Tech. Electronic Health Records (EHR) System: Web application for patient health info Telemedicine Platform: Mobile apps for patients to connect with healthcare providers Remote Patient Monitoring Devices: IoT for wearable tech, collects real-time data
Tech. Electronic Health Records (EHR) System: Web application for patient health info Telemedicine Platform: Mobile apps for patients to connect with healthcare providers Remote Patient Monitoring Devices: IoT for wearable tech, collects real-time data
AWS account for all development and production process - All risks are in the same AWS account. - Migration can be hard but it’s a requirement. - Security account is essential. - Management account for billing and AWS Organizations.
Lots of different IAM users, IAM roles, and policies. - The most challenging topic in the cloud. - IAM users' key management is still an issue. - IAM Access Analyzer for roles, policies: - Unused access - External access - Use short-term credentials if possible. - Use service control policies (SCPs). - At least privilege principle!
IAM users' key management is still an issue. - Lots of IAM users, complex to manage. - Use AWS Identity Center –> SSO. - Centralized management - Short term creds for CLI - Ease of use Blog: AWS IAM Identity Center Configuration for Your Google Workspace
There is no solution for account auditing for our AWS accounts. - AWS CloudTrail - A digital detective for us - Investigate our activities - Security auditing - Detailed info for all your API calls in our account - Enable log file validation - Enable multi-regional trail
- There is no solution for resource vulnerabilities for our AWS resources like EC2, Lambda. - VM process is essential. - Amazon Inspector - Automated vulnerability management for our workloads - Center for Internet Security (CIS) Benchmark assessments for our OS Scan Your AWS Lambda Functions with Amazon Inspector
- There is no solution for protecting our endpoints. - There are lots of endpoints in our environment: - Mobile client endpoints, - Web app endpoints, - IoT endpoints - AWS WAF - Customize rules for your environments - Monitor regularly. You don’t want to block legitimate requests - Analyze regularly - Automate as possible
- There is no solution for protecting our endpoints. - There are lots of endpoints in our environment: - Mobile client endpoints, - Web app endpoints, - IoT endpoints - AWS WAF - Customize rules for your environments - Monitor regularly. You don’t want to block legitimate requests - Analyze regularly - Automate as possible
- Lots of data, - Personal identifiable information, - IoT user data, - Mobile/Web data - There is no protection/detection of data in our environment. - AWS KMS & CloudHSM - Encrypt everything with our keys or AWS KMS - Use the latest encryption algorithms
senayakut
aleyda
lara
addyosmani
lynnandtonic
dugsong
stephaniewalter
.png){kind=avatar}
helenjbeal
jnunemaker
letsgokoyo
pauljervisheath
sonatard
