利用 AWS 功能构建安全设计环境（由 Native 赞助）.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Gal Ordo(He/Him/His)Co-founder&CPONativeSowjanya Rajavaram(She/Her/Hers)Sr.Solutions ArchitectAmaz

2、on Web ServicesBuilding Secure-by-Design Environments with AWS CapabilitiesS E C 2 0 8-S 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Why security-by-design is importantCore AWS capabilities for achieving security-by-designSteps to define cloud security standardHow Native makes

3、 this simple Agenda 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Initial DetectionRemediation6 months laterEverything should be encrypted-at-rest1,000 unencrypted EBS VolumesReach out to resource ownersMonths long remediation processManual progress tracking and exceptions manag

4、ementAll 1,000 resources remediated,but there are 500 new unencrypted EBS VolumesThe detective approach 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Preventive policyDetection&remediationAll new EBS Volumes must be encryptedRemediate existing EBS VolumesRepeat for other resourc

5、e typesEverything should be encrypted-at-restThe secure-by-design approach 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.and moreSecurity-by-design goes beyond configuration baselinesCloud footprint managementExternal access managementData perimeterNetwork securityPrivileged act

6、ions management 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Service Control Policies(SCPs)Define the maximum available permissions of the IAM principals for all accounts in your organizationDeclarative PoliciesEnsure configurations are maintained regardless of new feature or A