Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
re:Inforce 2021 ReCap
Search
fnifni
August 29, 2021
Technology
0
190
re:Inforce 2021 ReCap
Security-JAWS#22のシークレットセッションで発表した、日本一早いre:Inforce 2021 のReCapです
#secjaws #secjaws22
fnifni
August 29, 2021
Tweet
Share
More Decks by fnifni
See All by fnifni
生成AIのガバナンスの全体像と現実解
fnifni
2
370
生成AIのガバナンスとこれから
fnifni
0
160
AWS re:Inforce 2024 に コミュニティから登壇してきた話
fnifni
0
45
COM224: How organizations are actually applying AWS security best practices
fnifni
0
60
BsidesTokyo2024_AWSセキュリティの ベストプラクティスに関する 利用実態調査のレポートの紹介
fnifni
0
59
re:Inforce2024-recap_英語力ゴミカスでもフル英語登壇を乗り切る成功メソッド
fnifni
0
120
信頼ルールはGoogle Drive共有の孫の手になるか?
fnifni
0
320
ゼロトラスト導入支援ってどんなことやってるの?
fnifni
0
72
ログの話
fnifni
0
61
Other Decks in Technology
See All in Technology
エラーとアクセシビリティ
schktjm
1
1.2k
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
460
人工衛星のファームウェアをRustで書く理由
koba789
14
7.7k
テストを軸にした生き残り術
kworkdev
PRO
0
200
AWSで始める実践Dagster入門
kitagawaz
1
610
EncryptedSharedPreferences が deprecated になっちゃった!どうしよう! / Oh no! EncryptedSharedPreferences has been deprecated! What should I do?
yanzm
0
240
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
moritamasami
0
220
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
140
KotlinConf 2025_イベントレポート
sony
1
130
20250903_1つのAWSアカウントに複数システムがある環境におけるアクセス制御をABACで実現.pdf
yhana
3
550
La gouvernance territoriale des données grâce à la plateforme Terreze
bluehats
0
160
データアナリストからアナリティクスエンジニアになった話
hiyokko_data
2
440
Featured
See All Featured
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
15k
Site-Speed That Sticks
csswizardry
10
810
Visualization
eitanlees
148
16k
The Pragmatic Product Professional
lauravandoore
36
6.9k
Designing Experiences People Love
moore
142
24k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3.1k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Product Roadmaps are Hard
iamctodd
PRO
54
11k
How GitHub (no longer) Works
holman
315
140k
Transcript
re:Inforce 2021 ReCap Japan’s earliest re:Inforce challenge to ReCap By
Hirokazu Yoshida / At S-JAWS#21 / 2021.8.27
re:Inforce 2021 ReCap ຊҰૣ͍re:InforceͷReCapͷઓ ٢ాͻΖ͔ͣ / S-JAWS#21 / 2021.8.27
Who am I !? Hirokazu Yoshida @ CloudNative Inc. Job
: Security Engineer Community : Security-JAWS Favorite AWS Service :
Attention !! • ຊηογϣϯɺݸਓͷݟղʹجͮ͘ͷͰ͢ • ॴଐ͢ΔاۀɺஂମͷҙݟΛද͢ΔͷͰ͋Γ·ͤΜ • and more …
re:Inforceͬͯ ͳΜ͡ΌΒ΄͍ʁ
About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ2019ʹϘετϯͰ։࠵ʢຊਓͷࢀՃऀ61໊ʣ • 2020
(ώϡʔετϯ) ɺίϩφͷӨڹͰதࢭ • ࠓதࢭͷةػΛΓӽ͑ɺஃͰόʔνϟϧॖ։࠵
΄ʔΜ re:Inforceͬͯ re:InventͷηΩϡϦςΟ൛ ͳΜͰ͠ΐʁ
ηΩϡϦςΟ৽ػೳͷൃදϥογϡ ͨͷ͠Έͳ͊ʂ
ͱࢥ͍ͬͯͨ࣌ظ ͋Γ·ͨ͠
About re:Inforce • AWS͕ओ࠵͢ΔηΩϡϦςΟɺΞΠσϯςΟςΟɺ ίϯϓϥΠΞϯεʹಛԽͨ͠ϥʔχϯάΧϯϑΝϨϯε • ॳճ2019ʹϘετϯͰ։࠵ʢຊਓͷࢀՃऀ61໊ʣ • 2020ɺίϩφͷӨڹͰதࢭ
• ࠓதࢭͷةػΛΓӽ͑ɺஃͰόʔνϟϧॖ։࠵
৽ػೳগͳ͍ʂͬͯ ͦͦओࢫ͕ҧ͏
ͦΕͰ͋ͬͨ ৽ػೳͷൃදΛհ͠·͢
Functions introduced as new features • AWS Backup Audit Manager
• AWS Backup͕ಈ࡞͍ͯ͠ΔʮใʯΛݟΔ͜ͱ͕Ͱ͖Δ
Functions introduced as new features • AWS IoT CoreͷVPC Endpoint
(Private Link) ରԠ • IoT Coreͷ௨৴ΛެڞͷΠϯλʔωοτʹग़ͣ͞ʹऩू͢Δ
Functions introduced as new features • Level 1 MSSPϓϩάϥϜͷ։࢝ •
جຊతͳ࣭ج४Λຬͨͨ͠ύʔτφʔ͕ొ͞Ε͍ͯΔ • 10छྨͷͰӡ༻ؚΊͨظతʹ৴པͰ͖ΔηΩϡϦ ςΟΛखʹೖΕΔ͜ͱ͕Ͱ͖Δ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔཤྺͷରԠ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔͷݕূ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ϙϦγʔͷϓϨϏϡʔ
Functions introduced as new features • IAM Access Analyzer (20214݄)
• ΘΕͯͳ͍ΞΫγϣϯ ͷݕग़
Functions introduced as new features? • Wickrͷങऩ (20216݄)
֤ηογϣϯ͔Β֞ؒݟΔ ϝοηʔδΛհ
Today's Agenda • Keynote • Leadership session: Data Protection &
Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response
Today's Agenda • Keynote • Leadership session: Data Protection &
Privacy • Leadership session: Governance, Risk & Compliance • Leadership session: Culture of Security • Leadership session: Identity & Access Management • Leadership session: Threat Detection & Incident Response
Threat Detection & Incident Response • GuardDutyͰڴҖΛݕग़ • Security HubͰݕग़ࣄ߲ΛूɺίϯϓϥΠΞϯεҧΛݕग़
• ରԠͷࣗಈԽνϡʔχϯάΛߦͬͯɺΞϥʔτ׳ΕΛ͙
Ransomware • ΦϖϨʔγϣϯ༻ͱόοΫΞοϓ༻ͰΞΧϯτΛ͚Δ • S3όʔδϣχϯάͱΦϒδΣΫτϩοΫͷར༻ • DRΛؚΊͨแׅతͳόοΫΞοϓܭըͱήʔϜσΠ • ͞Βʹ۷ΓԼ͛ΔͳΒNIST SP1800-25Λࢀߟʹ͢Δͱ͍͍
Identity and Access Management • ύεϫʔυͷ͍ճ͠ʹΑΔةݥੑ • SSOͷଞɺۈ࣌ؒ֎ͷΞΫςΟϏςΟཧσόΠεΛซ༻͢Δଟཁૉೝূ • IAM
Access AnalyzerήʔϜνΣϯδϟʔ • ύʔϛογϣϯఆظతʹࠪ • ϢʔβʔάϧʔϓΛͬͯɺݖݶཧͷࡶ͞Λܰݮ͠Α͏
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ։ൃ / ϓϩμΫτνʔϜʹదͳΨʔυϨʔϧͷߏங •
GuardDutyͰڴҖΛݕग़ɺSecurity HubʹFindingsΛू • Event HubʹͦΕͧΕΛू
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ • ηΩϡϦςΟΤϯδχΞɺSlackΛհͯ͠मਖ਼ͷͨΊͷyaml Λ࡞ • Cloud
CustodianͰyamlΛLambdaʹมͯࣗ͠ಈԽΛଅਐ
Network Infrastructure Security • HBOmaxͷࣄྫɿݕग़ͱରԠ
Network Infrastructure Security • Con fi dential Computing • AWS
Nitro Enclaves • ӬଓతͳετϨʔδΠϯλϥΫςΟϒͳΞΫηεɺ֎෦ωοτϫʔΫ͕ͳ ͍ • ڐՄ͞ΕͨίʔυͷΈ͕EnclavesͰ࣮ߦ͞Ε͍ͯΔ͜ͱΛݕূͰ͖Δ • KMSͱ౷߹͞Ε͍ͯΔEnclavesͷΈ͕ػີใʹΞΫηε͢Δ͜ͱ͕Ͱ͖Δ
Data Protection & Privacy • θϩτϥετΞʔΩςΫνϟ • ීวతͳࣄฑͷू߹ମ • ҉ͷ৴པͷഉআɺܧଓతͳݕূɺ࠷খݖݶɾ࠷খظؒͰϢʔβʔΛઃఆɺ
ҟৗͳ׆ಈѱҙͷ͋Δ׆ಈͷࢹɺཻͷߴ͍ϦεΫϕʔείϯτϩʔ ϧɺηΩϡϦςΟͷࣗಈԽ • AWSͷߟ͑ํ • IDཧͱωοτϫʔΫཧͷ྆ํΛิ͍ͬͯ͘
Data Protection & Privacy • GDPRͷରԠ • αʔϏεͷػೳGDPRద༻ରͰ͋Δ͔൱͔ΛΘͣɺ ͯ͢ͷސ٬ʹద༻͞ΕΔ
• GDPRͰཁٻ͞ΕΔసૹධՁͷࢧԉϦιʔε
Data Protection & Privacy • AWSαʔϏεͷϓϥΠόγʔػೳ • αϙʔτϦΫΤετΛॲཧ͢ΔୈࡾऀͷใΛܝࡌͨ͠ αϒϓϩηοαʔ
Data Protection & Privacy • ܭըͳ͠ʹػඍใΛอଘ͠ͳ͍͜ͱ • ͜ͷख୳ΓͰਐΊΔ͜ͱͰ͖ͳ͍ • ϏδωεΛऴྃ͢ΔϨϕϧͷϦεΫΛ࣋ͭ
• ϏδωεͰى͍ͬͯ͜Δ͜ͱΛ۷ΓԼ͛ͯਖ਼֬ʹཧղ͢Δ͜ͱ
Governance, Risk and Compliance • ߴ͍ϨϕϧͷೝূΛड͚ΔͨΊʹɺ150Ҏ্ͷίϯτϩʔϧΛ ຬͨ͢ඞཁ͕͋Δ • AWSαʔϏεɺҬۀքΛΘͣԿઍͷηΩϡϦςΟࠪ Ͱݕূ͞Ε͍ͯΔ
• AWS Artifact͔Β࠷৽ͷCSFূ໌ॻΛμϯϩʔυͰ͖Δ
Governance, Risk and Compliance • ࠓͰ͖Δ͜ͱɿCloudࠪΞΧσϛʔ
Leadership Sessionͷϝοηʔδ
Leadership session: Data Protection & Privacy • จԽΛܗ͢Δ •
֤νʔϜʹηΩϡϦςΟ୲ऀ͕Έࠐ·Ε͍ͯΔ • ҉߸Խ͢Ε͍͍Θ͚Ͱͳ͍ • 伴ͷཧͱಁ໌ੑʢAlexaͷࣄྫʣ • ϓϥΠόγʔɺʮԿΛ͢Δ͔ʯͱ͍͏͜ͱ
Leadership session: Governance, Risk & Compliance • ίϯϓϥΠΞϯεΛࣗͨͪͷͷʹ͢Δ6ͷڭ܇ • 10ؒͰੵΈ্͖͛ͯͨCompliance
as a CodeΛ ࣮ફ͢ΔͨΊͷڭ܇
Leadership session: Governance, Risk & Compliance • ૣࣦ͘ഊ͢Δ͜ͱ • ࠪͷͨΊͷΤϯδχΞ
• ίϯϓϥΠΞϯεʹັͤΒΕͨΤϯδχΞ • ઐࠪਓͷ಄ • ੑΛ࣋ͨͤΔ • ͷͲ͜ʹযΛͯΔ͔
Leadership session: Governance, Risk & Compliance • ͬͱֶश͍ͨ͠ਓͷͨΊʹ
Leadership session: Culture of Security • ηΩϡϦςΟόφφͰͨ͠
Tenets ͱ͍͏ݴ༿͕ҿΈࠐΊͳͯ͘ Կೖ͖ͬͯ·ͤΜͰͨ͠ ͞ʔͤΜ
Leadership session: Identity & Access Management • AWS OrganizationsΛͬͯϚϧνΞΧϯτΛཧ
• AWS SSOΛͬͯΞΧϯτͷதԝཧ • σʔλϖϦϛλ • SCP, VPC Endpoint Policy, Resource-based policys
Leadership session: Identity & Access Management • ࠷খݖݶͷཱྀ •
IAM Access Analyzerͷհ • IAM࠲ஊձ
Leadership session: Threat Detection & Incident Response • ηΩϡϦςΟػೳΛͬͯରԠ࣌ؒΛॖ͠Α͏
Leadership session: Threat Detection & Incident Response • GuardDutyͷϕετϓϥΫςΟεͷհ
• ରސ٬ͷηΩϡϦςΟΦϖϨʔγϣϯνʔϜͷ • ͍Ζ͍ΖͬͯΔ͚Ͳɺཧऀϝʔϧ͚ͩϚδड৴͠Ζ • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
Leadership session: Threat Detection & Incident Response • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
Leadership session: Threat Detection & Incident Response • ߦ͏͖ΞΫγϣϯTop10ʢීวతͳʣ
A bird's eye view • ։ൃϓϩηεʹηΩϡϦςΟΛΈࠐΉจԽͱ ίϯϓϥΠϯεΛΈࠐΉจԽࣅ͍ͯΔ • ϓϥΠόγʔͷߟ͑ํͷ಄ग़͠ʢੈͷதͷૌٻͷରԠʣ
• Compliance as a Codeɺ·ͩ·ͩීٴ͍ͯ͠ͳ͍ • खͳ৽͍͠ͷͰͳ͘ɺීวతͳࣄฑͷੵΈ্͛
Thank you !
fnifni
schktjm
athug
koba789
kworkdev
kitagawaz
yanzm
moritamasami
smt7174
sony
yhana
bluehats
hiyokko_data
tanoku
thoeni
philnash
sstephenson
csswizardry
eitanlees
lauravandoore
moore
rmw
keavy
iamctodd
holman
