SlideShare ist ein Scribd-Unternehmen logo

Scaling the Cloud - Cloud Security

•
•
Bill Burns
Bill Burns

The document discusses a presentation given by Bill Burns, Sr. Manager of Networks & Security at Netflix, to the CISO Executive Forum on February 26, 2012 about Netflix's move to scaling operations in the cloud. The presentation covered Netflix's background and engineering-centric culture, the reasons for moving to the cloud including availability, capacity and agility. It also discussed the information security challenges of running in an IaaS cloud, such as confidentiality, integrity, availability and possession/control of systems. The presentation showed how Netflix addressed these challenges through automation, embedded security controls, and tools like the Simian Army that induce failures to test availability.

TechnologieBusiness
1 von 77
Downloaden Sie, um offline zu lesen
Scaling the Cloud Bill Burns Sr. Manager, Networks & Security CISO Executive Forum February 26, 2012 Thursday, March 8, 12
Agenda • Netflix Background and Culture • Why We Moved to the Cloud • InfoSec Challenges in an IaaS Cloud • InfoSec Perspective: Running In The Cloud Thursday, March 8, 12
Netflix Business (c) 2011 Sandvine Thursday, March 8, 12
Netflix Business • 24+ million members globally (c) 2011 Sandvine Thursday, March 8, 12
Netflix Business • 24+ million members globally • Streaming in 47 countries (c) 2011 Sandvine Thursday, March 8, 12
Netflix Business • 24+ million members globally • Streaming in 47 countries • Watch on more than 700 devices (c) 2011 Sandvine Thursday, March 8, 12
Netflix Business • 24+ million members globally • Streaming in 47 countries • Watch on more than 700 devices • 33% of US peak evening Internet traffic (c) 2011 Sandvine Thursday, March 8, 12
Background and Context • High Performance Culture • Fail Fast, Learn Fast ... Get Results • Core Value: “Freedom & Responsibility” Thursday, March 8, 12
Engineering- Centric Culture Thursday, March 8, 12
Engineering- Centric Culture • Sought the Cloud for Availability, Capacity • ...and also found Agility Thursday, March 8, 12
Engineering- Centric Culture • Sought the Cloud for Availability, Capacity • ...and also found Agility • DevOps / NoOps means engineering teams own: • New deployments and upgrades • Capacity planning & procurement Thursday, March 8, 12
Freedom & Responsibility Thursday, March 8, 12
Freedom & Responsibility Thursday, March 8, 12
Why Cloud? • Transforming Netflix’s Core Business • Availability, Capacity, Consistency • Lower operational effort • Mission Focus • Agility Thursday, March 8, 12
Demand vs Capacity Thursday, March 8, 12
Demand vs Capacity Thursday, March 8, 12
Demand vs Capacity 37x growth in 13 months Thursday, March 8, 12
Demand vs Capacity 37x growth in 13 months DataCenter Capacity Thursday, March 8, 12
Cloud: On- Demand Capacity Thursday, March 8, 12
Demand 1 Cloud: On- Demand Capacity 1. Demand: Typical pattern of customer requests rise & fall over time Thursday, March 8, 12
Demand 1 Cloud: On- Demand # Servers Capacity 2 1. Demand: Typical pattern of customer requests rise & fall over time 2. Reaction: System automatically adds, removes servers to the application pool Thursday, March 8, 12
Demand 1 Cloud: On- Demand # Servers Capacity 2 1. Demand: Typical pattern of customer requests rise & fall over time Utilization 2. Reaction: System automatically adds, removes servers to the application pool 3 3. Result: Overall utilization stays constant Thursday, March 8, 12
InfoSec Conden"ality' Challenges In An IaaS U"lity' Integrity' Cloud Authen"city' Availability' Possession' Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Confidentiality Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Integrity Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Availability Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Possession/Control Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
InfoSec In The Cloud :: Harder Thursday, March 8, 12
InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” Thursday, March 8, 12
InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s traffic at your front door Thursday, March 8, 12
InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s traffic at your front door 3.Herding ephemeral instances with vendor applications Thursday, March 8, 12
InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s traffic at your front door 3.Herding ephemeral instances with vendor applications 4.Trusting endpoints, infrastructure Thursday, March 8, 12
InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s traffic at your front door 3.Herding ephemeral instances with vendor applications 4.Trusting endpoints, infrastructure 5.Key management Thursday, March 8, 12
InfoSec In The Cloud :: Easier Thursday, March 8, 12
InfoSec In The Cloud :: Easier 1.Reacting to business velocity 6.Embedding security controls 2.Detecting instance changes 7.Least privilege enforcement 3.Application ownership, management 8.Testing/auditing for conformance 4.Patching, updating 5.Availability, in a failure-prone 9.Consistency, conformity in environment build and launch Thursday, March 8, 12
Old IT way: Hand-Crafted configuration (C) courtesy: Flikr (piper, viamoi) Thursday, March 8, 12
Old IT way: Hand-Crafted configuration (C) courtesy: Flikr (piper, viamoi) Thursday, March 8, 12
New: Automation Thursday, March 8, 12
Change Controls :: Patching • Goal: Running instances do not get patched • Alternative: • Bake a new AMI for any change • Launch new instances in parallel • Kill the old instances Thursday, March 8, 12
Change Controls :: Upgrades • Bake a new AMI for any change • Launch new instances in parallel • Kill the old instances Lesson Learned: Make the secure, consistent behavior the easier alternative. Thursday, March 8, 12
Availability :: Never Launch One of Anything (c) Courtesy Flikr - Winton Thursday, March 8, 12
Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery (c) Courtesy Flikr - Winton Thursday, March 8, 12
Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery •Balance across Availability Zones (c) Courtesy Flikr - Winton Thursday, March 8, 12
Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery •Balance across Availability Zones •Applications automatically scale-out, regenerate (c) Courtesy Flikr - Winton Thursday, March 8, 12
Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery •Balance across Availability Zones •Applications automatically scale-out, regenerate •Conformity Monkey detects differences, improper settings (c) Courtesy Flikr - Winton Thursday, March 8, 12
Identity Challenges :: Vendors Lagging Thursday, March 8, 12
Identity Challenges :: Vendors Lagging • Cloud instances are ephemeral • Customers cannot necessarily pick their IP addresses, ranges • Instances need to base context on apps, services, tagging (not IPs) • Vendors need better support for ephemeral licensing, stateless instances, self-config Thursday, March 8, 12
Identity Challenges :: Vendors Lagging • Cloud instances are ephemeral • Customers cannot necessarily pick their IP addresses, ranges • Instances need to base context on apps, services, tagging (not IPs) • Vendors need better support for ephemeral licensing, stateless instances, self-config • Machine capacity is no longer a CapEx friction item. Thursday, March 8, 12
Conformity & Consistency Thursday, March 8, 12
Conformity & Consistency Thursday, March 8, 12
Automation = Conformity & Consistency Thursday, March 8, 12
Automation = Conformity & Consistency • All apps, tiers are Highly Available • Secure defaults applied automatically • Replacement instances look just like the originals Thursday, March 8, 12
Automation = Conformity & Consistency • All apps, tiers are Highly Available • Secure defaults applied automatically • Replacement instances look just like the originals Thursday, March 8, 12
Baked-In Security Controls :: Netflix Simian Army • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix Simian Army • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive • Security Monkey – Various security checks monitoring, testing • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive • Security Monkey – Various security checks monitoring, testing • Exploit Monkey – Vuln Scans / Pen Tests • Mostly opt-In Thursday, March 8, 12
Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive • Security Monkey – Various security checks monitoring, testing • Exploit Monkey – Vuln Scans / Pen Tests • Mostly opt-In • Unnamed – File integrity monitoring, HIDS Thursday, March 8, 12
Embedded Security Controls Thursday, March 8, 12
Embedded Security Controls • Controls baked into the “base AMI” • Controls placed near the data • Applied as machines die/reborn Thursday, March 8, 12
Embedded Security Controls • Controls baked into the “base AMI” • Controls placed near the data • Applied as machines die/reborn • Security controls are “Data Center agnostic” • Provide a “single pane of glass” awareness • Span all regions, data centers Thursday, March 8, 12
CISO Forum Take-Aways Thursday, March 8, 12
CISO Forum Take-Aways 1. The public cloud / IaaS is not just a technology. 2. Cloud IaaS is disruptive to Operations, Engineering, Vendors, Auditors. 3. Your Data is your new perimeter. 4. Design for failures in everything. 5. IaaS providers care about their infrastructure. 6. Public cloud Information Security is still about the basics, but in a new context. 7. There’s still plenty left to resolve, like trusted infrastructure, strong key management, COTS support. Thursday, March 8, 12
Questions Thursday, March 8, 12
Questions Thursday, March 8, 12

Empfohlen

Challenges in cloud computing to enable future internet of things v0.3
Challenges in cloud computing to enable future internet of things v0.3Challenges in cloud computing to enable future internet of things v0.3
Challenges in cloud computing to enable future internet of things v0.3Ignacio M. Llorente
 
Cloud Security Alliance - Cloud Summit Keynote
Cloud Security Alliance - Cloud Summit KeynoteCloud Security Alliance - Cloud Summit Keynote
Cloud Security Alliance - Cloud Summit KeynoteChristofer Hoff
 
Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...
Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...
Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...Capgemini
 
Leaders in the Cloud: Identifying Cloud Business Value for Customers
Leaders in the Cloud: Identifying Cloud Business Value for CustomersLeaders in the Cloud: Identifying Cloud Business Value for Customers
Leaders in the Cloud: Identifying Cloud Business Value for CustomersOpSource
 
Cloud Computing for Enterprise Architects
Cloud Computing for Enterprise ArchitectsCloud Computing for Enterprise Architects
Cloud Computing for Enterprise ArchitectsJean-François Caenen
 
Cloud Computing and Enterprise Architecture
Cloud Computing and Enterprise ArchitectureCloud Computing and Enterprise Architecture
Cloud Computing and Enterprise ArchitectureDavid Linthicum
 
ClientSummit2010_CloudWorkshop
ClientSummit2010_CloudWorkshopClientSummit2010_CloudWorkshop
ClientSummit2010_CloudWorkshopRazorfish
 
2012 Future of Cloud Computing
2012 Future of Cloud Computing 2012 Future of Cloud Computing
2012 Future of Cloud Computing Michael Skok
 

Empfohlen

Challenges in cloud computing to enable future internet of things v0.3
Challenges in cloud computing to enable future internet of things v0.3Challenges in cloud computing to enable future internet of things v0.3
Challenges in cloud computing to enable future internet of things v0.3Ignacio M. Llorente
 
Cloud Security Alliance - Cloud Summit Keynote
Cloud Security Alliance - Cloud Summit KeynoteCloud Security Alliance - Cloud Summit Keynote
Cloud Security Alliance - Cloud Summit KeynoteChristofer Hoff
 
Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...
Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...
Cloud Computing – Time for delivery. The question is not “if”, but “how, whe...Capgemini
 
Leaders in the Cloud: Identifying Cloud Business Value for Customers
Leaders in the Cloud: Identifying Cloud Business Value for CustomersLeaders in the Cloud: Identifying Cloud Business Value for Customers
Leaders in the Cloud: Identifying Cloud Business Value for CustomersOpSource
 
Cloud Computing for Enterprise Architects
Cloud Computing for Enterprise ArchitectsCloud Computing for Enterprise Architects
Cloud Computing for Enterprise ArchitectsJean-François Caenen
 
Cloud Computing and Enterprise Architecture
Cloud Computing and Enterprise ArchitectureCloud Computing and Enterprise Architecture
Cloud Computing and Enterprise ArchitectureDavid Linthicum
 
ClientSummit2010_CloudWorkshop
ClientSummit2010_CloudWorkshopClientSummit2010_CloudWorkshop
ClientSummit2010_CloudWorkshopRazorfish
 
2012 Future of Cloud Computing
2012 Future of Cloud Computing 2012 Future of Cloud Computing
2012 Future of Cloud Computing Michael Skok
 
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...LicensingLive! - SafeNet
 
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAmazon Web Services
 
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)Lustratus REPAMA
 
Lean Cloud - Amazon Web Services
Lean Cloud - Amazon Web ServicesLean Cloud - Amazon Web Services
Lean Cloud - Amazon Web ServicesSimone Brunozzi
 
Defining Your Cloud Strategy
Defining Your Cloud StrategyDefining Your Cloud Strategy
Defining Your Cloud StrategyInternap
 
Public vs private vs hybrid cloud what is best for your business-
Public vs private vs hybrid cloud what is best for your business-Public vs private vs hybrid cloud what is best for your business-
Public vs private vs hybrid cloud what is best for your business-Everdata Technologies
 
#UNIT 2017: Cloud Computing
#UNIT 2017: Cloud Computing#UNIT 2017: Cloud Computing
#UNIT 2017: Cloud ComputingUNICORNS IN TECH
 
Big data and intelligent platforms
Big data and intelligent platformsBig data and intelligent platforms
Big data and intelligent platformsKrishnan Subramanian
 
Cloud discussion
Cloud discussionCloud discussion
Cloud discussionDavid Giard
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issuesPradeepti Kamble
 
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...Ryan Koop
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud finalguest50a642f
 
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Shirshanka Das
 
Choosing Public vs. Private vs. Hybrid Cloud Computing
Choosing Public vs. Private vs. Hybrid Cloud ComputingChoosing Public vs. Private vs. Hybrid Cloud Computing
Choosing Public vs. Private vs. Hybrid Cloud ComputingSkytap Cloud
 
AAF - Enterprise Architecture and Cloud Computing
AAF - Enterprise Architecture and Cloud ComputingAAF - Enterprise Architecture and Cloud Computing
AAF - Enterprise Architecture and Cloud ComputingMarc Caltabiano
 
5 BENEFITS OF HYBRID CLOUD
5 BENEFITS OF HYBRID CLOUD5 BENEFITS OF HYBRID CLOUD
5 BENEFITS OF HYBRID CLOUDTyrone Systems
 
Hadoop Twelve Predictions for 2012
Hadoop Twelve Predictions for 2012Hadoop Twelve Predictions for 2012
Hadoop Twelve Predictions for 2012Cloudera, Inc.
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityOran Epelbaum
 
Big Data and the Cloud a Best Friend Story
Big Data and the Cloud a Best Friend StoryBig Data and the Cloud a Best Friend Story
Big Data and the Cloud a Best Friend StoryAmazon Web Services
 
Transitioning to Hybrid Cloud
Transitioning to Hybrid CloudTransitioning to Hybrid Cloud
Transitioning to Hybrid CloudProlifics
 
Cloud Economics: Optimising for Cost
Cloud Economics: Optimising for CostCloud Economics: Optimising for Cost
Cloud Economics: Optimising for CostAmazon Web Services
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The CloudAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...LicensingLive! - SafeNet
 
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAmazon Web Services
 
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)Lustratus REPAMA
 
Lean Cloud - Amazon Web Services
Lean Cloud - Amazon Web ServicesLean Cloud - Amazon Web Services
Lean Cloud - Amazon Web ServicesSimone Brunozzi
 
Defining Your Cloud Strategy
Defining Your Cloud StrategyDefining Your Cloud Strategy
Defining Your Cloud StrategyInternap
 
Public vs private vs hybrid cloud what is best for your business-
Public vs private vs hybrid cloud what is best for your business-Public vs private vs hybrid cloud what is best for your business-
Public vs private vs hybrid cloud what is best for your business-Everdata Technologies
 
#UNIT 2017: Cloud Computing
#UNIT 2017: Cloud Computing#UNIT 2017: Cloud Computing
#UNIT 2017: Cloud ComputingUNICORNS IN TECH
 
Big data and intelligent platforms
Big data and intelligent platformsBig data and intelligent platforms
Big data and intelligent platformsKrishnan Subramanian
 
Cloud discussion
Cloud discussionCloud discussion
Cloud discussionDavid Giard
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issuesPradeepti Kamble
 
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...Ryan Koop
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud finalguest50a642f
 
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Shirshanka Das
 
Choosing Public vs. Private vs. Hybrid Cloud Computing
Choosing Public vs. Private vs. Hybrid Cloud ComputingChoosing Public vs. Private vs. Hybrid Cloud Computing
Choosing Public vs. Private vs. Hybrid Cloud ComputingSkytap Cloud
 
AAF - Enterprise Architecture and Cloud Computing
AAF - Enterprise Architecture and Cloud ComputingAAF - Enterprise Architecture and Cloud Computing
AAF - Enterprise Architecture and Cloud ComputingMarc Caltabiano
 
5 BENEFITS OF HYBRID CLOUD
5 BENEFITS OF HYBRID CLOUD5 BENEFITS OF HYBRID CLOUD
5 BENEFITS OF HYBRID CLOUDTyrone Systems
 
Hadoop Twelve Predictions for 2012
Hadoop Twelve Predictions for 2012Hadoop Twelve Predictions for 2012
Hadoop Twelve Predictions for 2012Cloudera, Inc.
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityOran Epelbaum
 
Big Data and the Cloud a Best Friend Story
Big Data and the Cloud a Best Friend StoryBig Data and the Cloud a Best Friend Story
Big Data and the Cloud a Best Friend StoryAmazon Web Services
 
Transitioning to Hybrid Cloud
Transitioning to Hybrid CloudTransitioning to Hybrid Cloud
Transitioning to Hybrid CloudProlifics
 

Was ist angesagt? (20)

Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
Hybrid Customer Insight - Data Collection and Analysis from On-premise and in...
 
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS CorpAWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
AWS Cloud Use Cases - Ezhil Arasan Babaraj, CSS Corp
 
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
Cloud Computing Without The Hype An Executive Guide (1.00 Slideshare)
 
Lean Cloud - Amazon Web Services
Lean Cloud - Amazon Web ServicesLean Cloud - Amazon Web Services
Lean Cloud - Amazon Web Services
 
Defining Your Cloud Strategy
Defining Your Cloud StrategyDefining Your Cloud Strategy
Defining Your Cloud Strategy
 
Public vs private vs hybrid cloud what is best for your business-
Public vs private vs hybrid cloud what is best for your business-Public vs private vs hybrid cloud what is best for your business-
Public vs private vs hybrid cloud what is best for your business-
 
#UNIT 2017: Cloud Computing
#UNIT 2017: Cloud Computing#UNIT 2017: Cloud Computing
#UNIT 2017: Cloud Computing
 
Big data and intelligent platforms
Big data and intelligent platformsBig data and intelligent platforms
Big data and intelligent platforms
 
Cloud discussion
Cloud discussionCloud discussion
Cloud discussion
 
Cloud Computing security issues
Cloud Computing security issuesCloud Computing security issues
Cloud Computing security issues
 
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
CIW Lab with CoheisveFT: Get started in public cloud - Part 1 Cloud & Virtual...
 
Privacy issues in the cloud final
Privacy issues in the cloud finalPrivacy issues in the cloud final
Privacy issues in the cloud final
 
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
Taming the ever-evolving Compliance Beast : Lessons learnt at LinkedIn [Strat...
 
Choosing Public vs. Private vs. Hybrid Cloud Computing
Choosing Public vs. Private vs. Hybrid Cloud ComputingChoosing Public vs. Private vs. Hybrid Cloud Computing
Choosing Public vs. Private vs. Hybrid Cloud Computing
 
AAF - Enterprise Architecture and Cloud Computing
AAF - Enterprise Architecture and Cloud ComputingAAF - Enterprise Architecture and Cloud Computing
AAF - Enterprise Architecture and Cloud Computing
 
5 BENEFITS OF HYBRID CLOUD
5 BENEFITS OF HYBRID CLOUD5 BENEFITS OF HYBRID CLOUD
5 BENEFITS OF HYBRID CLOUD
 
Hadoop Twelve Predictions for 2012
Hadoop Twelve Predictions for 2012Hadoop Twelve Predictions for 2012
Hadoop Twelve Predictions for 2012
 
Introduction to Cloud Computing and Security
Introduction to Cloud Computing and SecurityIntroduction to Cloud Computing and Security
Introduction to Cloud Computing and Security
 
Big Data and the Cloud a Best Friend Story
Big Data and the Cloud a Best Friend StoryBig Data and the Cloud a Best Friend Story
Big Data and the Cloud a Best Friend Story
 
Transitioning to Hybrid Cloud
Transitioning to Hybrid CloudTransitioning to Hybrid Cloud
Transitioning to Hybrid Cloud
 

Andere mochten auch

Cloud Economics: Optimising for Cost
Cloud Economics: Optimising for CostCloud Economics: Optimising for Cost
Cloud Economics: Optimising for CostAmazon Web Services
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The CloudAmazon Web Services
 
Building the European Cloud Computing Strategy
Building the European Cloud Computing StrategyBuilding the European Cloud Computing Strategy
Building the European Cloud Computing StrategyCarl-Christian Buhr
 
Enterprise Journey to the Cloud
Enterprise Journey to the CloudEnterprise Journey to the Cloud
Enterprise Journey to the CloudAmazon Web Services
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeDavid Linthicum
 
2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...
2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...
2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...Amazon Web Services
 
Cost Optimisation with Amazon Web Services
Cost Optimisation with Amazon Web Services Cost Optimisation with Amazon Web Services
Cost Optimisation with Amazon Web ServicesAmazon Web Services
 
Zuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That Matter
Zuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That MatterZuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That Matter
Zuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That MatterZuora, Inc.
 
Open APIs: What's Hot, What's Not?
Open APIs: What's Hot, What's Not?Open APIs: What's Hot, What's Not?
Open APIs: What's Hot, What's Not?John Musser
 
Google App Engine for Business 101
Google App Engine for Business 101Google App Engine for Business 101
Google App Engine for Business 101Chris Schalk
 
Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...
Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...
Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...Amazon Web Services
 
Architectures for open and scalable clouds
Architectures for open and scalable cloudsArchitectures for open and scalable clouds
Architectures for open and scalable cloudsRandy Bias
 
Masterclass Webinar: Amazon S3
Masterclass Webinar: Amazon S3Masterclass Webinar: Amazon S3
Masterclass Webinar: Amazon S3Amazon Web Services
 
AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...
AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...
AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...Amazon Web Services
 
Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
Running Microsoft SharePoint On AWS - Smartronix and AWS - WebinarRunning Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
Running Microsoft SharePoint On AWS - Smartronix and AWS - WebinarAmazon Web Services
 

Andere mochten auch (17)

Cloud Economics: Optimising for Cost
Cloud Economics: Optimising for CostCloud Economics: Optimising for Cost
Cloud Economics: Optimising for Cost
 
AWS Architecting In The Cloud
AWS Architecting In The CloudAWS Architecting In The Cloud
AWS Architecting In The Cloud
 
Building the European Cloud Computing Strategy
Building the European Cloud Computing StrategyBuilding the European Cloud Computing Strategy
Building the European Cloud Computing Strategy
 
Cloud Computing Technology Overview 2012
Cloud Computing Technology Overview 2012Cloud Computing Technology Overview 2012
Cloud Computing Technology Overview 2012
 
Enterprise Journey to the Cloud
Enterprise Journey to the CloudEnterprise Journey to the Cloud
Enterprise Journey to the Cloud
 
How to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First TimeHow to Get Cloud Architecture and Design Right the First Time
How to Get Cloud Architecture and Design Right the First Time
 
2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...
2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...
2011 State of the Cloud: A Year's Worth of Innovation in 30 Minutes - Jinesh...
 
Cost Optimisation with Amazon Web Services
Cost Optimisation with Amazon Web Services Cost Optimisation with Amazon Web Services
Cost Optimisation with Amazon Web Services
 
Zuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That Matter
Zuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That MatterZuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That Matter
Zuora @ AlwaysOn 2012 - The Only 3 SaaS Metrics That Matter
 
Open APIs: What's Hot, What's Not?
Open APIs: What's Hot, What's Not?Open APIs: What's Hot, What's Not?
Open APIs: What's Hot, What's Not?
 
Google App Engine for Business 101
Google App Engine for Business 101Google App Engine for Business 101
Google App Engine for Business 101
 
Hadoop and DynamoDB
Hadoop and DynamoDBHadoop and DynamoDB
Hadoop and DynamoDB
 
Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...
Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...
Architecting for the Cloud: demo and best practices, by Simone Brunozzi (2011...
 
Architectures for open and scalable clouds
Architectures for open and scalable cloudsArchitectures for open and scalable clouds
Architectures for open and scalable clouds
 
Masterclass Webinar: Amazon S3
Masterclass Webinar: Amazon S3Masterclass Webinar: Amazon S3
Masterclass Webinar: Amazon S3
 
AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...
AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...
AWS Partner Presentation - PetaByte Scale Computing on Amazon EC2 with BigDat...
 
Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
Running Microsoft SharePoint On AWS - Smartronix and AWS - WebinarRunning Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
Running Microsoft SharePoint On AWS - Smartronix and AWS - Webinar
 

Ähnlich wie Scaling the Cloud - Cloud Security

Ciso executive summit 2012
Ciso executive summit 2012Ciso executive summit 2012
Ciso executive summit 2012Bill Burns
 
Semantic Web Landscape 2009
Semantic Web Landscape 2009Semantic Web Landscape 2009
Semantic Web Landscape 2009LeeFeigenbaum
 
Application integration in the age of APIs
Application integration in the age of APIsApplication integration in the age of APIs
Application integration in the age of APIsRenat Zubairov
 
IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt
IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.pptIBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt
IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt14941
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewragibhasan
 
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...Amazon Web Services
 
The architecture of data analytics PaaS on AWS
The architecture of data analytics PaaS on AWSThe architecture of data analytics PaaS on AWS
The architecture of data analytics PaaS on AWSTreasure Data, Inc.
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013Patrick Chanezon
 
Linked Data Approach for Integration of Human Health & Environmental Data
Linked Data Approach for Integration of Human Health & Environmental DataLinked Data Approach for Integration of Human Health & Environmental Data
Linked Data Approach for Integration of Human Health & Environmental Data3 Round Stones
 
Cloud Foundry and Ubuntu - 2012
Cloud Foundry and Ubuntu - 2012Cloud Foundry and Ubuntu - 2012
Cloud Foundry and Ubuntu - 2012Patrick Chanezon
 
Genestack Genomics Applications Platform
Genestack Genomics Applications PlatformGenestack Genomics Applications Platform
Genestack Genomics Applications Platformgenestack
 
Open Cloud System Networking Vision
Open Cloud System Networking VisionOpen Cloud System Networking Vision
Open Cloud System Networking VisionRandy Bias
 
How much money do you lose every time your ecommerce site goes down?
How much money do you lose every time your ecommerce site goes down?How much money do you lose every time your ecommerce site goes down?
How much money do you lose every time your ecommerce site goes down?DataStax
 
Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...
Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...
Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...exponential-inc
 
Data Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloningData Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloningKyle Hailey
 
Optimize Your Vertica Data Management Infrastructure
Optimize Your Vertica Data Management InfrastructureOptimize Your Vertica Data Management Infrastructure
Optimize Your Vertica Data Management InfrastructureImanis Data
 
Braveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseBraveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseTravis McAdams
 
Cloud Foundry OpenTour Kiev Keynote
Cloud Foundry OpenTour Kiev KeynoteCloud Foundry OpenTour Kiev Keynote
Cloud Foundry OpenTour Kiev KeynotePatrick Chanezon
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...Dana Gardner
 
Overview of big data in cloud computing
Overview of big data in cloud computingOverview of big data in cloud computing
Overview of big data in cloud computingViet-Trung TRAN
 

Ähnlich wie Scaling the Cloud - Cloud Security (20)

Ciso executive summit 2012
Ciso executive summit 2012Ciso executive summit 2012
Ciso executive summit 2012
 
Semantic Web Landscape 2009
Semantic Web Landscape 2009Semantic Web Landscape 2009
Semantic Web Landscape 2009
 
Application integration in the age of APIs
Application integration in the age of APIsApplication integration in the age of APIs
Application integration in the age of APIs
 
IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt
IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.pptIBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt
IBM_Q3_Security_Roadshow_IBRS_JTurner_v04.ppt
 
Security and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level viewSecurity and Privacy in Cloud Computing - a High-level view
Security and Privacy in Cloud Computing - a High-level view
 
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
From Brainstorm to Build: How leading law firm, Minter Ellison, built a highl...
 
The architecture of data analytics PaaS on AWS
The architecture of data analytics PaaS on AWSThe architecture of data analytics PaaS on AWS
The architecture of data analytics PaaS on AWS
 
NATO IST Symposium 2013
NATO IST Symposium 2013NATO IST Symposium 2013
NATO IST Symposium 2013
 
Linked Data Approach for Integration of Human Health & Environmental Data
Linked Data Approach for Integration of Human Health & Environmental DataLinked Data Approach for Integration of Human Health & Environmental Data
Linked Data Approach for Integration of Human Health & Environmental Data
 
Cloud Foundry and Ubuntu - 2012
Cloud Foundry and Ubuntu - 2012Cloud Foundry and Ubuntu - 2012
Cloud Foundry and Ubuntu - 2012
 
Genestack Genomics Applications Platform
Genestack Genomics Applications PlatformGenestack Genomics Applications Platform
Genestack Genomics Applications Platform
 
Open Cloud System Networking Vision
Open Cloud System Networking VisionOpen Cloud System Networking Vision
Open Cloud System Networking Vision
 
How much money do you lose every time your ecommerce site goes down?
How much money do you lose every time your ecommerce site goes down?How much money do you lose every time your ecommerce site goes down?
How much money do you lose every time your ecommerce site goes down?
 
Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...
Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...
Keynote Address at 2013 CloudCon: Future of Big Data by Richard McDougall (In...
 
Data Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloningData Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloning
 
Optimize Your Vertica Data Management Infrastructure
Optimize Your Vertica Data Management InfrastructureOptimize Your Vertica Data Management Infrastructure
Optimize Your Vertica Data Management Infrastructure
 
Braveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student ShowcaseBraveheart Cloud Storage 2014 Student Showcase
Braveheart Cloud Storage 2014 Student Showcase
 
Cloud Foundry OpenTour Kiev Keynote
Cloud Foundry OpenTour Kiev KeynoteCloud Foundry OpenTour Kiev Keynote
Cloud Foundry OpenTour Kiev Keynote
 
How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...How Global Data Availability Accelerates Collaboration And Delivers Business ...
How Global Data Availability Accelerates Collaboration And Delivers Business ...
 
Overview of big data in cloud computing
Overview of big data in cloud computingOverview of big data in cloud computing
Overview of big data in cloud computing
 

KĂźrzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 

KĂźrzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 

Scaling the Cloud - Cloud Security

  • 1. Scaling the Cloud Bill Burns Sr. Manager, Networks & Security CISO Executive Forum February 26, 2012 Thursday, March 8, 12
  • 2. Agenda • Netflix Background and Culture • Why We Moved to the Cloud • InfoSec Challenges in an IaaS Cloud • InfoSec Perspective: Running In The Cloud Thursday, March 8, 12
  • 3. Netflix Business (c) 2011 Sandvine Thursday, March 8, 12
  • 4. Netflix Business • 24+ million members globally (c) 2011 Sandvine Thursday, March 8, 12
  • 5. Netflix Business • 24+ million members globally • Streaming in 47 countries (c) 2011 Sandvine Thursday, March 8, 12
  • 6. Netflix Business • 24+ million members globally • Streaming in 47 countries • Watch on more than 700 devices (c) 2011 Sandvine Thursday, March 8, 12
  • 7. Netflix Business • 24+ million members globally • Streaming in 47 countries • Watch on more than 700 devices • 33% of US peak evening Internet trafc (c) 2011 Sandvine Thursday, March 8, 12
  • 8. Background and Context • High Performance Culture • Fail Fast, Learn Fast ... Get Results • Core Value: “Freedom & Responsibility” Thursday, March 8, 12
  • 9. Engineering- Centric Culture Thursday, March 8, 12
  • 10. Engineering- Centric Culture • Sought the Cloud for Availability, Capacity • ...and also found Agility Thursday, March 8, 12
  • 11. Engineering- Centric Culture • Sought the Cloud for Availability, Capacity • ...and also found Agility • DevOps / NoOps means engineering teams own: • New deployments and upgrades • Capacity planning & procurement Thursday, March 8, 12
  • 12. Freedom & Responsibility Thursday, March 8, 12
  • 13. Freedom & Responsibility Thursday, March 8, 12
  • 14. Why Cloud? • Transforming Netflix’s Core Business • Availability, Capacity, Consistency • Lower operational effort • Mission Focus • Agility Thursday, March 8, 12
  • 17. Demand vs Capacity 37x growth in 13 months Thursday, March 8, 12
  • 18. Demand vs Capacity 37x growth in 13 months DataCenter Capacity Thursday, March 8, 12
  • 19. Cloud: On- Demand Capacity Thursday, March 8, 12
  • 20. Demand 1 Cloud: On- Demand Capacity 1. Demand: Typical pattern of customer requests rise & fall over time Thursday, March 8, 12
  • 21. Demand 1 Cloud: On- Demand # Servers Capacity 2 1. Demand: Typical pattern of customer requests rise & fall over time 2. Reaction: System automatically adds, removes servers to the application pool Thursday, March 8, 12
  • 22. Demand 1 Cloud: On- Demand # Servers Capacity 2 1. Demand: Typical pattern of customer requests rise & fall over time Utilization 2. Reaction: System automatically adds, removes servers to the application pool 3 3. Result: Overall utilization stays constant Thursday, March 8, 12
  • 23. InfoSec Conden"ality' Challenges In An IaaS U"lity' Integrity' Cloud Authen"city' Availability' Possession' Thursday, March 8, 12
  • 24. InfoSec Challenge in an IaaS Cloud :: Confidentiality Thursday, March 8, 12
  • 25. InfoSec Challenge in an IaaS Cloud :: Integrity Thursday, March 8, 12
  • 26. InfoSec Challenge in an IaaS Cloud :: Availability Thursday, March 8, 12
  • 27. InfoSec Challenge in an IaaS Cloud :: Possession/Control Thursday, March 8, 12
  • 28. InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
  • 29. InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
  • 30. InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
  • 31. InfoSec Challenge in an IaaS Cloud :: Authenticity Thursday, March 8, 12
  • 32. Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
  • 33. Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
  • 34. Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
  • 35. Running In The Cloud :: InfoSec Perspective Thursday, March 8, 12
  • 36. InfoSec In The Cloud :: Harder Thursday, March 8, 12
  • 37. InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” Thursday, March 8, 12
  • 38. InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s trafc at your front door Thursday, March 8, 12
  • 39. InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s trafc at your front door 3.Herding ephemeral instances with vendor applications Thursday, March 8, 12
  • 40. InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s trafc at your front door 3.Herding ephemeral instances with vendor applications 4.Trusting endpoints, infrastructure Thursday, March 8, 12
  • 41. InfoSec In The Cloud :: Harder 1.“You’re host attacked me yesterday. Please stop!” 2.Dealing with other people’s trafc at your front door 3.Herding ephemeral instances with vendor applications 4.Trusting endpoints, infrastructure 5.Key management Thursday, March 8, 12
  • 42. InfoSec In The Cloud :: Easier Thursday, March 8, 12
  • 43. InfoSec In The Cloud :: Easier 1.Reacting to business velocity 6.Embedding security controls 2.Detecting instance changes 7.Least privilege enforcement 3.Application ownership, management 8.Testing/auditing for conformance 4.Patching, updating 5.Availability, in a failure-prone 9.Consistency, conformity in environment build and launch Thursday, March 8, 12
  • 44. Old IT way: Hand-Crafted configuration (C) courtesy: Flikr (piper, viamoi) Thursday, March 8, 12
  • 45. Old IT way: Hand-Crafted configuration (C) courtesy: Flikr (piper, viamoi) Thursday, March 8, 12
  • 47. Change Controls :: Patching • Goal: Running instances do not get patched • Alternative: • Bake a new AMI for any change • Launch new instances in parallel • Kill the old instances Thursday, March 8, 12
  • 48. Change Controls :: Upgrades • Bake a new AMI for any change • Launch new instances in parallel • Kill the old instances Lesson Learned: Make the secure, consistent behavior the easier alternative. Thursday, March 8, 12
  • 49. Availability :: Never Launch One of Anything (c) Courtesy Flikr - Winton Thursday, March 8, 12
  • 50. Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery (c) Courtesy Flikr - Winton Thursday, March 8, 12
  • 51. Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery •Balance across Availability Zones (c) Courtesy Flikr - Winton Thursday, March 8, 12
  • 52. Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery •Balance across Availability Zones •Applications automatically scale-out, regenerate (c) Courtesy Flikr - Winton Thursday, March 8, 12
  • 53. Availability :: Never Launch One of Anything •Chaos Monkey induces failures, helps us practice recovery •Balance across Availability Zones •Applications automatically scale-out, regenerate •Conformity Monkey detects differences, improper settings (c) Courtesy Flikr - Winton Thursday, March 8, 12
  • 54. Identity Challenges :: Vendors Lagging Thursday, March 8, 12
  • 55. Identity Challenges :: Vendors Lagging • Cloud instances are ephemeral • Customers cannot necessarily pick their IP addresses, ranges • Instances need to base context on apps, services, tagging (not IPs) • Vendors need better support for ephemeral licensing, stateless instances, self-cong Thursday, March 8, 12
  • 56. Identity Challenges :: Vendors Lagging • Cloud instances are ephemeral • Customers cannot necessarily pick their IP addresses, ranges • Instances need to base context on apps, services, tagging (not IPs) • Vendors need better support for ephemeral licensing, stateless instances, self-cong • Machine capacity is no longer a CapEx friction item. Thursday, March 8, 12
  • 57. Conformity & Consistency Thursday, March 8, 12
  • 58. Conformity & Consistency Thursday, March 8, 12
  • 59. Automation = Conformity & Consistency Thursday, March 8, 12
  • 60. Automation = Conformity & Consistency • All apps, tiers are Highly Available • Secure defaults applied automatically • Replacement instances look just like the originals Thursday, March 8, 12
  • 61. Automation = Conformity & Consistency • All apps, tiers are Highly Available • Secure defaults applied automatically • Replacement instances look just like the originals Thursday, March 8, 12
  • 62. Baked-In Security Controls :: Netflix Simian Army • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 63. Baked-In Security Controls :: Netflix Simian Army • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 64. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 65. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 66. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 67. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 68. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive • Security Monkey – Various security checks monitoring, testing • Mostly opt-In Thursday, March 8, 12
  • 69. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive • Security Monkey – Various security checks monitoring, testing • Exploit Monkey – Vuln Scans / Pen Tests • Mostly opt-In Thursday, March 8, 12
  • 70. Baked-In Security Controls :: Netflix • Chaos Monkey - Randomly kills instances Simian Army • Conformity Monkey - Various policy checks • Cloud Ready Dashboard • Latency Monkey – Induces random latency • Identify and test • Janitor Monkey – Kills orphaned instances common failure modes • Continuous, aggressive • Security Monkey – Various security checks monitoring, testing • Exploit Monkey – Vuln Scans / Pen Tests • Mostly opt-In • Unnamed – File integrity monitoring, HIDS Thursday, March 8, 12
  • 71. Embedded Security Controls Thursday, March 8, 12
  • 72. Embedded Security Controls • Controls baked into the “base AMI” • Controls placed near the data • Applied as machines die/reborn Thursday, March 8, 12
  • 73. Embedded Security Controls • Controls baked into the “base AMI” • Controls placed near the data • Applied as machines die/reborn • Security controls are “Data Center agnostic” • Provide a “single pane of glass” awareness • Span all regions, data centers Thursday, March 8, 12
  • 74. CISO Forum Take-Aways Thursday, March 8, 12
  • 75. CISO Forum Take-Aways 1. The public cloud / IaaS is not just a technology. 2. Cloud IaaS is disruptive to Operations, Engineering, Vendors, Auditors. 3. Your Data is your new perimeter. 4. Design for failures in everything. 5. IaaS providers care about their infrastructure. 6. Public cloud Information Security is still about the basics, but in a new context. 7. There’s still plenty left to resolve, like trusted infrastructure, strong key management, COTS support. Thursday, March 8, 12

Hinweis der Redaktion

  1. Why did Netflix migrate to the public Cloud?\nWhich InfoSec controls were harder or easier in the Cloud?\nWhat’s left to solve?\n\nRunning in a public cloud is less about virtualization and more about disrupting how you currently deliver services. Here’s the infosec lens on how Netflix is migrating to the Cloud.\n\nAugments Jason Chan’s “Practical Cloud Security” presentations.\n
  2. I won’t spend a lot of time on background, but it’s important to cover the context so that you understand why we’re doing this.\n\nIn two years we went from “traditional IT” to running one of the largest public cloud infrastructures on Amazon.\n\nWhen I briefed the DoD CyberSecurity Task Force, they were shocked at the rate of our innovation. I thought 2 years was a long time; but they helped put things into perspective.\n\nThese ideas may seem strange to you. But you probably have teams doing this already, or are trying to achieve this, or you will acquire a company that does this now. I assert that many of these design and operations ideas will be the norm for new companies in less than 5 years.\n\n
  3. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  4. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  5. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  6. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  7. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  8. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  9. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  10. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  11. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  12. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  13. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  14. (doubled subscribers in 2010, moved to cloud)\n3+ billion rev in 2011, S&P 500\n\nQ: Soon every TV sold anywhere in the world will have WiFi and Netflix built in \n\n
  15. We’re dev-focused so it was OK for us to build our own.\nDidn’t need to wait for industry to build shims and orchestration tools.\nAlso weren’t multi-CSP concerned at this point, YMMV. We’re also not in a regulated industry, so again YMMV.\n
  16. In other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  17. In other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  18. (No Central architecture review boards, etc)\n(eliminated unnecessary complexity)\nLoosely-coupled, highly-aligned teams\nResponsible people thrive on, are worthy of freedom\nIncrease freedom as we grow, rather than limit it\nNetflix loves killing unnecessary processes\n
  19. (No Central architecture review boards, etc)\n(eliminated unnecessary complexity)\nLoosely-coupled, highly-aligned teams\nResponsible people thrive on, are worthy of freedom\nIncrease freedom as we grow, rather than limit it\nNetflix loves killing unnecessary processes\n
  20. (No Central architecture review boards, etc)\n(eliminated unnecessary complexity)\nLoosely-coupled, highly-aligned teams\nResponsible people thrive on, are worthy of freedom\nIncrease freedom as we grow, rather than limit it\nNetflix loves killing unnecessary processes\n
  21. \n
  22. \n
  23. \n
  24. \n
  25. (doubled subscribers in 2010, moved to cloud)\nExample: Superbowl, Christmas scaling\n\nScale up early, scale down slowly\nprovision for AZ capacity\n\nWe now kill and respawn more Cloud servers every week than we have in our datacenter. It’s approaching a daily rate.\n
  26. (doubled subscribers in 2010, moved to cloud)\nExample: Superbowl, Christmas scaling\n\nScale up early, scale down slowly\nprovision for AZ capacity\n\nWe now kill and respawn more Cloud servers every week than we have in our datacenter. It’s approaching a daily rate.\n
  27. (doubled subscribers in 2010, moved to cloud)\nExample: Superbowl, Christmas scaling\n\nScale up early, scale down slowly\nprovision for AZ capacity\n\nWe now kill and respawn more Cloud servers every week than we have in our datacenter. It’s approaching a daily rate.\n
  28. (doubled subscribers in 2010, moved to cloud)\nExample: Superbowl, Christmas scaling\n\nScale up early, scale down slowly\nprovision for AZ capacity\n\nWe now kill and respawn more Cloud servers every week than we have in our datacenter. It’s approaching a daily rate.\n
  29. (doubled subscribers in 2010, moved to cloud)\nExample: Superbowl, Christmas scaling\n\nScale up early, scale down slowly\nprovision for AZ capacity\n\nWe now kill and respawn more Cloud servers every week than we have in our datacenter. It’s approaching a daily rate.\n
  30. (doubled subscribers in 2010, moved to cloud)\nExample: Superbowl, Christmas scaling\n\nScale up early, scale down slowly\nprovision for AZ capacity\n\nWe now kill and respawn more Cloud servers every week than we have in our datacenter. It’s approaching a daily rate.\n
  31. \n
  32. Goal: Assume Man In The Middle\nCountermeasures / Mindset:\nEnd-to-end encryption\nMutual authentication\nEncrypt storage\nFBI warning\n
  33. Countermeasures / Mindset:\nSegment key management from data usage\nSegment build / run environment\nTest for conformance, integrity\n
  34. ASG for everything\nAWS fleet-wide patch\nApril 2011 outage of a single AZ in US-EAST\n\nCountermeasures / Mindset:\nNever depend on “one” of anything (host, AZ, etc)\nStateless design in running instances\nTest for conformity, alert on non-conformity\n
  35. You can’t protect Software with More Software\nCountermeasures / Mindset:\nStrong key management\nSeparation of keys, data\nHardware key management\n
  36. Hard\nCountermeasures / Mindset:\nSLA, CSP in your Incident Response plan, TEST!\nRely on your other CIAp controls\n
  37. Hard\nCountermeasures / Mindset:\nSLA, CSP in your Incident Response plan, TEST!\nRely on your other CIAp controls\n
  38. Hard\nCountermeasures / Mindset:\nSLA, CSP in your Incident Response plan, TEST!\nRely on your other CIAp controls\n
  39. Hard\nCountermeasures / Mindset:\nSLA, CSP in your Incident Response plan, TEST!\nRely on your other CIAp controls\n
  40. Some lessons learned, some aspirational and in-motion\nIt’s hard work to move your systems, processes, and staff into this new environment\nAt times, it’ll feel chaotic..like you’re herding sheep and they’re running every which way\nBut once you learn the vocabulary and understand this technology, you’ll come to appreciate it. It’s actually very enabling and refreshing.\n
  41. Some lessons learned, some aspirational and in-motion\nIt’s hard work to move your systems, processes, and staff into this new environment\nAt times, it’ll feel chaotic..like you’re herding sheep and they’re running every which way\nBut once you learn the vocabulary and understand this technology, you’ll come to appreciate it. It’s actually very enabling and refreshing.\n
  42. Some lessons learned, some aspirational and in-motion\nIt’s hard work to move your systems, processes, and staff into this new environment\nAt times, it’ll feel chaotic..like you’re herding sheep and they’re running every which way\nBut once you learn the vocabulary and understand this technology, you’ll come to appreciate it. It’s actually very enabling and refreshing.\n
  43. Just like learning a new skill, it’s hard at first. Some things are still hard, but we’re working to make them easier. We’ll have some announcements in this space for everyone’s benefit, very exciting.\n
  44. Just like learning a new skill, it’s hard at first. Some things are still hard, but we’re working to make them easier. We’ll have some announcements in this space for everyone’s benefit, very exciting.\n
  45. Just like learning a new skill, it’s hard at first. Some things are still hard, but we’re working to make them easier. We’ll have some announcements in this space for everyone’s benefit, very exciting.\n
  46. Just like learning a new skill, it’s hard at first. Some things are still hard, but we’re working to make them easier. We’ll have some announcements in this space for everyone’s benefit, very exciting.\n
  47. Just like learning a new skill, it’s hard at first. Some things are still hard, but we’re working to make them easier. We’ll have some announcements in this space for everyone’s benefit, very exciting.\n
  48. Just like learning a new skill, it’s hard at first. Some things are still hard, but we’re working to make them easier. We’ll have some announcements in this space for everyone’s benefit, very exciting.\n
  49. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  50. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  51. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  52. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  53. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  54. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  55. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  56. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  57. Here’s a sample of what we’ve found to be easier, in our environment.\nWe’ll discuss some of these in more detail.\n
  58. Classic IT: uptime was paramount. Rebooting was something you snickered at the Windows guys about.\n\nYou patched, and tweaked, and documented all your changes.\n\nAnd prayed to God that all those fixes and tweaks worked, and the system actually came back up the next time you restarted it.\n\nEvery instance was unique, a special snowflake.\n
  59. Classic IT: uptime was paramount. Rebooting was something you snickered at the Windows guys about.\n\nYou patched, and tweaked, and documented all your changes.\n\nAnd prayed to God that all those fixes and tweaks worked, and the system actually came back up the next time you restarted it.\n\nEvery instance was unique, a special snowflake.\n
  60. Classic IT: uptime was paramount. Rebooting was something you snickered at the Windows guys about.\n\nYou patched, and tweaked, and documented all your changes.\n\nAnd prayed to God that all those fixes and tweaks worked, and the system actually came back up the next time you restarted it.\n\nEvery instance was unique, a special snowflake.\n
  61. We’ve been moving towards automation for a while now. The paradigm was to make adjustments to instances already running. The best models create “gold standard” images and deploy those.\n\nThe goal is to have every instance look exactly the same, run the same, and behave the same.\n\nWe’re taking a hard stance on this. We got here because of agility, but we have many security wins as a result.\n\n
  62. It sounds heretical. Why patch when you can throw it away and start over?\n
  63. Why bother fixing the configuration when you can deploy the “right” configuration from the start?\n\nThe same behavior for deploying new, for patching, and for upgrades means operations becomes simpler, easy to do/train/monitor.\n
  64. Look at problems as opportunities. Rather than mandate 100% uptime from our CSP, we assumed the environment would be unpredictable. This forced us to build reliability into our applications and infrastructure.\n\nIn other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  65. Look at problems as opportunities. Rather than mandate 100% uptime from our CSP, we assumed the environment would be unpredictable. This forced us to build reliability into our applications and infrastructure.\n\nIn other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  66. Look at problems as opportunities. Rather than mandate 100% uptime from our CSP, we assumed the environment would be unpredictable. This forced us to build reliability into our applications and infrastructure.\n\nIn other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  67. Look at problems as opportunities. Rather than mandate 100% uptime from our CSP, we assumed the environment would be unpredictable. This forced us to build reliability into our applications and infrastructure.\n\nIn other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  68. Look at problems as opportunities. Rather than mandate 100% uptime from our CSP, we assumed the environment would be unpredictable. This forced us to build reliability into our applications and infrastructure.\n\nIn other words: the Cloud is not a technology, it’s more than virtualization. It’s a fundamentally different way of thinking about writing applications, providing computing services, and running your business.\n
  69. \n
  70. \n
  71. Conformity:\nProvisioning: Can easily list every application running, all attributes including owner\nConformity Monkey checks for consistency , detects out-of-spec instances\nInconsistencies create runtime problems, outages, troubleshooting nightmares.\n* Lesson Learned: Identify failure modes, bake these test controls into your infrastructure.\n\nConsistency:\nAutomated software packaging, host build processes\nHands-off launch process; spans hosts, load balancers, security groups, etc.\nInstances are formed into “application groups”\n\n
  72. Conformity:\nProvisioning: Can easily list every application running, all attributes including owner\nConformity Monkey checks for consistency , detects out-of-spec instances\nInconsistencies create runtime problems, outages, troubleshooting nightmares.\n* Lesson Learned: Identify failure modes, bake these test controls into your infrastructure.\n\nConsistency:\nAutomated software packaging, host build processes\nHands-off launch process; spans hosts, load balancers, security groups, etc.\nInstances are formed into “application groups”\n\n
  73. Conformity:\nProvisioning: Can easily list every application running, all attributes including owner\nConformity Monkey checks for consistency , detects out-of-spec instances\nInconsistencies create runtime problems, outages, troubleshooting nightmares.\n* Lesson Learned: Identify failure modes, bake these test controls into your infrastructure.\n\nConsistency:\nAutomated software packaging, host build processes\nHands-off launch process; spans hosts, load balancers, security groups, etc.\nInstances are formed into “application groups”\n\n
  74. All instances have:\n- ASG, SecGrp, ELBs, owners, description, email addr -- almost like a CMDB.\n- everything that doesn’t gets killed by janitor monkey\n-control over my env is straightforward\n\nA few clicks on a web page and about an hour to go from nothing to a very large Cassandra cluster consisting of 288 medium sized instances, with 96 instances in each of three EC2 availability zones in the US-East region.\n\n15 minutes to boot EC2, out of our total of 66 minutes. The rest of the time was taken to boot Linux, start the Apache Tomcat JVM that runs our automation tooling, start the Cassandra JVM and join the "ring" that makes up the Cassandra data store.\n\n For a more typical 12 instance Cassandra cluster the same sequence takes 8 minutes.\n\n
  75. All instances have:\n- ASG, SecGrp, ELBs, owners, description, email addr -- almost like a CMDB.\n- everything that doesn’t gets killed by janitor monkey\n-control over my env is straightforward\n\nA few clicks on a web page and about an hour to go from nothing to a very large Cassandra cluster consisting of 288 medium sized instances, with 96 instances in each of three EC2 availability zones in the US-East region.\n\n15 minutes to boot EC2, out of our total of 66 minutes. The rest of the time was taken to boot Linux, start the Apache Tomcat JVM that runs our automation tooling, start the Cassandra JVM and join the "ring" that makes up the Cassandra data store.\n\n For a more typical 12 instance Cassandra cluster the same sequence takes 8 minutes.\n\n
  76. All instances have:\n- ASG, SecGrp, ELBs, owners, description, email addr -- almost like a CMDB.\n- everything that doesn’t gets killed by janitor monkey\n-control over my env is straightforward\n\nA few clicks on a web page and about an hour to go from nothing to a very large Cassandra cluster consisting of 288 medium sized instances, with 96 instances in each of three EC2 availability zones in the US-East region.\n\n15 minutes to boot EC2, out of our total of 66 minutes. The rest of the time was taken to boot Linux, start the Apache Tomcat JVM that runs our automation tooling, start the Cassandra JVM and join the "ring" that makes up the Cassandra data store.\n\n For a more typical 12 instance Cassandra cluster the same sequence takes 8 minutes.\n\n
  77. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  78. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  79. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  80. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  81. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  82. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  83. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  84. some items are aspirational, but we’re working on it.\n\nThese are similar to NIST’s “continuous monitoring” movement.\n
  85. \n
  86. \n
  87. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  88. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  89. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  90. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  91. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  92. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  93. It’s a completely different way to provide your services. More disruptive than just a new technology.\n Bring your InfoSec expertise and foresight to secure your data in the cloud migration.\n You can embed security controls in your development, infrastructure, business operations.\n The old ways won’t work; embrace the new ones and have better control.\n
  94. \n
  95. \n