environment • Autodeploy: console, database • Autoconfigure: policies • Push configurations to endpoints
5. TREND MICRO ENDPOINT • Meets multiple security control requirements for: – Anti-virus – IDS/IPS – File integrity monitoring – Log monitoring – Security scanning – Patch management • Broad OS support • Autodeploy and scale: management console, database • Autoconfigure: management settings, encryption, endpoint policies • Push policies to agents
6. BUILD OUT SIEM STACK • Either Anitian or Splunk SIEM • Autodeploy and scale: – Management console – Forwarders – Indexers • Auto-configure: – Host logging – AWS Cloudtrail, Cloudwatch logging – Alerts, reports, dashboards, correlations – Storage – Certificate trusts – Encryption of data at rest • Application event logging is configured in post deployment engagement
7. VULNERABILITY MANAGEMENT • Autodeploy console and scan agents • Autoconfigure scan profiles, targets, scanning schedules • Provides required risk-based vulnerability management: – Reporting for auditors – Ticketing for internal staff – Audit trail for audits – Automated scans
8. PERIMETER DEFENSES WAF • Web application firewall for environments that have a web front-end • Configured to meet FedRamp (OWASP Top Ten) • Autoconfigure: policies, logging NGFW • For environments with heavy outbound traffic we deploy a NGFW • Autodeploy: appliance into transit VPC • Autoconfigure: policies, logging to SIEM, alerts, IDS/IPS, webfiltering, etc.
9. IMPLEMENT GUARD RAILS • Keeps the environment configured within FedRamp access control requirements • Use multiple techniques to monitor: AWS Config, Lambda functions, SIEM alerts, Trend Micro, Puppet, and more • All changes are monitored and logged to SIEM • Provides alerts to contacts when a change will result in a non-compliant state • Greatly assists with audit process
10. POST DEPLOYMENT ENGAGEMENT Once the Compliance architecture is deployed, Anitian works with you to: • Customize policy and procedure templates • Setup the application hosting environment • Integrate your app(s) and data into environment • Help integrate automations • Fine-tune security controls • Handle exceptions and remediations • Knowledge transfer • Audit stewardship
ENGAGEMENT SWIMLANES Quality Assurance Automated Configuration Automated Deployment Run-time Customizations ARCH Application Onboarding Automated Hosting Configuration Automated Hosting Deployment Baseline Application APP Audit Stewardship Artifact Generation Documentation Customization Template Review DOC Report cadence Pre-audit Remediation TestingHand offSOC AUTHORIZATION COMPLIANCE ARCHITECTURE MAINTAIN COMPLIANCE & SECURITY COMPLIANT APP ENVIRONMENT
11. TRANSITION TO SECOPS • 24x7 security monitoring (USA-based SOC) • 24x7 threat hunting • 24x7 compliance monitoring • 24x7 incident response • On-demand remediation • On-demand customized reporting • On-call support • On-call vulnerability testing
CUSTOMER SUCCESS – SMARTSHEET This is the fastest FedRAMP ATO – EVER Compliance environment built and ready in 60 days Task Date Completed Kick-off Call 9.19.2018 Compliance Automation started 9.28.2018, 10:20 AM FedRAMP Architecture running 9.28.2018, 1:40 PM Application onboarding begins 10.1.2018 Documentation effort begins 10.1.2018 Gap Assessment complete 10.31.2018 Environment is audit-ready 11.16.2018 3PAO Assessment complete 11.30.2018 Package submitted to FedRAMP PMO 12.19.2018 Government shutdown 12.22.2018 ATO issued March 2019
FINAL THOUGHTS BY DEFAULT, BY DESIGN
COMPLIANCE: AUTOMATED THE OLD WAY THE NEW WAY
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • Stable – 30+ year, profitable history focused on security software • Innovative - Research & engineering driven company • Proven - Customers include 45 of top 50 global corporations • Global - Over 6,500 employees in over 50 countries • Threat Intel – Smart Protection Network / Zero Day Initiative • Accolades – Market leadership positions in every product category The value of Trend Micro 500k commercial customers & 250M+ endpoints protected Enterprise Mid-size Business Small Business Consumers
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Every application’s journey is different Physical servers Virtual servers Virtual desktops Public cloud Containers Serverless
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark A TOP SECURITY PARTNER AWS Partner Network (APN) and Marketplace teams SELLER ADVISORY BOARD AWS Marketplace Advisory Board LEADING SECURITY PARTNER for many AWS customers AWS LAUNCH PARTNER for Amazon GuardDuty, AWS Security Hub, Amazon Macie, CPPO and more AWS MANAGED SERVICES Security partner of choice for AWS Managed Services Available as Software & SaaS in
© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Hybrid cloud security solution Network Security Malware PreventionSystem SecurityContainer Image Scanning Software Build Pipeline Runtime Firewall Vulnerability Scanning Intrusion Prevention Anti- Malware Sandbox Analysis Application Control Integrity Monitoring Log Inspection Malware Detection Vulnerability Scanning Sweeping & Hunting Behavioral Analysis Machine Learning Environments Platforms API & Integrations Other Public Clouds
QUESTIONS?
Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Ignacio Martinez Ignacio.martinez@smartsheet.com Andrew Plato andrew.plato@anitian.com Jeff Westphal jeff_westphal@trendmicro.com
© 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T

Recommandé

Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSCamilo Fandiño Gómez
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Eventintellectsecurity
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 

Recommandé

Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
IBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSIBM Security SaaS IaaS and PaaS
IBM Security SaaS IaaS and PaaSCamilo Fandiño Gómez
 
Vormetric - Gherkin Event
Vormetric - Gherkin EventVormetric - Gherkin Event
Vormetric - Gherkin Eventintellectsecurity
 
More databases. More hackers.
More databases. More hackers.More databases. More hackers.
More databases. More hackers.Imperva
 
Integrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesIntegrating Qualys into the patch and vulnerability management processes
Integrating Qualys into the patch and vulnerability management processesVladimir Jirasek
 
Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Blue Chip Tek Connect and Protect Presentation #3
Blue Chip Tek Connect and Protect Presentation #3Kimberly Macias
 
Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Cisco Identity Services Engine (ISE)
Cisco Identity Services Engine (ISE)Anwesh Dixit
 
Protect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudProtect Your Data and Apps in the Public Cloud
Protect Your Data and Apps in the Public CloudImperva
 
Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
SCUGBE_Lowlands_Unite_2017_Protecting cloud identities
SCUGBE_Lowlands_Unite_2017_Protecting cloud identitiesSCUGBE_Lowlands_Unite_2017_Protecting cloud identities
SCUGBE_Lowlands_Unite_2017_Protecting cloud identitiesKenny Buntinx
 
How to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsHow to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsQuest
 
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)Microsoft Technet France
 
LyncConference2013 - Dimensionnement et gestion des Réseaux
LyncConference2013 - Dimensionnement et gestion des RéseauxLyncConference2013 - Dimensionnement et gestion des Réseaux
LyncConference2013 - Dimensionnement et gestion des RéseauxMicrosoft Technet France
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis iseLino Quivén
 
Taking conditional access to the next level
Taking conditional access to the next levelTaking conditional access to the next level
Taking conditional access to the next levelRonny de Jong
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEFast Lane Consulting and Education, Inc.
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0Risk Analysis Consultants, s.r.o.
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?Kenny Buntinx
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 
Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionTom Laszewski
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 

Contenu connexe

Tendances

Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Iftikhar Ali Iqbal
 
SCUGBE_Lowlands_Unite_2017_Protecting cloud identities
SCUGBE_Lowlands_Unite_2017_Protecting cloud identitiesSCUGBE_Lowlands_Unite_2017_Protecting cloud identities
SCUGBE_Lowlands_Unite_2017_Protecting cloud identitiesKenny Buntinx
 
How to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsHow to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsQuest
 
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)Microsoft Technet France
 
LyncConference2013 - Dimensionnement et gestion des Réseaux
LyncConference2013 - Dimensionnement et gestion des RéseauxLyncConference2013 - Dimensionnement et gestion des Réseaux
LyncConference2013 - Dimensionnement et gestion des RéseauxMicrosoft Technet France
 
Taking conditional access to the next level
Taking conditional access to the next levelTaking conditional access to the next level
Taking conditional access to the next levelRonny de Jong
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologyDavid J Rosenthal
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessCloudPassage
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationDouglas Gourlay
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityPrecisely
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementBeyondTrust
 
Information Security
Information SecurityInformation Security
Information SecurityMohit8780
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin PrivilegesBeyondTrust
 
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?Kenny Buntinx
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David RossGraeme Wood
 

Tendances (19)

Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)Technology Overview - Symantec IT Management Suite (ITMS)
Technology Overview - Symantec IT Management Suite (ITMS)
 
SCUGBE_Lowlands_Unite_2017_Protecting cloud identities
SCUGBE_Lowlands_Unite_2017_Protecting cloud identitiesSCUGBE_Lowlands_Unite_2017_Protecting cloud identities
SCUGBE_Lowlands_Unite_2017_Protecting cloud identities
 
How to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 EnvironmentsHow to Secure Access Control in Office 365 Environments
How to Secure Access Control in Office 365 Environments
 
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
Mise en œuvre de la sécurité par l'informatique interne de Microsoft (MSIT)
 
LyncConference2013 - Dimensionnement et gestion des Réseaux
LyncConference2013 - Dimensionnement et gestion des RéseauxLyncConference2013 - Dimensionnement et gestion des Réseaux
LyncConference2013 - Dimensionnement et gestion des Réseaux
 
Sem cis ise
Sem cis iseSem cis ise
Sem cis ise
 
Taking conditional access to the next level
Taking conditional access to the next levelTaking conditional access to the next level
Taking conditional access to the next level
 
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does ItRightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
RightScale Webinar: Security Monitoring in the Cloud: How RightScale Does It
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
Security as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor TechnologySecurity as a Service with Microsoft Presented by Razor Technology
Security as a Service with Microsoft Presented by Razor Technology
 
Security that works with, not against, your SaaS business
Security that works with, not against, your SaaS businessSecurity that works with, not against, your SaaS business
Security that works with, not against, your SaaS business
 
Network Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems PresentationNetwork Field Day 11 - Skyport Systems Presentation
Network Field Day 11 - Skyport Systems Presentation
 
The New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and SecurityThe New Assure Security: Complete IBM i Compliance and Security
The New Assure Security: Complete IBM i Compliance and Security
 
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
QualysGuard InfoDay 2012 - QualysGuard Suite 7.0
 
Securing DevOps through Privileged Access Management
Securing DevOps through Privileged Access ManagementSecuring DevOps through Privileged Access Management
Securing DevOps through Privileged Access Management
 
Information Security
Information SecurityInformation Security
Information Security
 
8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges8-step Guide to Administering Windows without Domain Admin Privileges
8-step Guide to Administering Windows without Domain Admin Privileges
 
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
ECMDay2015 - Nico Sienaert – Enterprise Mobility Suite – What it’s all about?
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 

Similaire à Achieve Compliance with Security by Default and By Design

Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPFaiza Mehar
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionTom Laszewski
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the CloudAmazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Akash Mahajan
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersAmazon Web Services
 
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Amazon Web Services
 
Cloud DevSecOps Considerations Leveraging AWS Marketplace Software
Cloud DevSecOps Considerations Leveraging AWS Marketplace SoftwareCloud DevSecOps Considerations Leveraging AWS Marketplace Software
Cloud DevSecOps Considerations Leveraging AWS Marketplace SoftwareAmazon Web Services
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The CloudPECB
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesAmazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
SecureKloud_Corporate Deck.pdf
SecureKloud_Corporate Deck.pdfSecureKloud_Corporate Deck.pdf
SecureKloud_Corporate Deck.pdfSrinivasMahankali3
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014Amazon Web Services
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
 
Too Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsToo Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsAmazon Web Services
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesTensult
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & ComplianceAmazon Web Services
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignAmazon Web Services
 

Similaire à Achieve Compliance with Security by Default and By Design (20)

Multi cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCPMulti cloud governance best practices - AWS, Azure, GCP
Multi cloud governance best practices - AWS, Azure, GCP
 
CSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps sessionCSC AWS re:Invent Enterprise DevOps session
CSC AWS re:Invent Enterprise DevOps session
 
(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud(SEC310) Keeping Developers and Auditors Happy in the Cloud
(SEC310) Keeping Developers and Auditors Happy in the Cloud
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014Security in the cloud Workshop HSTC 2014
Security in the cloud Workshop HSTC 2014
 
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellersCloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
Cloud DevSecOps and compliance considerations leveraging AWS Marketplace sellers
 
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
Tax returns in the cloud: The journey of Intuit’s data platform - SDD330 - AW...
 
Cloud DevSecOps Considerations Leveraging AWS Marketplace Software
Cloud DevSecOps Considerations Leveraging AWS Marketplace SoftwareCloud DevSecOps Considerations Leveraging AWS Marketplace Software
Cloud DevSecOps Considerations Leveraging AWS Marketplace Software
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
Cyber Security in The Cloud
Cyber Security in The CloudCyber Security in The Cloud
Cyber Security in The Cloud
 
ENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated IndustriesENT305 Compliance and Cloud Security for Regulated Industries
ENT305 Compliance and Cloud Security for Regulated Industries
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
SecureKloud_Corporate Deck.pdf
SecureKloud_Corporate Deck.pdfSecureKloud_Corporate Deck.pdf
SecureKloud_Corporate Deck.pdf
 
Boot camp - Migration to AWS
Boot camp - Migration to AWSBoot camp - Migration to AWS
Boot camp - Migration to AWS
 
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
(ENT211) Migrating the US Government to the Cloud | AWS re:Invent 2014
 
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...
 
Too Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational ModelsToo Many Tools - How AWS Systems Manager Bridges Operational Models
Too Many Tools - How AWS Systems Manager Bridges Operational Models
 
Infrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large EnterprisesInfrastructure Provisioning & Automation For Large Enterprises
Infrastructure Provisioning & Automation For Large Enterprises
 
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
(SEC320) Leveraging the Power of AWS to Automate Security & Compliance
 
Compliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By DesignCompliance In The Cloud Using Security By Design
Compliance In The Cloud Using Security By Design
 

Plus de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

Plus de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Achieve Compliance with Security by Default and By Design

  • 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Achieve Compliance with Security by Default and By Design 3 1 6 5 7 7 Ignacio Martinez VP, Security, Risk & Compliance Smartsheet Andrew Plato CEO Anitian Jeff Westphal Technical Director Trend Micro
  • 2. We empower everyone to improve how they work Smartsheet is a registered trademark of Smartsheet Inc. The names and logos of actual companies and products used in this presentation are the trademarks of their respective owners and no endorsement or affiliation is implied by their use.
  • 4. Plan & Manage Grids Projects Cards Calendars Provide your organization with a powerful work platform that offers exceptional speed to business value — so you say yes to more ideas, more customers, and more revenue. Automate Workflows Converse.ai API Accelerators Report Dashboards Portals Dynamic Reports Scale Control Center Security Auditability Compliance Accelerators Capture Forms Connectors Integrations The Smartsheet Platform for Work Execution
  • 6. Keeping your data secure is our most important job Data Center Security Smartsheet Gov is built on AWS GovCloud infrastructure, which was designed and managed in alignment with regulations, standards, and best-practices for US Federal Government agencies. Data Security We build security into our product to ensure that your most valuable asset—your data—is protected. We also contract with third-party security professionals to conduct annual security assessments. Encryption Encryption serves as the last and strongest line of defense in a multilayered data security strategy. Smartsheet uses encryption to safeguard your data and help you maintain control over it.
  • 7. Federal Government Ready FedRAMP In-Process April 2019 FedRAMP Joint Authorization Board P-ATO (planned June 2019) Initial ATO at “Moderate” Multi-factor authentication, CAC PIV & SSO Event Reporting* Directory Integration* Administration Center* Built on the AWS GovCloud (US) Based off NIST Standards Compliant Secure Enterprise Grade *features on product roadmap
  • 8. Amazon Web Services (AWS) Smartsheet Gov partner • Smartsheet Gov is built on the Amazon Web Services (AWS) GovCloud (US- East) and AWS GovCloud (US-West) Regions, Amazon’s isolated cloud infrastructure and services • Designed to meet U.S. Government and other highly regulated industry security and compliance requirements • Smartsheet available via the Amazon Marketplace • Smartsheet achieved Amazon Partner Network Advanced Tier
  • 9. Smartsheet is a registered trademark of Smartsheet Inc. The names and logos of actual companies and products used in this presentation are the trademarks of their respective owners and no endorsement or affiliation is implied by their use.
  • 10. ACHIEVE COMPLIANCE WITH SECURITY BY DEFAULT AND BY DESIGN
  • 13. …AND NOW WITH THE MISSING PART • Most organizations need 12-18 months to build out a compliant environment at a cost of $2M or more • Guess work and product integration slow down the process AGENCYPROCESS 12-18 months 0 Build a FedRAMP control environment and onboard apps
  • 14. …AND NOW WITH COMPLIANCE AUTOMATION ANITIAN COMPLIANCE AUTOMATION CAN REDUCE THE TIME TO COMPLIANCE BY 75% AND THE COST BY 50% AGENCYPROCESS 60 days 0 Build a FedRAMP control environment and onboard apps
  • 15. PROBLEM 1: COMPLEXITY • Frameworks (like FedRAMP) are onerous, arcane, and difficult to learn • For internal teams, compliance is (at best) guesswork • GRC tools do not solve anything, and create more work • Professional services firms build one-off environments and are motivated to work slowly to maximize billable hours • You are at the mercy of auditor’s interpretations (who may not understand the cloud) • Compliance efforts seldom lead to good security
  • 16. PROBLEM 2: MISERY • Nobody really wants to do compliance work, it is distracting, unrewarding, and frustrating • Internal compliance talent is difficult to obtain, train, and retain • Compliance slows down development, and therefore time to market (and time to money!)
  • 18. WHAT IS COMPLIANCE AUTOMATION? • Automated: Deploys and configures an infrastructure to compliance requirements automatically • Turnkey: Includes all the required security controls (SIEM, IDS/IPS, etc.), policy templates, and configurations • Proven: Uses known-good reference architectures, generates audit artifacts • Guardrails: Continuous monitoring to maintain compliant, secure state • Isolated: Does not co-mingle data, controls, or access with any external party • Flexible: Suitable for a broad range of organizational types
  • 21. RESPONSIBILITY MATRIX User Access Data management User entitlements Application Configuration Reference Architectures Secure Configurations Security Controls Documentation Templates 24x7 SecOps Storage and databases Physical security Regions and AZs Virtualization security Customer Responsibility Application Systems
  • 23. 1. DEPLOY CLOUD REFERENCE ARCHITECTURE • Pre-configured architecture that includes: • Compliance Automation VPC --- -> • One or more application VPCs • Subnets, routes • NAT Gateways • Zero-trust access rights (no discretionary access) • Application load balancers (with FIPS-140 compliant encryption) • All access logged to Cloudtrail • Encrypted S3 buckets • IAM, KMS, etc. auto-configured
  • 24. 2. USE PRE-HARDENED OS IMAGES Center for Internet Security provides an excellent suite of hardened images • RedHat • Windows 2016 • CentOS • …and more • Images are pre-hardened to compliance requirements • Anitian CA adjusts configurations to suit the specific compliance needs • Documentation included with each AMI
  • 25. 3. DEPLOY AUTHENTICATION STACK • Deploy and configure AD cluster on hardened Windows Servers • Install and configure certificate authority • Generate internal certificates • Deploy group policies (for other Windows hosts) • Push certificates, trust rules, and configurations to hosts • Populate AD with required service accounts and generated passwords • Integrate multi-factor authentication (Yubikey, Okta, etc.)
  • 26. 4. CODE AND CONFIGURATION MANAGEMENT Code Repository • Local, secured repository for automation code • Version controlled copies of everything • Integrates into automation stack Configuration Management • Manages configurations and updates for CA stack • Performs some guardrail functions • Can be extended to app environment • Autodeploy: console, database • Autoconfigure: policies • Push configurations to endpoints
  • 27. 5. TREND MICRO ENDPOINT • Meets multiple security control requirements for: – Anti-virus – IDS/IPS – File integrity monitoring – Log monitoring – Security scanning – Patch management • Broad OS support • Autodeploy and scale: management console, database • Autoconfigure: management settings, encryption, endpoint policies • Push policies to agents
  • 28. 6. BUILD OUT SIEM STACK • Either Anitian or Splunk SIEM • Autodeploy and scale: – Management console – Forwarders – Indexers • Auto-configure: – Host logging – AWS Cloudtrail, Cloudwatch logging – Alerts, reports, dashboards, correlations – Storage – Certificate trusts – Encryption of data at rest • Application event logging is configured in post deployment engagement
  • 29. 7. VULNERABILITY MANAGEMENT • Autodeploy console and scan agents • Autoconfigure scan profiles, targets, scanning schedules • Provides required risk-based vulnerability management: – Reporting for auditors – Ticketing for internal staff – Audit trail for audits – Automated scans
  • 30. 8. PERIMETER DEFENSES WAF • Web application firewall for environments that have a web front-end • Configured to meet FedRamp (OWASP Top Ten) • Autoconfigure: policies, logging NGFW • For environments with heavy outbound traffic we deploy a NGFW • Autodeploy: appliance into transit VPC • Autoconfigure: policies, logging to SIEM, alerts, IDS/IPS, webfiltering, etc.
  • 31. 9. IMPLEMENT GUARD RAILS • Keeps the environment configured within FedRamp access control requirements • Use multiple techniques to monitor: AWS Config, Lambda functions, SIEM alerts, Trend Micro, Puppet, and more • All changes are monitored and logged to SIEM • Provides alerts to contacts when a change will result in a non-compliant state • Greatly assists with audit process
  • 32. 10. POST DEPLOYMENT ENGAGEMENT Once the Compliance architecture is deployed, Anitian works with you to: • Customize policy and procedure templates • Setup the application hosting environment • Integrate your app(s) and data into environment • Help integrate automations • Fine-tune security controls • Handle exceptions and remediations • Knowledge transfer • Audit stewardship
  • 34. 11. TRANSITION TO SECOPS • 24x7 security monitoring (USA-based SOC) • 24x7 threat hunting • 24x7 compliance monitoring • 24x7 incident response • On-demand remediation • On-demand customized reporting • On-call support • On-call vulnerability testing
  • 35. CUSTOMER SUCCESS – SMARTSHEET This is the fastest FedRAMP ATO – EVER Compliance environment built and ready in 60 days Task Date Completed Kick-off Call 9.19.2018 Compliance Automation started 9.28.2018, 10:20 AM FedRAMP Architecture running 9.28.2018, 1:40 PM Application onboarding begins 10.1.2018 Documentation effort begins 10.1.2018 Gap Assessment complete 10.31.2018 Environment is audit-ready 11.16.2018 3PAO Assessment complete 11.30.2018 Package submitted to FedRAMP PMO 12.19.2018 Government shutdown 12.22.2018 ATO issued March 2019
  • 37. COMPLIANCE: AUTOMATED THE OLD WAY THE NEW WAY
  • 38. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark • Stable – 30+ year, profitable history focused on security software • Innovative - Research & engineering driven company • Proven - Customers include 45 of top 50 global corporations • Global - Over 6,500 employees in over 50 countries • Threat Intel – Smart Protection Network / Zero Day Initiative • Accolades – Market leadership positions in every product category The value of Trend Micro 500k commercial customers & 250M+ endpoints protected Enterprise Mid-size Business Small Business Consumers
  • 39. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Every application’s journey is different Physical servers Virtual servers Virtual desktops Public cloud Containers Serverless
  • 40. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark A TOP SECURITY PARTNER AWS Partner Network (APN) and Marketplace teams SELLER ADVISORY BOARD AWS Marketplace Advisory Board LEADING SECURITY PARTNER for many AWS customers AWS LAUNCH PARTNER for Amazon GuardDuty, AWS Security Hub, Amazon Macie, CPPO and more AWS MANAGED SERVICES Security partner of choice for AWS Managed Services Available as Software & SaaS in
  • 41. © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark Hybrid cloud security solution Network Security Malware PreventionSystem SecurityContainer Image Scanning Software Build Pipeline Runtime Firewall Vulnerability Scanning Intrusion Prevention Anti- Malware Sandbox Analysis Application Control Integrity Monitoring Log Inspection Malware Detection Vulnerability Scanning Sweeping & Hunting Behavioral Analysis Machine Learning Environments Platforms API & Integrations Other Public Clouds
  • 43. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T Ignacio Martinez Ignacio.martinez@smartsheet.com Andrew Plato andrew.plato@anitian.com Jeff Westphal jeff_westphal@trendmicro.com
  • 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.P U B L I C S E C T O R S U M M I T