July 31, I attended the Beijing Railway Station AWS Technology Summit 2019.
From Xiamen to Royal Park, went to Trinidad, only a technological feast, I would like to record some gains and thinking, in order to live up to this line.
Agenda throughout the day, in the morning is the keynote and industry solutions show, the afternoon is the technical sub-forum.
We always knew that the cloud business, we must first solve the security issues.
In a keynote speech in the morning, we will see the AWS security as a top priority, and the two shared the AWS advanced security concept:
1, the customer must own and control data concept. Adhere customers to control their data and provide complex technical and physical measures to prevent unauthorized access.
2, security shared responsibility model. AWS is responsible for secure host system, the virtualization layer, physical infrastructure and other facilities, the customer is responsible for the upper operating system and safety-related applications, the group responsible for configuring security, firewalls, security through shared responsibility, common cloud deal with security threats.
In the technology sub-forum of security and compliance of the afternoon, the major share is about cloud security should be how to do? By trying to solve the main problem, AWS share best practices summed up methodology and solutions.
First, identity verification and access
1, IAM is not only a web console, which gives the AWS authentication and access control, including in combination with other services, it can be precisely controlled for each user.
2, and security management ideas of different traditional data center, multi-account security governance framework on AWS and AWS Landing Zone is mentioned solutions to solve the problem AWS accounts with security management through it.
Second, data compliant with GDPR
1, compliance is not a point, but a process.
2, there are different regulations in different jurisdictions, different regulations have the same universal values.
3, GDPR not a safety standard, is a statute, then that means whether you meet GDPR, that the court ruling.
3. Data protection
1, the data protection principles: minimal access, confidentiality, integrity and availability.
2, the hierarchical data protection: controlling access to data in the protected data transfer and storage, management credentials: automatically rotate.
SSL certificate
encryption: KMS, HSM
Fourth, threat detection and response
1, log on cloud data input sources: user activity logs, VPC network traffic, WEB access log, DNS query log.
2, through machine learning, automated testing, such as Amazon GuardDuty, Amazon Macie.
3, the security value chain: to identify protection --- --- Detection - - response - recovery.
The Technology Summit was mainly to show AWS strong technology and service, I think the biggest gains, let me further knowledge and understanding of some of the security technology solutions and application scenarios.
On this day, also up a lot of knowledge, such as in the technology industry exhibition, there is a wisdom Diner project, modeled manufacturer - Transport companies - Romantic wisdom, such a complete supply chain. When the camera Diner's wisdom identified a section of drinks out of stock, it will automatically initiate an order to the manufacturer, and record books by block chain, block chain books of data is not tampered with, to ensure that every transaction It is authentic. Manufacturers produced to order drinks, finished notify the carrier and shipping records write block chain account. Transportation companies use driverless car transport drinks. Wisdom Diner to receive the goods, and write block chain receiving records, shipping records for comparison, check the delivery is complete. In this scene inside, we see a smart video recognition, block chain, autopilot application of a number of new technology cars, big data analysis.
Of course, the application of new technologies in various industries health care, education, games, media, finance, manufacturing, automotive, retail, etc., will slowly change our lives in the future can be expected.