Location visible to members
17:30 – 18:00: Gathering, Pizza and Beer
18:00 – 19:00: Defining a Secure Best Practice Architecture for your new Cloud Operation, by Dave Walker, Solutions Architect, AWS
Abstract: An organization’s security controls are defined in part as a result of a need to comply with external industry regulatory requirements, and in part as a result of the organisation’s own risk appetite and culture. In this session we discuss our recommendations for producing a highly-secure AWS baseline environment, comprising multiple AWS accounts to enforce separation of duty, and each configured with a set of base controls for implementing access control, log capture and aggregation, and attack mitigation. We then map common sets of security controls to this architecture, and show how such an architecture can meet the requirements of various external standards.
19:00 – 20:00: Technical Overview of Security Practice in HA Environment : Publicly accessing servers located in a private network., by Amit Dunsky, Owner and CTO of high-T
Abstract: A classic VPC architecture might consist of public and private networks. Security measures suggests servers and other resources located in a private network may not have a public IP address attached to it. This poses a challenge of dissonance, as all resources needs to be accessed for setup, maintenance, etc. In this session we will discuss security practices for a multi zone, auto-scaled high availability environment. We will detail several layers of security, and deep dive into an offered solution(s) to the conflict of publicly accessing servers with no public IP address. If time allows, we will also discuss how to securely maintain servers in a live, auto-scaled high availability environment, while refraining from service outage.