AC
Uploaded byAndrew Clark
124 views

AWS for Auditors

The document provides an overview of cloud computing, specifically focusing on AWS and its services while highlighting the expertise of Andrew Clark, a data economist. It discusses the benefits and risks associated with AWS, best practices for enterprise deployment, and key services like EC2, S3, and RDS. Additionally, it emphasizes security considerations and remediation strategies within a cloud environment.

Embed presentation

Download to read offline
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. Andrew Clark Data Economist BlockScience AWS for Auditors
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About me  B.S. in Business Administration with a concentration in Accounting, Summa Cum Laude, from University of Tennessee at Chattanooga.  M.S. in Data Science from Southern Methodist University.  Ph.D. Candidate in Economics at the University Reading.  American Statistical Association Graduate Statistician (GStat), INFORMS Certified Analytics Professional (CAP) and AWS Certified Solutions Architect – Associate.  Experienced in designing, built and deployed numerous machine learning and continuous auditing solutions using open source technologies.  Have worked in IT Audit for two publicly traded companies, one of them a Fortune 500 financial institution.  Working as a Data Economist creating ecosystem economic design specifications by simulating the designed ecosystem using Python-based methods. Employing mathematical engineering technologies, I create novel solutions by utilizing time-tested systems engineering practices to solve business problems.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About BlockScience  BlockScience is an engineering, research and development, and analytics firm focused on the design and analysis of complex networks. We apply mathematical engineering technologies associated with time-tested systems engineering practices to solve business problems. Whether identifying systemic risks in company operations or guiding expansion into a new line of business, BlockScience provides thoroughly researched, mathematically engineered solutions.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Outline  Overview of AWS and it’s key services  Discussion of the unique risks that are present in a cloud computing environment.  Remediation strategies for dealing with cloud computing risks  Describe best practices for an enterprise AWS deployment.  Understand the potential for completely flexible and scripted computing environments that AWS enables.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  AWS: The current king of cloud  AWS is the current king of cloud computing. I like to think of AWS’s infrastructure as a box of Lego bricks, that a skilled architect can assemble together to make something remarkable.  Microsoft Azure has a solid offering as well, and may be a better option for small businesses, as it is a little easier to plug and play. AWS is the gold standard for customization however.  Google Cloud has a respectable entry as well, although lagging between AWS and Azure in many regards, one of which is maturity
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Key components and concepts of AWS  VPCs  Regions  Availability Zones  Pay as you go
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Compute Cloud (EC2)  EC2 is flexible computing in the cloud.  It is an unmanaged service where the user provision virtual machines of the required size and accesses them through SSH.  It takes only minutes to provision and access an EC2 instance to deploy an application. It is possible to run an EC2 instance as your main work computer, when using something like a Google Chromebook to access it.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Block Store (EBS)  EBS is the hard drive for your EC2.  It can be solid state drive (SSD) or hard disk drives (SDD) and range in sizes from 4GB to 16 TB https://aws.amazon.com/ebs/features/?nc=sn&loc=1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Simple Storage Service (S3)  S3 is an object based storage service.  You can think of it as Dropbox (the first 8 years of Dropbox’s existence it was essentially a wrapper around AWS S3 - https://www.wired.com/2016/03/epic-story-dropboxs-exodus-amazon-cloud-empire/  S3 comes in three tiers (S3, S3-I, and Glacier), and can store data between 0 bytes and 5 Tbs in an single bucket - https://aws.amazon.com/s3/faqs/
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Relational Database Service (RDS)  Relational database in the cloud.  Available in many different flavors, such as SQL Server, Oracle, MySQL, PostgresSQL, MarioDB, and Amazon Aurora.  Fully managed service, meaning you only have to worry about the database maintenance, not running the underlying server.  Note: You can run a database off of an EC2, there is no reason you must use RDS. - https://aws.amazon.com/rds/faqs/ Amazon RD
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Identity and Access Management (IAM)  One of the key components of the AWS.  The ‘logical access engine’  Create users, roles, etc - https://aws.amazon.com/iam/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Virtual Private Cloud (VPC)  One of the key components of the AWS.  How ‘your environment in the cloud’ is constructed.  Define security groups specifying who can access which resources.  Define networking, availability joins, etc. - https://aws.amazon.com/vpc/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Route 53  DNS service  Scalable  Flexible options for directing traffic to reduce latency - https://aws.amazon.com/route53/? nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Load Balancing  Load balancing service that can handle multiple targets across multiple availability zones.  Secure  Elastic - https://aws.amazon.com/elasticloadbalancing/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS EC2 AutoScaling  Provides the ability to add or remove EC2 instances based on defined user criteria. I.e, if CPU usage goes above 70%, add another EC2 (and an Elastic Load Balancer can balance the traffic out between the instances)  Scheduled scaling - https://aws.amazon.com/ec2/autoscaling/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS CloudFormation  Infrastructure as code.  Provides flexibility not traditionally possible  Potential for increase in security  Don’t patch, update the latest operating system versions in your CloudFormation script and rebuild your infrastructure. “Rehydration”  Similar to Chef, Ansible, etc. - https://aws.amazon.com/cloudformation/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Honorable mentions:  Lambda  Fargate  ECS  Redshift  There are hundreds of additional services, it is extremely overwhelming to try and stay on top of.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations  Confidentiality  Access control - root accounts  Resilience / availability  Compliance  Security  Vendor lock-in  Insufficient visibility
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations Cont.  Inadvertently exposing data - S3 bucket moved to public  Access control, access control, access control. Root accounts should be very limited, and use MFA when necessary. Strong passwords, should have MFA for all. Least privileged access, use IAM religiously. Limit IP address in security groups.  Key management - Rotate or change keys every 90 days or so.  For some of the AWS managed services, Machine Learning tools, etc, Amazon has some fine print about the right to view your data, so be care which services you use, if using managed.  Use CloudTrail for audit history
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Best Practices (selected items)  Create a single “pane of glass” for viewing your environment.  Use tagging religiously  Keep an inventory of all instances (CloudWatch and Config, or custom)  Rehydrate every 60 days  Conduct penetration tests, both social engineering and technical  Deploy to multiple regions and availability zones, with load balancing for failover.  Conduct tests of removing services in one region and see if the system is resilient enough to withstand it. i.e., simulating a region going offline.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  CloudFormation and the scripted environment  Follow this tutorial and resources to see the power of CloudFormation and automated infrastructure:  https://github.com/aclarkData/NACACS-2019/blob/master/README.md
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  To learn more about AWS:  https://github.com/aclarkData/NACACS-2019  https://aws.amazon.com/  A Cloud Guru – Paid membership, but the best on the market I’ve found
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Questions?
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Thank you!
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Andrew Clark Data Economist BlockScience LinkedIn: https://www.linkedin.com/in/andrew-clark-b326b767/ Email: andrewtaylorclark@gmail.com Website: https://aclarkdata.github.io/

More Related Content

PPTX
Machine Learning for Auditors: What you need to know - ISACA North America CA...
byAndrew Clark
 
PPTX
Reinventing Auditing with Machine Learning
byAndrew Clark
 
PPTX
The Machine Learning Audit. MIS ITAC 2017 Keynote
byAndrew Clark
 
PPTX
The Machine Learning Audit
byAndrew Clark
 
PPTX
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
byAndrew Clark
 
PDF
Machine Learning Risk Management
byAndrew Clark
 
PPTX
Big data, Machine learning and the Auditor
byBharath Rao
 
PDF
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
byAndrew Clark
 
Machine Learning for Auditors: What you need to know - ISACA North America CA...
byAndrew Clark
 
Reinventing Auditing with Machine Learning
byAndrew Clark
 
The Machine Learning Audit. MIS ITAC 2017 Keynote
byAndrew Clark
 
The Machine Learning Audit
byAndrew Clark
 
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
byAndrew Clark
 
Machine Learning Risk Management
byAndrew Clark
 
Big data, Machine learning and the Auditor
byBharath Rao
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
byAndrew Clark
 

What's hot

PPTX
1. Data Analytics-introduction
bykrishna singh
 
PDF
AI Data Acquisition and Governance: Considerations for Success
byDatabricks
 
PDF
Machine Learning for Fraud Detection
byNitesh Kumar
 
PPTX
Predictive Analytics: Context and Use Cases
byKimberley Mitchell
 
PDF
Predictive Analytics: Advanced techniques in data mining
bySAS Asia Pacific
 
PPTX
Domino and AWS: collaborative analytics and model governance at financial ser...
byDomino Data Lab
 
PPTX
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
byBig Data Pulse
 
PDF
Data science Applications in the Enterprise
bySrinath Perera
 
PDF
Credit Card Fraud Detection Using ML In Databricks
byDatabricks
 
PPTX
Data analytics
byHimanshuPise2
 
PPTX
Introduction to Big Data & Analytics
byPrasad Chitta
 
PDF
BigData Analysis
byInnfinision Cloud and BigData Solutions
 
PPTX
Introduction to data analytics
byUmasree Raghunath
 
PDF
Who is a Data Scientist? | How to become a Data Scientist? | Data Science Cou...
byEdureka!
 
PPTX
Introduction to Data Science
byLaguna State Polytechnic University
 
PDF
Data Scientist Roles and Responsibilities | Data Scientist Career | Data Scie...
byEdureka!
 
PDF
Big data technology by Data Sciences Thailand ในงาน THE FIRST NIDA BUSINESS A...
byBAINIDA
 
1. Data Analytics-introduction
bykrishna singh
 
AI Data Acquisition and Governance: Considerations for Success
byDatabricks
 
Machine Learning for Fraud Detection
byNitesh Kumar
 
Predictive Analytics: Context and Use Cases
byKimberley Mitchell
 
Predictive Analytics: Advanced techniques in data mining
bySAS Asia Pacific
 
Domino and AWS: collaborative analytics and model governance at financial ser...
byDomino Data Lab
 
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
byBig Data Pulse
 
Data science Applications in the Enterprise
bySrinath Perera
 
Credit Card Fraud Detection Using ML In Databricks
byDatabricks
 
Data analytics
byHimanshuPise2
 
Introduction to Big Data & Analytics
byPrasad Chitta
 
BigData Analysis
byInnfinision Cloud and BigData Solutions
 
Introduction to data analytics
byUmasree Raghunath
 
Who is a Data Scientist? | How to become a Data Scientist? | Data Science Cou...
byEdureka!
 
Introduction to Data Science
byLaguna State Polytechnic University
 
Data Scientist Roles and Responsibilities | Data Scientist Career | Data Scie...
byEdureka!
 
Big data technology by Data Sciences Thailand ในงาน THE FIRST NIDA BUSINESS A...
byBAINIDA
 

Similar to AWS for Auditors

PPTX
Winning Governance Strategies for the Technology Disruptions of our Time
byCloudHesive
 
PDF
Cloud 101: Your Gateway to Computing Freedom With AWS
byShivanshi Singh
 
PPTX
AWS_CLOUD (2).pptx
byLearnTechnology2
 
PDF
AWS Architecture Fundamentals - Houston
byNicole Maus
 
DOCX
Basic understanding of aws
byPinto Das
 
PDF
Understand the Cloud Computing and the future career possibilities
bySanket Saxena
 
PPTX
AWS Session.pptx
bySanketSaxena18
 
PPTX
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
PDF
Exploring Cloud Computing with Amazon Web Services (AWS)
byKalema Edgar
 
PPTX
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
byCloudHesive
 
PPT
Amazon AWS Services Overview
byMichael Mullins
 
PDF
Aws Architecture Fundamentals
by2nd Watch
 
PPTX
Hack proof your aws cloud cloudcheckr_040416
byJarrett Plante
 
PDF
gkkAwscloudpractitioneressentialstraining
byAnne Starr
 
PPTX
AWS Initiate Day Mexico City | Sesión Plenaria
byAmazon Web Services LATAM
 
PPTX
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
byhimanipatel524244
 
PPTX
Cloud computing and Cloud security fundamentals
byViresh Suri
 
PPTX
Cloudifying your Security Operations on AWS
byCloudHesive
 
PPTX
AWS Spotlight Series - Modernization and Security with AWS
byCloudHesive
 
PPTX
Blue Chip Tek Connect and Protect Presentation #3
byKimberly Macias
 
Winning Governance Strategies for the Technology Disruptions of our Time
byCloudHesive
 
Cloud 101: Your Gateway to Computing Freedom With AWS
byShivanshi Singh
 
AWS_CLOUD (2).pptx
byLearnTechnology2
 
AWS Architecture Fundamentals - Houston
byNicole Maus
 
Basic understanding of aws
byPinto Das
 
Understand the Cloud Computing and the future career possibilities
bySanket Saxena
 
AWS Session.pptx
bySanketSaxena18
 
Building Bulletproof Infrastructure on AWS
by2nd Watch
 
Exploring Cloud Computing with Amazon Web Services (AWS)
byKalema Edgar
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
byCloudHesive
 
Amazon AWS Services Overview
byMichael Mullins
 
Aws Architecture Fundamentals
by2nd Watch
 
Hack proof your aws cloud cloudcheckr_040416
byJarrett Plante
 
gkkAwscloudpractitioneressentialstraining
byAnne Starr
 
AWS Initiate Day Mexico City | Sesión Plenaria
byAmazon Web Services LATAM
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
byhimanipatel524244
 
Cloud computing and Cloud security fundamentals
byViresh Suri
 
Cloudifying your Security Operations on AWS
byCloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
byCloudHesive
 
Blue Chip Tek Connect and Protect Presentation #3
byKimberly Macias
 

More from Andrew Clark

PDF
Blockchain for Auditors
byAndrew Clark
 
PDF
The Machine Learning Audit
byAndrew Clark
 
PDF
Big data and other buzzwords
byAndrew Clark
 
PDF
Machine Learning: What Assurance Professionals Need to Know
byAndrew Clark
 
PPTX
Machine Learning for Auditors
byAndrew Clark
 
PPTX
Active Directory for Auditors
byAndrew Clark
 
PDF
ITAC 2016 Where Open Source Meets Audit Analytics
byAndrew Clark
 
Blockchain for Auditors
byAndrew Clark
 
The Machine Learning Audit
byAndrew Clark
 
Big data and other buzzwords
byAndrew Clark
 
Machine Learning: What Assurance Professionals Need to Know
byAndrew Clark
 
Machine Learning for Auditors
byAndrew Clark
 
Active Directory for Auditors
byAndrew Clark
 
ITAC 2016 Where Open Source Meets Audit Analytics
byAndrew Clark
 

Recently uploaded

PDF
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
PDF
Process Management-OS by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Motor control in Electric Vehicles .pptx
bySahasranshuSA
 
PDF
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
PPTX
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
PPTX
Refrigeration and air conditioning .pptx
bykhushicapricorn1001
 
DOCX
23AE205-IMAGE AND VLSI SIGNAL PROCESSING LAB.docx
bytamil arasan
 
PPTX
Unit_3_Introduction_to_Sensors and Actuators .pptx
bybekhem2008
 
PDF
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
PDF
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
PPTX
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
PPTX
Brick- its Types , uses , advantages and limitations .pptx
bydhanashree78
 
PPTX
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
PDF
Step by Step Guide to OVERHAULING GENERATORS on Ships
byMahmoud Moghtaderi
 
PPT
Unit 2 Gas and Diesel Power Plant and working
byRoeverDirectoroffice
 
PDF
Introduction to Cloud Computing-AWS Services by Dr. K. Adisesha
byAdiseshaK
 
PDF
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
PDF
Synopsys ICC2_ Essential Commands for Physical Design.pdf
byMIK72
 
PPTX
Centrifugal Pumping Energy Efficiency .pptx
bykailashtarde2
 
PPTX
Unlock Hidden Capacity: How TPM Supercharges Your OEE | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Resonating 25 years of service- 1988 exam batch.pdf
byRajesh Prasad
 
Process Management-OS by Dr. K. Adisesha
byAdiseshaK
 
Motor control in Electric Vehicles .pptx
bySahasranshuSA
 
Introduction to Cloud Computing-Cloud Security by Dr. K. Adisesha
byAdiseshaK
 
Importance of Management of Change | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 
Refrigeration and air conditioning .pptx
bykhushicapricorn1001
 
23AE205-IMAGE AND VLSI SIGNAL PROCESSING LAB.docx
bytamil arasan
 
Unit_3_Introduction_to_Sensors and Actuators .pptx
bybekhem2008
 
A Guide to Boiler Operation and Maintenance
byMahmoud Moghtaderi
 
DevSecOps - November + MCP Workshop @ Google
byLuiz Carneiro
 
Rahul Sharma.pptx for summer internshipp
byirfan7231089794
 
Brick- its Types , uses , advantages and limitations .pptx
bydhanashree78
 
19ECX25-CAD for VLSI Circuits Unit-1.pptx
bytamil arasan
 
Step by Step Guide to OVERHAULING GENERATORS on Ships
byMahmoud Moghtaderi
 
Unit 2 Gas and Diesel Power Plant and working
byRoeverDirectoroffice
 
Introduction to Cloud Computing-AWS Services by Dr. K. Adisesha
byAdiseshaK
 
A Guide to Boiler Construction and Design
byMahmoud Moghtaderi
 
Synopsys ICC2_ Essential Commands for Physical Design.pdf
byMIK72
 
Centrifugal Pumping Energy Efficiency .pptx
bykailashtarde2
 
Unlock Hidden Capacity: How TPM Supercharges Your OEE | MaintWiz CMMS
byMaintWiz Technologies Private Limited
 

AWS for Auditors

  • 1.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. Andrew Clark Data Economist BlockScience AWS for Auditors
  • 2.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About me  B.S. in Business Administration with a concentration in Accounting, Summa Cum Laude, from University of Tennessee at Chattanooga.  M.S. in Data Science from Southern Methodist University.  Ph.D. Candidate in Economics at the University Reading.  American Statistical Association Graduate Statistician (GStat), INFORMS Certified Analytics Professional (CAP) and AWS Certified Solutions Architect – Associate.  Experienced in designing, built and deployed numerous machine learning and continuous auditing solutions using open source technologies.  Have worked in IT Audit for two publicly traded companies, one of them a Fortune 500 financial institution.  Working as a Data Economist creating ecosystem economic design specifications by simulating the designed ecosystem using Python-based methods. Employing mathematical engineering technologies, I create novel solutions by utilizing time-tested systems engineering practices to solve business problems.
  • 3.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About BlockScience  BlockScience is an engineering, research and development, and analytics firm focused on the design and analysis of complex networks. We apply mathematical engineering technologies associated with time-tested systems engineering practices to solve business problems. Whether identifying systemic risks in company operations or guiding expansion into a new line of business, BlockScience provides thoroughly researched, mathematically engineered solutions.
  • 4.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Outline  Overview of AWS and it’s key services  Discussion of the unique risks that are present in a cloud computing environment.  Remediation strategies for dealing with cloud computing risks  Describe best practices for an enterprise AWS deployment.  Understand the potential for completely flexible and scripted computing environments that AWS enables.
  • 5.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  AWS: The current king of cloud  AWS is the current king of cloud computing. I like to think of AWS’s infrastructure as a box of Lego bricks, that a skilled architect can assemble together to make something remarkable.  Microsoft Azure has a solid offering as well, and may be a better option for small businesses, as it is a little easier to plug and play. AWS is the gold standard for customization however.  Google Cloud has a respectable entry as well, although lagging between AWS and Azure in many regards, one of which is maturity
  • 6.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Key components and concepts of AWS  VPCs  Regions  Availability Zones  Pay as you go
  • 7.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Compute Cloud (EC2)  EC2 is flexible computing in the cloud.  It is an unmanaged service where the user provision virtual machines of the required size and accesses them through SSH.  It takes only minutes to provision and access an EC2 instance to deploy an application. It is possible to run an EC2 instance as your main work computer, when using something like a Google Chromebook to access it.
  • 8.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Block Store (EBS)  EBS is the hard drive for your EC2.  It can be solid state drive (SSD) or hard disk drives (SDD) and range in sizes from 4GB to 16 TB https://aws.amazon.com/ebs/features/?nc=sn&loc=1
  • 9.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Simple Storage Service (S3)  S3 is an object based storage service.  You can think of it as Dropbox (the first 8 years of Dropbox’s existence it was essentially a wrapper around AWS S3 - https://www.wired.com/2016/03/epic-story-dropboxs-exodus-amazon-cloud-empire/  S3 comes in three tiers (S3, S3-I, and Glacier), and can store data between 0 bytes and 5 Tbs in an single bucket - https://aws.amazon.com/s3/faqs/
  • 10.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Relational Database Service (RDS)  Relational database in the cloud.  Available in many different flavors, such as SQL Server, Oracle, MySQL, PostgresSQL, MarioDB, and Amazon Aurora.  Fully managed service, meaning you only have to worry about the database maintenance, not running the underlying server.  Note: You can run a database off of an EC2, there is no reason you must use RDS. - https://aws.amazon.com/rds/faqs/ Amazon RD
  • 11.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Identity and Access Management (IAM)  One of the key components of the AWS.  The ‘logical access engine’  Create users, roles, etc - https://aws.amazon.com/iam/?nc2=h_m1
  • 12.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Virtual Private Cloud (VPC)  One of the key components of the AWS.  How ‘your environment in the cloud’ is constructed.  Define security groups specifying who can access which resources.  Define networking, availability joins, etc. - https://aws.amazon.com/vpc/?nc2=h_m1
  • 13.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Route 53  DNS service  Scalable  Flexible options for directing traffic to reduce latency - https://aws.amazon.com/route53/? nc2=h_m1
  • 14.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Load Balancing  Load balancing service that can handle multiple targets across multiple availability zones.  Secure  Elastic - https://aws.amazon.com/elasticloadbalancing/?nc2=h_m1
  • 15.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS EC2 AutoScaling  Provides the ability to add or remove EC2 instances based on defined user criteria. I.e, if CPU usage goes above 70%, add another EC2 (and an Elastic Load Balancer can balance the traffic out between the instances)  Scheduled scaling - https://aws.amazon.com/ec2/autoscaling/?nc2=h_m1
  • 16.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS CloudFormation  Infrastructure as code.  Provides flexibility not traditionally possible  Potential for increase in security  Don’t patch, update the latest operating system versions in your CloudFormation script and rebuild your infrastructure. “Rehydration”  Similar to Chef, Ansible, etc. - https://aws.amazon.com/cloudformation/?nc2=h_m1
  • 17.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Honorable mentions:  Lambda  Fargate  ECS  Redshift  There are hundreds of additional services, it is extremely overwhelming to try and stay on top of.
  • 18.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations  Confidentiality  Access control - root accounts  Resilience / availability  Compliance  Security  Vendor lock-in  Insufficient visibility
  • 19.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations Cont.  Inadvertently exposing data - S3 bucket moved to public  Access control, access control, access control. Root accounts should be very limited, and use MFA when necessary. Strong passwords, should have MFA for all. Least privileged access, use IAM religiously. Limit IP address in security groups.  Key management - Rotate or change keys every 90 days or so.  For some of the AWS managed services, Machine Learning tools, etc, Amazon has some fine print about the right to view your data, so be care which services you use, if using managed.  Use CloudTrail for audit history
  • 20.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Best Practices (selected items)  Create a single “pane of glass” for viewing your environment.  Use tagging religiously  Keep an inventory of all instances (CloudWatch and Config, or custom)  Rehydrate every 60 days  Conduct penetration tests, both social engineering and technical  Deploy to multiple regions and availability zones, with load balancing for failover.  Conduct tests of removing services in one region and see if the system is resilient enough to withstand it. i.e., simulating a region going offline.
  • 21.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  CloudFormation and the scripted environment  Follow this tutorial and resources to see the power of CloudFormation and automated infrastructure:  https://github.com/aclarkData/NACACS-2019/blob/master/README.md
  • 22.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  To learn more about AWS:  https://github.com/aclarkData/NACACS-2019  https://aws.amazon.com/  A Cloud Guru – Paid membership, but the best on the market I’ve found
  • 23.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Questions?
  • 24.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Thank you!
  • 25.
    Copyright © 2019Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Andrew Clark Data Economist BlockScience LinkedIn: https://www.linkedin.com/in/andrew-clark-b326b767/ Email: [email protected] Website: https://aclarkdata.github.io/