Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
re:Inforce 2021 ReCap
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
fnifni
August 29, 2021
Technology
200
0
Share
re:Inforce 2021 ReCap
Security-JAWS#22のシークレットセッションで発表した、日本一早いre:Inforce 2021 のReCapです
#secjaws #secjaws22
fnifni
August 29, 2021
More Decks by fnifni
See All by fnifni
生成AIのガバナンスの全体像と現実解
fnifni
2
450
生成AIのガバナンスとこれから
fnifni
0
180
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
56
COM224: How organizations are actually applying AWS security best practices
fnifni
0
74
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
87
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
130
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
390
ゼロトラスト導入支援ってどんなことやってるの?
fnifni
0
93
ログの話
fnifni
0
75
Other Decks in Technology
See All in Technology
Copilot CLI・IDE・Web・スマホで途切れない開発フローを目指して / One Copilot flow - CLI IDE Web Mobile
aeonpeople
1
1k
ラズパイ & Picoで入門:Zephyr(RTOS)の環境構築からビルドまでの紹介
iotengineer22
0
240
はじめてのAI-DLC
yoshidashingo
2
560
TypeScriptとAngular Signal で実現する保守性の高いアプリケーション設計 - 3層アーキテクチャによる責務分離の実践(たつかわ) https://2026.tskaigi.org/talks/10
nealle
1
360
イベントで大活躍する電子ペーパー名札 〜その3〜 / ビジュアルプログラミングIoTLT vol.23
you
PRO
0
150
コーディングエージェントはTypeScriptの 型エラーをどう自己修正しているのか
melonps
4
500
データ分析基盤の信頼を支える視点と設計
yuki_saito
1
690
オンコールの負荷軽減のためのBits Assistant 活用方法 / How to Use Bits Assistant to Reduce the Workload on On-Call Staff
sms_tech
1
150
Python開発環境にハーネス適用を検討する
yuuka51
1
520
自称宇宙最速で不合格となったAIP-C01にリベンジを果たすべくAIで問題集アプリを作ってみた。
yama3133
0
200
Agentic Design Patterns
glaforge
0
220
DI コンテナ自動生成ツールを実装してみた / intro-autodi
uhzz
0
870
Featured
See All Featured
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
220
How to Align SEO within the Product Triangle To Get Buy-In & Support - #RIMC
aleyda
2
1.5k
Odyssey Design
rkendrick25
PRO
2
630
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Ten Tips & Tricks for a 🌱 transition
stuffmc
0
120
Facilitating Awesome Meetings
lara
57
6.9k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
65
54k
How to Talk to Developers About Accessibility
jct
2
210
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
65
55k
Lightning talk: Run Django tests with GitHub Actions
sabderemane
0
180
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
580
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
300
Transcript
re:Inforce 2021 ReCap Japan’s earliest re:Inforce challenge to ReCap By
Hirokazu Yoshida / At S-JAWS#21 / 2021.8.27
re:Inforce 2021 ReCap ຊҰૣ͍re:InforceͷReCapͷઓ ٢ాͻΖ͔ͣ / S-JAWS#21 / 2021.8.27
Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job
: Security Engineer Community : Security-JAWS Favorite AWS Service :
Attention !! • ຊηογϣϯɺݸਓͷݟղʹجͮ͘ͷͰ͢ • ॴଐ͢ΔاۀɺஂମͷҙݟΛද͢ΔͷͰ͋Γ·ͤΜ • and more …
re:Inforceͬͯ ͳΜ͡ΌΒ΄͍ʁ
About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ2019ʹϘετϯͰ։࠵ʢຊਓͷࢀՃऀ61໊ʣ • 2020
(ώϡʔετϯ) ɺίϩφͷӨڹͰதࢭ • ࠓதࢭͷةػΛΓӽ͑ɺஃͰόʔνϟϧॖ։࠵
΄ʔΜ re:Inforceͬͯ re:InventͷηΩϡϦςΟ൛ ͳΜͰ͠ΐʁ
ηΩϡϦςΟ৽ػೳͷൃදϥογϡ ͨͷ͠Έͳ͊ʂ
ͱࢥ͍ͬͯͨ࣌ظ ͋Γ·ͨ͠
About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ2019ʹϘετϯͰ։࠵ʢຊਓͷࢀՃऀ61໊ʣ • 2020ɺίϩφͷӨڹͰதࢭ
• ࠓதࢭͷةػΛΓӽ͑ɺஃͰόʔνϟϧॖ։࠵
৽ػೳগͳ͍ʂͬͯ ͦͦओࢫ͕ҧ͏
ͦΕͰ͋ͬͨ ৽ػೳͷൃදΛհ͠·͢
Functions introduced as new features • AWS Backup Audit Manager
• AWS Backup͕ಈ࡞͍ͯ͠ΔʮใʯΛݟΔ͜ͱ͕Ͱ͖Δ
Functions introduced as new features • AWS IoT CoreͷVPC Endpoint
(Private Link) ରԠ • IoT Coreͷ௨৴ΛެڞͷΠϯλʔωοτʹग़ͣ͞ʹऩू͢Δ
Functions introduced as new features • Level 1 MSSPϓϩάϥϜͷ։࢝ •
جຊతͳ࣭ج४Λຬͨͨ͠ύʔτφʔ͕ొ͞Ε͍ͯΔ • 10छྨͷͰӡ༻ؚΊͨظతʹ৴པͰ͖ΔηΩϡϦ ςΟΛखʹೖΕΔ͜ͱ͕Ͱ͖Δ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔཤྺͷରԠ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔͷݕূ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔͷϓϨϏϡʔ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ΘΕͯͳ͍ΞΫγϣϯ ͷݕग़
Functions introduced as new features? • Wickrͷങऩ (20216݄)
֤ηογϣϯ͔Β֞ؒݟΔ ϝοηʔδΛհ
Today's Agenda • Keynote • Leadership session: Data Protection &
Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response
Today's Agenda • Keynote • Leadership session: Data Protection &
Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response
Threat Detection & Incident Response • GuardDutyͰڴҖΛݕग़ • Security HubͰݕग़ࣄ߲ΛूɺίϯϓϥΠΞϯεҧΛݕग़
• ରԠͷࣗಈԽνϡʔχϯάΛߦͬͯɺΞϥʔτ׳ΕΛ͙
Ransomware • ΦϖϨʔγϣϯ༻ͱόοΫΞοϓ༻ͰΞΧϯτΛ͚Δ • S3όʔδϣχϯάͱΦϒδΣΫτϩοΫͷར༻ • DRΛؚΊͨแׅతͳόοΫΞοϓܭըͱήʔϜσΠ • ͞Βʹ۷ΓԼ͛ΔͳΒNIST SP1800-25Λࢀߟʹ͢Δͱ͍͍
Identity and Access Management • ύεϫʔυͷ͍ճ͠ʹΑΔةݥੑ • SSOͷଞɺۈ࣌ؒ֎ͷΞΫςΟϏςΟཧσόΠεΛซ༻͢Δଟཁૉೝূ • IAM
Access AnalyzerήʔϜνΣϯδϟʔ • ύʔϛογϣϯఆظతʹࠪ • ϢʔβʔάϧʔϓΛͬͯɺݖݶཧͷࡶ͞Λܰݮ͠Α͏
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ։ൃ / ϓϩμΫτνʔϜʹదͳΨʔυϨʔϧͷߏங •
GuardDutyͰڴҖΛݕग़ɺSecurity HubʹFindingsΛू • Event HubʹͦΕͧΕΛू
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ηΩϡϦςΟΤϯδχΞɺSlackΛհͯ͠मਖ਼ͷͨΊͷyaml Λ࡞ • Cloud
CustodianͰyamlΛLambdaʹมͯࣗ͠ಈԽΛଅਐ
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ
Network Infrastructure Security • Con fi dential Computing • AWS
Nitro Enclaves • ӬଓతͳετϨʔδΠϯλϥΫςΟϒͳΞΫηεɺ֎෦ωοτϫʔΫ͕ͳ ͍ • ڐՄ͞ΕͨίʔυͷΈ͕EnclavesͰ࣮ߦ͞Ε͍ͯΔ͜ͱΛݕূͰ͖Δ • KMSͱ౷߹͞Ε͍ͯΔEnclavesͷΈ͕ػີใʹΞΫηε͢Δ͜ͱ͕Ͱ͖Δ
Data Protection & Privacy • θϩτϥετΞʔΩςΫνϟ • ීวతͳࣄฑͷू߹ମ • ҉ͷ৴པͷഉআɺܧଓతͳݕূɺ࠷খݖݶɾ࠷খظؒͰϢʔβʔΛઃఆɺ
ҟৗͳ׆ಈѱҙͷ͋Δ׆ಈͷࢹɺཻͷߴ͍ϦεΫϕʔείϯτϩʔ ϧɺηΩϡϦςΟͷࣗಈԽ • AWSͷߟ͑ํ • IDཧͱωοτϫʔΫཧͷ྆ํΛิ͍ͬͯ͘
Data Protection & Privacy • GDPRͷରԠ • αʔϏεͷػೳGDPRద༻ରͰ͋Δ͔൱͔ΛΘͣɺ ͯ͢ͷސ٬ʹద༻͞ΕΔ
• GDPRͰཁٻ͞ΕΔసૹධՁͷࢧԉϦιʔε
Data Protection & Privacy • AWSαʔϏεͷϓϥΠόγʔػೳ • αϙʔτϦΫΤετΛॲཧ͢ΔୈࡾऀͷใΛܝࡌͨ͠ αϒϓϩηοαʔ
Data Protection & Privacy • ܭըͳ͠ʹػඍใΛอଘ͠ͳ͍͜ͱ • ͜ͷख୳ΓͰਐΊΔ͜ͱͰ͖ͳ͍ • ϏδωεΛऴྃ͢ΔϨϕϧͷϦεΫΛ࣋ͭ
• ϏδωεͰى͍ͬͯ͜Δ͜ͱΛ۷ΓԼ͛ͯਖ਼֬ʹཧղ͢Δ͜ͱ
Governance, Risk and Compliance • ߴ͍ϨϕϧͷೝূΛड͚ΔͨΊʹɺ150Ҏ্ͷίϯτϩʔϧΛ ຬͨ͢ඞཁ͕͋Δ • AWSαʔϏεɺҬۀքΛΘͣԿઍͷηΩϡϦςΟࠪ Ͱݕূ͞Ε͍ͯΔ
• AWS Artifact͔Β࠷৽ͷCSFূ໌ॻΛμϯϩʔυͰ͖Δ
Governance, Risk and Compliance • ࠓͰ͖Δ͜ͱɿCloudࠪΞΧσϛʔ
Leadership Sessionͷϝοηʔδ
Leadership session: Data Protection & Privacy • จԽΛܗ͢Δ •
֤νʔϜʹηΩϡϦςΟ୲ऀ͕Έࠐ·Ε͍ͯΔ • ҉߸Խ͢Ε͍͍Θ͚Ͱͳ͍ • 伴ͷཧͱಁ໌ੑʢAlexaͷࣄྫʣ • ϓϥΠόγʔɺʮԿΛ͢Δ͔ʯͱ͍͏͜ͱ
Leadership session: Governance, Risk & Compliance • ίϯϓϥΠΞϯεΛࣗͨͪͷͷʹ͢Δ6ͷڭ܇ • 10ؒͰੵΈ্͖͛ͯͨCompliance
as a CodeΛ ࣮ફ͢ΔͨΊͷڭ܇
Leadership session: Governance, Risk & Compliance • ૣࣦ͘ഊ͢Δ͜ͱ • ࠪͷͨΊͷΤϯδχΞ
• ίϯϓϥΠΞϯεʹັͤΒΕͨΤϯδχΞ • ઐࠪਓͷ಄ • ੑΛ࣋ͨͤΔ • ͷͲ͜ʹযΛͯΔ͔
Leadership session: Governance, Risk & Compliance • ͬͱֶश͍ͨ͠ਓͷͨΊʹ
Leadership session: Culture of Security • ηΩϡϦςΟόφφͰͨ͠
Tenets ͱ͍͏ݴ༿͕ҿΈࠐΊͳͯ͘ Կೖ͖ͬͯ·ͤΜͰͨ͠ ͞ʔͤΜ
Leadership session: Identity & Access Management • AWS OrganizationsΛͬͯϚϧνΞΧϯτΛཧ
• AWS SSOΛͬͯΞΧϯτͷதԝཧ • σʔλϖϦϛλ • SCP, VPC Endpoint Policy, Resource-based policys
Leadership session: Identity & Access Management • ࠷খݖݶͷཱྀ •
IAM Access Analyzerͷհ • IAM࠲ஊձ
Leadership session: Threat Detection & Incident Response • ηΩϡϦςΟػೳΛͬͯରԠ࣌ؒΛॖ͠Α͏
Leadership session: Threat Detection & Incident Response • GuardDutyͷϕετϓϥΫςΟεͷհ
• ରސ٬ͷηΩϡϦςΟΦϖϨʔγϣϯνʔϜͷ • ͍Ζ͍ΖͬͯΔ͚Ͳɺཧऀϝʔϧ͚ͩϚδड৴͠Ζ • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
Leadership session: Threat Detection & Incident Response • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
Leadership session: Threat Detection & Incident Response • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
A bird's eye view • ։ൃϓϩηεʹηΩϡϦςΟΛΈࠐΉจԽͱ ίϯϓϥΠϯεΛΈࠐΉจԽࣅ͍ͯΔ • ϓϥΠόγʔͷߟ͑ํͷ಄ग़͠ʢੈͷதͷૌٻͷରԠʣ
• Compliance as a Codeɺ·ͩ·ͩීٴ͍ͯ͠ͳ͍ • खͳ৽͍͠ͷͰͳ͘ɺීวతͳࣄฑͷੵΈ্͛
Thank you !
fnifni
aeonpeople
iotengineer22
yoshidashingo
nealle
you
melonps
yuki_saito
sms_tech
yuuka51
yama3133
glaforge
uhzz
baasie
aleyda
rkendrick25
hatefulcrawdad
stuffmc
lara
soudai
jct
nwiizo
sabderemane
inesmontani
skoyamalab
