Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

From the Trenches: Building Comprehensive and Secure Solutions in AWS


Published on

Presentation from Sean Beard of Pariveda Solutions at the Alert Logic Cloud Security Summit: Dallas on October 25, 2016.

Published in: Technology
  • Login to see the comments

From the Trenches: Building Comprehensive and Secure Solutions in AWS

  1. 1. Sean Beard Principal Architect, Emerging Technology Pariveda Solutions From the Trenches: Building Comprehensive and Secure Solutions in AWS
  2. 2. © Pariveda Solutions. Confidential & Proprietary.2  Principal Architect, Emerging Technology  Worked with,,, Toyota, Mary Kay, National Resident Matching Program, and others to build AWS solutions and strategies  20 years of technology leadership with Pariveda Solutions and Compaq/Hewlett-Packard Sean Beard Enterprise IT architect, technology pundit, professional hobbyist, amateur woodworker, retired DJ, and lifelong Houston Astros fan. Entertainer to many, and entertained by life’s mysteries.
  3. 3. © Pariveda Solutions. Confidential & Proprietary.3 Our Clients Pariveda solves the complex problems of clients ranging from Fortune 100 to Global 2000 to startup companies and spanning multiple industries. Clients partner with us for our high-caliber combination of technology and business problem-solving experts, our high-quality delivery consistency and our focus on building lifetime relationships. We have served over 400 clients since inception. Key Details Our Locations Strategy Mobility Cloud Data Portals & Collaboration CRM Custom Software Enterprise Integration User Experience Pariveda Solutions Inc. is a leading management consulting firm delivering strategic services and technology solutions. Our focus is simple. Start with the right people, deliver consistent value and partner enthusiastically with our clients. We grow and deploy talented people to solve technical and strategic challenges. We are passionate about delivering exceptional value to our clients. Our SolutionsPariveda Overview
  4. 4. © Pariveda Solutions. Confidential & Proprietary.4  Platform selection and enterprise alignment  Assist determination of cloud platforms that best fit application needs by evaluating current and planned applications and workloads  Architectural approach and implementation  Emphasize architectural elements of custom solutions with focus on scalability, flexibility, security, and longevity required  Completeness of perspective and value focus  Create impactful solutions with our clients aligned to people, process and structure Cloud Qualifications AWS Case Study Expedia Delivers Global Deals Engine to Online Partners studies/expedia/ 101 Accredited Business Professionals 119 Accredited Technical Professionals 37 Certified Solution Architects (31 Associate, 6 Professional) 16 Certified Developers (Associate) 6 Certified SysOps Administrators (Associate) 6 Certified DevOps Engineers (Professional) Big Data on AWS, Microsoft Apps on AWS, TCO and Cloud Economics, Value Messaging, Business Development Best Practices serving clients with innovative products and unknown / unmet solutions
  5. 5. Customer Mis-steps Cloud Transformations Strategizing in AWS Building Solutions In the Cloud Questions
  6. 6. © Pariveda Solutions. Confidential & Proprietary.6 Good judgment comes from experience, and a lot of that comes from bad judgment. -Will Rogers Customer Mis-steps - The Wisdom of Will Rogers
  7. 7. © Pariveda Solutions. Confidential & Proprietary.7 Customer Mis-Steps – Stories from Experience The 18 Minute Rule Everyone can make a mistake, in the cloud the speed at which those must be corrected is critical Consequence of opening a Tomcat server on for travel based ecommerce site Safety of Isolation Credit Card Transaction Processing requires secure execution plus regulatory compliance through audits Compliance in Processing
  8. 8. Customer Mis-steps Cloud Transformations Strategizing in AWS Building Solutions In the Cloud Questions
  9. 9. Client Project Project Description Outcome Global Deals Engine Expedia needed a fast and inexpensive engine to expose the best deals in their inventory online. The deals engine needed to retrieve and analyze a large travel inventory and make decisions on what constituted a good deal, and it required global reach and scalability. Pariveda leveraged AWS to build a solution and powered the decision engine with Elastic Search and Elastic MapReduce (Hadoop). The GDE allows consumers to perform a “fuzzy search,” returning the best deals that match a loose set of criteria, and returns personalized deals based on a user’s geographic location. The solution has been successfully expanded to over 20 regions worldwide Real-Time Data Ingestion for Agriculture IoT Client needed to ingest real-time sensor data from heavy farm equipment globally, model and enhance with data science, and deliver downstream to power new agronomic insights for growers. The AWS cloud powered data transformation and storage in a data lake; key AWS services included Kinesis, Lambda, DynamoDB, and S3 The solution provides a data ingestion platform to enable future grower insights and new products and services. International .Com Migration grew rapidly through acquisition and felt growth pain in its datacenters, so Pariveda recommended consolidation into one global AWS data center with robust analytics to instrument the environment. The solution used EC2 and ELB for core operations and Kinesis, Lambda, DynamoDB and EMR for streaming analytics. In three months, Pariveda moved the entire data center operation into AWS and delivered a site serving millions of customers across Europe and the Americas. Cloud Data Warehouse & Analytics DirecTV needed to better understand competitive market environments at national and regional levels. Pariveda leveraged AWS to aggregate data into an Amazon Redshift data warehouse. Then, the team developed a custom application leveraging D3.js to display data nationally with ability to drill down into regions and display more granular details at each level. An easy-to-digest map view provided in-context data analysis, and customer research teams looked at relevant market factors and identified threats to the subscriber base in a highly competitive market. Cloud Transformations
  10. 10. © Pariveda Solutions. Confidential & Proprietary.10 Cloud Transformations - Unleash Potential…Rapidly Digital Disruptors taking Market Share? Focus is only yearly on IT Strategy? Experiencing Growing Pains? Speed to Market Vs. Robust + Stable Need to Innovate Vs. Keep the Lights On Give me More Vs. Spending Less Do you feel caught in the swirl of organizational priorities?
  11. 11. Customer Mis-steps Cloud Transformations Strategizing In the Cloud Building Solutions In the Cloud Questions
  12. 12. © Pariveda Solutions. Confidential & Proprietary.12 Maturity Strategizing In the Cloud Organization understands and invests in automation, virtualization, and cloud initiatives to continually realize benefits throughout the enterprise; scaling for demand is highly automated with speed to market a developing skill Automation of the “happy path” is well covered; disparate automation “scripts” are generated to help with concrete tasks and deployment effort is somewhat predictable. Adding additional scale is straightforward but may take manual effort Adaptive Capable Nascent Experimenting with Cloud components to explore benefits; build, deploy, & run of software applications is highly manual with groups frequently doing disjointed or duplicate efforts. Value proposition of cloud is still being defined for the business Adhoc Effective Advanced handling to track and respond to potential issues with repeatable approaches to building, deploying, and running software applications; process tuned to evolve, scale with changing usage patterns and has high speed to market DevOps repeatability and automation of effort in the public cloud is evolving; more mature cloud capabilities are still being assessed for benefit realization and most decisions are made on reduction of ownership costs Note: Above Descriptions are Illustrative Examples
  13. 13. © Pariveda Solutions. Confidential & Proprietary.13 Strategizing In the Cloud - Identify Areas of Change Cloud technology is worth investing resources in today and has impacts beyond just technology We’ve found organizations that learn and implement in small projects initially for their public cloud capabilities realize larger benefits over time with greater success in future Tools Assessment Framework (Illustrative of 1 aspect) Technology Stack Workload Assessment Org. Capabilities  Clustering and Orchestration  Environment Management  Logging and Monitoring  Integration  Backup and Retention  Developer Tools  Cloud Capabilities  DevOps Management  Networking and Security Assess where your organization will make changes for public cloud Network & Security IAM for Internal VPC for VM Security Groups & defined ports open Route 53 for DNS CloudFront for CDN
  14. 14. © Pariveda Solutions. Confidential & Proprietary.14 Strategizing In the Cloud - Understanding the Landscape Public Cloud will let you assemble nearly any technology type creating high maintainability costs over time OS & Dependency Support Organizations are not yet equipped to handle building, deploying, and running cloud applications Organizational Capabilities The fast paced and Open Source nature of cloud technology means frequent change Fast Paced New Technology Cost / benefit of cloud tech is not considered for all work streams, and misapplied via initial assumptions Work Stream Suitability Technology Standardization Standardize technology choices for the business in order to deploy applications around a core OS to optimize support costs & optimize operations Skills Development Budget to grow technical capabilities throughout the organization with training and set aside contingency effort for learning during project work Navigating Change Be prepared for the public cloud ecosystem to evolve and determine the best tools as well as processes to implement with the future in mind Where to Get Started Understand and prioritize across a portfolio of applications the assets that benefit from a shift to public cloud setting clear expectation outcomes Pitfalls Mitigation
  15. 15. Customer Mis-steps Cloud Transformations Strategizing in AWS Building Solutions In the Cloud Questions
  16. 16. © Pariveda Solutions. Confidential & Proprietary.16 Building Solutions In the Cloud – Guiding Principles Collaboration - It is critical that developers, operations and support organizations work closely on a regular basis. Principle of Least Privilege – Grant only the access required to run the system, and avoid expanding access to manage or monitor solution behavior. Centralize access control. Application Design - Review the application source code, identify potential attack surface points and optimize to minimize attack surface area. Zones - Establish separate zones to meet compliance requirements such as PCI, PII, HIPAA, etc. Continuous Monitoring – It is important to adopt a holistic approach towards monitoring, which includes business metrics, cloud services, application, database, connectivity, threats and vulnerabilities within the overall infrastructure. Automation – Automate as much as possible, including security and compliance requirements, and minimize human process & access. Agile Methods – Manage infrastructure operations as a software development process. Execute short cycles with feedback loops, and be open to refactoring based on feedback.
  17. 17. © Pariveda Solutions. Confidential & Proprietary.17 Building Solutions In the Cloud - A Holistic Approach To Solution Development Assess Production workload inventory Workload readiness scorecard Organizational capabilities assessment Custom & COTS hosting assessment Vendor and cloud roadmap overview Strategize Plan Execute Narrow potential workload migration candidates Proof of Concept & Tool analysis Organizational Readiness Define team structure based on capabilities Vendor lock-in considerations Assess Modernization opportunities Prioritize workload migration Final tool selections Scope and deliverables Create timelines & obtain approvals Define training plan Continue to update workload inventory Environment setup Execute plan – delivery & documentation Improve organizational capabilities Deployment & warranty period Project handoff  Simplify implementation with a holistic approach to solution development  No one partner is a subject matter expert in all aspects of the Public Cloud  Through a network of strong partners with specific subject matter expertise we combine others strengths with our expertise to bring best-in-class service
  18. 18. © Pariveda Solutions. Confidential & Proprietary.18 Building Solutions In the Cloud - Pariveda Solutions Cloud Offerings Cloud-Enabled Web Applications E-Commerce @ Scale Connected Devices / Internet of Things APIs & Mobile Backend- as-a-Service Integrated Enterprise Solutions Real-Time Data Ingestion Data Management & Transformation Business Intelligence Predictive Analytics Data Strategy & Governance Cloud Application Delivery Big Data Solutions Cloud Strategy & Justification Adoption Readiness Assessment Organizational Transformation & Governance Platform Selection & Implementation Roadmap Workload Rationalization & Modernization Analysis Cloud Advisory Services  Cloud Solution Architecture  Cloud R&D / Experimentation  Platform Automation  Data Center Transformation  DevOps Process Definition & Change Plan  Solution Evolution & Cost Optimization Cloud Solution Enablement
  19. 19. Questions