$30 off During Our Annual Pro Sale. View Details »

外よりも中からの攻撃・
事故がヤバイ、今やるべきクラウドセキュリティ対策

Sudachi-Kun
March 12, 2016
Technology
5
6.9k

 外よりも中からの攻撃・
事故がヤバイ、今やるべきクラウドセキュリティ対策

クラウド使うとリスクはどうなる?それでも便利なクラウドサービス、正しく安全に使う方法をご紹介します。

Sudachi-Kun

March 12, 2016
Tweet

More Decks by Sudachi-Kun

See All by Sudachi-Kun
Slack-EMOJIをチーム間で共有する方法
sudachikawaii
0
100
SORACOMに乗せるぜマイナンバー
sudachikawaii
0
1.6k
PCI DSSを取る方法
sudachikawaii
0
1.8k

Other Decks in Technology

See All in Technology
更新”しない”ドキュメント管理 「イミュータブルドキュメントモデル」の実運用
kosui
9
1.1k
device mapperによるディスクI/O障害のエミュレーション
sat
PRO
7
2.3k
つくばチャレンジ2023EX with PLATEAU@つくばセンター広場課題コース
tsukubachallenge
0
690
本当にわかりやすいAI入門
segavvy
2
340
LINEでのコミュニケーションにマスコットキーホルダーを使ってみる / LINEを使ったLT大会 #5
you
PRO
0
110
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
1
210
AWS re:Invent 2023の期間中に出たコンテナアップデート集
yoshiitaka
3
320
pmconf 2023 プロダクトと事業を無限にスケールするための最強のロードマップの作り方 / The Greatest Roadmap for Unlimited Scaling your Business and Products
yamamuteki
16
9.5k
AutoGenで作るLLM Agen
peisuke
1
350
Go Getでのchecksum不一致に遭遇した話とその対応
replu
0
270
AWS re:Invent 2023 わざわざ現地まで行く意味あるの?→ありました
minorun365
PRO
5
950
visionOSについてGlobeeが取り組んでいること
toshi0383
0
250

Featured

See All Featured
Building an army of robots
kneath
299
41k
Three Pipe Problems
jasonvnalue
89
9.3k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
351
28k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
26
5.7k
The MySQL Ecosystem @ GitHub 2015
samlambert
241
11k
GitHub's CSS Performance
jonrohan
1021
440k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.7k
Art, The Web, and Tiny UX
lynnandtonic
286
19k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Producing Creativity
orderedlist
PRO
335
38k
The Language of Interfaces
destraynor
149
22k
[RailsConf 2023] Rails as a piece of cake
palkan
17
3.2k

Transcript

  1. ֎ΑΓ΋த͔Βͷ߈ܸɾ

    ࣄނ͕ϠόΠɺࠓ΍Δ΂͖
    Ϋϥ΢υηΩϡϦςΟରࡦ
    Ϋϥ΢υ࢖͏ͱϦεΫ͸Ͳ͏ͳΔʁͦΕͰ΋ศར
    ͳΫϥ΢υαʔϏεɺਖ਼҆͘͠શʹ࢖͏ํ๏Λ͝
    ঺հ͠·͢ɻ

    View Slide

  2. ͬͦ͘͞Ͱ͕͢
    ͝ΊΜͳ͍͞

    View Slide

  3. ͜ͷεϥΠυ͸
    ߹ܭ
    365εϥΠυ͋Γ·͢
    ͔͠΋Webެ։͠·ͤΜ
    ʢͨͿΜʣ
    ͲΜͲΜߦ͖·͢

    View Slide

  4. ࣗݾ঺հ

    View Slide

  5. ᴡ౻ ጏਔ
    αΠτ΢ γϯδ

    ΞΠϨοτגࣜձࣾ
    cloudpackࣄۀ෦
    2013೥8݄ೖࣾ
    ʲϒϩάʳ
    ϩʔυόϥϯεͩͪ͘͢Μ
    http://blog.animereview.jp/

    View Slide

  6. ϒϩά
    ׂͱ͍Ζ͍Ζॻ͍ͯ·ͯ͠

    View Slide


  7. ݸਓϒϩά͚ͩͲ40ສPV
    ̍೔ฏۉ1500PV

    View Slide

  8. ͦͷલ͸HPC΍ͬͯ·ͨ͠
    ʢϋΠɾύϑΥʔϚϯεɾίϯϐϡʔςΟϯάʣ

    View Slide

  9. GPU͍ͬͺ͍ͷͤͯ

    View Slide

  10. Ϋϥελ
    ૊ΜͩΓ
    ͢ΔΘ͚Ͱ͢

    View Slide

  11. ͦͷલ͸2೥͘Β͍
    χʔτͯ͠·ͨ͠
    ʢ24/365ۈ຿ʣ
    ʢͣͬͱήʔϜͯͨ͠ʣ

    View Slide

  12. ߋʹͦͷલ͸
    υεύϥͷ
    ๏ਓ෦ୂʹ͍·ͨ͠

    View Slide

  13. 2009೥ʹ
    GMO͞Μͷ
    αʔόʔ࡞ͬͨ࣌ͷ
    هࣄ
    ʢITmedia͞Μʣ

    View Slide

  14. ͋Δ೔γϯδ͸
    ໨֮ΊΔͷͰ͢

    View Slide

  15. ࣌୅͸Ϋϥ΢υ͡ΌͶʁ

    View Slide

  16. ͦͯ͠ΞΠϨοτʹ
    ඈͼࠐΉ

    View Slide

  17. ·ͣ୲౰ͨ͠ͷ͸
    ϓϩδΣΫτϚωʔδϟʔ

    View Slide

  18. ͦͯࣗࣾ͠Webߋ৽

    View Slide

  19. ͔Βͷ٬ઌৗற

    View Slide

  20. ΋͸΍ԿͰ΋԰

    View Slide

  21. ݱࡏͷݞॻ͖

    View Slide

  22. ৘ใηΩϡϦςΟ؅ཧ੹೚ऀ

    View Slide

  23. ݸਓ৘ใ؅ཧ੹೚ऀ

    View Slide

  24. PCI DSS؅ཧ੹೚ऀ

    View Slide

  25. ܦྺͱηΩϡϦςΟͷ
    γϯΫϩ཰͕ઈ๬త

    View Slide

  26. ͖͔͚ͬ͸
    ৽ͨͳ؂ࠪରԠͱ
    લ೚ͷୀ৬

    View Slide

  27. CTOླ໦
    ʮγϯδ܅ηΩϡϦςΟ΍ͬͯʔʯ

    View Slide

  28. ͍͍ͬ͢Αʔ

    View Slide

  29. 1͔Βݱ৔Ͱୟ͔Εͯ
    ࠓʹࢸΓ·͢

    View Slide

  30. ͦͯ͠ޛͬͨ

    View Slide

  31. ٕज़ྗʢITϦςϥγʔʣͱ
    ηΩϡϦςΟϦςϥγʔ͸
    શ͘΋ͬͯൺྫ͠ͳ͍

    View Slide

  32. ΞΠϨοτגࣜձࣾ
    cloudpackࣄۀ෦
    ͝঺հ

    View Slide


  33. ΞΠϨοτגࣜձࣾ
    ઃཱ
    ࢿຊۚ
    ୅දऀ
    ैۀһ਺
    ࣄۀ಺༰ γεςϜ։ൃɾอक
    ϚωʔδυϗεςΟϯά
    2003೥10݄15೔
    7,000ສԁ
    ᜊ౻ কฏ
    117໊ʢ2016೥3݄ݱࡏʣ

    View Slide


  34. AWSΛ׆༻͠ͳ͕ΒϏδωεʹूதͰ͖Δ
    ίϯγΣϧδϡαʔϏε

    View Slide


  35. 4 ࣾ

    600
    6೥
    6 ೥ؒAWSͷΈͰ
    2 0 1 0
    2 0 1 6

    View Slide


  36. AWSϓϨϛΞίϯα
    ϧςΟϯά
    ύʔτφʔ
    ΞδΞ஍Ҭ5ࣾ
    ࠷্Ґύʔτφʔ 4೥࿈ଓ͸2ࣾͷΈ
    Premier > Advanced > Standard > Registered
    શੈք2331ࣾத

    View Slide


  37. AWSίϯϐςϯγʔೝఆ
    AWSͷӡ༻อक
    ϏοάσʔλͷऔΓѻ͍

    View Slide


  38. AWSύʔτφʔΞϫʔυ
    ࠷ߴӫ༪ͷ
    APN Partner of the Year 2೥࿈ଓड৆

    View Slide


  39. ཁ͢Δʹ
    ಛʹAWSͷߏஙӡ༻อक͕
    ಘҙͳձࣾͰ͢

    View Slide

  40. ͳͷͰ͕͢

    View Slide

  41. ࠓ೔͸AWSʹݶΒͣ
    Ϋϥ΢υͱ͍͏෼໺Ͱ
    ηΩϡϦςΟతͳ͓࿩Λ
    ͍ͨ͠ͱࢥ͍·͢

    View Slide

  42. Ϋϥ΢υͷ
    ηΩϡϦςΟʹ͍ͭͯߟ͑Δ

    View Slide

  43. ࢢ৔͸Ϋϥ΢υ΁ෆ͕҆͋Δ
    ͦͷ1Ґ͕ηΩϡϦςΟ

    View Slide

  44. ͳ͔ͥ

    View Slide

  45. ͳΜ͔ͩΑ͘෼͔Βͳ͍͔Β

    View Slide

  46. ͍΍͍΍
    ΦϯϓϨͩΖ͏͕
    Ϋϥ΢υͩΖ͏͕
    ΍Δ͜ͱ͸ҰॹͰ͠ΐ

    View Slide

  47. ͱɺࢥ͍ͬͯͨ࣌ظ͕
    ࢲʹ΋͋Γ·ͨ͠

    View Slide

  48. ྫ͑͹AWS

    View Slide

  49. ੹೚ڞ༗Ϟσϧ

    View Slide


  50. View Slide

  51. ͬͦͪ͘͞ΐͬͱ
    ಠಛͳײ͡͠·͢ΑͶ

    View Slide

  52. ͡Ό͋΋ͬͱΧδϡΞϧͳ
    αʔϏεΛݟͯΈ·͠ΐ͏

    View Slide

  53. Dropboxͱ͔
    Evernoteͱ͔
    Google Appsͱ͔

    View Slide

  54. ͜ΕΒ΋શ෦
    Ϋϥ΢υαʔϏεͰ͢ΑͶ

    View Slide

  55. தʹ͸ۀ຿Ͱ
    ར༻͞Ε͍ͯΔํ΋
    ͍Βͬ͠ΌΔ͔΋͠Ε·ͤΜ

    View Slide

  56. ͦͷ࣌ͷબఆج४ͬͯ
    ԿͰ͔͢ʁ

    View Slide

  57. ศར͔ͩΒʁ
    ͔͔҆ͬͨΒʁ

    View Slide

  58. ηΩϡϦςΟͷଆ໘Ͱ
    ධՁ͠·͔ͨ͠ʁ

    View Slide

  59. ԿΛ࣋ͬͯͯ͠
    ʮ҆શʯ
    ͱ͢Δ͔

    View Slide

  60. ೉͍͠Ͱ͢ΑͶ

    View Slide

  61. cloudpackͰ͸
    Ͳ͏͍ͯ͠Δ͔ͱ͍͏ͱ

    View Slide

  62. ύεϫʔυΛೖྗͤ͞Δ
    αʔϏε͸
    શͯ੬ऑͱ͍͏ߟ͑ํ

    View Slide

  63. ͦΜͳ͜ͱݴͬͨΒͳΜʹ΋
    ࢖͑ͳ͍͡Όͳ͍͔ʂ
    ͱ͍͏ͷ͸ͦͷ௨Γ
    ͳͷͰ͕͢ɺ

    View Slide

  64. ࣗࣾͷActive Directory͔Β
    SSOʢγϯάϧαΠϯΦϯʣ
    Ͱ͖ͳ͍αʔϏε͸
    ݪଇ࠾༻͠ͳ͍΋Μʂ
    ͱ͍͏ϙϦγʔΛ
    ͍࣋ͬͯ·͢

    View Slide

  65. ͱ͍͏Θ͚Ͱ

    View Slide

  66. cloudpack͸ݪଇɺ
    AWSͳͲ΁ͷϩάΠϯʹ
    ΞΧ΢ϯτ໊΋
    ύεϫʔυ΋࢖͍·ͤΜ

    View Slide

  67. ࣾ಺Ͱ͸ύεϫʔυΛ࢖͏
    γνϡΤʔγϣϯ͸ɺ
    ύιίϯʹ
    ϩάΠϯ͢Δͱ͖ͱɺ
    SSO͢Δͱ͖ͷΈ

    View Slide

  68. ΋ͪΖΜSSOͳͷͰɺ
    Active Directoryʹ
    ొ࿥͞Ε͍ͯΔ
    ΞΧ΢ϯτ໊ͱ
    ύεϫʔυΛ༻͍·͕͢

    View Slide

  69. υϝΠϯͱಉ͡
    ໊લɺύεϫʔυͰ
    ֤छΫϥ΢υαʔϏεʹ
    ొ࿥͍ͯ͠Δ
    ͱ͔͍͏
    མͪͰ͸ͳ͍Ͱ͢

    View Slide

  70. SAMLʢαϜϧʣΛ
    ࢖͍ͬͯ·͢
    ͋ͱKerberosೝূͰ͢Ͷ

    View Slide

  71. ͳͷͰ
    ࣾ಺ͷดҬʹ͋Δ
    Active DirectoryΛ
    ઈରʹܦ༝͠ͳ͍ͱ
    ֤छαʔϏεʹ
    ϩάΠϯग़དྷͳ͍ͷͰɺ

    View Slide

  72. ୈࡾऀ͕Πϯλʔωοτܦ༝
    ͰΞΧ΢ϯτΛ৐ͬऔΔ͜ͱ
    ͕ઈରʹग़དྷͳ͍࢓૊Έ
    Ͱ͢

    View Slide

  73. ΋͠΋ɺ΋͠΋ɺ͋Γ͑ͳ͍
    ͱ͸ࢥ͏͚Ͳ

    View Slide

  74. ࣾ಺ͷωοτϫʔΫʹ
    ܨ͕Εͯ

    View Slide

  75. ΞΧ΢ϯτ໊΋όϨͯͯ

    View Slide

  76. ύεϫʔυ΋
    ࿙Εͯͨͱͨ͠Β

    View Slide

  77. ϩάΠϯͰ͖ͪΌ͏͡ΌΜ
    ͬͯ͜ͱͰ

    View Slide

  78. શαʔϏεʹ
    ରԠग़དྷΔΑ͏ͳ
    ଟཁૉೝূ΋
    ೖΕͯ·͢

    View Slide

  79. 1. ϋʔυ΢ΣΞೝূ
    2. ΞΧ΢ϯτೝূ
    3. ଟཁૉೝূ
    ͜ͷ3ͭΛ࢖͍ͬͯ·͢

    View Slide

  80. ͱ͸͍͑

    View Slide

  81. ΈΜͳ͕ΈΜͳ
    SSOͳ؀ڥΛ࡞ΕΔ
    Θ͚Ͱ͸ͳ͍Ͱ͢͠

    View Slide

  82. ͦ͜·Ͱ͍ΒͶʔ͢
    ͬͯձࣾ͞Μ΋
    ͍Βͬ͠ΌΔͷͰ

    View Slide

  83. ࠷௿ݶɺ͜Ε͚ͩ͸
    ΍ͬͯཉ͍͠ͳͱ
    ࢥ͏͜ͱ͕͋Γ·͢

    View Slide

  84. αʔϏεͷص্ධՁ

    View Slide

  85. ಠཱߦ੓๏ਓ
    ৘ใॲཧਪਐػߏ
    ηΩϡϦςΟηϯλʔ͔Β
    ൃߦ͞Ε͍ͯΔɺ
    தখاۀͷͨΊͷ
    Ϋϥ΢υαʔϏε҆શར༻ͷ
    खҾ͖

    View Slide


  86. View Slide

  87. ͜Ε͕͘͢͝ྑ͘ग़དྷ͍ͯͯ
    cloudpackͷ಺෦؂ࠪ΍
    ֎෦؂ࠪͰ΋࢖͍ͬͯ·͢

    View Slide

  88. 1߲໨ͣͭݟͯΈ·͢

    View Slide

  89. Google AppsΛ
    ධՁͯ͠Έ·͠ΐ͏

    View Slide

  90. 1. ར༻ൣғͷ໌֬Խ
    Ϋϥ΢υαʔϏεͰͲͷۀ຿ɺ
    Ͳͷ৘ใΛѻ͏͔ݕ౼͠ɺ
    ۀ຿ͷ੾Γ෼͚΍ӡ༻ϧʔϧ
    ͷઃఆΛߦ͍·͔ͨ͠ʁ

    View Slide

  91. ిࢠϝʔϧɺϑΝΠϧڞ༗ɺ
    εέδϡʔϧ؅ཧͱͯ͠
    ར༻͢Δɻ

    View Slide

  92. 2. αʔϏεͷछྨͱίετ
    ۀ຿ʹ߹͏Ϋϥ΢υαʔϏε
    Λબఆ͠ɺίετʹ͍ͭͯ
    ֬ೝ͠·͔ͨ͠ʁ

    View Slide

  93. ໾һձঝೝࡁΈ

    View Slide

  94. 3. ѻ͏৘ใͷॏཁ౓
    Ϋϥ΢υαʔϏεͰऔΓѻ͏ɺ
    ৘ใͷ؅ཧϨϕϧʹ͍ͭͯ
    ֬ೝ͠·͔ͨ͠ʁ

    View Slide

  95. ݸਓ৘ใɺސ٬৘ใɺ
    ސ٬؀ڥ৘ใͳͲɺ
    ॏཁͳ৘ใΛऔΓѻ͏

    View Slide

  96. 4. ϙϦγʔ΍ϧʔϧͱͷ
    ੔߹ੑ
    ηΩϡϦςΟ্ͷϧʔϧͱ
    Ϋϥ΢υαʔϏεͷ
    ׆༻ͷؒʹ
    ໃ६΍ෆҰக͕
    ੜ͡·ͤΜ͔

    View Slide

  97. ࣾ಺ͷ౷߹ೝূج൫ʹ
    ΞαΠϯՄೳ͔ͭɺ
    ୯ಠͰ΋
    ଟཁૉೝূʹରԠ͍ͯ͠Δ

    View Slide

  98. 5. ར༻؅ཧ୲౰ऀ
    Ϋϥ΢υαʔϏεͷಛੑΛ
    ཧղͨ͠ར༻؅ཧ୲౰ऀΛ
    ࣾ಺ʹ֬อ͠·͔ͨ͠ʁ

    View Slide

  99. ద੾ͳ؅ཧऀΛ֬อͨ͠

    View Slide

  100. 6. Ϣʔβ؅ཧ
    Ϋϥ΢υαʔϏεͷϢʔβʹ
    ͍ͭͯద੾ʹ؅ཧग़དྷ·͔͢ʁ

    View Slide

  101. ࣾ಺ͷ౷߹ೝূج൫ʹͯ
    ؅ཧՄೳ

    View Slide

  102. 7. ύεϫʔυ
    ύεϫʔυͷద੾ͳ
    ઃఆɾ؅ཧ͸࣮ࢪͰ͖·͔͢ʁ

    View Slide

  103. ࣾ಺ͷ౷߹ೝূج൫ʹͯ
    ؅ཧՄೳ

    View Slide

  104. 8. σʔλͷෳ੡
    αʔϏεఀࢭ౳ʹඋ͑ͯɺ
    ॏཁ৘ใΛखݩʹ֬อͯ͠
    ඞཁͳ࣌ʹ࢖͑ΔͨΊͷ
    උ͑͸͋Γ·͔͢ʁ

    View Slide

  105. αʔυύʔςΟ੡πʔϧ΍
    αʔϏεΛར༻͢Δ
    ඞཁ͕͋Δ

    View Slide

  106. 9. ࣄۀऀͷ৴པੑ
    Ϋϥ΢υαʔϏεΛఏڙ͢Δ
    ࣄۀऀ͸
    ৴པग़དྷΔࣄۀऀͰ͔͢

    View Slide

  107. ੈքత༗໊اۀͰ͋Δɻ
    ISAE 3402 Type II ͱ SSAE
    16 ೝূ ͱ ISO27001 ͳͲΛ
    औಘ͍ͯ͠Δɻ

    View Slide

  108. 10. αʔϏεͷ৴པੑ
    αʔϏεͷՔಇ཰ɺ
    ো֐ൃੜස౓ɺ
    ো֐࣌ͷճ෮໨ඪ࣌ؒͳͲͷ
    αʔϏεϨϕϧ͸
    ࣔ͞Ε͍ͯ·͔͢ʁ

    View Slide

  109. อূ͢ΔՔಇ཰͸99.9%

    View Slide

  110. 11. ηΩϡϦςΟରࡦ
    Ϋϥ΢υαʔϏεʹ͓͚Δ
    ηΩϡϦςΟରࡦ͕
    ۩ମతʹެ։͞Ε͍ͯ·͔͢ʁ

    View Slide

  111. ԼهWebαΠτͰ֬ೝͰ͖Δ
    https://support.google.com/
    a/answer/60762?hl=ja

    View Slide

  112. 12. ར༻ऀαϙʔτ
    αʔϏεͷ࢖͍ํ͕
    Θ͔Βͳ͍ͱ͖ͷࢧԉ
    ʢϔϧϓσεΫ΍FAQʣ͸
    ఏڙ͞Ε͍ͯ·͔͢ʁ

    View Slide

  113. FAQɺϝʔϧɺ24࣌ؒ365೔
    ରԠͷి࿩αϙʔτ͕͋Δ

    View Slide

  114. 13. ར༻ऴྃ࣌ͷ
    σʔλͷ֬อ
    αʔϏεར༻͕
    ऴྃͨ͠ͱ͖ͷɺ
    σʔλͷऔѻ৚݅ʹ͍ͭͯ
    ֬ೝ͠·͠ΐ͏ɻ

    View Slide

  115. Google ͷ
    ϓϥΠόγʔ ϙϦγʔʹ
    ैͬͯɺ
    ͢΂ͯͷσʔλ͕
    Google ͷαʔόʔ͔Β
    ࡟আ͞ΕΔ

    View Slide

  116. 14. ܖ໿৚݅ͷ֬ೝ
    Ұൠతܖ໿৚݅ͷ֤߲໨ʹͭ
    ͍ͯ֬ೝ͠·͠ΐ͏ɻ

    View Slide

  117. ར༻ن໿Λ֬ೝͨ͠ɻ
    http://www.google.com/
    apps/intl/ja/terms/
    premier_terms.html

    View Slide

  118. ൑ఆ

    View Slide

  119. ߹֨

    View Slide

  120. ߹൱ཧ༝
    cloudpackαʔϏεͷఏڙʹ
    ͓͍ͯॏཁͳπʔϧͱͳΔɻ
    े෼ͳSLA΍ɺ؅ཧऀػೳ͕
    ఏڙ͞Ε͓ͯΓɺߋʹ͸
    ౷߹ೝূج൫΁ͷ౷߹͕
    Մೳͳ఺͔Βɺ߹֨ͱ͢Δɻ

    View Slide

  121. ঝೝ
    ೔෇ͱঝೝऀΛॻ͘

    View Slide

  122. View Slide

  123. ֤߲໨ʹ
    ʮద߹͍ͯ͠ͳ͚Ε͹
    ࠾༻ग़དྷͳ͍ʯ
    Ͱ͸ͳͯ͘

    View Slide

  124. ϦεΫΛચ͍ग़ͯ͠
    ೝࣝ͠·͠ΐ͏ͱ͍͏ͷ͕
    ओࢫͰ͢

    View Slide

  125. ͖ͪΜͱϦεΫධՁ͢Ε͹
    ࢖͑ΔΫϥ΢υαʔϏε͔
    ൑அͰ͖·͢

    View Slide

  126. ͦͯ͠ϦεΫΛࣾ಺ʹ
    ڞ༗͠·͠ΐ͏
    ͦ͏͢Δ͜ͱͰ

    View Slide

  127. Ϋϥ΢υͷεϐʔυײΛ
    อͪͭͭɺ
    اۀͱͯ͠ͷࣄۀܧଓੑΛ
    ߴΊΔ͜ͱ͕
    ग़དྷΔ͔΋͠Ε·ͤΜ

    View Slide

  128. ΍ͬͺ؂ࠪ͸େࣄͩͳͬͯ

    View Slide

  129. ηΩϡϦςΟΫϥελʹ͸
    3छྨͷਓ͕͍ؒΔͱ
    ࢥ͍ͬͯ·͢

    View Slide

  130. ؂ࠪܥ

    View Slide

  131. ߈ܸܥ

    View Slide

  132. ҉߸Խɾೝূٕज़ܥ

    View Slide

  133. γϯδ͸؂ࠪܥ͔ͳʁ
    ͱ͍͏Θ͚Ͱ

    View Slide

  134. վΊͯ؂ࠪʹ͍ͭͯ
    ߟ͑ͯΈ·ͨ͠

    View Slide

  135. զʑ͕ݴ͏ͱ͜Ζͷ
    ηΩϡϦςΟͬͯͷ͸

    View Slide

  136. ͓͏ͪʹ伴͔͚Δͱ͔

    View Slide

  137. ໷஗͍ͱ͖͸ిؾ෇͚Δͱ͔

    View Slide

  138. ͦ͏͍͏ͷ͡Όͳͯ͘

    View Slide

  139. ৘ใηΩϡϦςΟͷࣄ
    Ͱ͢ΑͶ

    View Slide

  140. ͦ΋ͦ΋
    ৘ใηΩϡϦςΟͬͯ
    ͳΜͷ͜ͱͰ͔͢

    View Slide

  141. ৘ใͷ
    ػີੑ
    ׬શੑ
    Մ༻ੑ

    View Slide

  142. ͜ͷ3ຊபͷࣄͰ͢

    View Slide

  143. ػີੑ

    View Slide

  144. ΞΫηεΛೝՄ͞Εͨऀ͚͕ͩ
    ৘ใʹ࣮֬ʹ
    ΞΫηεͰ͖Δ͜ͱ

    View Slide

  145. ׬શੑ

    View Slide

  146. ৘ใࢿ࢈͕׬શͳ
    ঢ়ଶͰอଘ͞Εɺ
    ಺༰͕ਖ਼֬Ͱ͋Δ͜ͱ

    View Slide

  147. Մ༻ੑ

    View Slide

  148. ৘ใࢿ࢈͕ඞཁʹͳͬͨͱ͖ɺ
    ར༻Ͱ͖Δঢ়ଶʹ͋Δ͜ͱ

    View Slide

  149. cloudpack͕औಘ͍ͯ͠Δ
    ֎෦؂ࠪɾೝূ͸
    ͍Ζ͍Ζ͋ΔͷͰ͕͢

    View Slide

  150. ʢެ։ग़དྷͳ͍ʣ

    View Slide

  151. ʢެ։ग़དྷͳ͍ʣ

    View Slide

  152. γϯδ͸ཱ৔্
    ͍ΖΜͳ؂ࠪʹ
    ཱͪձ͏ͷͰ͕͢

    View Slide

  153. ࠷ۙࢥ͏͜ͱ͕͋Γ·͢

    View Slide

  154. ೝূऔ͔ͬͨΒͬͯ
    ͳΜͳͷʁ

    View Slide

  155. ࠃ಺ج४
    ࠃࡍج४
    ͍Ζ͍Ζ͋Γ·͚͢Ͳ

    View Slide

  156. ຊདྷ͸ɺࣗࣾͷηΩϡϦςΟ
    ج४Λ໌֬ʹ͢Δͱ͔ɺηΩϡ
    ϦςΟҙࣝΛ্͛ΔͨΊʹ͋
    ΔͨΊͷೝূن֨

    View Slide

  157. Ͱ΋Կ೥͔΍ͬͯΔͱ
    ;ͱࢥ͏ΜͰ͢

    View Slide

  158. ؂ࠪͷҝʹࢿྉ༻ҙͯ͠

    View Slide

  159. ؂ࠪͷҝʹ͍Ζ͍Ζௐ੔ͯ͠

    View Slide

  160. ؂ࠪͷҝ
    ؂ࠪͷҝ

    View Slide

  161. ηΩϡϦςΟͲ͍ͬͨ͜

    View Slide

  162. ಛʹࢥͬͨͷ͸
    SOC2΍ͬͨͱ͖Ͱ͢

    View Slide

  163. SOC2ͱ͸ͳΜͳͷ͔

    View Slide

  164. ಛఆඇӦར׆ಈ๏ਓ
    ೔ຊηΩϡϦςΟ؂ࠪڠձ
    JASA

    View Slide


  165. View Slide

  166. SOC 2
    ͱ
    SOC 3
    ͬͯҰ൪্ʹॻ͍ͯ͋Δ
    ʢISMS͕෺଍Γͳ͍ͱ͔
    ॻ͔Εͯ·͕͢ʣ

    View Slide

  167. Α͠ɺ͜ΕऔΖ͏

    View Slide

  168. SOC 2ͬͯͳʹ

    View Slide

  169. ถࠃެೝձܭ࢜ڠձ
    ʢAICPAʣ͕ఆΊͨ
    αʔϏε૊৫ʢService
    Organization Controlʣͷ
    ౷੍ʹؔΘΔ
    ධՁۀ຿ͷ࢓૊Έ

    View Slide

  170. ʁ

    View Slide

  171. SOC 3ͷํ͕Ғ͍ʁ
    ʢ਺ࣈతʹʣ

    View Slide

  172. ௚઀ɺ؂ࠪ๏ਓʹฉ͍ͯΈͨ

    View Slide

  173. ·ͣ
    SOC 1
    SOC 2

    SOC 3
    ͕͋Γ·͢

    View Slide

  174. SOC1
    ࡒ຿ධՁ

    View Slide

  175. SOC 2
    ηΩϡϦςΟ
    Մ༻ੑ
    ॲཧͷΠϯςάϦςΟ
    ػີอ࣋
    ϓϥΠόγʔ
    ͜ΕͷͲΕ͔1ͭҎ্

    View Slide

  176. SOC 3
    SOC 2ͷ಺༰Λ؆ૉʹͯ͠
    ެ։จষʹͨ͠΋ͷ

    View Slide

  177. ͳΔ΄Ͳ
    ໾ׂ͕ҧ͏ͷ͔
    ࠓճ͸ηΩϡϦςΟʹ
    ϑΥʔΧε͍ͨ͠ͷͰ
    SOC 2Ͱ͢Ͷʂ

    View Slide

  178. ͍΍࣮͸΋͏1఺͋Γ·ͯ͠

    View Slide

  179. Type 1
    ͱ
    Type 2

    View Slide

  180. Type 1
    ͋Δ1೔Λ੾Γग़ͯ͠؂ࠪ͢Δ

    View Slide

  181. Type 2
    3ϲ݄Ҏ্ͷظؒΛ੾Γग़ͯ͠
    ؂ࠪ͢Δ

    View Slide

  182. ͳΔ΄Ͳ
    ໨ࢦ͢͸SOC 2 Type 2
    ͱ͍͏͜ͱͰ͢Ͷʂ

    View Slide

  183. ؂ࠪ๏ਓ
    ʮ͸͍ɺͰ͕͢
    ·ͣ͸Type 1͔Β
    औಘ͞ΕΔͷ͕
    ྑ͍ͱࢥ͍·͢ʯ

    View Slide

  184. Αʔ͠
    ͡Ό͋
    SOC 2 Type 1ͩʂ

    View Slide

  185. ͦͯ͠
    2೥΋ͷࡀ݄͕͔͔Γ

    View Slide

  186. ͳΜ΍͔Μ΍͋ͬͯ
    2015೥8݄31೔
    ΞΠϨοτגࣜձࣾ
    cloudpackࣄۀ෦
    SOC2 Type1 डྖ
    ʢηΩϡϦςΟͱՄ༻ੑʣ

    View Slide

  187. SOC2ͬͯɺ
    ͨͩͷϨϙʔτͰ
    ೝূͰ͸ͳ͍ΜͰ͢Ͷ

    View Slide

  188. Ͱ΋΍Δͱ෼͔ΔͷͰ͕͢
    ͲΜͳೝূΑΓ΋
    ج४͕ݫͯ͘͠
    ਏͯ͘ਏͯ͘ਏͯ͘

    View Slide

  189. ߋʹ಺༰͕ެ։͞ΕΔ
    ͍ͬͯ͏

    View Slide

  190. ී௨ɺྫ͑͹ɺ
    ISMSऔ͔ͬͨΒͬͯ
    ͲΜͳ؂ࠪ಺༰Ͱ
    ࢦఠࣄ߲͕͜Μͳ಺༰Ͱ
    ͜ΜͳձࣾͰͨͬͯ͠

    View Slide

  191. ެ։͞Εͳ͍Ͱ͢ΑͶ

    View Slide

  192. SOC2͸ɺ
    શ෦ެ։͞ΕͪΌ͏

    View Slide

  193. ฐ͓ࣾ٬༷ʹ͸
    େखاۀ༷΋
    ͍Βͬ͠ΌΔͷͰ

    View Slide

  194. ηΩϡϦςΟઐ໳෦ୂ͕͍ͯ
    ͔ͳΓࡉ͔͘
    ݟͯ͘ΔΜͰ͢Ͷ

    View Slide

  195. Լखͳ͜ͱॻ͔ΕͨΒ΋͏
    ΍͹͍
    ΍͹͍
    ΍͹͍

    View Slide

  196. ͦ͏͍͏ҙຯͰ͸
    SOC2 ͕࠷΋ߟ͑ͤ͞ΒΕͨ
    ͱࢥ͍·ͨ͠
    ԿΛߟ͔͑ͨͬͯݴ͏ͱ

    View Slide

  197. ੑѱઆ

    View Slide

  198. ͓ӄ༷Ͱγϯδ͸
    ୭΋৴༻͠ͳ͘ͳΓ·ͨ͠
    ʢԿ

    View Slide

  199. ͱ͍͏ͷ͸

    View Slide

  200. ެ։͍ͯ͠Δ
    WebαΠτͳͲ΁ͷ
    ߈ܸ͔Β৘ใ࿙Ӯ
    ͱ͔΋͋Γ·͕͢

    View Slide

  201. ͦΕΑΓ΋

    View Slide

  202. USBϝϞϦૠͯ͠
    σʔλ΋ͬͯͬͪΌ͏ͱ͔

    View Slide

  203. ࣗ෼ͷεϚϗܨ͍Ͱ
    σʔλ΋ͬͯͬͪΌ͏ͱ͔

    View Slide

  204. Ոͷύιίϯͱ
    Ϋϥ΢υαʔϏεʹܨ͍Ͱ
    σʔλ΋ͬͯͬͪΌ͏ͱ͔

    View Slide

  205. தʹ͸ѱҙΛ΋ͬͯ΍Δਓ΋
    ͍ΔͷͰ͕͢

    View Slide

  206. ͍͍ͩͨ͸
    ʮͦΜͳͭ΋Γ͸ແ͔ͬͨʯ

    View Slide

  207. ʮࡴͭ͢΋Γ͸ແ͔ͬͨʯ

    View Slide

  208. 1ճͷॏେΠϯγσϯτͰ

    View Slide

  209. ձࣾ͸ඈͼ·͢
    ʢ࣮ࡍʹඈ͹ͳͯ͘΋
    ͦΕ͘Β͍ͷ֮ޛ͸ඞཁʣ

    View Slide

  210. ͳͷͰɺੑળઆ͸ηΩϡϦςΟ
    ͱ͍͏؍఺Ͱ͸੒Γཱͨͳ͍
    ͱࢥ͍·ͨ͠

    View Slide

  211. ͱ͋Δ
    େखήʔϜاۀ͞Μͱͷ
    ҿΈձͰ

    View Slide

  212. ʮISMSࣙΊΑ͏ͱ
    ࢥͬͯΔΜͰ͢ΑͶʯ

    View Slide

  213. ͍͍ͱࢥ͏ɻ

    View Slide

  214. ISMSΑΓ΋ང͔ʹ
    ࠓ࣌ͳݱ࣮తͳ
    ΑΓ࣮ફతͳ
    ηΩϡϦςΟӡ༻͕
    PDCAͰճͬͯΔΜͰ͢΋ͷ

    View Slide

  215. ͜ͷล͸ɺͱ͋Δࠃࡍج४ͷ
    ؂ࠪһͱ࿩ͯͯ͠΋
    ಉ͡Α͏ͳ࿩୊ʹͳΓ

    View Slide

  216. ʮن͕֨࣌୅ʹ௥͍͍͍ͭͯ
    ͳ͍ͷͰɺࡉ͔͍͜ͱ͸ྟػ
    ԠมʹਐΊ͍ͨͰ͢ʯ

    View Slide

  217. ;Ήʔͦ͏Ͱ͔͢ʔ

    View Slide

  218. ͡Ό͋ࠓ࣌ͷن֨ͬͯ
    Ͳ͏ͳͷʁͱࢥͬͯ

    View Slide

  219. ISO27017
    ͬͯΏʔࠓ࣌ͬΆ͍ͷ͕
    ͋ΔΜͰ͕͢

    View Slide

  220. ΋ͪΖΜ৽͍͠෺޷͖ͳ
    γϯδͱͯ͠͸ɺ
    ͜Ε΋ߦ͘༧ఆͰ͸
    ͋Δ΋ͷͷ

    View Slide

  221. ͱ͋Δେख
    ๭؂ࠪһͷ
    ൃݴ

    View Slide

  222. ʮޚࣾͷ৔߹͸ҙຯͳ͍Ͱ͢Αʯ

    View Slide

  223. ·͔͡

    View Slide

  224. ηΩϡϦςΟʹ
    ׬ᘳͬͯ
    ઈରʹ
    ͳ͍͡Όͳ͍Ͱ͔͢

    View Slide

  225. ͔ͩΒԿࣄʹ΋
    ج४͕ඞཁͩͱࢥ͏ΜͰ͢

    View Slide

  226. ૊৫ʹԿͷج४΋ͳ͍ͱ͔ɺ
    औҾઌͷؔ܎Ͱ࢓ํແ͘ͱ͔
    ͦʔΏʔͱ͖
    ೝূܥ͸ศརͩͱࢥ͍·͕͢

    View Slide

  227. ͡Ό͋ϓϥΠόγʔϚʔΫ
    ࣋ͬͯΔ͔Βͬͯ
    ઈରʹݸਓ৘ใ
    ࿙Εͳ͍͔ͬͯ
    ͦ͏͡Όͳ͍͠

    View Slide

  228. IPS/IDS/WAF
    ࢖ͬͯΔ͔Βͬͯ
    ઈର҆શͱ͸ݴ͑ͳ͍͠

    View Slide

  229. PCIDSS Ϩϕϧ1·Ͱ΍ͬͯ
    ӡ༻ճͯ͠Δ͔Βͬͯ
    ઈରʹΫϨδοτΧʔυ৘ใ
    ͕࿙Εͳ͍ͬͯ༁͡Όͳ͍͠

    View Slide

  230. ηΩϡϦςΟʹઈରͬͯ
    ͳ͍ͱࢥ͏ΜͰ͢

    View Slide

  231. ࣌୅͸ͲΜͲΜมΘΔ͠
    ηΩϡϦςΟͷ͋Γ͔ͨ΋
    ໨·͙Δ͘͠มΘΓ·͢ΑͶ

    View Slide

  232. ͔ͩΒେࣄͳͷ͸ࣗࣾج४
    Λ
    ެ։ग़དྷΔ͘Β͍ʹ
    ಁ໌ੑΛߴΊΔ͜ͱ
    ͩͱࢥ͏ΜͰ͢

    View Slide

  233. Ϋϥ΢υΫϥ΢υݴ͍ͬͯΔ
    ͜ͷ࣌୅ʹٻΊΒΕΔ
    ηΩϡϦςΟͱ͸
    ಁ໌ੑͷࣄͩͱࢥ͍·͢

    View Slide

  234. ͜ͷลΓ͸ւ֎ͷํ͕
    ਐΜͰΔͳ͊ͱ͍͏
    ҹ৅͕͋ͬͯ

    View Slide

  235. ͱ͍͏͔ITશൠ͕
    ೔ຊ஗Εؾຯͬͯ
    ײ͡΋൱Ί·ͤΜ͕
    ʢશͯͰ͸ͳ͍Ͱ͕͢ʣ

    View Slide

  236. ͱ͋ΔIDaaSͰ
    ৘ใ࿙Ӯࣄ͕݅͋Γ·ͨ͠

    View Slide

  237. LastPass
    ͝ଘ͡Ͱ͔͢ʁ

    View Slide

  238. Ϋϥ΢υ্ʹࣗ෼ͷϩάΠϯ
    ύεϫʔυΛอ؅͢Δͱ͍͏
    ͚ͩ͜͜ฉ͘ͱ
    ڪΖ͍͠αʔϏεͰ͕͢ɺ
    ࣮ࡍ࢖͏ͱ௒ศར

    View Slide

  239. Ϛελʔύεϫʔυ
    ͱ͍͏ͷΛઃఆͯ͠ɺ
    ͦΕ͚͓͚֮ͩ͑ͯ͹ɺ
    ଞͷαʔϏεͷύεϫʔυ͸
    ֮͑ͳͯ͘΋͍͍Α͍ͬͯ͏
    αʔϏεͳͷͰ͕͢ɺ

    View Slide

  240. ֎෦͔Βͷ߈ܸͰ
    ͜ͷϚελʔύεϫʔυ͕
    ྲྀग़͢Δͱ͍͏
    க໋తͳࣄނ͕ى͖·ͨ͠

    View Slide

  241. ݁Ռతʹ͸ͦͷύεϫʔυ͸
    ҉߸Խ͞Εͨঢ়ଶͩͬͨͷͰɺ
    ߈ܸऀ͕෮߸Խͯ͠ར༻͢Δ
    ͜ͱ͸ग़དྷͳ͍ͱ͍͏݁࿦Ͱ
    ऴΘͬͨͷͰ͕͢

    View Slide

  242. ར༻ऀ͔Βͨ͠Βؔ܎ແ͘
    Ѩඓڣש
    ൷൑ͷཛྷ

    View Slide

  243. ͦͷதͰ΋ɺ
    ͳΔ΄Ͳͱࢥͬͨίϝϯτ͕
    ͋Γ·ͯ͠ɺ

    View Slide

  244. ෆຬ͕͋ΔͳΒ͹ɼαʔϏεͷར༻
    ΛࢭΊͨํ͕Α͍Ͱ͠ΐ͏ … ࢲͨ
    ͪͷΠϯλʔωοτ͸ɼࠃՈϨϕϧ
    ͷࢧԉΛड͚ͨ߈ܸʹࡽ͞Ε͍ͯ·
    ͢ɻ͢΂ͯͷߦಈɼσδλϧσόΠ
    ε಺ͷ͢΂ͯͷΤϯτϦɼ઀ଓ͢Δ
    Πϯλʔωοτͷ͢΂ͯ͸੬ऑͰ͢ɻ
    ͦͷதͰՄೳͳ࠷ળͷࡦ͕ɼࠓճى
    ͬͨ͜͜ͱͳͷͰ͢ …

    View Slide

  245. ΫϨʔϚʔͨͪͷ΍͍ͬͯΔ
    ͜ͱ͸ɼྑ৺తͳاۀʹର͠
    ͯɼ໰୊ͷൃදΛࢭΊͤ͞Δ
    ͜ͱʹͳΓ·͢ɻ୭ʹ΋ϝϦο
    τ͸͋Γ·ͤΜɻ

    View Slide

  246. Կ͕ى͖͔ͨΛൃද͢Δ͜ͱ
    ʹΑͬͯɼଞͷاۀ͸ɼपล
    ๷ޚͰͦΕʹԠ͑Δ͜ͱ͕Ͱ
    ͖ΔΑ͏ʹͳΓ·͢ …

    View Slide

  247. Πϯλʔωοτʹ઀ଓ͢Ε͹ɼ
    ୭΋߈ܸ͔Β҆શͰ͸͋Γ·
    ͤΜɻใࠂͷಁ໌ੑʹΑͬͯ
    ͷΈɼద੾ͳηΩϡϦςΟ͸
    ୡ੒Ͱ͖ΔͷͰ͢ɻ

    View Slide

  248. ͔ͩΒͦ͜
    cloudpack͸
    ύεϫʔυΛೖྗ͢Δͱ͍͏
    ߦҝͦͷ΋ͷΛ
    γεςϜͰΧόʔ͢Δ͜ͱͰ
    ࣙΊͨͷͰ͕͢

    View Slide

  249. ͩͱͯ͠΋ಁ໌ੑ͸ॏཁͩ

    View Slide

  250. ͱ͍͏Θ͚Ͱ
    ͜Μͳͷ࡞Γ·ͨ͠

    View Slide


  251. View Slide

  252. ηΩϡϦςΟϗϫΠτϖʔύʔ
    ΛಡΜͰΈΔ

    View Slide

  253. ηΩϡϦςΟʹର͢Δಁ໌ੑ
    Λ֬อ͢ΔͨΊʹɺ
    SOC 2؂ࠪͰهड़͞Εͨ
    ಺༰Λ؆ૉԽͯ͠ɺ
    ؂ࠪһͷίϝϯτΛ
    ল͍ͨ΋ͷ͕
    ϕʔεͱͳ͍ͬͯ·͢ɻ

    View Slide

  254. ࣾ಺Ͱ࡞ͬͨಡΈ෺Ͱ͸
    ͋Δ΋ͷͷɺ؂ࠪ๏ਓ΍
    ֤ηΩϡϦςΟ؂ࠪһɺ
    AWSJapan΍
    τϨϯυϚΠΫϩͳͲͷ
    اۀʹΑΔઐ໳తͳ
    ϨϏϡʔ΋ߦΘΕ͍ͯ·͢

    View Slide

  255. ͦͷํ͕৴ጪੑ΋
    ߴ·Γ·͢͠

    View Slide

  256. ·ͣ࢝Ίʹ
    ʮ੹೚ڞ༗Ϟσϧʯ
    ʹ͍ͭͯղઆ͍ͯ͠·͢

    View Slide


  257. View Slide

  258. ͓٬༷͕ࣗ͝਎Ͱ࡞੒͞Εͨ
    ϓϩάϥϜ΍σʔλͷηΩϡ
    ϦςΟ͸ɺࣗ͝਎Ͱอޢͯ͠
    ͍ͩͨ͘ඞཁ͕͋Γ·͢

    View Slide

  259. ͪΐͬͱಥ͖์͍ͯ͠Δײ΋
    ͋Γ·͕͢ɺͦ͏Ͱ͸ͳͯ͘

    View Slide

  260. ͜Ε·ͰΦϯϓϨϛε؀ڥͰ
    ͸શͯʹ͍ͭͯηΩϡϦςΟ
    Λ֬อ͢Δඞཁ͕͋ͬͨ͜ͱ
    ͱൺֱ͢Δͱɺ͓٬༷͕ηΩϡ
    ϦςΟΛ֬อͯ͠௖͘ൣғ͕
    ݶఆ͞Ε͍ͯ·͢ΑͶɺ
    ͱ͍͏͜ͱͰ͢

    View Slide

  261. ͦͷޙɺ
    ࣄۀ֓ཁͷઆ໌͕͋Γʔͷ

    View Slide

  262. ֤ೝূͷ࿩͕͋Γʔͷ

    View Slide

  263. BCPରࡦͷ࿩͕͋Γʔͷ

    View Slide

  264. cloudpack CSIRT
    ͷ࿩΋͍ͯ͠·͢

    View Slide

  265. CSIRTͱ͸ɺ੬ऑੑ৘ใΛ
    ऩूͯ͠ɺͦͷӨڹͷ༗ແͱ
    ۓٸ౓ʹ͍ͭͯ൑அͯ͠ɺ
    ରԠΛߦ͏νʔϜͷࣄͰ͢

    View Slide

  266. ޙ΄Ͳࡉ͔͘આ໌͠·͢

    View Slide

  267. ͰɺηΩϡϦςΟ૊৫ͷઆ໌
    ͕͋Γʔͷ

    View Slide

  268. ڭҭମ੍ͷઆ໌͕͋Γʔͷ

    View Slide

  269. ਖ਼ࣾһʹΑΔӡ༻ۀ຿ͷ਱ߦ
    ಺෦͔Βͷ߈ܸϦεΫΛ࠷খ
    ݶʹ཈͑ΔҰ؀ͱͯ͠ɺ
    cloudpackӡ༻ۀ຿ʹؔΘΔ
    ελοϑʹ͍ͭͯ͸ɺਖ਼ࣾһ
    ޏ༻ܖ໿Λߦ͍ͬͯΔͱ
    ॻ͍ͯ͋Γ·͢

    View Slide

  270. ଓ͍ͯ
    ϑΝγϦςΟͷ࿩Ͱ͢
    ݐ෺ɾ෦԰ͷηΩϡϦςΟ

    View Slide

  271. ΧʔυΩʔೝূͱ͔
    ؂ࢹΧϝϥͱ͔
    ిݯ͕ແఀిͱ͔
    ϩά͸ແظݶอଘͱ͔
    ͦΜͳ࿩Ͱ͢

    View Slide

  272. ࣍͸ωοτϫʔΫ෦෼

    View Slide


  273. View Slide

  274. ೝূγεςϜ΍
    ύεϫʔυϙϦγʔ
    ೝূ৘ใͷҰݩ؅ཧ
    ʹ͍ͭͯઆ໌

    View Slide

  275. ӡ༻ۀ຿୺຤ͷηΩϡϦςΟ
    Ξϯν΢ΠϧεೖΕΔͱ͔
    ϩάऔΔͱ͔
    USBϝϞϦ͸࢖͑·ͤΜͱ͔
    ͋Γ͕͚ͪͩͲɺͪΌΜͱॻ
    ͍ͯެ։͢Δ

    View Slide

  276. ࣍͸VPN୺຤
    ϦϞʔτͰܨ͍Ͱ͘Δਓ΋͍Δ͚Ͳɺ
    Ͳ͏΍ͬͯηΩϡϦςΟΛ
    ୲อ͍ͯ͠Δ͔͍ͬͯ͏
    ࿩Λॻ͍͍ͯ·͢
    ূ໌ॻೝূͱ͔ɺঝೝ੍ͱ͔ɺ
    ୺຤ͷ҉߸Խͱ͔

    View Slide

  277. ଞʹ΋ɺۀ຿ωοτϫʔΫ
    ͦͷ΋ͷͷ੬ऑੑݕࠪͱ͔
    ϖωτϨςετͱ͔΋
    ΍ͬͯΔ࿩Λॻ͍͍ͯ·͢

    View Slide

  278. AWSͷӡ༻อकΛ͍ͯ͠Δ
    cloudpackʹͱͬͯ
    ؊৺ͳͷ͸
    ͔͜͜ΒઌͰ͢

    View Slide

  279. cloudpack͔ΒAWS΁ͷ
    ΞΫηεʹؔ͢ΔηΩϡϦςΟ

    View Slide

  280. ސ٬Linux΍Windows΁ͷ
    ΞΫηε͸Ͳ͏ͯ͠Δ͔

    View Slide


  281. View Slide

  282. શͯͷຊ൪؀ڥʹ͸
    ౿Έ୆ܦ༝Ͱͳ͍ͱ
    ΞΫηεͰ͖ͳ͍
    ౿Έ୆΁͸ADೝূ͕ඞཁ
    શͯͷૢ࡞͕ಈըͰ
    ه࿥͞ΕΔ
    ʢOCRͯ͠ςΩετԽ΋ͯ͠Δʣ

    View Slide

  283. ͳͷͰɺADͰແޮԽͨ͠
    Ϣʔβʔ͸
    ސ٬؀ڥʹ͸
    ΞΫηεͰ͖ͳ͍

    View Slide

  284. AWSϚωδϝϯτίϯιʔϧ
    ͸Ͳ͏͔

    View Slide


  285. View Slide

  286. ී௨͸ϒϥ΢βΛ։͍ͯ
    ΞΧ΢ϯτ໊ͱ
    ύεϫʔυΛೖྗ͠·͕͢

    View Slide

  287. ΞΧ΢ϯτ໊΋
    ύεϫʔυ΋͋Γ·ͤΜͷͰ

    View Slide

  288. ࣾ಺ઐ༻WebαʔϏε
    ͔ΒͰͳ͍ͱ
    ϩάΠϯͰ͖·ͤΜ
    ౰વɺ
    ΞΫηεϩά͕࢒Γ·͢

    View Slide

  289. ࣮ࡍʹͲ͏΍ͬͯ
    ϩάΠϯ͢Δ͔
    ಈըͰ͓໨ʹ͔͚·͢
    ʢॳͷࢼΈͳͷͰ
    Ұ࣌ఀࢭͱ͔Θ͔Γ·ͤΜ
    ͝ΊΜͳ͍͞ʣ

    View Slide


  290. https://www.youtube.com/watch?v=BUEvNrrrqnU
    ౰೔͸σϞ͠·͕ͨ͠
    ҎԼͷURL͔ΒͲ͏ͧ

    View Slide

  291. ϩάͷ࿩
    AWSͷૢ࡞ϩά͸
    શͯऔಘ͍ͯ͠·͢
    ʢCloudTrailϩάʣ

    View Slide

  292. ͋·Γʹ΋๲େͳͷͰ
    Splunk΍Logstorage
    ͱ͍ͬͨαʔυύʔςΟ੡ͷ
    πʔϧͰՄࢹԽ͍ͯ͠·͢

    View Slide

  293. ͦͯ͠CSIRTͷ͓࿩

    View Slide

  294. ੹೚ڞ༗Ϟσϧͷ࿩͕
    ͋Γ·ͨ͠

    View Slide

  295. ͓٬༷ͷ੹೚ൣғ෦෼Ͱ
    ੬ऑੑ͕
    ෼͔͍ͬͯͨͱͯ͠
    ͦؔ͜܎ͳ͍͔Β
    ஌Βͳ͍ͽΐʔΜ
    ͳΜͯ͜ͱ͸͋Γ·ͤΜʂ

    View Slide


  296. View Slide

  297. ͋ͱ͸αʔϏε঺հͳͲͳͲ
    ͋Γ·ͯ͠

    View Slide

  298. શ48ϖʔδ

    View Slide

  299. ݁ߏαΫαΫಡΊ·͢ͷͰ
    ͳʹ͔ͷࢀߟʹ
    ͳͬͨΓͨ͠Β
    خ͍͠Ͱ͢…

    View Slide

  300. 2015೥ͷ6݄ࠒʹॻ͍ͨͷͰ
    ͦΖͦΖ͍Ζ͍Ζ௚ͦ͏ͱ
    ࢛ۤീ͓ۤͯ͠Γ·͕͢

    View Slide

  301. ԿʹͤΑಁ໌ੑ͕େࣄ
    ͱ͍͏͜ͱͰ

    View Slide

  302. cloudpackͰ͸
    ϗϫΠτϖʔύʔࡇΓ
    ͕։࠵தͰ͢

    View Slide

  303. ηΩϡϦςΟͷΈͳΒͣ
    MSP΍֤छαʔϏεͷ
    ϗϫΠτϖʔύʔΛॻ͍ͯɺ
    ͱʹ͔͘ެ։͍ͯ͘͠ͱ͍͏
    ํ਑Ͱ͢

    View Slide

  304. ΋͠ࣄނͬͯ΋
    ٽ͔ͳ͍
    ϏϏΒͳ͍
    Ӆ͞ͳ͍ʂʂ

    View Slide

  305. ͱ͸͍͑

    View Slide

  306. ެ։͢Δ͜ͱͰඇ೉ΛཋͼΔ
    ͜ͱ΋͋Δ͔΋͠Ε·ͤΜ

    View Slide

  307. ͦͷఔ౓ͷରࡦͰ
    େৎ෉ͩͱࢥͬͯΜͷʁ
    ͬͯͳ۩߹Ͱ…
    ؤுͬͨͷʹ͔ͳͽ͍…

    View Slide

  308. ͍΍͍΍ɺͦ͏͡Όͳͯ͘

    View Slide

  309. ׬ᘳͳηΩϡϦςΟͳΜͯ
    ͋Γ·ͤΜ͔Β

    View Slide

  310. ੵΈॏͶੵΈॏͶ

    View Slide

  311. 1ͭͷେ͖ͳରࡦͰ
    େৎ෉ʂ͍ͬͯ͏ͷ͸
    ΋͸΍ͦΕࣗ਎͕
    ϘτϧωοΫʹͳΔࣄ͕͋ͬͯ
    ӡ༻͕ਏ͍ΜͰ͢ΑͶ

    View Slide

  312. ബ͍૚ΛԿຕ΋Կຕ΋ॏͶͯ
    ੵΈॏͶ͍ͯ͘
    ΦχΦϯϨΠϠʔηΩϡϦςΟ
    ۄͶ͗๷ޚ

    View Slide

  313. ֎ଆ͚ͩ͡Όແͯ͘
    ಺ଆ͔Βͷ߈ܸ΍ࣄނ΋
    ͔ͬ͠ΓରॲɾରԠग़དྷΔΑ
    ͏ʹ͍ͨ͠Ͱ͢Ͷ
    ΦχΦϯϨΠϠʔํࣜͳΒ
    ࣮૷͠΍͍͢ͱࢥ͍·͢Α

    View Slide

  314. AWSʹݶͬͨ࿩Λগ͠

    View Slide

  315. Ϋϥ΢υαʔϏεͬͯɺ
    ͍ΖΜͳηΩϡϦςΟରࡦΛ
    ֤͕࣮ࣾࢪ͍ͯ͠ΔͷͰ͕͢

    View Slide

  316. ྫ͑͹AWS͸Ͳ͏͔

    View Slide


  317. View Slide

  318. ͳΜ͔͍ͬͺ͍͋ͬͨ

    View Slide

  319. • PCI DSS Ϩϕϧ 1
    • SOC 1/ ISAE 3402
    • SOC 2
    • SOC 3
    • FIPS 140-2
    • CSA
    • FedRAMP (SM)
    • DIACAP ͓Αͼ FISMA
    • ISO 27001
    • MPAA
    • ୈ 508 ৚/VPAT
    • ITAR

    • HIPAA
    • DoD CSM Ϩϕϧ 1-2ɺ3-5
    • ISO 9001
    • CJIS
    • FERPA
    • G-Cloud
    • IT-Grundschutz
    • IRAPʢΦʔετϥϦΞʣ
    • MTCS Tier 3 Certification

    View Slide

  320. ͳΔ΄ͲΘ͔ΒΜ

    View Slide

  321. ͖ͬ͞΋ݴ͍·ͨ͠
    ؂ࠪΛ໨తͱͯ͠͸͍͚ͳ͍

    View Slide

  322. ࣮ࡍʹͲΜͳ
    ηΩϡϦςΟରࡦ͕
    औΕΔͷ͔ɺ
    ͪΌΜͱධՁͯ͠ΈΔ͜ͱ͕
    େࣄ

    View Slide

  323. ྫ͑͹AWSʹ͸
    rootΞΧ΢ϯτ
    ͱ
    IAMΞΧ΢ϯτ
    ͱ͍͏ΞΧ΢ϯτ͕͋Γ·͢
    ࡉ͔͘ݴ͑͹APIΩʔͱ͔͋Γ·͕͢

    View Slide

  324. LinuxͰ
    Α͘ݴΘΕ·ͤΜ͔ʁ

    View Slide

  325. root͸࢖ͬͪΌμϝͽΐΜ

    View Slide

  326. AWSͰ΋ͦͷ௨Γ

    View Slide

  327. جຊతʹ͸
    IAM

    Identity and Access
    Management
    Λ࢖͍·͠ΐ͏
    ͱ͍ͯ͠·͢

    View Slide

  328. ൃߦͨ͠ΞΧ΢ϯτʹରͯ͠
    ͲΜͳݖݶΛ౉͔͢
    ΊͪΌͪ͘Όࡉ͔͘
    ઃఆͰ͖Δ
    ͠ɺ

    View Slide

  329. ʮݸʯΛಛఆͰ͖ΔͷͰ
    ϩάʹՁ஋͕ग़Δ

    View Slide

  330. ࣄނͬͨͱ͖ʹ
    ΞΧ΢ϯτ΋ఀࢭ͠΍͍͢

    View Slide

  331. ଞͷΫϥ΢υαʔϏε͸
    Ͳ͏ͩΖ͏͔

    View Slide

  332. ଟཁૉೝূ͸
    ؆୯ʹઃఆग़དྷ·͔͢ʁ

    View Slide

  333. ඞཁͳਓʹ
    ඞཁͳ͚ͩͷݖݶΛ
    ౉͢͜ͱ͕ग़དྷ·͔͢ʁ

    View Slide

  334. ΋ͷʹΑͬͯ͸
    ࣾ֎͔ΒͷΞΫηεΛ
    ېࢭ͢Δ͜ͱ΋
    ग़དྷΔͱ͍͍͔΋Ͱ͢ΑͶ

    View Slide

  335. ͦ͏ʂ
    ͔ͩΒͦ͜େࣄͳͷ͸

    View Slide

  336. ص্ධՁ
    ʢྑͦ͞͏ͩͬͨΒ
    ࣮ࡍ࢖ͬͯΈΔʣ

    View Slide

  337. ࣗࣾʹΨΠυϥΠϯ͕
    ແ͚Ε͹ɺ
    ઌఔͷΨΠυϥΠϯΛࢀߟʹ
    ࡞Γ·͠ΐ͏

    View Slide

  338. ͜ͷ࿩͸
    ͩͪ͘͢Μϒϩάʹ΋
    ॻ͖·͕ͨ͠

    View Slide

  339. ௒ϕϯνϟʔͰ
    3ਓ͘Β͍͔͍͠ͳ͔ͬͨ
    ্ཱͪ͛ؒ΋ͳ͍ձࣾʹ
    ͖ͬ͞ͷධՁγʔτͷ಺༰Λ
    ؙ͝ͱฉ͍ͨ͜ͱ͕͋Γ·͢

    View Slide

  340. Կ͕͍ͬͯ͢͝

    View Slide

  341. ଈ೔Ͱશ෦ճ౴௖͖·ͨ͠

    View Slide

  342. ༧૝௨Γ্ཱͪ͛ؒ΋ͳ͍
    Ϋϥ΢υαʔϏε͕ͩͬͨ
    ނʹ
    ڧݻͳηΩϡϦςΟ
    ͱ͸ݴ͑ͳ͍΋ͷͷ

    View Slide

  343. ͖ͪΜͱճ౴͍͚ͯͨͩͨ͠ɺ
    ͔͠΋ެ։ͯ͠΋ྑ͍ͱ
    ݴͬͯ௖͚ͨͷʹ͸
    ײಈ͠·ͨ͠

    View Slide

  344. ͲΜͳαʔϏεΛ
    ར༻͢Δʹ΋
    ϦεΫ͕͋Δͷ͸
    ౰ͨΓલͰ͢

    View Slide

  345. ࣗࣾͷαʔϏεͩͬͨΒ
    100%҆શ͔ͬͯ
    ͦ͏Ͱ͸ͳ͍Ͱ͢ΑͶ

    View Slide

  346. Ϋϥ΢υʹͳΔͱ
    ͲΜͲΜ෼͔Βͳ͘ͳΔ
    ͱ͍͏ؾ͕ͯ͠͠·͏
    ͔ͩΒ͖ͪΜͱධՁͯ͠
    ಁ໌ੑΛ֬อ͢Δ

    View Slide

  347. ߋʹ৘ใΛࣾ಺Ͱڞ༗ͯ͠
    ԿʹؾΛ͚ͭΕ͹ྑ͍͔Λ
    ߟ͑ͯ࢖͏

    View Slide

  348. Ϋϥ΢υ࣌୅ͷྲྀΕͷ଎͞ʹ
    ηΩϡϦςΟ͸
    ௥͍ͭ͘Μ͡Όແͯ͘
    Ҿͬு͍͔ͬͯͳ͖Ό
    ͍͚ͳ͍
    ͱࢥ͏ΜͰ͢

    View Slide

  349. LastPassͷ݅Ͱ΋
    ࿩͠·͕ͨ͠

    View Slide

  350. ࣄۀऀؒͰ΋৘ใΛ
    ڞ༗Ͱ͖ΔΑ͏ʹͳͬͯ
    ΑΓྑ͍αʔϏεΛ
    Έͳ͞ΜͱҰॹʹ࡞Γ্͛ͯ
    ͍͘͜ͱ͕ग़དྷͨΒ
    ಁ໌ੑͷߴ͍
    ૉ੖Β͍͠ະདྷ͕͋Δͳͱ
    ࢥ͍·ͨ͠

    View Slide

  351. ׬
    ͳͷͰ͕͢

    View Slide

  352. એ఻

    View Slide


  353. T - :441 6 6 S
    t i cf W n AC 3 1 1 2 rC vy
    t t n l n D E n C r Sf po
    Sf r S i ei CA C
    a C E ei 1 1
    s Sf r CA
    W a A c
    0 . .4. 6 /64 2 :441 6 6

    View Slide




  354. GET!
    Twitter

    View Slide


  355. @awscloud_jp
    @jawsdays
    !0
    +(
    #jawsdays
    #jawsphoto

    *1
    %",.2$! 3!


    ,
    84-&!
    17:009 )6 #3/5
    9:00916:30 Tweet'7
    Workshop

    View Slide


  356. AWSެࣜFacebookΛϑΥϩʔͯ͠
    AWS

    (&5
    ެࣜFacebookͷ
    ʰ͍͍Ͷʂʱ਺͕ ૿͑Ε
    ͹૿͑Δ΄Ͳɺ Ϗʔۄ
    ͕ͳ͘ͳΓɺ࠷ޙʹ
    Ԡื༻Ϋʔϙϯ൪߸͕
    ݱΕ·͢ʂ

    View Slide


  357. "84'BDFCPPL ϖʔδʹ
    ͍͍Ͷʂ͠Α͏ʂ
    ΞϚκϯ ΢Σϒ αʔϏε
    17࣌ʙͷ࠙਌ձʹͯɺԠื༻URLΛެ։͠·͢
    http://bit.ly/AWS-JP-FB

    View Slide

  358. ͞Βʹ

    View Slide


  359. ग़ுʰދ͸ͪձʱin HOOTERS ৽॓ʂ
    ʢࢀՃඅແྉɾҿΈ์୊ʣ
    ͜ͷ͋ͱ19:00 - 21:00

    View Slide


  360. ͜Μͳ͓ళͰձࣾઆ໌ձΛ͢Δͱ͍͏νϟϨϯδਫ਼ਆ

    View Slide


  361. /P ಺༰ ୲౰
    -BNCEB ൺاɺଜओ
    %FW0QT ݹ౉ʢൺاɺଜओʣ
    ৘γεɾηΩϡϦςΟ γϯδ

    43&ʢ4JUF3FMJBCJMJUZ
    &OHJOFFSJOHʣ
    ۨᖒ
    ୤ൡ ޙ౻ɺ૿ా
    ΤϯυϢʔβʔ੮ /55υίϞळӬ༷ɾകᖒ༷

    View Slide

  362. ࢀՃ৚݅

    View Slide

  363. cloudpackʹͪΐͬͱͰ΋
    ڵຯ͕͋Ε͹ࢀՃOK
    Ͱ΋ۭ͖੮͕࢒ΓΘ͔ͣ

    View Slide

  364. ࢀՃ͍ͨ͠ਓ͸
    ͜ͷ͋ͱ
    γϯδͷͱ͜Ζʹ
    ͍Βͬ͠Ό͍·ͤʂ

    View Slide

  365. ׬

    View Slide