SlideShare a Scribd company logo

Cloud Security at Netflix

Download as KEY, PDF
Jason Chan
Jason Chan
TechnologyBusiness
1 of 59
Cloud Security @ Netflix Jason Chan chan@netflix.com SVForum Cloud and Virtualization SIG March 27, 2012
Jason Chan • Cloud Security Architect @ Netflix • Previously: • Most recently led security team at VMware • Primarily security consulting at @stake, iSEC Partners • Some presentations at: • http://www.slideshare.net/netflix
Agenda • Developing a “cloud appropriate” security model • Cloud security: challenges and advantages • APIs, Automation & the Security Monkey • A note on regulatory compliance • Takeaways
Developing a “Cloud Appropriate” Security Model
Word Association: Cloud & Security
Word Association: Cloud & Security
Word Association: Cloud & Security Cloud • Agility • Self-service • Scale • Automation
Word Association: Cloud & Security Cloud • Agility • Self-service • Scale • Automation
Word Association: Cloud & Security Cloud Security • Agility • Gatekeeper • Self-service • Standards • Scale • Control • Automation • Centralized
General Guidelines
Risk-Based Approach • Not everything is equal • Understand what’s important and prioritize appropriately
Leverage Tooling • Build and deployment pipeline is a key point for security integration • Think integration vs. separation
Make Doing the Right Thing Easy • Sensible defaults • Libraries for common, but difficult, security tasks • Publish and evangelize reusable patterns
Embrace Self- Service, with some Exceptions • SSL certificate management • Some firewall rules • VPC configuration • User and permissions management (IAM)
Cloud Security Challenges
Shared Responsibility • Incident response • Investigations • Compliance
Existing Security Tools • Bad assumptions • Licensing • Node ephemerality • Thundering herd
Key Management • Untrusted infrastructure • Automated bootstrapping • Hardware security modules
Cloud Security Advantages
Build Standards & Vulnerability Management • Fewer “snowflakes” • Easier to identify problem systems • Push and kill vs. patch and nurse
Integrity and Activity Monitoring • No changes to running systems • Fewer production logins
Visibility & Reachability Analysis • Flat networking • “Nowhere to hide” • Firewall APIs
APIs, Automation, and the Security Monkey
Common Challenges for Security Engineers
Common Challenges for Security Engineers • Lots of data from different sources, in different formats
Common Challenges for Security Engineers • Lots of data from different sources, in different formats • Too many administrative interfaces and disconnected systems
Common Challenges for Security Engineers • Lots of data from different sources, in different formats • Too many administrative interfaces and disconnected systems • Too few options for scalable automation
How do you . . .
How do you . . . • Add a user account?
How do you . . . • Add a user account? • Inventory systems?
How do you . . . • Add a user account? • Inventory systems? • Change a firewall config?
How do you . . . • Add a user account? • Inventory systems? • Change a firewall config? • Snapshot a drive for forensic analysis?
How do you . . . • Add a user account? • Inventory systems? • Change a firewall config? • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
How do you . . . • Add a user account? • CreateUser() • Inventory systems? • Change a firewall config? • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • AuthorizeSecurityGroup Ingress() • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • AuthorizeSecurityGroup Ingress() • Snapshot a drive for forensic analysis? • CreateSnapshot() • Disable a multi-factor authentication token?
How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • AuthorizeSecurityGroup Ingress() • Snapshot a drive for forensic analysis? • CreateSnapshot() • Disable a multi-factor • DeactivateMFADevice() authentication token?
Security Monkey http://techblog.netflix.com/2011/07/netflix-simian-army.html
Security Monkey http://techblog.netflix.com/2011/07/netflix-simian-army.html • Centralized framework for cloud security monitoring and analysis
Security Monkey http://techblog.netflix.com/2011/07/netflix-simian-army.html • Centralized framework for cloud security monitoring and analysis • Leverages AWS APIs and common security tools
Security Monkey • Certificate monitoring • Security group monitoring • Exposed instances/applications • Web application vulnerability scanning • Upcoming: • Policy analysis (firewall, user, S3, etc.)
A Note on Regulatory Compliance
Compliance
Compliance Background
Compliance Background • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy)
Compliance Background • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy) • More conservative approach to the cloud
Compliance Background • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy) • More conservative approach to the cloud • Some architectural components are “cloud unfriendly”
Compliance Background Approach • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy) • More conservative approach to the cloud • Some architectural components are “cloud unfriendly”
Compliance Background Approach • Netflix has a variety • Segregate compliance- of regulatory sensitive cloud obligations (SOX, systems PCI, data privacy) • More conservative approach to the cloud • Some architectural components are “cloud unfriendly”
Compliance Background Approach • Netflix has a variety • Segregate compliance- of regulatory sensitive cloud obligations (SOX, systems PCI, data privacy) • Limit access and • More conservative increase auditing and approach to the cloud logging • Some architectural components are “cloud unfriendly”
Compliance Background Approach • Netflix has a variety • Segregate compliance- of regulatory sensitive cloud obligations (SOX, systems PCI, data privacy) • Limit access and • More conservative increase auditing and approach to the cloud logging • Some architectural • Leverage tooling for components are auditability and “cloud unfriendly” control integration
Takeaways
Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud
Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud • Taking full advantage of the cloud’s benefits requires a willingness to adapt security models and methods appropriately
Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud • Taking full advantage of the cloud’s benefits requires a willingness to adapt security models and methods appropriately • The programmability of the cloud presents an unprecedented opportunity for security teams to focus and streamline efforts
Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud • Taking full advantage of the cloud’s benefits requires a willingness to adapt security models and methods appropriately • The programmability of the cloud presents an unprecedented opportunity for security teams to focus and streamline efforts • Understand the constraints and limitations of both security tools and cloud vendors when planning and implementing controls
Thanks! Questions? chan@netflix.com
References • http://www.slideshare.net/netflix • http://techblog.netflix.com • https://cloudsecurityalliance.org/ • http://www.nist.gov/itl/cloud/index.cfm • http://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud- computing-risk-assessment

Recommended

Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScaleAmazon Web Services
 
AWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAmazon Web Services
 

Recommended

Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Real World Cloud Application Security
Real World Cloud Application SecurityReal World Cloud Application Security
Real World Cloud Application SecurityJason Chan
 
Resilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleResilience and Compliance at Speed and Scale
Resilience and Compliance at Speed and ScaleJason Chan
 
The Psychology of Security Automation
The Psychology of Security AutomationThe Psychology of Security Automation
The Psychology of Security AutomationJason Chan
 
Cloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedCloud Application Security: Lessons Learned
Cloud Application Security: Lessons LearnedJason Chan
 
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...
Deploy a DoD Secure Cloud Computing Architecture Environment in AWS | AWS Pub...Amazon Web Services
 
Putting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScalePutting it All Together: Securing Systems at Cloud Scale
Putting it All Together: Securing Systems at Cloud ScaleAmazon Web Services
 
AWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAWS Summit 2014 - Perth - Keynote
AWS Summit 2014 - Perth - KeynoteAmazon Web Services
 
Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsAmazon Web Services
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityJason Chan
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...Amazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterUdaiappa Ramachandran
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017 HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017Amazon Web Services
 
Netflix in the Cloud at SV Forum
Netflix in the Cloud at SV ForumNetflix in the Cloud at SV Forum
Netflix in the Cloud at SV ForumAdrian Cockcroft
 
Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from AbuseJason Chan
 

More Related Content

What's hot

Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsAmazon Web Services
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Amazon Web Services
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignAmazon Web Services
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityJason Chan
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWSAmazon Web Services
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Amazon Web Services
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...Amazon Web Services
 
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...Amazon Web Services
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAmazon Web Services
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Amazon Web Services
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Amazon Web Services
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationAmazon Web Services
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage OverviewCloudPassage
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudAlert Logic
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudAmazon Web Services
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeAlert Logic
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAmazon Web Services
 
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017 HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017Amazon Web Services
 

What's hot (20)

Securing Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOpsSecuring Systems at Cloud Scale with DevSecOps
Securing Systems at Cloud Scale with DevSecOps
 
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
Advanced Techniques for DDoS Mitigation and Web Application Defense | AWS Pub...
 
Compliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by DesignCompliance in the Cloud Using Security by Design
Compliance in the Cloud Using Security by Design
 
From Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product SecurityFrom Gates to Guardrails: Alternate Approaches to Product Security
From Gates to Guardrails: Alternate Approaches to Product Security
 
Introduction to DevSecOps on AWS
Introduction to DevSecOps on AWSIntroduction to DevSecOps on AWS
Introduction to DevSecOps on AWS
 
Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017Incident Response in the Cloud | AWS Public Sector Summit 2017
Incident Response in the Cloud | AWS Public Sector Summit 2017
 
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
AWS Summit 2013 | Singapore - Security & Compliance and Integrated Security w...
 
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
CJIS Evidence Management in the Cloud using AWS GovCloud (US) | AWS Public Se...
 
AWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the CloudAWS Enterprise Day | Securing your Web Applications in the Cloud
AWS Enterprise Day | Securing your Web Applications in the Cloud
 
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
Accelerating and Securing your Applications in AWS. In-depth look at Solving ...
 
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
Secure & Automate AWS Deployments with Next-Generation Security from Palo Alt...
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
Modern Security and Compliance Through Automation
Modern Security and Compliance Through AutomationModern Security and Compliance Through Automation
Modern Security and Compliance Through Automation
 
CloudPassage Overview
CloudPassage OverviewCloudPassage Overview
CloudPassage Overview
 
Shared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure CloudShared Security Responsibility for the Azure Cloud
Shared Security Responsibility for the Azure Cloud
 
Smartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS CloudSmartronix - Building Secure Applications on the AWS Cloud
Smartronix - Building Secure Applications on the AWS Cloud
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in PracticeCSS 17: NYC - The AWS Shared Responsibility Model in Practice
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
 
Automating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS CloudAutomating Event Driven Security in the AWS Cloud
Automating Event Driven Security in the AWS Cloud
 
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017 HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
HIPAA / HITRUST Account Governance Strategies | | AWS Public Sector Summit 2017
 

Viewers also liked

Netflix in the Cloud at SV Forum
Netflix in the Cloud at SV ForumNetflix in the Cloud at SV Forum
Netflix in the Cloud at SV ForumAdrian Cockcroft
 
Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from AbuseJason Chan
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud SecurityJason Chan
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Jay Zarfoss
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services SecurityJason Chan
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveJason Chan
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaAmazon Web Services
 
Building Applications with DynamoDB
Building Applications with DynamoDBBuilding Applications with DynamoDB
Building Applications with DynamoDBAmazon Web Services
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedJason Chan
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooAlex Stamos
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesJason Chan
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security AutomationJason Chan
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3aspyker
 
Netflix security monkey overview
Netflix security monkey overviewNetflix security monkey overview
Netflix security monkey overviewRyan Hodgin
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and SecurityJason Chan
 
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...Amazon Web Services
 
Keeping The Auditor Away: DevOps Audit Compliance Case Studies
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesKeeping The Auditor Away: DevOps Audit Compliance Case Studies
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesGene Kim
 

Viewers also liked (20)

Netflix in the Cloud at SV Forum
Netflix in the Cloud at SV ForumNetflix in the Cloud at SV Forum
Netflix in the Cloud at SV Forum
 
Defending Netflix from Abuse
Defending Netflix from AbuseDefending Netflix from Abuse
Defending Netflix from Abuse
 
Practical Cloud Security
Practical Cloud SecurityPractical Cloud Security
Practical Cloud Security
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
 
Amazon Web Services Security
Amazon Web Services SecurityAmazon Web Services Security
Amazon Web Services Security
 
AWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's PerspectiveAWS Security: A Practitioner's Perspective
AWS Security: A Practitioner's Perspective
 
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh VariaCloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
Cloud-powered Continuous Integration and Deployment architectures - Jinesh Varia
 
Global Netflix Platform
Global Netflix PlatformGlobal Netflix Platform
Global Netflix Platform
 
Building Applications with DynamoDB
Building Applications with DynamoDBBuilding Applications with DynamoDB
Building Applications with DynamoDB
 
Resilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons LearnedResilience and Security @ Scale: Lessons Learned
Resilience and Security @ Scale: Lessons Learned
 
Security at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at YahooSecurity at Scale - Lessons from Six Months at Yahoo
Security at Scale - Lessons from Six Months at Yahoo
 
Virtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit PerspectivesVirtualization: Security and IT Audit Perspectives
Virtualization: Security and IT Audit Perspectives
 
Practical Security Automation
Practical Security AutomationPractical Security Automation
Practical Security Automation
 
Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3Netflix Open Source Meetup Season 4 Episode 3
Netflix Open Source Meetup Season 4 Episode 3
 
Netflix security monkey overview
Netflix security monkey overviewNetflix security monkey overview
Netflix security monkey overview
 
Mini-Training: Netflix Simian Army
Mini-Training: Netflix Simian ArmyMini-Training: Netflix Simian Army
Mini-Training: Netflix Simian Army
 
Splitting the Check on Compliance and Security
Splitting the Check on Compliance and SecuritySplitting the Check on Compliance and Security
Splitting the Check on Compliance and Security
 
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
AWS re:Invent 2016| GAM401 | Riot Games: Standardizing Application Deployment...
 
Keeping The Auditor Away: DevOps Audit Compliance Case Studies
Keeping The Auditor Away: DevOps Audit Compliance Case StudiesKeeping The Auditor Away: DevOps Audit Compliance Case Studies
Keeping The Auditor Away: DevOps Audit Compliance Case Studies
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 

Similar to Cloud Security at Netflix

NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudCloudHesive
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupCloudHesive
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on securityCloudHesive
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSCloudHesive
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeCloudHesive
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsViresh Suri
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Lucas Jellema
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureCloudHesive
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applicationskanimozhin
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsTechcello
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessToni de la Fuente
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Ryan Hodgin
 
PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)Olga Lavrentieva
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudAmazon Web Services
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeHimani Singh
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxjohncenafls
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale
 

Similar to Cloud Security at Netflix (20)

Security on AWS
Security on AWSSecurity on AWS
Security on AWS
 
NIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public CloudNIST Cybersecurity Framework (CSF) on the Public Cloud
NIST Cybersecurity Framework (CSF) on the Public Cloud
 
Security on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition MeetupSecurity on AWS, 2021 Edition Meetup
Security on AWS, 2021 Edition Meetup
 
5 minutes on security
5 minutes on security5 minutes on security
5 minutes on security
 
AWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWSAWS Spotlight Series - Modernization and Security with AWS
AWS Spotlight Series - Modernization and Security with AWS
 
Winning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our TimeWinning Governance Strategies for the Technology Disruptions of our Time
Winning Governance Strategies for the Technology Disruptions of our Time
 
Cloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentalsCloud computing and Cloud security fundamentals
Cloud computing and Cloud security fundamentals
 
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
Dutch Oracle Architects Platform - Reviewing Oracle OpenWorld 2017 and New Tr...
 
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and AzureBuild and Manage a Highly Secure Cloud Environment on AWS and Azure
Build and Manage a Highly Secure Cloud Environment on AWS and Azure
 
Security architecture best practices for saas applications
Security architecture best practices for saas applicationsSecurity architecture best practices for saas applications
Security architecture best practices for saas applications
 
Security Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS ApplicationsSecurity Architecture Best Practices for SaaS Applications
Security Architecture Best Practices for SaaS Applications
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...Regulated Reactive - Security Considerations for Building Reactive Systems in...
Regulated Reactive - Security Considerations for Building Reactive Systems in...
 
PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)PaaS security challenges and solutions (salesforce vision)
PaaS security challenges and solutions (salesforce vision)
 
Why You Are Secure in the AWS Cloud
Why You Are Secure in the AWS CloudWhy You Are Secure in the AWS Cloud
Why You Are Secure in the AWS Cloud
 
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment modeCloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
Cloud security, Cloud security Access broker, CSAB's 4 pillar, deployment mode
 
Centrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptxCentrify Access Manager Presentation.pptx
Centrify Access Manager Presentation.pptx
 
RightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the CloudRightScale Webinar: Security and Compliance in the Cloud
RightScale Webinar: Security and Compliance in the Cloud
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

Cloud Security at Netflix

  • 1. Cloud Security @ Netflix Jason Chan chan@netflix.com SVForum Cloud and Virtualization SIG March 27, 2012
  • 2. Jason Chan • Cloud Security Architect @ Netflix • Previously: • Most recently led security team at VMware • Primarily security consulting at @stake, iSEC Partners • Some presentations at: • http://www.slideshare.net/netflix
  • 3. Agenda • Developing a “cloud appropriate” security model • Cloud security: challenges and advantages • APIs, Automation & the Security Monkey • A note on regulatory compliance • Takeaways
  • 7. Word Association: Cloud & Security Cloud • Agility • Self-service • Scale • Automation
  • 8. Word Association: Cloud & Security Cloud • Agility • Self-service • Scale • Automation
  • 9. Word Association: Cloud & Security Cloud Security • Agility • Gatekeeper • Self-service • Standards • Scale • Control • Automation • Centralized
  • 11. Risk-Based Approach • Not everything is equal • Understand what’s important and prioritize appropriately
  • 12. Leverage Tooling • Build and deployment pipeline is a key point for security integration • Think integration vs. separation
  • 13. Make Doing the Right Thing Easy • Sensible defaults • Libraries for common, but difficult, security tasks • Publish and evangelize reusable patterns
  • 14. Embrace Self- Service, with some Exceptions • SSL certificate management • Some firewall rules • VPC configuration • User and permissions management (IAM)
  • 15. Cloud Security Challenges
  • 16. Shared Responsibility • Incident response • Investigations • Compliance
  • 17. Existing Security Tools • Bad assumptions • Licensing • Node ephemerality • Thundering herd
  • 18. Key Management • Untrusted infrastructure • Automated bootstrapping • Hardware security modules
  • 20. Build Standards & Vulnerability Management • Fewer “snowflakes” • Easier to identify problem systems • Push and kill vs. patch and nurse
  • 21. Integrity and Activity Monitoring • No changes to running systems • Fewer production logins
  • 22. Visibility & Reachability Analysis • Flat networking • “Nowhere to hide” • Firewall APIs
  • 23. APIs, Automation, and the Security Monkey
  • 24. Common Challenges for Security Engineers
  • 25. Common Challenges for Security Engineers • Lots of data from different sources, in different formats
  • 26. Common Challenges for Security Engineers • Lots of data from different sources, in different formats • Too many administrative interfaces and disconnected systems
  • 27. Common Challenges for Security Engineers • Lots of data from different sources, in different formats • Too many administrative interfaces and disconnected systems • Too few options for scalable automation
  • 28. How do you . . .
  • 29. How do you . . . • Add a user account?
  • 30. How do you . . . • Add a user account? • Inventory systems?
  • 31. How do you . . . • Add a user account? • Inventory systems? • Change a firewall config?
  • 32. How do you . . . • Add a user account? • Inventory systems? • Change a firewall config? • Snapshot a drive for forensic analysis?
  • 33. How do you . . . • Add a user account? • Inventory systems? • Change a firewall config? • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
  • 34. How do you . . . • Add a user account? • CreateUser() • Inventory systems? • Change a firewall config? • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
  • 35. How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
  • 36. How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • AuthorizeSecurityGroup Ingress() • Snapshot a drive for forensic analysis? • Disable a multi-factor authentication token?
  • 37. How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • AuthorizeSecurityGroup Ingress() • Snapshot a drive for forensic analysis? • CreateSnapshot() • Disable a multi-factor authentication token?
  • 38. How do you . . . • Add a user account? • CreateUser() • Inventory systems? • DescribeInstances() • Change a firewall config? • AuthorizeSecurityGroup Ingress() • Snapshot a drive for forensic analysis? • CreateSnapshot() • Disable a multi-factor • DeactivateMFADevice() authentication token?
  • 40. Security Monkey http://techblog.netflix.com/2011/07/netflix-simian-army.html • Centralized framework for cloud security monitoring and analysis
  • 41. Security Monkey http://techblog.netflix.com/2011/07/netflix-simian-army.html • Centralized framework for cloud security monitoring and analysis • Leverages AWS APIs and common security tools
  • 42. Security Monkey • Certificate monitoring • Security group monitoring • Exposed instances/applications • Web application vulnerability scanning • Upcoming: • Policy analysis (firewall, user, S3, etc.)
  • 43. A Note on Regulatory Compliance
  • 46. Compliance Background • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy)
  • 47. Compliance Background • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy) • More conservative approach to the cloud
  • 48. Compliance Background • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy) • More conservative approach to the cloud • Some architectural components are “cloud unfriendly”
  • 49. Compliance Background Approach • Netflix has a variety of regulatory obligations (SOX, PCI, data privacy) • More conservative approach to the cloud • Some architectural components are “cloud unfriendly”
  • 50. Compliance Background Approach • Netflix has a variety • Segregate compliance- of regulatory sensitive cloud obligations (SOX, systems PCI, data privacy) • More conservative approach to the cloud • Some architectural components are “cloud unfriendly”
  • 51. Compliance Background Approach • Netflix has a variety • Segregate compliance- of regulatory sensitive cloud obligations (SOX, systems PCI, data privacy) • Limit access and • More conservative increase auditing and approach to the cloud logging • Some architectural components are “cloud unfriendly”
  • 52. Compliance Background Approach • Netflix has a variety • Segregate compliance- of regulatory sensitive cloud obligations (SOX, systems PCI, data privacy) • Limit access and • More conservative increase auditing and approach to the cloud logging • Some architectural • Leverage tooling for components are auditability and “cloud unfriendly” control integration
  • 54. Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud
  • 55. Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud • Taking full advantage of the cloud’s benefits requires a willingness to adapt security models and methods appropriately
  • 56. Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud • Taking full advantage of the cloud’s benefits requires a willingness to adapt security models and methods appropriately • The programmability of the cloud presents an unprecedented opportunity for security teams to focus and streamline efforts
  • 57. Takeaways • Netflix has moved most of its service infrastructure, applications, and data to the public cloud • Taking full advantage of the cloud’s benefits requires a willingness to adapt security models and methods appropriately • The programmability of the cloud presents an unprecedented opportunity for security teams to focus and streamline efforts • Understand the constraints and limitations of both security tools and cloud vendors when planning and implementing controls
  • 59. References • http://www.slideshare.net/netflix • http://techblog.netflix.com • https://cloudsecurityalliance.org/ • http://www.nist.gov/itl/cloud/index.cfm • http://www.enisa.europa.eu/activities/risk- management/files/deliverables/cloud- computing-risk-assessment

Editor's Notes

  1. \n
  2. \n
  3. \n
  4. \n
  5. \n
  6. \n
  7. \n
  8. \n
  9. \n
  10. \n
  11. \n
  12. \n
  13. \n
  14. \n
  15. \n
  16. \n
  17. \n
  18. \n
  19. \n
  20. \n
  21. \n
  22. \n
  23. \n
  24. \n
  25. \n
  26. \n
  27. \n
  28. \n
  29. \n
  30. \n
  31. \n
  32. \n
  33. \n
  34. \n
  35. \n
  36. \n
  37. \n
  38. \n
  39. \n
  40. \n
  41. \n
  42. \n
  43. \n
  44. \n
  45. \n
  46. \n
  47. \n
  48. \n
  49. \n
  50. \n
  51. \n
  52. \n
  53. \n