conjur - aws boston meetup 2014 - defense in depth
DESCRIPTION
Defend Your Infrastructure With Robot Identity and Authorization Consolidated end-user identity management and coarse-grained web application access control have improved security and improved enterprise agility. Managing access control for a multiplicity of backend services and data assets is the next challenge for IT and software development teams. Centralized management, tracking, and analysis of infrastructure identity and access controls is the next phase of evolution for security and compliance. A unified approach to infrastructure access control across the application tier improves organizational agility and transparency, improves development team productivity and sets up a well-defined collaboration between developers and devops. This presentation will highlight the following best practices, in the context of a recently developed real-world cloud-based data processing platform: • Management of “robot” and user identity for purposes of infrastructure management with discussion of Amazon IAM strengths and weaknesses • Management and distribution of keys, credentials, and other secrets • Dynamic and robust authorization of service-to-service and service-to-data requests • Access control as a functionality to satisfy regulatory and compliance requirements • The importance of an audit trail to optimize operational architecture and detect suspicious behaviorTRANSCRIPT
![Page 1: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/1.jpg)
.HYLQ�*LOSLQ��-DVRQ�&DOYHUW)HEUXDU\���������
'HIHQG�\RXU�,QIUDVWUXFWXUHZLWK�5RERW�,GHQWLW\�DQG�$XWKRUL]DWLRQ
![Page 2: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/2.jpg)
3UREOHPV�)UHTXHQWO\�6HHQ�LQ�WKH�&ORXG
2SHUDWLRQDOï /RVW�FUHGHQWLDOV���%,*�352%/(0���DFFHVV�WR�VRXUFH�FRGH��DGPLQ�ER[��RWKHU�FUHGHQWLDOV�GDWD
ï 2YHUO\�SHUPLVVLYH�FRQWUROV���HVSHFLDOO\�IRU�LQWHUQDO�,7�XVHUV
ï 3RRU�DXGLWLQJ���YHU\�IHZ�FRPSDQLHV�FDQ�UHFUHDWH�ZKDW�KDSSHQHG�IRU�D�EUHDFK���NHHS�ORJV�IRU�D�ORQJ�WLPH�RQ�VHSDUDWH�V\VWHPV
&UHGHQWLDOV�DUH�%,**(67�SUREOHP�ZLWK�$:6
$OH[�6WDPRV��$:6�UH�,QYHQW�����KWWS���ZZZ�HYHU\WDON�WY�WDONV������$PD]RQ�:HE�6HUYLFHV�UH�,QYHQW�6(&�����%XLOGLQJ�6HFXULW\�IURP�6FUDWFK�LQ�$:6
![Page 3: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/3.jpg)
3UREOHPV�)UHTXHQWO\�6HHQ�LQ�WKH�&ORXG
,QIUDVWUXFWXUHï ,QVHFXUH�FRQWURO�SODQH���86(�66/�(9(5<:+(5(
ï $WWDFNV�IURP�LQVLGH�WKH�&RUSRUDWH�1HWZRUN
$SSOLFDWLRQï 7RR�ORRVH�ELQGLQJV���KDFN�WKH�ZHE�VHUYLFHV�GLUHFWRU\�ĺ�5(67�LQWHUIDFH�ĺ��GR�ZKDWHYHU
ï :HE�$3,�9XOQHUDELOLWLHV
ï 3RRU�XVH�RI�FU\SWRJUDSK\
$OH[�6WDPRV��$:6�UH�,QYHQW�����KWWS���ZZZ�HYHU\WDON�WY�WDONV������$PD]RQ�:HE�6HUYLFHV�UH�,QYHQW�6(&�����%XLOGLQJ�6HFXULW\�IURP�6FUDWFK�LQ�$:6
![Page 4: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/4.jpg)
:H�+DYH�)DLOHG�<RX��/RUG�9DGHU
䕵 ([WHUQDO�YHQGRUV�H[SRVHG�DV�WKH�ZHDN�OLQN�LQ�HQWHUSULVH�VHFXULW\
䕵 7ULYLDO�SULYLOHJH�OHYHOV�H[SORLWHG�DQG�HVFDODWHG�WR�JDLQ�DFFHVV�WR�WKH�PRVW�FULWLFDO�GDWD
![Page 5: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/5.jpg)
5LJKW�6FULSW��:URQJ�(QYLURQPHQW䕵 $:6�0DLQWHQDQFH�VFULSW�GHOHWHV�
(ODVWLF�/RDG�%DODQFHU�'%�UHFRUGV�XVHG�IRU�VHOI�PDQDJHPHQW
䕵 .DERRP��1HWIOL[�HW�DO
1DWLRQ�LV�XQDEOH�WR��ZDWFK�ê$�&KULVWPDV�&DUROë�DQG�OLYH�WKH�WUXH�PHDQLQJ�RI�&KULVWPDV
![Page 6: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/6.jpg)
6ROXWLRQ��.HHS�7UDFN�RI�7KLQJV%H�RUJDQL]HG��DQG�
PDLQWDLQ�FRQWURO�RI�
䕵 3DVVZRUGV䕵 3ROLFLHV䕵 $FFHVV�UXOHV䕵 *URXSV�DQG�UROHV䕵 6HFXUH�FRPPXQLFDWLRQ
![Page 7: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/7.jpg)
&ORVLQJ�WKH�ê&RPSOLDQFH�*DSë$:6�SURYLGHV� $:6�GRHV�QRW�SURYLGH�
Ɣ 3K\VLFDO�VHFXULW\
Ɣ 6RIWZDUH�GHILQHG�QHWZRUN
Ɣ 5HOLDEOH�$0,V
Ɣ :D\V�WR�VWURQJO\�SDUWLWLRQ�LQIR��HJ��DFFRXQWV�
Ɣ 'XUDELOLW\
Ɣ ,DD6�EDFNSODQH
Ɣ 0DQDJH�$:6�FUHGHQWLDOV
Ɣ 3DVVZRUGV
Ɣ $:6�SROLFLHV
Ɣ (QFU\SWLRQ�NH\V�DQG�RWKHU�VHFUHWV
Ɣ $SSOLFDWLRQ�WLHU�DXGLW
![Page 8: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/8.jpg)
6QRZIODNHV䕵 /RWV�RI�2SWLRQV�LQ�$:6
䕵 0DQXDO�DGPLQLVWUDWLRQ�RI�WRR�PDQ\�RSWLRQV�SURGXFHV�êVQRZIODNHVë
䕵 ê6QRZIODNHV�VRRQ�EHFRPH�KDUG�WR�XQGHUVWDQG�DQG�PRGLI\ë
䕵 $SSOLHV�WR�VHUYHUV��SROLFLHV��DXWK]��DUFKLWHFWXUH��HWF�
7KHUHIRUH��DXWRPDWH��WHVW��DQG�YHULI\
KWWS���IOLF�NU�S��FYUI
![Page 9: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/9.jpg)
'RQèW�6KRUWFXW�<RXU�:D\�LQWR�7URXEOH
0DQXDO�KDFNLQJ�LV�QRW�D�VKRUWFXW
![Page 10: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/10.jpg)
%H�5HSURGXFLEOH
䕵 6DPH�SDFNDJHV䕵 6DPH�FRQILJXUDWLRQ
ð�DQGð
䕵 6DPH�SULYLOHJHV
![Page 11: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/11.jpg)
&RPPRQ�3UREOHP���$XWKRUL]DWLRQ
䕵 'HIHQG�LQ�GHSWK
䕵 6LQJOH�SHULPHWHU�GHIHQVH�LV�QRW�VXIILFLHQW
䕵 $SSO\�WKH�PRVW�H[WHQVLYH�SURWHFWLRQ�WR�WKH�PRVW�YDOXDEOH�DVVHWV
KWWS���ZZZ�FVRRQOLQH�FRP�DUWLFOH��������LQIRUPDWLRQ�VHFXULW\�GHIHQVH�LQ�GHSWK�OHVVRQV�IURP�D�EURQ]H�DJH�IRUW�"SDJH �
![Page 12: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/12.jpg)
<RXU�$XWK]�)RUWUHVV
&OLHQW�7HUPLQDO
6HFXUH0HVVDJH4XHXH
90��6HUYLFH Ɣ $OO�FORXG�FUHGHQWLDOV�DQG�,$0�SROLFLHV�DXWR�JHQHUDWHG�DQG�PDQDJHG�SURJUDPPDWLFDOO\
Ɣ $OO�LQWHUDFWLRQV�GHILQHG�DQG�UHSRUWDEOH�E\�DXWK]�SROLFLHV
Ɣ $OO�LQWHUDFWLRQV�FKHFNHG�E\�DXWK]Ɣ $OO�VHFUHWV�GLVWULEXWHG�SURJUDPPDWLFDOO\
ż &ORXG�NH\V��NH\�SDLUV��SDVVZRUGV��HWF�IHWFKHG�YLD�KXPDQ�RU�URERW�LGHQWLW\
ż �����DXWRPDWHG�NH\�SDVVZRUG�URWDWLRQ
Ɣ 6LJQHG�TXHXH�PHVVDJHVƔ (QFU\SWLRQ�LQ�WUDQVLWƔ (YHU\�LQWHUDFWLRQ�UHFRUGHG�WR�,DD6�DQG�
DSSOLFDWLRQ�DXGLW
�
�
�
�
![Page 13: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/13.jpg)
$PD]RQ�,$0���$XWRPDWH�,W䕵 9HU\�GHWDLOHG��JUDQXODU䕵 (DV\�WR�SURSDJDWH�SULYLOHJHV�WR�
90V�YLD�,$0�5ROHV�IRU�(&�䕵 *LYHV�D�ZD\�WR�SURSDJDWH�
SULYLOHJHV�IURP�XVHUV�WR�90V䕵 &DQ�ERRWVWUDS�WR�RWKHU�SULYLOHJHV䕵 ,$0�DFWLRQV�DUH�FDSWXUHG�LQ�
&ORXG7UDLO��$:6�DXGLW�
䕵 +DUG�WR�XVH�ILQH�JUDLQHG�SHUPLVVLRQV�IRU�GHYHORSPHQW
䕵 7ULDO�DQG�HUURU䕵 1R�KLJK�OHYHO�UHSRUWLQJ�RQ�
SHUPLVVLRQV
![Page 14: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/14.jpg)
ê:LULQJë��&RQQHFWLQJ�6\VWHPV�7RJHWKHU
(DFK�NH\�HVWDEOLVKHV�D�FRQQHFWLRQ�EHWZHHQ�WZR�DSSOLFDWLRQ�FRPSRQHQWV
$�FRPSRQHQW�ZLWKRXW�NH\V�LV�êRUSKDQHGë�DQG�KDUPOHVV���QRQ�IXQFWLRQDO
![Page 15: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/15.jpg)
6HFUHWV��WKH�6QRZIODNH�3UREOHP
䕵 0DQXDO�FRS\LQJ�ĺ�VQRZIODNHV��ORVV
䕵 0DQXDO�SROLFLHV�ĺ�SULYLOHJH�FUHHS
0DQXDO�ĺ�HQWURS\�ĺ��IDLOXUH
![Page 16: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/16.jpg)
&RQILJXUDWLRQ�0DQDJHPHQW�LV�QRW�.H\�0DQDJHPHQW
&RQILJXUDWLRQ�PDQDJHPHQW�PD\�)((/�OLNH�D�JRRG�ZD\�WR�GLVWULEXWH�VHFUHWV�
ð
%XW�WKLV�LV�MXVW�D�FDVH�RI�ZLHOGLQJ�D�KDPPHU�DQG�WUHDWLQJ�HYHU\WKLQJ�DV�D�QDLO
ð
&RQILJXUDWLRQ�PDQDJHPHQW�GRQèW�KDQGOH�VHFUHWV��DXWK]��RU�DXGLW�YHU\�ZHOO
![Page 17: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/17.jpg)
&RQILJXUDWLRQ�0DQDJHPHQW�LV�&RQIXVLQJ�3HRSOH�$ERXW�6HFUHWV
&RQILJXUDWLRQ�0DQDJHPHQW�LV�QRW�.H\�0DQDJHPHQW
7ZR�RUWKRJRQDO�FRQFHUQV��� ,QVWDOO�SDFNDJHV�DQG�HVWDEOLVK�
FRQILJXUDWLRQ�VHWWLQJV
�� ê:LUH�XSë�WKH�V\VWHP�ZLWK�LGHQWLW\�DQG�VHFUHWV
6\VWHP�êZLULQJë�VKRXOG�QRW�EH�LQ�WKH�GRPDLQ�RI�FRQILJXUDWLRQ�PDQDJHPHQW
![Page 18: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/18.jpg)
([DPSOH��&KHI
(QFU\SWHG�GDWD�EDJV�ê7KH�FKHI�FOLHQW�XVHV�VKDUHG�VHFUHW�HQFU\SWLRQë
䕵 +RZ�LV�WKH�VKDUHG�VHFUHW�GLVWULEXWHG"
䕵 <RX�VWLOO�QHHG�D�VHFUHWV�$3,��KRVW�LGHQWLW\�DQG�SHUPLVVLRQV�V\VWHP
![Page 19: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/19.jpg)
6R�$JDLQ
&RQILJXUDWLRQ�� �6HFUHWV
![Page 20: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/20.jpg)
6HFUHWV�LV�LWV�2ZQ�3UREOHP
,W�LV�QRW�D�VXE�FDWHJRU\�RI�&RQILJXUDWLRQ�0DQDJHPHQW�%(&$86(�LW�LV�DOO�DERXW�LGHQWLW\�DQG�DXWKRUL]DWLRQ��VHSDUDWLRQ�RI�UROHV�DQG�FRQFHUQV�
ê/HDVW�SULYLOHJHë��êVHSDUDWLRQ�RI�GXWLHVë��êDXGLWë�ĺ�DUH�WKH�NH\�UHTXLUHPHQWV
![Page 21: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/21.jpg)
$XWRPDWH�$OO�6HFUHWV�� $VVLJQ�LGHQWLW\�WR�KRVW
�� *UDQW�SULYLOHJHV�WR�KRVW
�� )HWFK�VHFUHWV�YLD�FRPPDQG�OLQH�RU�FRQILJXUDWLRQ�PDQDJHPHQW�KHOSHU
�� %HWWHU�\HW��IHWFK�DQG�XVH�VHFUHWV�RQ�GHPDQG�DQG�NHHS�WKHP�RII�PDFKLQHV
��(VWDEOLVK�LGHQWLW\�RI�WKH�KRVW��VHFUHWV�ORJLQ��X�KRVWLG��2EWDLQ�VHFUHW��VHFUHWV�IHWFK�VWDJH�P\VTO�SDVVZRUG�!��HWF�P\VTOBSDVVZRUG
SZG� �VHFUHWV�IHWFK�´VWDJH�P\VTO�SDVVZRUGµ�WHPSODWH�´�HWF�P\VTO�FRQIµ�GR��VRXUFH�´P\VTO�FRQI�HUEµ��YDULDEOHV�SDVVZRUG��SZGHQG
![Page 22: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/22.jpg)
,GHQWLW\�LV�WKH�)RXQGDWLRQ�RI�3HUPLVVLRQV
䕵 ,GHQWLW\�LV�WKH�PHDQV�WR�DQ�HQG䎗 &RQWURO�DQG�FHUWDLQW\
䕵 7KH�HQG�LV�JUDQWLQJ�UROHV�ZKLFK�KDYH�SULYLOHJHV
䕵 5ROH�JUDQWV�PXVW�IORZ�IURP�D�KLJKHU�DXWKRULW\
![Page 23: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/23.jpg)
+RVW�,GHQWLW\
䕵 $:6�SURYLGHV�WUXVWHG�VRXUFH�,3
6WUHQJWKHQ�ZLWK�
䕵 &UHGHQWLDOV�ĺ�+RVW�,G�SOXV�6HFUHW
䕵 66/�PXWXDO�DXWKHQWLFDWLRQD� 'HULYH�FHUWLILFDWHV�IURP�PDVWHU�WUXVWHG�FHUW
![Page 24: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/24.jpg)
,GHQWLW\�YLD�$XWKRULW\
䕵 ,GHQWLW\�IORZV�IURP�D�FHQWUDO�DXWKRULW\
䕵 7UXVW�LQ�WKH�DXWKRULW\�PXVW�EH�EXLOW�LQ
![Page 25: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/25.jpg)
$Q�$XWKRULW\�IRU�$:6
䕵 $�ZHE�VHUYLFH䎗 /LNH�HYHU\WKLQJ�HOVH
䕵 ,Q�D�GHGLFDWHG�$:6�DFFRXQW䎗 6R�WKDW�WKHUH�LV�QR�ZD\�WR�DFFLGHQWDOO\�êOHDNë�SULYLOHJH�WR�DFFHVV�WKH�
DXWKRULW\�ER[
䕵 ,VVXHV�H[SLULQJ�DXWK�WRNHQV
䕵 +ROGV�D�FHUWLILFDWH�ZKLFK�LV�WUXVWHG�E\�WKH�UHVW�RI�WKH�V\VWHP
![Page 26: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/26.jpg)
(VWDEOLVK�7UXVW�:LWK�D�&HUWLILFDWH
䕵 &UHDWH�D�êVLPSOHë�&$
䕵 %XLOG�$0,�ZLWK�HPEHGGHG�7��FHUW
䕵 $OO�\RXU�90V�ZLOO�WUXVW�WKLV�FHUW
![Page 27: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/27.jpg)
3OXV�SURSDJDWLQJ�LGHQWLW\�RI�RULJLQDO�UHTXHVWHU
3OXV�DQ�LGHQWLW\�EDVHG�DXWK]�JDWHNHHSHU
3OXV�D�VKDUHG�VHFUHW
6HUYLFH�WR�6HUYLFH�$XWK]
$�0DWXULW\�0RGHO�IRU�$SSV�DQG�&RQWURO�3ODQH
7UXVW�HYHU\WKLQJ��UHVWULFW�WUDIILF�YLD�VHFXULW\�JURXSV 6HFXULW\�JURXS�VHWWLQJV�
FDQ�EH�PRGLILHG
![Page 28: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/28.jpg)
$:6�,$0�%DG�%HKDYLRU�([DPSOH
䕵 /DXQFK�D�90�IURP�$:6�0DUNHWSODFH
䕵 90�UHTXHVWV�DQ�êDGPLQLVWUDWRUë�OHYHO�FUHGHQWLDO
䕵 3XVK�EDFN�WR�YHQGRU�\LHOGV�WKH�DFWXDO�SROLF\�WKDW�WKH�90�QHHGV
KWWS���IRUXP�[GD�GHYHORSHUV�FRP�VKRZWKUHDG�SKS"W ������SDJH �
![Page 29: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/29.jpg)
$:6�,$0�%HWWHU�%HKDYLRU
%HWWHU�6ROXWLRQ䕵 90�VHWXS�VFULSW�UHTXHVWV�DQ�
DGPLQ�FUHGHQWLDO
䕵 90�FUHDWHV�DQG�VDYHV�LWV�RZQ�LGHQWLW\�DQG�PLQLPDO�SROLF\
䕵 90�êIRUJHWVë�WKH�DGPLQ�FUHGHQWLDO
![Page 30: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/30.jpg)
$:6�,$0�%HVW�%HKDYLRU
%HVW�6ROXWLRQ䕵 9HQGRU�SURYLGHV�SROLF\
䕵 $GPLQ�FUHDWHV�,$0�UROH�DQG�DSSOLHV�SROLF\
䕵 $GPLQ�JUDQWV�WKH�,$0�UROH�WR�WKH�90
ĺ�1R�VWRUDJH�RI�FUHGHQWLDOV�RQ�GLVN
![Page 31: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/31.jpg)
6HFXUH�WKH�&RQWURO�3ODQH
䕵 ,QYHVW�LQ�66/�IRU�\RXU�FRQWURO�SODQH�VHUYLFHV
䕵 5REXVW�DXWKQ���DXWK]�IRU�DGPLQ�DFFHVV�WR�ER[HV䎗 35,9$7(�.(<6�,668('�%<�(&��$5(�)25�(0(5*(1&<�$&&(66�
21/<
䎗 ��IDFWRU�DXWK
䎗 $XWKRUL]DWLRQ��H�J��/'$3��ZKLFK�LV�VHSDUDWH�DQG�DGGLWLRQDO�WR�DXWKHQWLFDWLRQ�PDNHV�GH�SURYLVLRQLQJ�PXFK�HDVLHU
![Page 32: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/32.jpg)
,GHQWLW\�3URSDJDWLRQ���6WURQJHU�WKDQ�6HUYLFH�,GHQWLW\
1H[W�6HUYLFH���
8VHU�,GHQWLW\�3URSDJDWHG�WR�6HUYLFH�%
6HUYLFH�$
3ULYLOHJHG�8VHU��,GHQWLW\
![Page 33: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/33.jpg)
5HFDS���*URXQGZRUN
�� 8VH�D�VHSDUDWH�$:6�DFFRXQW�IRU�VHFXULW\�SXUSRVHV
�� %XLOG�DQ�$0,�WR�WUXVW�WKLV�DXWKRULW\D� :LUH�XS�ORJJLQJ��PRQLWRULQJ��HWF�ZKLOH�\RX�DUH�DW�LW
�� ,VVXH�LGHQWLW\�IURP�WKLV�VHUYLFH
![Page 34: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/34.jpg)
5HFDS���,$0
�� $XWRPDWH�WKH�JHQHUDWLRQ�RI�,$0�XVHUV��UROHV��DQG�SROLFLHV
D� &RPELQH�WKLV�ORJLF�LQWR�WHVWDEOH��UHXVDEOH��VHFXUH�PRGXOHV
�� 8VH�,$0�UROHV�WR�ERRWVWUDS�90V�LQWR�RWKHU�SULYLOHJHV
D� H�J��çGHY�ZHEVHUYHUè�,$0�UROH��JUDQWHG�WR�çGHYHORSHUVè�
XVHU�JURXS��JUDQWV�DFFHVV�WR�VHFUHWV�DSSURSULDWH�WR�WKH�ZHE�VHUYHUV
![Page 35: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/35.jpg)
5HFDS���6HFUHWV
�� 7UHDW�PDQDJHPHQW�RI�6HFUHWV�DV�LWV�RZQ�SUREOHP
D� 'RQèW�GLVWULEXWH�WKHP�E\�KDQG
�� 8VH�(&��5$0�DQG�HSKHPHUDO�VWRUDJH�WR�VWRUH�VHFUHWV
D� :RQèW�EH�FDSWXUHG�LQ�EDFNXSV
![Page 36: Conjur - AWS Boston Meetup 2014 - Defense in Depth](https://reader033.vdocuments.site/reader033/viewer/2022042714/557c4d7bd8b42a11668b4b77/html5/thumbnails/36.jpg)
7KDQN�\RX�
#NHJLOSLQ�#&RQMXU,QF
ZZZ�OLQNHGLQ�FRP�LQ�MDVRQFDOYHUW
�