SlideShare a Scribd company logo

WPS205_Is AWS GovCloud Right for your Regulated Workload

Amazon Web Services
Amazon Web Services

AWS GovCloud (US) is an isolated AWS Region designed to help US government agencies and highly regulated organizations meet their compliance needs, including the International Traffic in Arms Regulations (ITAR) and Federal Risk and Authorization Management Program (FedRAMP). AWS GovCloud (US) makes it safe and easy to move sensitive data and regulated IT workloads to the cloud, through its adherence to numerous compliance and regulatory requirements. Join us to learn about AWS GovCloud (US) and how AWS can do the heavy lifting for your government agency or regulated enterprise.

1 of 28
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Is AWS GovCloud Right for your Regulated Workload? D a v i d C r u l e y , M a n a g e r , W W P S S p e c i a l i s t s T e a m , A W S T o m G e r d e s , V P I n f o r m a t i o n T e c h n o l o g y , J o h n s o n C o n t r o l s F e d e r a l S y s t e m s S t e v e P o r t e r , I I S E n g i n e e r i n g F e l l o w , R a y t h e o n W P S 2 0 5 N o v e m b e r 2 7 , 2 0 1 7
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure 16 Regions 43 Availability Zones 3 AWS GovCloud (US-East)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. First Myth of GovCloud =!= It is NOT just for Govies!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Who Uses AWS GovCloud? U.S. Government Federal, state, and local Consulting firms and systems integrators Technology firms and ISVs Education institutions Research organizations Regulated industries (Aerospace, Defense, Energy, Manufacturing, Health care) Nonprofit organizations Managed-service providers
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fit for Controlled Unclassified Information (CUI) Many customers use GovCloud for all categories of CUI Agriculture Copyright Critical infrastructure Export control Financial Immigration Intelligence Law enforcement Legal Nuclear Patent Privacy (PII) Proprietary (IP) Statistical (census) Tax Transportation
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Unique Compliance Posture of GovCloud International Traffic and Arms Regulation DOD Cloud Security Req’s Guide IL 2,4 and 5 SP 800-53 (rev 4) SP 800-171 CJIS Federal Information Processing Standard Pub Defense Federal Acquisition Regulation Supplement IRS—1075 (Section 6103 (p)) FedRAMP Moderate and High
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. …And Features Compliance in Other AWS Regions Family Educational Rights and Privacy Act International Organization for Standardization AICPA Service Organization Control Reports Payment Card Industry Data Security Standard Export Administration Regulation Health Insurance Portability and Accountability Act
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. To GovCloud or Not to GovCloud or
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Do You Have Requirements For… “Community cloud” with vetted account holders Managed by U.S. citizens on U.S. soil
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DOD Cloud Security Req’s Guide IL 2 FedRAMP Moderate Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act OR Select region based on customer preference or integration requirements IRS—1075 (Section 6103 (p)) Do You Have Requirements For…
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DOD Cloud Security Req’s Guide IL 4 or 5 FedRAMP High GovCloud is the only region certified for workloads with these requirements International Traffic and Arms Regulation CJIS Defense Federal Acquisition Regulation Supplement Do You Have Requirements For…
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. o GovCloud, in many ways, is just another region o Services within region operate the same as commercial regions o Same security posture as commercial regions o GovCloud has technical differences o VPN endpoints are FIPS Validated Hardware and operate differently than commercial region software-based VPNs o Service endpoints are also FIPS Validated o Service parity can impact architecture (no Route 53, for example) A Few Technical Considerations
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. o Cross-region copy functionality disabled by design (AMI, Amazon S3 buckets…) o Separate IAM credentials prevent cross-region functionality (RDS, DynamoDB…) o Separate IAM credential boundary prevents native service integration with commercial regions (SNS, SQS…) GovCloud is an Isolated Region
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Do the systems reside in GovCloud, U.S. commercial regions, or both? Do You Have Integration Requirements?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. o GovCloud only or commercial only o Simple…deploy in the same region… o GovCloud and commercial o Deploy in commercial AND GovCloud o Will require maintaining multiple instances of your app o Multiple ATOs—one for GovCloud and one for commercial o Deploy in commercial OR GovCloud o Simplifies management to a single instance, but… o Be careful of compliance boundaries o GovCloud is an isolated region which complicates AWS service integration across regions (app-level integration generally ok) Integration Requirements (Continued)
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS GovCloud as a Strategic Differentiator U.S. government shared services Improve compliance management [+] Addressable marketNarrow competitionShorten ATO timeline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer Use Cases Johnson Controls Federal Systems Tom Gerdes—VP, Information Technology
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. JCI and Tyco Foreign Ownership, Control or Influence (FOCI) New Technology Requirements • Merger completed on September 6, 2016 • Global diversified technology and multi- industrial leader in buildings and power solution markets • Headquartered in Cork, Ireland • Merged company considered under FOCI based on ownership structure • Established new mitigated entity to continue serving government customers • Independent infrastructure, applications and cybersecurity solutions • Increased compliance requirements The Backstory
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMPLIANCE SPEED SCALE ACCESS Why AWS GovCloud?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMAZON ELASTIC COMPUTE CLOUD AMAZON SIMPLE STORAGE SERVICE/ AMAZON GLACIER AMAZON RELATIONAL DATABASE SERVICE AWS DIRECT CONNECT AMAZON SIMPLE NOTIFICATION SERVICE AWS CERTIFICATE MANAGER AWS CLOUDTRAIL AND AMAZON CLOUDWATCH ELASTIC LOAD BALANCING AWS Asset Usage in Virtual Private Cloud
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMPLIANCE • ITAR and FedRAMP • Integrating logs with cybersecurity Security Information Event Management platform • Disaster recovery and data archiving SPEED • Initiate to go-live in two months • Improved application performance SCALE • Deltek Costpoint, Shop Floor Time, Time & Expense, and RFgen solutions migrated (Dev and Prod) • Time clock hardware and RF scanner connectivity ACCESS • Direct connection to data center • Improved remote and mobile access with external URL • AD- authenticated single sign on Where We Are
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer Use Cases Raytheon Steve Porter—IIS Engineering Fellow
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use case: Improve product quality with automated software test processes and infrastructure as code • Mission test environments are large and complex • Testing mission code often required 30-40 nodes, including storage and network • Functional and Integration testing is not using clean test environments • Test environment deployments are slow, not repeatable or consistent Solution: GovCloud-enabled Continuous Automation • Use code to rapidly instantiate large test environments on GovCloud • Create workloads that deploy the same on AWS as they do on VMWare and bare metal • Create a continuous integration pipeline that builds environments, automatically tests code changes, then destroys the environment (Ephemeral Test) • Create an automated management process that continuously cleans up GovCloud artifacts based on tagging metadata Mission-like Test Environments
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous Automation improves product quality • Repeatability • The system is deployed the same way every time • The deployment code is exercised many times each day at scale • Consistency • Each deployment converges to the same desired state • Consistency is highly desirable for security controls and configurations • Velocity (Speed with purpose) • Accelerates the development process and increases overall product quality • Consider the whole development pipeline system—seek out the next slow thing Velocity Killers • Snowflake configurations • Multiple environments, persistent and stale environments Continuous Automation Velocity will be achieved through consistency and repeatability
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GovCloud Mission-like Environments in Minutes App Server App Server App Server App Server LB App Server App Server App Server App Server LB Active Dir PKI Chef Srv SOA NFS Server DB1 DB2 Net Router Mission 1 Mission 2 Workstation Workstation Mission 3 Mission 3 VPC Infrastructure as Code Terraform Chef AMI Repo Test Results
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GovCloud Enabled DevOps Results GovCloud enables consistent, repeatable environments at high velocity Pipeline Process Normal Process Build Compile SW Change Unit Test Sanity Test SW Changes Packaging Package Component Once for Deliver Staging Pull Package & Supporting Components from CM Deployment Provision AWS Services & Install Applications Functional Test Execute Component Functional Test Suite DevOps Process Build Unit Test Package & Deploy Functional Test Less Than 30 minutes Less Than 30 minutes Less Than 1 Hour 80 hours & Not Clean Environment8 hours Not done every build Not done every build Clean Environment Every time; Less Than 1 Hour AWS GovCloud Every change validated early in the development cycle Multiple changes validated late in the development cycle
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Developers are in Control • Developers control which products and versions are deployed to configure their test environment • Infrastructure and platform products maintain a library of version- controlled AMIs for quick launch • Service costs are controlled by a mapping of AWS instance types to node types • Terraform code is dynamically generated based on environment resource requirements • Each test environment is idempotent and ephemeral • Resource tagging is key to controlling environment resources Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!

Recommended

SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 

Recommended

SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...
SID201_IAM for Enterprises How Vanguard strikes the Balance Between Agility, ...Amazon Web Services
 
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...
GPSTEC321_VMware on AWS Cloud Technical Deep Dive & Native AWS Services Integ...Amazon Web Services
 
WIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineWIN203_With Amazon EC2 for Windows Server and Thinkbox Deadline
WIN203_With Amazon EC2 for Windows Server and Thinkbox DeadlineAmazon Web Services
 
GPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureGPSTEC302_Anti-Patterns- Learning through Failure
GPSTEC302_Anti-Patterns- Learning through FailureAmazon Web Services
 
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...
SecOps 2021 Today: Using AWS Services to Deliver SecOps - SID304 - re:Invent ...Amazon Web Services
 
SID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamSID301_Using AWS Lambda as a Security Team
SID301_Using AWS Lambda as a Security TeamAmazon Web Services
 
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionSID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side Encryption
SID345-AWS Encryption SDK The Busy Engineer’s Guide to Client-Side EncryptionAmazon Web Services
 
DVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedDVC304_Compliance and Top Security Threats in the Cloud—Are You Protected
DVC304_Compliance and Top Security Threats in the Cloud—Are You ProtectedAmazon Web Services
 
SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfAmazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
Application Performance Management on AWS
Application Performance Management on AWSApplication Performance Management on AWS
Application Performance Management on AWSAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 
SID402_An AWS Security Odyssey
SID402_An AWS Security OdysseySID402_An AWS Security Odyssey
SID402_An AWS Security OdysseyAmazon Web Services
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationAmazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoTIOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoTAmazon Web Services
 
MBL306_Mobile State of the Union
MBL306_Mobile State of the UnionMBL306_Mobile State of the Union
MBL306_Mobile State of the UnionAmazon Web Services
 
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017Amazon Web Services
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWSAmazon Web Services
 
AWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 
ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing ZonesAmazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 

More Related Content

What's hot

SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaAmazon Web Services
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017Amazon Web Services
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfAmazon Web Services
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSAmazon Web Services
 
Application Performance Management on AWS
Application Performance Management on AWSApplication Performance Management on AWS
Application Performance Management on AWSAmazon Web Services
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Amazon Web Services
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...Amazon Web Services
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...Amazon Web Services
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWSAmazon Web Services
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...Amazon Web Services
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationAmazon Web Services
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...Amazon Web Services
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...Amazon Web Services
 
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoTIOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoTAmazon Web Services
 
MBL306_Mobile State of the Union
MBL306_Mobile State of the UnionMBL306_Mobile State of the Union
MBL306_Mobile State of the UnionAmazon Web Services
 
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017Amazon Web Services
 
AWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAmazon Web Services
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Amazon Web Services
 

What's hot (20)

SID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and AlexaSID302_Force Multiply Your Security Team with Automation and Alexa
SID302_Force Multiply Your Security Team with Automation and Alexa
 
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
NEW LAUNCH! Introduction to Managed Rules for AWS WAF - SID217 - re:Invent 2017
 
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdfWIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
WIN302-Deep Dive on Active Directory From One to Many AWS Regions.pdf
 
GPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWSGPSTEC311_Enhancing customer security using AIML on AWS
GPSTEC311_Enhancing customer security using AIML on AWS
 
Application Performance Management on AWS
Application Performance Management on AWSApplication Performance Management on AWS
Application Performance Management on AWS
 
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
Building the Largest Repo for Serverless Compliance-as-Code - SID205 - re:Inv...
 
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
GPSTEC309-SaaS Monitoring Creating a Unified View of Multitenant Health featu...
 
SID402_An AWS Security Odyssey
SID402_An AWS Security OdysseySID402_An AWS Security Odyssey
SID402_An AWS Security Odyssey
 
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
NEW LAUNCH! AWS Greengrass and Amazon FreeRTOS: Connectivity and Security at ...
 
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
How BrightEdge Achieves End-to-End Security Visibility with Splunk and AWS
 
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
ENT223_Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action...
 
SRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and AuthorizationSRV403_Serverless Authentication and Authorization
SRV403_Serverless Authentication and Authorization
 
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
SID202_Deep Dive on How Capital One Automates the Delivery of Directory Servi...
 
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...
 
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoTIOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
IOT308-One Message to a Million Things Done in 60 seconds with AWS IoT
 
MBL306_Mobile State of the Union
MBL306_Mobile State of the UnionMBL306_Mobile State of the Union
MBL306_Mobile State of the Union
 
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
NEW LAUNCH! AWS IoT Device Management - IOT330 - re:Invent 2017
 
Getting Started with AWS
Getting Started with AWSGetting Started with AWS
Getting Started with AWS
 
AWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAFAWS reInvent 2017 recap - Managed Rules on AWS WAF
AWS reInvent 2017 recap - Managed Rules on AWS WAF
 
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
Five New Security Automation Improvements You Can Make by Using Amazon CloudW...
 

Similar to WPS205_Is AWS GovCloud Right for your Regulated Workload

How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 
ARC319_Multi-Region Active-Active Architecture
ARC319_Multi-Region Active-Active ArchitectureARC319_Multi-Region Active-Active Architecture
ARC319_Multi-Region Active-Active ArchitectureAmazon Web Services
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureAmazon Web Services
 
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...Amazon Web Services
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWSAmazon Web Services
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSAmazon Web Services
 
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Amazon Web Services
 
IOT311_Customer Stories of Things, Cloud, and Analytics on AWS
IOT311_Customer Stories of Things, Cloud, and Analytics on AWSIOT311_Customer Stories of Things, Cloud, and Analytics on AWS
IOT311_Customer Stories of Things, Cloud, and Analytics on AWSAmazon Web Services
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS StorageAmazon Web Services
 
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...Amazon Web Services
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftAmazon Web Services
 
ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...
ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...
ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...Amazon Web Services
 
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...Amazon Web Services
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Amazon Web Services
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...Amazon Web Services
 
Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017
Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017
Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017Amazon Web Services
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudAmazon Web Services
 

Similar to WPS205_Is AWS GovCloud Right for your Regulated Workload (20)

ENT315_Landing Zones
ENT315_Landing ZonesENT315_Landing Zones
ENT315_Landing Zones
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
ARC319_Multi-Region Active-Active Architecture
ARC319_Multi-Region Active-Active ArchitectureARC319_Multi-Region Active-Active Architecture
ARC319_Multi-Region Active-Active Architecture
 
Generational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To InsureGenerational shiftsRedefining Customer Experience And The Way To Insure
Generational shiftsRedefining Customer Experience And The Way To Insure
 
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
RET303_Drive Warehouse Efficiencies with the Same AWS IoT Technology that Pow...
 
How Redlock Automates Security on AWS
How Redlock Automates Security on AWSHow Redlock Automates Security on AWS
How Redlock Automates Security on AWS
 
Executing a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWSExecuting a Large-Scale Migration to AWS
Executing a Large-Scale Migration to AWS
 
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
Security Validation through Continuous Delivery at Verizon - DEV403 - re:Inve...
 
IOT311_Customer Stories of Things, Cloud, and Analytics on AWS
IOT311_Customer Stories of Things, Cloud, and Analytics on AWSIOT311_Customer Stories of Things, Cloud, and Analytics on AWS
IOT311_Customer Stories of Things, Cloud, and Analytics on AWS
 
Introduction: Security & AWS Storage
Introduction: Security & AWS StorageIntroduction: Security & AWS Storage
Introduction: Security & AWS Storage
 
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
NEW LAUNCH! AWS PrivateLink: Bringing SaaS Solutions into Your VPCs and Your ...
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
NIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up LoftNIST Compliance, AWS Federal Pop-Up Loft
NIST Compliance, AWS Federal Pop-Up Loft
 
ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...
ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...
ABD208_Cox Automotive Empowered to Scale with Splunk Cloud & AWS and Explores...
 
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
ARC306_High Resiliency & Availability Of Online Entertainment Communities Usi...
 
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019 Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
Establishing AWS as a trusted partner - GRC325 - AWS re:Inforce 2019
 
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
DEV325_Application Deployment Techniques for Amazon EC2 Workloads with AWS Co...
 
Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017
Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017
Oracle Enterprise Solutions on AWS - ENT326 - re:Invent 2017
 
Elevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloudElevate_your_security_with_the_cloud
Elevate_your_security_with_the_cloud
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

WPS205_Is AWS GovCloud Right for your Regulated Workload

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS re:INVENT Is AWS GovCloud Right for your Regulated Workload? D a v i d C r u l e y , M a n a g e r , W W P S S p e c i a l i s t s T e a m , A W S T o m G e r d e s , V P I n f o r m a t i o n T e c h n o l o g y , J o h n s o n C o n t r o l s F e d e r a l S y s t e m s S t e v e P o r t e r , I I S E n g i n e e r i n g F e l l o w , R a y t h e o n W P S 2 0 5 N o v e m b e r 2 7 , 2 0 1 7
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Global Infrastructure 16 Regions 43 Availability Zones 3 AWS GovCloud (US-East)
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. First Myth of GovCloud =!= It is NOT just for Govies!
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Who Uses AWS GovCloud? U.S. Government Federal, state, and local Consulting firms and systems integrators Technology firms and ISVs Education institutions Research organizations Regulated industries (Aerospace, Defense, Energy, Manufacturing, Health care) Nonprofit organizations Managed-service providers
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Fit for Controlled Unclassified Information (CUI) Many customers use GovCloud for all categories of CUI Agriculture Copyright Critical infrastructure Export control Financial Immigration Intelligence Law enforcement Legal Nuclear Patent Privacy (PII) Proprietary (IP) Statistical (census) Tax Transportation
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The Unique Compliance Posture of GovCloud International Traffic and Arms Regulation DOD Cloud Security Req’s Guide IL 2,4 and 5 SP 800-53 (rev 4) SP 800-171 CJIS Federal Information Processing Standard Pub Defense Federal Acquisition Regulation Supplement IRS—1075 (Section 6103 (p)) FedRAMP Moderate and High
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. …And Features Compliance in Other AWS Regions Family Educational Rights and Privacy Act International Organization for Standardization AICPA Service Organization Control Reports Payment Card Industry Data Security Standard Export Administration Regulation Health Insurance Portability and Accountability Act
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. To GovCloud or Not to GovCloud or
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Do You Have Requirements For… “Community cloud” with vetted account holders Managed by U.S. citizens on U.S. soil
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DOD Cloud Security Req’s Guide IL 2 FedRAMP Moderate Payment Card Industry Data Security Standard Health Insurance Portability and Accountability Act OR Select region based on customer preference or integration requirements IRS—1075 (Section 6103 (p)) Do You Have Requirements For…
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. DOD Cloud Security Req’s Guide IL 4 or 5 FedRAMP High GovCloud is the only region certified for workloads with these requirements International Traffic and Arms Regulation CJIS Defense Federal Acquisition Regulation Supplement Do You Have Requirements For…
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. o GovCloud, in many ways, is just another region o Services within region operate the same as commercial regions o Same security posture as commercial regions o GovCloud has technical differences o VPN endpoints are FIPS Validated Hardware and operate differently than commercial region software-based VPNs o Service endpoints are also FIPS Validated o Service parity can impact architecture (no Route 53, for example) A Few Technical Considerations
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. o Cross-region copy functionality disabled by design (AMI, Amazon S3 buckets…) o Separate IAM credentials prevent cross-region functionality (RDS, DynamoDB…) o Separate IAM credential boundary prevents native service integration with commercial regions (SNS, SQS…) GovCloud is an Isolated Region
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Do the systems reside in GovCloud, U.S. commercial regions, or both? Do You Have Integration Requirements?
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. o GovCloud only or commercial only o Simple…deploy in the same region… o GovCloud and commercial o Deploy in commercial AND GovCloud o Will require maintaining multiple instances of your app o Multiple ATOs—one for GovCloud and one for commercial o Deploy in commercial OR GovCloud o Simplifies management to a single instance, but… o Be careful of compliance boundaries o GovCloud is an isolated region which complicates AWS service integration across regions (app-level integration generally ok) Integration Requirements (Continued)
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS GovCloud as a Strategic Differentiator U.S. government shared services Improve compliance management [+] Addressable marketNarrow competitionShorten ATO timeline
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer Use Cases Johnson Controls Federal Systems Tom Gerdes—VP, Information Technology
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. JCI and Tyco Foreign Ownership, Control or Influence (FOCI) New Technology Requirements • Merger completed on September 6, 2016 • Global diversified technology and multi- industrial leader in buildings and power solution markets • Headquartered in Cork, Ireland • Merged company considered under FOCI based on ownership structure • Established new mitigated entity to continue serving government customers • Independent infrastructure, applications and cybersecurity solutions • Increased compliance requirements The Backstory
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMPLIANCE SPEED SCALE ACCESS Why AWS GovCloud?
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AMAZON ELASTIC COMPUTE CLOUD AMAZON SIMPLE STORAGE SERVICE/ AMAZON GLACIER AMAZON RELATIONAL DATABASE SERVICE AWS DIRECT CONNECT AMAZON SIMPLE NOTIFICATION SERVICE AWS CERTIFICATE MANAGER AWS CLOUDTRAIL AND AMAZON CLOUDWATCH ELASTIC LOAD BALANCING AWS Asset Usage in Virtual Private Cloud
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. COMPLIANCE • ITAR and FedRAMP • Integrating logs with cybersecurity Security Information Event Management platform • Disaster recovery and data archiving SPEED • Initiate to go-live in two months • Improved application performance SCALE • Deltek Costpoint, Shop Floor Time, Time & Expense, and RFgen solutions migrated (Dev and Prod) • Time clock hardware and RF scanner connectivity ACCESS • Direct connection to data center • Improved remote and mobile access with external URL • AD- authenticated single sign on Where We Are
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Customer Use Cases Raytheon Steve Porter—IIS Engineering Fellow
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Use case: Improve product quality with automated software test processes and infrastructure as code • Mission test environments are large and complex • Testing mission code often required 30-40 nodes, including storage and network • Functional and Integration testing is not using clean test environments • Test environment deployments are slow, not repeatable or consistent Solution: GovCloud-enabled Continuous Automation • Use code to rapidly instantiate large test environments on GovCloud • Create workloads that deploy the same on AWS as they do on VMWare and bare metal • Create a continuous integration pipeline that builds environments, automatically tests code changes, then destroys the environment (Ephemeral Test) • Create an automated management process that continuously cleans up GovCloud artifacts based on tagging metadata Mission-like Test Environments
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Continuous Automation improves product quality • Repeatability • The system is deployed the same way every time • The deployment code is exercised many times each day at scale • Consistency • Each deployment converges to the same desired state • Consistency is highly desirable for security controls and configurations • Velocity (Speed with purpose) • Accelerates the development process and increases overall product quality • Consider the whole development pipeline system—seek out the next slow thing Velocity Killers • Snowflake configurations • Multiple environments, persistent and stale environments Continuous Automation Velocity will be achieved through consistency and repeatability
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GovCloud Mission-like Environments in Minutes App Server App Server App Server App Server LB App Server App Server App Server App Server LB Active Dir PKI Chef Srv SOA NFS Server DB1 DB2 Net Router Mission 1 Mission 2 Workstation Workstation Mission 3 Mission 3 VPC Infrastructure as Code Terraform Chef AMI Repo Test Results
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GovCloud Enabled DevOps Results GovCloud enables consistent, repeatable environments at high velocity Pipeline Process Normal Process Build Compile SW Change Unit Test Sanity Test SW Changes Packaging Package Component Once for Deliver Staging Pull Package & Supporting Components from CM Deployment Provision AWS Services & Install Applications Functional Test Execute Component Functional Test Suite DevOps Process Build Unit Test Package & Deploy Functional Test Less Than 30 minutes Less Than 30 minutes Less Than 1 Hour 80 hours & Not Clean Environment8 hours Not done every build Not done every build Clean Environment Every time; Less Than 1 Hour AWS GovCloud Every change validated early in the development cycle Multiple changes validated late in the development cycle
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Developers are in Control • Developers control which products and versions are deployed to configure their test environment • Infrastructure and platform products maintain a library of version- controlled AMIs for quick launch • Service costs are controlled by a mapping of AWS instance types to node types • Terraform code is dynamically generated based on environment resource requirements • Each test environment is idempotent and ephemeral • Resource tagging is key to controlling environment resources Approved for Public Release This document does not contain technology or technical data controlled under either the U.S. International Traffic in Arms Regulations or the U.S. Export Administration Regulations.
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!