Abstract image of a woman sitting on books and studying on a laptop

AWS for Auditors

A
Andrew Clark

The document provides an overview of cloud computing, specifically focusing on AWS and its services while highlighting the expertise of Andrew Clark, a data economist. It discusses the benefits and risks associated with AWS, best practices for enterprise deployment, and key services like EC2, S3, and RDS. Additionally, it emphasizes security considerations and remediation strategies within a cloud environment.

Engineering
Related topics:
Cloud Computing Insights
1 of 25
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. Andrew Clark Data Economist BlockScience AWS for Auditors
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About me  B.S. in Business Administration with a concentration in Accounting, Summa Cum Laude, from University of Tennessee at Chattanooga.  M.S. in Data Science from Southern Methodist University.  Ph.D. Candidate in Economics at the University Reading.  American Statistical Association Graduate Statistician (GStat), INFORMS Certified Analytics Professional (CAP) and AWS Certified Solutions Architect – Associate.  Experienced in designing, built and deployed numerous machine learning and continuous auditing solutions using open source technologies.  Have worked in IT Audit for two publicly traded companies, one of them a Fortune 500 financial institution.  Working as a Data Economist creating ecosystem economic design specifications by simulating the designed ecosystem using Python-based methods. Employing mathematical engineering technologies, I create novel solutions by utilizing time-tested systems engineering practices to solve business problems.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About BlockScience  BlockScience is an engineering, research and development, and analytics firm focused on the design and analysis of complex networks. We apply mathematical engineering technologies associated with time-tested systems engineering practices to solve business problems. Whether identifying systemic risks in company operations or guiding expansion into a new line of business, BlockScience provides thoroughly researched, mathematically engineered solutions.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Outline  Overview of AWS and it’s key services  Discussion of the unique risks that are present in a cloud computing environment.  Remediation strategies for dealing with cloud computing risks  Describe best practices for an enterprise AWS deployment.  Understand the potential for completely flexible and scripted computing environments that AWS enables.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  AWS: The current king of cloud  AWS is the current king of cloud computing. I like to think of AWS’s infrastructure as a box of Lego bricks, that a skilled architect can assemble together to make something remarkable.  Microsoft Azure has a solid offering as well, and may be a better option for small businesses, as it is a little easier to plug and play. AWS is the gold standard for customization however.  Google Cloud has a respectable entry as well, although lagging between AWS and Azure in many regards, one of which is maturity
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Key components and concepts of AWS  VPCs  Regions  Availability Zones  Pay as you go
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Compute Cloud (EC2)  EC2 is flexible computing in the cloud.  It is an unmanaged service where the user provision virtual machines of the required size and accesses them through SSH.  It takes only minutes to provision and access an EC2 instance to deploy an application. It is possible to run an EC2 instance as your main work computer, when using something like a Google Chromebook to access it.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Block Store (EBS)  EBS is the hard drive for your EC2.  It can be solid state drive (SSD) or hard disk drives (SDD) and range in sizes from 4GB to 16 TB https://aws.amazon.com/ebs/features/?nc=sn&loc=1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Simple Storage Service (S3)  S3 is an object based storage service.  You can think of it as Dropbox (the first 8 years of Dropbox’s existence it was essentially a wrapper around AWS S3 - https://www.wired.com/2016/03/epic-story-dropboxs-exodus-amazon-cloud-empire/  S3 comes in three tiers (S3, S3-I, and Glacier), and can store data between 0 bytes and 5 Tbs in an single bucket - https://aws.amazon.com/s3/faqs/
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Relational Database Service (RDS)  Relational database in the cloud.  Available in many different flavors, such as SQL Server, Oracle, MySQL, PostgresSQL, MarioDB, and Amazon Aurora.  Fully managed service, meaning you only have to worry about the database maintenance, not running the underlying server.  Note: You can run a database off of an EC2, there is no reason you must use RDS. - https://aws.amazon.com/rds/faqs/ Amazon RD
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Identity and Access Management (IAM)  One of the key components of the AWS.  The ‘logical access engine’  Create users, roles, etc - https://aws.amazon.com/iam/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Virtual Private Cloud (VPC)  One of the key components of the AWS.  How ‘your environment in the cloud’ is constructed.  Define security groups specifying who can access which resources.  Define networking, availability joins, etc. - https://aws.amazon.com/vpc/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Route 53  DNS service  Scalable  Flexible options for directing traffic to reduce latency - https://aws.amazon.com/route53/? nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Load Balancing  Load balancing service that can handle multiple targets across multiple availability zones.  Secure  Elastic - https://aws.amazon.com/elasticloadbalancing/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS EC2 AutoScaling  Provides the ability to add or remove EC2 instances based on defined user criteria. I.e, if CPU usage goes above 70%, add another EC2 (and an Elastic Load Balancer can balance the traffic out between the instances)  Scheduled scaling - https://aws.amazon.com/ec2/autoscaling/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS CloudFormation  Infrastructure as code.  Provides flexibility not traditionally possible  Potential for increase in security  Don’t patch, update the latest operating system versions in your CloudFormation script and rebuild your infrastructure. “Rehydration”  Similar to Chef, Ansible, etc. - https://aws.amazon.com/cloudformation/?nc2=h_m1
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Honorable mentions:  Lambda  Fargate  ECS  Redshift  There are hundreds of additional services, it is extremely overwhelming to try and stay on top of.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations  Confidentiality  Access control - root accounts  Resilience / availability  Compliance  Security  Vendor lock-in  Insufficient visibility
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations Cont.  Inadvertently exposing data - S3 bucket moved to public  Access control, access control, access control. Root accounts should be very limited, and use MFA when necessary. Strong passwords, should have MFA for all. Least privileged access, use IAM religiously. Limit IP address in security groups.  Key management - Rotate or change keys every 90 days or so.  For some of the AWS managed services, Machine Learning tools, etc, Amazon has some fine print about the right to view your data, so be care which services you use, if using managed.  Use CloudTrail for audit history
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Best Practices (selected items)  Create a single “pane of glass” for viewing your environment.  Use tagging religiously  Keep an inventory of all instances (CloudWatch and Config, or custom)  Rehydrate every 60 days  Conduct penetration tests, both social engineering and technical  Deploy to multiple regions and availability zones, with load balancing for failover.  Conduct tests of removing services in one region and see if the system is resilient enough to withstand it. i.e., simulating a region going offline.
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  CloudFormation and the scripted environment  Follow this tutorial and resources to see the power of CloudFormation and automated infrastructure:  https://github.com/aclarkData/NACACS-2019/blob/master/README.md
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  To learn more about AWS:  https://github.com/aclarkData/NACACS-2019  https://aws.amazon.com/  A Cloud Guru – Paid membership, but the best on the market I’ve found
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Questions?
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Thank you!
Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Andrew Clark Data Economist BlockScience LinkedIn: https://www.linkedin.com/in/andrew-clark-b326b767/ Email: andrewtaylorclark@gmail.com Website: https://aclarkdata.github.io/

More Related Content

PPTX
Machine Learning for Auditors: What you need to know - ISACA North America CA...
Andrew Clark
 
PPTX
Reinventing Auditing with Machine Learning
Andrew Clark
 
PPTX
The Machine Learning Audit. MIS ITAC 2017 Keynote
Andrew Clark
 
PPTX
The Machine Learning Audit
Andrew Clark
 
PPTX
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
Andrew Clark
 
PDF
Machine Learning Risk Management
Andrew Clark
 
PPTX
Big data, Machine learning and the Auditor
Bharath Rao
 
PDF
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
Andrew Clark
 
Machine Learning for Auditors: What you need to know - ISACA North America CA...
Andrew Clark
 
Reinventing Auditing with Machine Learning
Andrew Clark
 
The Machine Learning Audit. MIS ITAC 2017 Keynote
Andrew Clark
 
The Machine Learning Audit
Andrew Clark
 
Where Open Source Meets Audit Analytics - ISACA North America CACS 2017
Andrew Clark
 
Machine Learning Risk Management
Andrew Clark
 
Big data, Machine learning and the Auditor
Bharath Rao
 
GRC 2020 - IIA - ISACA Machine Learning Monitoring, Compliance and Governance
Andrew Clark
 

What's hot (17)

PPTX
1. Data Analytics-introduction
krishna singh
 
PDF
AI Data Acquisition and Governance: Considerations for Success
Databricks
 
PDF
Machine Learning for Fraud Detection
Nitesh Kumar
 
PPTX
Predictive Analytics: Context and Use Cases
Kimberley Mitchell
 
PDF
Predictive Analytics: Advanced techniques in data mining
SAS Asia Pacific
 
PPTX
Domino and AWS: collaborative analytics and model governance at financial ser...
Domino Data Lab
 
PPTX
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Big Data Pulse
 
PDF
Data science Applications in the Enterprise
Srinath Perera
 
PDF
Credit Card Fraud Detection Using ML In Databricks
Databricks
 
PPTX
Data analytics
HimanshuPise2
 
PPTX
Introduction to Big Data & Analytics
Prasad Chitta
 
PDF
BigData Analysis
Innfinision Cloud and BigData Solutions
 
PPTX
Introduction to data analytics
Umasree Raghunath
 
PDF
Who is a Data Scientist? | How to become a Data Scientist? | Data Science Cou...
Edureka!
 
PPTX
Introduction to Data Science
Laguna State Polytechnic University
 
PDF
Data Scientist Roles and Responsibilities | Data Scientist Career | Data Scie...
Edureka!
 
PDF
Big data technology by Data Sciences Thailand ในงาน THE FIRST NIDA BUSINESS A...
BAINIDA
 
1. Data Analytics-introduction
krishna singh
 
AI Data Acquisition and Governance: Considerations for Success
Databricks
 
Machine Learning for Fraud Detection
Nitesh Kumar
 
Predictive Analytics: Context and Use Cases
Kimberley Mitchell
 
Predictive Analytics: Advanced techniques in data mining
SAS Asia Pacific
 
Domino and AWS: collaborative analytics and model governance at financial ser...
Domino Data Lab
 
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Big Data Pulse
 
Data science Applications in the Enterprise
Srinath Perera
 
Credit Card Fraud Detection Using ML In Databricks
Databricks
 
Data analytics
HimanshuPise2
 
Introduction to Big Data & Analytics
Prasad Chitta
 
BigData Analysis
Innfinision Cloud and BigData Solutions
 
Introduction to data analytics
Umasree Raghunath
 
Who is a Data Scientist? | How to become a Data Scientist? | Data Science Cou...
Edureka!
 
Introduction to Data Science
Laguna State Polytechnic University
 
Data Scientist Roles and Responsibilities | Data Scientist Career | Data Scie...
Edureka!
 
Big data technology by Data Sciences Thailand ในงาน THE FIRST NIDA BUSINESS A...
BAINIDA
 
Ad

Similar to AWS for Auditors (20)

PPTX
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
PDF
Cloud 101: Your Gateway to Computing Freedom With AWS
Shivanshi Singh
 
PPTX
AWS_CLOUD (2).pptx
LearnTechnology2
 
PDF
AWS Architecture Fundamentals - Houston
Nicole Maus
 
DOCX
Basic understanding of aws
Pinto Das
 
PDF
Understand the Cloud Computing and the future career possibilities
Sanket Saxena
 
PPTX
AWS Session.pptx
SanketSaxena18
 
PPTX
Building Bulletproof Infrastructure on AWS
2nd Watch
 
PDF
Exploring Cloud Computing with Amazon Web Services (AWS)
Kalema Edgar
 
PPTX
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
CloudHesive
 
PPT
Amazon AWS Services Overview
Michael Mullins
 
PDF
Aws Architecture Fundamentals
2nd Watch
 
PPTX
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
PDF
gkkAwscloudpractitioneressentialstraining
Anne Starr
 
PPTX
AWS Initiate Day Mexico City | Sesión Plenaria
Amazon Web Services LATAM
 
PPTX
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
himanipatel524244
 
PPTX
Cloud computing and Cloud security fundamentals
Viresh Suri
 
PPTX
Cloudifying your Security Operations on AWS
CloudHesive
 
PPTX
AWS Spotlight Series - Modernization and Security with AWS
CloudHesive
 
PPTX
Blue Chip Tek Connect and Protect Presentation #3
Kimberly Macias
 
Winning Governance Strategies for the Technology Disruptions of our Time
CloudHesive
 
Cloud 101: Your Gateway to Computing Freedom With AWS
Shivanshi Singh
 
AWS_CLOUD (2).pptx
LearnTechnology2
 
AWS Architecture Fundamentals - Houston
Nicole Maus
 
Basic understanding of aws
Pinto Das
 
Understand the Cloud Computing and the future career possibilities
Sanket Saxena
 
AWS Session.pptx
SanketSaxena18
 
Building Bulletproof Infrastructure on AWS
2nd Watch
 
Exploring Cloud Computing with Amazon Web Services (AWS)
Kalema Edgar
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
CloudHesive
 
Amazon AWS Services Overview
Michael Mullins
 
Aws Architecture Fundamentals
2nd Watch
 
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
gkkAwscloudpractitioneressentialstraining
Anne Starr
 
AWS Initiate Day Mexico City | Sesión Plenaria
Amazon Web Services LATAM
 
awsomedaymodules14gettingstartedwithaws161013161135convertedpptx__2022_01_10_...
himanipatel524244
 
Cloud computing and Cloud security fundamentals
Viresh Suri
 
Cloudifying your Security Operations on AWS
CloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
CloudHesive
 
Blue Chip Tek Connect and Protect Presentation #3
Kimberly Macias
 
Ad

More from Andrew Clark (7)

PDF
Blockchain for Auditors
Andrew Clark
 
PDF
The Machine Learning Audit
Andrew Clark
 
PDF
Big data and other buzzwords
Andrew Clark
 
PDF
Machine Learning: What Assurance Professionals Need to Know
Andrew Clark
 
PPTX
Machine Learning for Auditors
Andrew Clark
 
PPTX
Active Directory for Auditors
Andrew Clark
 
PDF
ITAC 2016 Where Open Source Meets Audit Analytics
Andrew Clark
 
Blockchain for Auditors
Andrew Clark
 
The Machine Learning Audit
Andrew Clark
 
Big data and other buzzwords
Andrew Clark
 
Machine Learning: What Assurance Professionals Need to Know
Andrew Clark
 
Machine Learning for Auditors
Andrew Clark
 
Active Directory for Auditors
Andrew Clark
 
ITAC 2016 Where Open Source Meets Audit Analytics
Andrew Clark
 

Recently uploaded (20)

PDF
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
PPTX
MAD Unit - 3 User Interface and Data Management (Diploma IT)
JappanMavani
 
PPTX
CT Generations and Image Reconstruction methods
St.Xaviers Catholic College of Engineering
 
PDF
Mechanics of materials week 2 rajeshwari
siddarthakattamuru
 
PDF
VTU IOT LAB MANUAL (BCS701) Computer science and Engineering
rizawan
 
PPTX
Solar energy pdf of gitam songa hemant k
siddarthakattamuru
 
PDF
Unit I -OPERATING SYSTEMS_SRM_KATTANKULATHUR.pptx.pdf
HarshDudhatra4
 
PPTX
mechattonicsand iotwith sensor and actuator
hrtec3
 
PDF
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
PDF
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
PPTX
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
PDF
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
DOCX
ENVIRONMENTAL PROTECTION AND MANAGEMENT (18CVL756)
shruthicg
 
PDF
Cryptography and Network Security-Module-I.pdf
Dr.Manjunath Kotari
 
PDF
Beginners-Guide-to-Artificial-Intelligence.pdf
TamerAMekhimar
 
PPTX
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
PDF
First part_B-Image Processing - 1 of 2).pdf
barabre
 
PDF
Present and Future of Systems Engineering: Air Combat Systems
Bernardo A. Delicado
 
PPTX
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
PPTX
CN_Unite_1 AI&DS ENGGERING SPPU PUNE UNIVERSITY
versetooni85
 
AIGA 012_04 Cleaning of equipment for oxygen service_reformat Jan 12.pdf
karthikp452666
 
MAD Unit - 3 User Interface and Data Management (Diploma IT)
JappanMavani
 
CT Generations and Image Reconstruction methods
St.Xaviers Catholic College of Engineering
 
Mechanics of materials week 2 rajeshwari
siddarthakattamuru
 
VTU IOT LAB MANUAL (BCS701) Computer science and Engineering
rizawan
 
Solar energy pdf of gitam songa hemant k
siddarthakattamuru
 
Unit I -OPERATING SYSTEMS_SRM_KATTANKULATHUR.pptx.pdf
HarshDudhatra4
 
mechattonicsand iotwith sensor and actuator
hrtec3
 
UEFA_Embodied_Carbon_Emissions_Football_Infrastructure.pdf
tuchinad02
 
MLpara ingenieira CIVIL, meca Y AMBIENTAL
MarceloArielTisera
 
Chapter 2 -Technology and Enginerring Materials + Composites.pptx
garciajeremiah070
 
Unit1 - AIML Chapter 1 concept and ethics
muthusamyvijay762
 
ENVIRONMENTAL PROTECTION AND MANAGEMENT (18CVL756)
shruthicg
 
Cryptography and Network Security-Module-I.pdf
Dr.Manjunath Kotari
 
Beginners-Guide-to-Artificial-Intelligence.pdf
TamerAMekhimar
 
Micro1New.ppt.pptx the mai themes of micfrobiology
nehasingh160179
 
First part_B-Image Processing - 1 of 2).pdf
barabre
 
Present and Future of Systems Engineering: Air Combat Systems
Bernardo A. Delicado
 
ASME PCC-02 TRAINING -DESKTOP-NLE5HNP.pptx
laxmikantvjawale
 
CN_Unite_1 AI&DS ENGGERING SPPU PUNE UNIVERSITY
versetooni85
 

AWS for Auditors

  • 1. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. Andrew Clark Data Economist BlockScience AWS for Auditors
  • 2. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About me  B.S. in Business Administration with a concentration in Accounting, Summa Cum Laude, from University of Tennessee at Chattanooga.  M.S. in Data Science from Southern Methodist University.  Ph.D. Candidate in Economics at the University Reading.  American Statistical Association Graduate Statistician (GStat), INFORMS Certified Analytics Professional (CAP) and AWS Certified Solutions Architect – Associate.  Experienced in designing, built and deployed numerous machine learning and continuous auditing solutions using open source technologies.  Have worked in IT Audit for two publicly traded companies, one of them a Fortune 500 financial institution.  Working as a Data Economist creating ecosystem economic design specifications by simulating the designed ecosystem using Python-based methods. Employing mathematical engineering technologies, I create novel solutions by utilizing time-tested systems engineering practices to solve business problems.
  • 3. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS About BlockScience  BlockScience is an engineering, research and development, and analytics firm focused on the design and analysis of complex networks. We apply mathematical engineering technologies associated with time-tested systems engineering practices to solve business problems. Whether identifying systemic risks in company operations or guiding expansion into a new line of business, BlockScience provides thoroughly researched, mathematically engineered solutions.
  • 4. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Outline  Overview of AWS and it’s key services  Discussion of the unique risks that are present in a cloud computing environment.  Remediation strategies for dealing with cloud computing risks  Describe best practices for an enterprise AWS deployment.  Understand the potential for completely flexible and scripted computing environments that AWS enables.
  • 5. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  AWS: The current king of cloud  AWS is the current king of cloud computing. I like to think of AWS’s infrastructure as a box of Lego bricks, that a skilled architect can assemble together to make something remarkable.  Microsoft Azure has a solid offering as well, and may be a better option for small businesses, as it is a little easier to plug and play. AWS is the gold standard for customization however.  Google Cloud has a respectable entry as well, although lagging between AWS and Azure in many regards, one of which is maturity
  • 6. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Key components and concepts of AWS  VPCs  Regions  Availability Zones  Pay as you go
  • 7. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Compute Cloud (EC2)  EC2 is flexible computing in the cloud.  It is an unmanaged service where the user provision virtual machines of the required size and accesses them through SSH.  It takes only minutes to provision and access an EC2 instance to deploy an application. It is possible to run an EC2 instance as your main work computer, when using something like a Google Chromebook to access it.
  • 8. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Block Store (EBS)  EBS is the hard drive for your EC2.  It can be solid state drive (SSD) or hard disk drives (SDD) and range in sizes from 4GB to 16 TB https://aws.amazon.com/ebs/features/?nc=sn&loc=1
  • 9. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Simple Storage Service (S3)  S3 is an object based storage service.  You can think of it as Dropbox (the first 8 years of Dropbox’s existence it was essentially a wrapper around AWS S3 - https://www.wired.com/2016/03/epic-story-dropboxs-exodus-amazon-cloud-empire/  S3 comes in three tiers (S3, S3-I, and Glacier), and can store data between 0 bytes and 5 Tbs in an single bucket - https://aws.amazon.com/s3/faqs/
  • 10. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Relational Database Service (RDS)  Relational database in the cloud.  Available in many different flavors, such as SQL Server, Oracle, MySQL, PostgresSQL, MarioDB, and Amazon Aurora.  Fully managed service, meaning you only have to worry about the database maintenance, not running the underlying server.  Note: You can run a database off of an EC2, there is no reason you must use RDS. - https://aws.amazon.com/rds/faqs/ Amazon RD
  • 11. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Identity and Access Management (IAM)  One of the key components of the AWS.  The ‘logical access engine’  Create users, roles, etc - https://aws.amazon.com/iam/?nc2=h_m1
  • 12. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Virtual Private Cloud (VPC)  One of the key components of the AWS.  How ‘your environment in the cloud’ is constructed.  Define security groups specifying who can access which resources.  Define networking, availability joins, etc. - https://aws.amazon.com/vpc/?nc2=h_m1
  • 13. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Route 53  DNS service  Scalable  Flexible options for directing traffic to reduce latency - https://aws.amazon.com/route53/? nc2=h_m1
  • 14. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Elastic Load Balancing  Load balancing service that can handle multiple targets across multiple availability zones.  Secure  Elastic - https://aws.amazon.com/elasticloadbalancing/?nc2=h_m1
  • 15. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS EC2 AutoScaling  Provides the ability to add or remove EC2 instances based on defined user criteria. I.e, if CPU usage goes above 70%, add another EC2 (and an Elastic Load Balancer can balance the traffic out between the instances)  Scheduled scaling - https://aws.amazon.com/ec2/autoscaling/?nc2=h_m1
  • 16. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS CloudFormation  Infrastructure as code.  Provides flexibility not traditionally possible  Potential for increase in security  Don’t patch, update the latest operating system versions in your CloudFormation script and rebuild your infrastructure. “Rehydration”  Similar to Chef, Ansible, etc. - https://aws.amazon.com/cloudformation/?nc2=h_m1
  • 17. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Honorable mentions:  Lambda  Fargate  ECS  Redshift  There are hundreds of additional services, it is extremely overwhelming to try and stay on top of.
  • 18. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations  Confidentiality  Access control - root accounts  Resilience / availability  Compliance  Security  Vendor lock-in  Insufficient visibility
  • 19. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Security Considerations Cont.  Inadvertently exposing data - S3 bucket moved to public  Access control, access control, access control. Root accounts should be very limited, and use MFA when necessary. Strong passwords, should have MFA for all. Least privileged access, use IAM religiously. Limit IP address in security groups.  Key management - Rotate or change keys every 90 days or so.  For some of the AWS managed services, Machine Learning tools, etc, Amazon has some fine print about the right to view your data, so be care which services you use, if using managed.  Use CloudTrail for audit history
  • 20. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  Best Practices (selected items)  Create a single “pane of glass” for viewing your environment.  Use tagging religiously  Keep an inventory of all instances (CloudWatch and Config, or custom)  Rehydrate every 60 days  Conduct penetration tests, both social engineering and technical  Deploy to multiple regions and availability zones, with load balancing for failover.  Conduct tests of removing services in one region and see if the system is resilient enough to withstand it. i.e., simulating a region going offline.
  • 21. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  CloudFormation and the scripted environment  Follow this tutorial and resources to see the power of CloudFormation and automated infrastructure:  https://github.com/aclarkData/NACACS-2019/blob/master/README.md
  • 22. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS  To learn more about AWS:  https://github.com/aclarkData/NACACS-2019  https://aws.amazon.com/  A Cloud Guru – Paid membership, but the best on the market I’ve found
  • 23. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Questions?
  • 24. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Thank you!
  • 25. Copyright © 2019 Information Systems Audit and Control Association, Inc. All rights reserved. #NACACS Andrew Clark Data Economist BlockScience LinkedIn: https://www.linkedin.com/in/andrew-clark-b326b767/ Email: [email protected] Website: https://aclarkdata.github.io/