Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
re:Inforce 2021 ReCap
Search
fnifni
August 29, 2021
Technology
0
190
re:Inforce 2021 ReCap
Security-JAWS#22のシークレットセッションで発表した、日本一早いre:Inforce 2021 のReCapです
#secjaws #secjaws22
fnifni
August 29, 2021
Tweet
Share
More Decks by fnifni
See All by fnifni
生成AIのガバナンスの全体像と現実解
fnifni
2
370
生成AIのガバナンスとこれから
fnifni
0
160
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
45
COM224: How organizations are actually applying AWS security best practices
fnifni
0
60
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
58
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
120
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
310
ゼロトラスト導入支援ってどんなことやってるの?
fnifni
0
64
ログの話
fnifni
0
60
Other Decks in Technology
See All in Technology
データ基盤の管理者からGoogle Cloud全体の管理者になっていた話
zozotech
PRO
0
340
20250807_Kiroと私の反省会
riz3f7
0
160
2025新卒研修・HTML/CSS #弁護士ドットコム
bengo4com
3
13k
ビジネス文書に特化した基盤モデル開発 / SaaSxML_Session_2
sansan_randd
0
260
マルチプロダクト×マルチテナントを支えるモジュラモノリスを中心としたアソビューのアーキテクチャ
disc99
0
310
Mambaで物体検出 完全に理解した
shirarei24
2
210
JAWS AI/ML #30 AI コーディング IDE "Kiro" を触ってみよう
inariku
3
290
バクラクによるコーポレート業務の自動運転 #BetAIDay
layerx
PRO
1
850
Claude Codeが働くAI中心の業務システム構築の挑戦―AIエージェント中心の働き方を目指して
os1ma
9
1.5k
LTに影響を受けてテンプレリポジトリを作った話
hol1kgmg
0
290
Vision Language Modelと自動運転AIの最前線_20250730
yuyamaguchi
3
1.1k
LIFF CLIとngrokを使ったLIFF/LINEミニアプリのお手軽実機確認
diggymo
0
230
Featured
See All Featured
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
357
30k
GraphQLの誤解/rethinking-graphql
sonatard
71
11k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
26
3k
Faster Mobile Websites
deanohume
308
31k
Building an army of robots
kneath
306
45k
Site-Speed That Sticks
csswizardry
10
750
Testing 201, or: Great Expectations
jmmastey
45
7.6k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
30
2.2k
Making Projects Easy
brettharned
117
6.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
The Language of Interfaces
destraynor
158
25k
Transcript
re:Inforce 2021 ReCap Japan’s earliest re:Inforce challenge to ReCap By
Hirokazu Yoshida / At S-JAWS#21 / 2021.8.27
re:Inforce 2021 ReCap ຊҰૣ͍re:InforceͷReCapͷઓ ٢ాͻΖ͔ͣ / S-JAWS#21 / 2021.8.27
Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job
: Security Engineer Community : Security-JAWS Favorite AWS Service :
Attention !! • ຊηογϣϯɺݸਓͷݟղʹجͮ͘ͷͰ͢ • ॴଐ͢ΔاۀɺஂମͷҙݟΛද͢ΔͷͰ͋Γ·ͤΜ • and more …
re:Inforceͬͯ ͳΜ͡ΌΒ΄͍ʁ
About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ2019ʹϘετϯͰ։࠵ʢຊਓͷࢀՃऀ61໊ʣ • 2020
(ώϡʔετϯ) ɺίϩφͷӨڹͰதࢭ • ࠓதࢭͷةػΛΓӽ͑ɺஃͰόʔνϟϧॖ։࠵
΄ʔΜ re:Inforceͬͯ re:InventͷηΩϡϦςΟ൛ ͳΜͰ͠ΐʁ
ηΩϡϦςΟ৽ػೳͷൃදϥογϡ ͨͷ͠Έͳ͊ʂ
ͱࢥ͍ͬͯͨ࣌ظ ͋Γ·ͨ͠
About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ2019ʹϘετϯͰ։࠵ʢຊਓͷࢀՃऀ61໊ʣ • 2020ɺίϩφͷӨڹͰதࢭ
• ࠓதࢭͷةػΛΓӽ͑ɺஃͰόʔνϟϧॖ։࠵
৽ػೳগͳ͍ʂͬͯ ͦͦओࢫ͕ҧ͏
ͦΕͰ͋ͬͨ ৽ػೳͷൃදΛհ͠·͢
Functions introduced as new features • AWS Backup Audit Manager
• AWS Backup͕ಈ࡞͍ͯ͠ΔʮใʯΛݟΔ͜ͱ͕Ͱ͖Δ
Functions introduced as new features • AWS IoT CoreͷVPC Endpoint
(Private Link) ରԠ • IoT Coreͷ௨৴ΛެڞͷΠϯλʔωοτʹग़ͣ͞ʹऩू͢Δ
Functions introduced as new features • Level 1 MSSPϓϩάϥϜͷ։࢝ •
جຊతͳ࣭ج४Λຬͨͨ͠ύʔτφʔ͕ొ͞Ε͍ͯΔ • 10छྨͷͰӡ༻ؚΊͨظతʹ৴པͰ͖ΔηΩϡϦ ςΟΛखʹೖΕΔ͜ͱ͕Ͱ͖Δ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔཤྺͷରԠ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔͷݕূ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔͷϓϨϏϡʔ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ΘΕͯͳ͍ΞΫγϣϯ ͷݕग़
Functions introduced as new features? • Wickrͷങऩ (20216݄)
֤ηογϣϯ͔Β֞ؒݟΔ ϝοηʔδΛհ
Today's Agenda • Keynote • Leadership session: Data Protection &
Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response
Today's Agenda • Keynote • Leadership session: Data Protection &
Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response
Threat Detection & Incident Response • GuardDutyͰڴҖΛݕग़ • Security HubͰݕग़ࣄ߲ΛूɺίϯϓϥΠΞϯεҧΛݕग़
• ରԠͷࣗಈԽνϡʔχϯάΛߦͬͯɺΞϥʔτ׳ΕΛ͙
Ransomware • ΦϖϨʔγϣϯ༻ͱόοΫΞοϓ༻ͰΞΧϯτΛ͚Δ • S3όʔδϣχϯάͱΦϒδΣΫτϩοΫͷར༻ • DRΛؚΊͨแׅతͳόοΫΞοϓܭըͱήʔϜσΠ • ͞Βʹ۷ΓԼ͛ΔͳΒNIST SP1800-25Λࢀߟʹ͢Δͱ͍͍
Identity and Access Management • ύεϫʔυͷ͍ճ͠ʹΑΔةݥੑ • SSOͷଞɺۈ࣌ؒ֎ͷΞΫςΟϏςΟཧσόΠεΛซ༻͢Δଟཁૉೝূ • IAM
Access AnalyzerήʔϜνΣϯδϟʔ • ύʔϛογϣϯఆظతʹࠪ • ϢʔβʔάϧʔϓΛͬͯɺݖݶཧͷࡶ͞Λܰݮ͠Α͏
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ։ൃ / ϓϩμΫτνʔϜʹదͳΨʔυϨʔϧͷߏங •
GuardDutyͰڴҖΛݕग़ɺSecurity HubʹFindingsΛू • Event HubʹͦΕͧΕΛू
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ηΩϡϦςΟΤϯδχΞɺSlackΛհͯ͠मਖ਼ͷͨΊͷyaml Λ࡞ • Cloud
CustodianͰyamlΛLambdaʹมͯࣗ͠ಈԽΛଅਐ
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ
Network Infrastructure Security • Con fi dential Computing • AWS
Nitro Enclaves • ӬଓతͳετϨʔδΠϯλϥΫςΟϒͳΞΫηεɺ֎෦ωοτϫʔΫ͕ͳ ͍ • ڐՄ͞ΕͨίʔυͷΈ͕EnclavesͰ࣮ߦ͞Ε͍ͯΔ͜ͱΛݕূͰ͖Δ • KMSͱ౷߹͞Ε͍ͯΔEnclavesͷΈ͕ػີใʹΞΫηε͢Δ͜ͱ͕Ͱ͖Δ
Data Protection & Privacy • θϩτϥετΞʔΩςΫνϟ • ීวతͳࣄฑͷू߹ମ • ҉ͷ৴པͷഉআɺܧଓతͳݕূɺ࠷খݖݶɾ࠷খظؒͰϢʔβʔΛઃఆɺ
ҟৗͳ׆ಈѱҙͷ͋Δ׆ಈͷࢹɺཻͷߴ͍ϦεΫϕʔείϯτϩʔ ϧɺηΩϡϦςΟͷࣗಈԽ • AWSͷߟ͑ํ • IDཧͱωοτϫʔΫཧͷ྆ํΛิ͍ͬͯ͘
Data Protection & Privacy • GDPRͷରԠ • αʔϏεͷػೳGDPRద༻ରͰ͋Δ͔൱͔ΛΘͣɺ ͯ͢ͷސ٬ʹద༻͞ΕΔ
• GDPRͰཁٻ͞ΕΔసૹධՁͷࢧԉϦιʔε
Data Protection & Privacy • AWSαʔϏεͷϓϥΠόγʔػೳ • αϙʔτϦΫΤετΛॲཧ͢ΔୈࡾऀͷใΛܝࡌͨ͠ αϒϓϩηοαʔ
Data Protection & Privacy • ܭըͳ͠ʹػඍใΛอଘ͠ͳ͍͜ͱ • ͜ͷख୳ΓͰਐΊΔ͜ͱͰ͖ͳ͍ • ϏδωεΛऴྃ͢ΔϨϕϧͷϦεΫΛ࣋ͭ
• ϏδωεͰى͍ͬͯ͜Δ͜ͱΛ۷ΓԼ͛ͯਖ਼֬ʹཧղ͢Δ͜ͱ
Governance, Risk and Compliance • ߴ͍ϨϕϧͷೝূΛड͚ΔͨΊʹɺ150Ҏ্ͷίϯτϩʔϧΛ ຬͨ͢ඞཁ͕͋Δ • AWSαʔϏεɺҬۀքΛΘͣԿઍͷηΩϡϦςΟࠪ Ͱݕূ͞Ε͍ͯΔ
• AWS Artifact͔Β࠷৽ͷCSFূ໌ॻΛμϯϩʔυͰ͖Δ
Governance, Risk and Compliance • ࠓͰ͖Δ͜ͱɿCloudࠪΞΧσϛʔ
Leadership Sessionͷϝοηʔδ
Leadership session: Data Protection & Privacy • จԽΛܗ͢Δ •
֤νʔϜʹηΩϡϦςΟ୲ऀ͕Έࠐ·Ε͍ͯΔ • ҉߸Խ͢Ε͍͍Θ͚Ͱͳ͍ • 伴ͷཧͱಁ໌ੑʢAlexaͷࣄྫʣ • ϓϥΠόγʔɺʮԿΛ͢Δ͔ʯͱ͍͏͜ͱ
Leadership session: Governance, Risk & Compliance • ίϯϓϥΠΞϯεΛࣗͨͪͷͷʹ͢Δ6ͷڭ܇ • 10ؒͰੵΈ্͖͛ͯͨCompliance
as a CodeΛ ࣮ફ͢ΔͨΊͷڭ܇
Leadership session: Governance, Risk & Compliance • ૣࣦ͘ഊ͢Δ͜ͱ • ࠪͷͨΊͷΤϯδχΞ
• ίϯϓϥΠΞϯεʹັͤΒΕͨΤϯδχΞ • ઐࠪਓͷ಄ • ੑΛ࣋ͨͤΔ • ͷͲ͜ʹযΛͯΔ͔
Leadership session: Governance, Risk & Compliance • ͬͱֶश͍ͨ͠ਓͷͨΊʹ
Leadership session: Culture of Security • ηΩϡϦςΟόφφͰͨ͠
Tenets ͱ͍͏ݴ༿͕ҿΈࠐΊͳͯ͘ Կೖ͖ͬͯ·ͤΜͰͨ͠ ͞ʔͤΜ
Leadership session: Identity & Access Management • AWS OrganizationsΛͬͯϚϧνΞΧϯτΛཧ
• AWS SSOΛͬͯΞΧϯτͷதԝཧ • σʔλϖϦϛλ • SCP, VPC Endpoint Policy, Resource-based policys
Leadership session: Identity & Access Management • ࠷খݖݶͷཱྀ •
IAM Access Analyzerͷհ • IAM࠲ஊձ
Leadership session: Threat Detection & Incident Response • ηΩϡϦςΟػೳΛͬͯରԠ࣌ؒΛॖ͠Α͏
Leadership session: Threat Detection & Incident Response • GuardDutyͷϕετϓϥΫςΟεͷհ
• ରސ٬ͷηΩϡϦςΟΦϖϨʔγϣϯνʔϜͷ • ͍Ζ͍ΖͬͯΔ͚Ͳɺཧऀϝʔϧ͚ͩϚδड৴͠Ζ • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
Leadership session: Threat Detection & Incident Response • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
Leadership session: Threat Detection & Incident Response • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
A bird's eye view • ։ൃϓϩηεʹηΩϡϦςΟΛΈࠐΉจԽͱ ίϯϓϥΠϯεΛΈࠐΉจԽࣅ͍ͯΔ • ϓϥΠόγʔͷߟ͑ํͷ಄ग़͠ʢੈͷதͷૌٻͷରԠʣ
• Compliance as a Codeɺ·ͩ·ͩීٴ͍ͯ͠ͳ͍ • खͳ৽͍͠ͷͰͳ͘ɺීวతͳࣄฑͷੵΈ্͛
Thank you !