Responsible AI and Security in the generative era: Science and practice

The rapid growth of generative AI brings promising innovation and, at the same time, raises new challenges around its security, safe, and responsible development and use. These challenges include some that were common before generative AI, such as bias and explainability, and new ones unique to generative models, including hallucinations, toxicity, and intellectual property protection. During this session, participants will gain an overview of the challenges that generative AI presents, survey the emerging science surrounding these challenges, and engage in a discussion about the hands-on, security, and Responsible AI work currently being conducted on AWS.

Bringing AI Everywhere: Accelerating GenAI for Enterprise

The Intel Gaudi Al accelerator, optimized for Generative Al and Large Language Models, offers an affordable solution for deep learning training and inference, with user-friendly functionalities. In this session we will explore three accessible entry points: accessing model references via Gaudi's GitHub, leveraging Hugging Face Optimum Habana GitHub, and utilizing the GPU Migration tool for seamless model adaptation from GPUs to Gaudi. This session is tailored for developers and data scientists seeking efficient Al acceleration solutions.

Enabling SaaS Networking, Routing and Security Using Amazon VPC Lattice

Transitioning to a software-as-a-service (SaaS) model often involves managing multiple AWS accounts and Virtual Private Clouds (VPCs), posing challenges in service deployment, communication, and security across diverse compute options like serverless, containers, and instances. These complexities can hinder operational efficiency and agility for SaaS organizations in a competitive landscape. However, Amazon VPC Lattice offers a solution by simplifying the networking experience in a multi-tenant environment, enabling seamless connection, security, and management across any compute option, account, and VPC. This innovative approach eliminates the hurdles of VPC peering, transit gateways, and CIDR block overlaps, enhancing flexibility, security, and speed. This talk dives into utilizing VPC Lattice to streamline network connectivity, security, and monitoring in a multi-account, multi-VPC SaaS setup to drive efficiency for your SaaS organization.

Building with Generative AI on AWS using PartyRock, Amazon Bedrock, and Amazon Q (Laptop Required)

Workshop: Learn to build generative AI applications on AWS using PartyRock and Amazon Bedrock. You will gain skills in prompt engineering and using the Bedrock API. We will also explore how to 'chat with your documents' through knowledge bases, retrieval augmented generation (RAG), embeddings, and agents. We will also use next generation developer tools Amazon Q and Amazon CodeWhisperer to assist in coding and debugging. You will be provided an AWS account to go through this workshop. Some familiarly with using services such as AWS Lambda and writing Python code is helpful. No AI/ML experience is necessary. This workshop is intended to be finished within 2 hours.

Developer Mindset: Embracing GitOps for Network Security and Compliance

As modern cloud-native applications evolve, the traditional network testing and security compliance in infrastructure deployments often struggle to keep up. In this talk we will discuss how leveraging GitOps and Generative AI allows for automated consistent network testing, security compliance enforcement, validation testing and standardization of infrastructure deployments across an organization.

Responsible AI and Security in the generative era: Science and practice

Panelist. Senior Solutions Architect based in the San Francisco Bay Area. She helps AWS enterprise customers grow by understanding their goals and challenges, and guides them on how they can architect their applications in a cloud-native manner while ensuring resilience and scalability. She is passionate about generative AI, Ethical and Responsible AI, machine learning technologies and environmental sustainability.

Security Workshop

In this workshop, you will learn practical techniques for protecting your web application from the most common threats, without needing to change any code. These techniques can be applied directly against your own AWS environments with minimal time and effort. You will be provided an AWS Account running the OWASP Juice Shop, and perform an attack to exfiltrate its credentials. You will then leverage Amazon GuardDuty to detect and respond to the attack, AWS Web Application Firewall (AWS WAF) to create a virtual patch to stop the exploit, and VPC Endpoint Policies to prevent illicit use of the stolen credentials. You'll also see how AWS WAF can be used to block other exploits using its managed rules. Using these and similar techniques to detect and respond to attacks will let you build fast AND stay secure.

Real-world Authorization

Authorization policy languages like AWS Cedar and OpenFGA have opened up the world to implementing fine-grained access controls in your own applications. This is great for your API gateways, but what about the mission-critical infrastructure your Cloud, IT and security staff need to support and secure every day? How can IAM admins provide modern, fine-grained authorization to the databases, k8s clusters, and servers that host our digital kingdoms? Let's talk about: - The state of authorization in 2024 - Beyond Least Privilege: Continuous authorization and where it fits in your security strategy - You’re not thinking small enough: Fine-grained permissions - Cedar policies and the power of simplicity - Where do we go next from here?

You're Hit by a Ransomware Attack, What's Next?

Ransomware is the buzzword of the day, and in this talk, Julia Furst Morgado from Veeam will address what happens when an organization is hit by a ransomware attack. The talk will focus on immediate and long-term steps an organization should take in response to such an attack. It will also cover preventive measures and best practices for ransomware protection. This session is aimed at business-focused professionals, providing them with practical advice and strategies to deal with ransomware threats.

Auto-remediate Security and Compliance deviations using AWS Services

Are you looking to optimize your AWS resources and ensure best practices are followed? Join us for an insightful dive deep session into the world of AWS Trusted Advisor and how you can leverage it to streamline your operations. Learn how you can benefit by implementing architecture patterns to auto-remediate best practice deviations detected by AWS Trusted Advisor, respond quickly to security vulnerabilities and continue to optimize your AWS environment!

The importance of protecting APIs as enterprises move to adopt the AWS cloud

Marlon Chung, Cloud Security Architect at Check Point Software Technologies, specializes in cloud security solutions for the enterprise. With over 25 years of experience in Information Technology and a solid background in cybersecurity, he brings a wealth of experience in architecting and designing solutions across cloud services. In this session, he will discuss “The importance of protecting APIs as enterprises move to adopt the AWS cloud”. Join my session as I share the journey of the API evolution, the impact on modern AWS cloud environments and how to secure your APIs. APIs have emerged as one of the most significant components of the modern Internet. Many services use APIs to implement modularity or expose various functions to their users. However, APIs also face significant security threats, as 84% global internet traffic is based on API’s. In addition to common threats related to web applications, APIs also face their own category of targeted potential vulnerabilities. Some API security best practices that can help to manage these security risks are authentication and authorization, Zero-trust access management, monitoring and alert for anomalous activity and more. These API security best practices will help you to protect valuable components of an IT infrastructure on AWS environments.

Cloud Hacking Scenarios

You’ve been hearing a lot about security best practices in the cloud, but have you ever seen them broken? This talk goes through various security scenarios in the cloud, showing how an attacker could potentially compromise a poorly configured cloud environment. The session will cover the common mistakes made when setting up cloud environments and demonstrate how these can be exploited. Attendees will learn about the importance of following best practices in cloud security and how to avoid becoming a victim of these common security issues.

Responsible AI and Security in the generative era: Science and practice

Panelist. Solutions Architect at AWS in the San Francisco Bay Area. Parth guides customers to accelerate their journey to the cloud and help them adopt and grow on the AWS Cloud successfully. He focuses on machine learning, environmental sustainability, and application modernization.

AWS Control Tower: How to adopt it

AWS Control Tower can is a great tool for a growing organization to manage their AWS accounts. In this session, Peter Sankauskas will provide insights into how to adopt AWS Control Tower for your organization. He will discuss its benefits, potential pitfalls, and best practices for implementation. This session is particularly useful for organizations looking to scale their AWS usage efficiently and securely. Attendees will gain practical knowledge on how to leverage AWS Control Tower to manage their cloud infrastructure effectively.

When Data Collaboration Meets Privacy: Privacy-Preserving Data Analysis on the Cloud

With the boom of data generated on the cloud, collaboration around this data is becoming increasingly important. However, privacy concerns are a major obstacle. This talk explores the intersection of data collaboration and privacy, focusing on privacy-preserving data analysis techniques on the cloud. Attendees will learn about different methods and tools available to ensure data privacy while enabling effective data collaboration. This talk is especially relevant for organizations that deal with sensitive data and need to balance collaboration with privacy.

Managing Database Roles with Active Directory/LDAP for SOX Compliance

For Amazon RDS / Redshift, Enterprises use Active Directory / LDAP to centralize user authentication and group membership. But this presents two challenges: • SOX (Sarbanes Oxley) and SoD (Segregation of Duties) non-compliance, as security teams lose visibility and control of data access. • Databases have to be preconfigured with users and roles, increasing IT management burden. In this session, we will discuss ways to secure data access for SOX and SoD compliance, while removing the need data teams to manage the user credentials and roles.

Auto-remediate Security and Compliance deviations using AWS Services

Are you looking to optimize your AWS resources and ensure best practices are followed? Join us for an insightful dive deep session into the world of AWS Trusted Advisor and how you can leverage it to streamline your operations. Learn how you can benefit by implementing architecture patterns to auto-remediate best practice deviations detected by AWS Trusted Advisor, respond quickly to security vulnerabilities and continue to optimize your AWS environment!

The Data Cloud's Cheese and Diamond Problem

In the backends of many products, there’s a users database table or equivalent containing user data like names, emails, phone numbers, and addresses. This data is treated and protected as any other application data. A security perimeter is put around it, but from within the perimeter, applications and sometimes employees have full access. Treating users' PII data like any other application data is a fundamentally flawed design choice. User data is special and must be treated that way. Just as I don’t store my diamonds in the refrigerator with my cheese, user data doesn’t belong in your application storage intermixed with your other data. It must be isolated and protected. In this talk, we explore this topic in detail, making a case that the only way to stop the epidemic of data breaches and meet consumer and regulatory demands for data privacy is to fundamentally change our mindsets about how to store and manage PII.