Successfully reported this slideshow.
Your SlideShare is downloading. ×

Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Security Framework Shakedown
Security Framework Shakedown
Loading in …3
×

Check these out next

142 of 210 Ad

Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019

Learn how AWS can help transform your business. With AWS, enterprises are becoming more agile, secure, and scalable. This helps to promote innovation, shorten cycles to respond to business requirements, increase employee productivity, and retain and recruit top talent.

Improve business performance, reduce costs, and reinvent your IT strategies. Topics include how to maximize the value of your Enterprise workloads with AWS, foster a culture of innovation, manage risk and security, and new ways to think about product development, how to modernize the delivery of IT services, and best practices for adopting the cloud at scale.

Learn how AWS can help transform your business. With AWS, enterprises are becoming more agile, secure, and scalable. This helps to promote innovation, shorten cycles to respond to business requirements, increase employee productivity, and retain and recruit top talent.

Improve business performance, reduce costs, and reinvent your IT strategies. Topics include how to maximize the value of your Enterprise workloads with AWS, foster a culture of innovation, manage risk and security, and new ways to think about product development, how to modernize the delivery of IT services, and best practices for adopting the cloud at scale.

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019 (20)

Advertisement

More from Amazon Web Services (20)

Enabling Transformation through Agility & Innovation - AWS Transformation Day Seattle 2019

  1. 1. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 08.22.19
  2. 2. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S E A T T L E Enabling Transformation Through Agility and Innovation Clarke Rodgers Enterprise Strategy 08.22.19
  3. 3. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 90% of companies are engaging in some form of digitization 16% feel they are responding to digital disruption with a bold strategy at scale Source: McKinsey Enterprises feel pressure to close the gap
  4. 4. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. IT cultural trends we are seeing WHILE THIS IS PROGRESS, IT’S NOT ENOUGH Moving towardMoving from Learning (start small, experiment, and iterate) Decentralized ownership (guardrails versus gates) DevOps and cross-functional teams Automate: Infra-as-code, redeploy every time Adopt early and often Reference architecture, few standards Talent insourcing/niche partnering Failure is not an option Command-and-control Silos “throw it over the wall” Build/deploy in place Long due diligence Standardization Talent outsourcing
  5. 5. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Business agility is the goal According to The Agility Paradox by Peter Weill, Director at MIT Sloan School of Management: • Organizational Agility is the ability to respond, decide, embrace change, and execute quickly • “Time to execute” continues to shrink as digitally enabled start-ups reinvent the market • Agility is no longer a choice but mandatory to compete in today’s digital landscape • It is critical for all organizations, regardless of size to Think Agile, Act Agile, and Be Agile
  6. 6. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Jeff Bezos CEO, Amazon.com Most large organizations embrace the idea of invention, but are not willing to suffer the string of failed experiments necessary to get there. Our success at Amazon is a function of how many experiments we do per year, per month, per week, per day.
  7. 7. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Existing infrastructure Established processes Cultural resistance Change is hard
  8. 8. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. McDonald’s brings home delivery to market in four months “This was a four month-duration for us— from idea, to development to massive scale. That's the new norm that we see everyday.” – Thilina Gunasinghe, Chief Technology Architect, McDonald’s Cost sensitive— selling hamburgers! Multi-country support, each with multiple delivery partners Scalability and reliability to deliver over 1 million orders per hour
  9. 9. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do you lead your organization through a transformation?
  10. 10. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Driving business value through innovation and agility requires… Change in mindset and approach Communicating your vision Change management
  11. 11. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Change in mindset and approach
  12. 12. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Driving Business Value …. means Playing Offense: Change Agents play offense …. incumbents play defense Change in mindset and approach Leadership versus Management Organize around outcomes versus projects Focus on maximizing available technology to drive business value
  13. 13. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Management versus leadership Management (defense) Planning and budgeting Organizing and staffing Controlling and problem solving Leadership (offense) Establishing direction Aligning people Motivating and inspiring CH ANGEOR D ER
  14. 14. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Organize around business outcomes Change the mindset for your team and redefine your approach Product Continuous development Customer defines roadmap Measured by output & outcomes Business objective Maximize a strategic KPI Types of KPIs: Minimize waste, increase conversion Measured by outcomes Project Pre-defined requirements scope and schedule Deliver what was planned Measured by output
  15. 15. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Start with the customer and then work backwards Press Release FAQ Working backwards Customer Press Release FAQ User Manual
  16. 16. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. From: defining business and IT strategy Business IT
  17. 17. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. To: business value enabled by technology Business outcomes Maximizing value from technology
  18. 18. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. GE Healthcare creates new digital business “Advancing medical outcomes requires processing large amounts of healthcare data with governed access to that data for research as well as clinical application…We chose AWS for GE Health Cloud for its breadth of services and commitment to making those services compliant with global health data regulations, which was key for us." –Mitch Jackson, Vice President of Cloud Strategy and Technology, GE Healthcare Digital Establishes an ecosystem for innovation Improves diagnoses and treatment using machine learning Enables image collaboration across primary care, specialists, and care settings
  19. 19. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mint.com frees resources to focus on new revenue streams “Datacenter management is not our core business. Our business is helping people improve their financial lives. We wanted to focus more on delivering exceptional financial-management products and less on managing the backend IT environment.” –Sean McCluskey, Director of Application Development and Cloud Operations, Intuit Mint 25% cost reduction 15% improvement in DBA productivity Failover scenarios now 1 min vs. 30 min Hours vs. weeks to spin up new service
  20. 20. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Communicating your vision
  21. 21. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Driving business value and change requires building a campaign strategy to win Clarity of purpose Build alliances Secure executive sponsorship Communicating your vision
  22. 22. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Clarity of purpose Where are you going? And why? What is your elevator statement? Is your vision sensible and appealing? How can the vision be achieved? How can you create and sustain momentum?
  23. 23. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building peer alliances
  24. 24. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Secure senior executive sponsorship to help: Network with peers Remove obstacles Delegate authorityEscalation path Amplify message Signal intent
  25. 25. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Ryanair personalizes customer travel plans with machine learning “Machine learning is hugely important to our growth, and we’re pursuing a variety of AWS machine learning services, including Amazon SageMaker, to personalize the MyRyanair portal for every unique traveler.” –John Hurley, Chief Technology Officer, Ryanair Routes support requests to the right assistance type Automatically detects flight surge demand Enhances and personalizes customer experience
  26. 26. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Change management
  27. 27. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Driving business value means embracing change Dealing with resistance Security compliance Manage the inputs Consider a partner Change management
  28. 28. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dealing with resistance FUD Concern Convince Educate Clarify Or Overrule Analyze Research Offer solution Or Accept risk D I FFE R E NT I A T E
  29. 29. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Dealing with resistance FUD Concern Convince Educate Clarify Or Overrule Analyze Research Offer solution Or Accept riskE XE C UT I VE SPO NSO R D I FFE R E NT I A T E
  30. 30. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security and compliance Security as a foundational principle Automate as much as you can Review/translate/map security requirements Challenge assumptions Offer alternative mitigating controls
  31. 31. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer AWS AWS is responsible for security of the cloud Customer is responsible for security in the cloud Customer data Platform, applications, identity, & access management Operating system, network, & firewall configuration Client-side data encryption & data integrity authentication Server-side encryption (file system &/or data) Network traffic protection (encryption/integrity/identity) Compute Storage Database Networking Edge locations Regions Availability Zones AWS Global Infrastructure Share your security responsibility with AWS
  32. 32. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Financial industry regulatory authority Went from 3–4 weeks for server hardening to 3–4 minutes “We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.” - John Brady, CISO FINRA Processes approximately 6 terabytes of data and 37 billion records on an average day Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day
  33. 33. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. We leverage the most Robust, Fully Featured Technology Platform
  34. 34. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Consider a partner who has traveled the road before Business case Executive alignment Cloud architecture Organizational structure Communication Training Security architecture Security competencies Compliance and risk Security and compliance Strategy Organization change
  35. 35. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. APN Premier Consulting Partners
  36. 36. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Driving business value through innovation requires… Change in mindset and approach Communicating your vision Change management
  37. 37. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  38. 38. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Transformation Day topics Culture & organizational change Industry trends & solutions Migration & enterprise workloads Security & compliance Cloud economics Digital innovation & business transformation Leveraging AI & big data
  39. 39. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S E A T T L E Best Practices for Migrating Your Enterprise Workloads to AWS Sadegh Nadimi Principal Business Development Manager Ivan Oprencak Director Product Marketing VMware Cloud on AWS 08.22.19
  40. 40. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agility and staff productivity Outsourcing changes EOL HW/SW Going global quickly, M&A Improved security and operational resilience Cost reduction IoT and AI/ML Business drivers for migrating to the cloud Data center consolidation Digital transformation
  41. 41. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Common business outcomes Build and operate your foundation for innovationAgility Obtain substantial cost savings, freeing up resources to focus on what differentiates your business Operational efficiency Migrate through a secure and proven approach that reduces IT risks by moving to a more resilient IT modelReduced risk
  42. 42. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mint.com migrated to focus on building new products Hours vs. weeks to spin up new service “Data center management is not our core business. Our business is helping people improve their financial lives. We wanted to focus more on delivering exceptional financial-management products and less on managing the backend IT environment.” —Sean McCluskey, Director of Application Development and Cloud Operations, Intuit Mint 25% cost reduction 15% improvement in DBA productivity Failover scenarios now 1 min vs. 30 min
  43. 43. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Other migration success stories Consolidating 56 data centers down to 6, moved 75% of infrastructure to cloud, and re-allocated more than $100M to key business drivers Migrated ~5,500 instances in 9 months, reduced storage costs by 50% and compute costs by 20%, and sped up provisioning 10x from 4 weeks to 2 days Realized a 52% reduction in TCO Migrated more than 600 workloads to AWS in under 14 months, including some Unix to Linux conversions, driving year-over-year cost reduction, and cut processing time from 36 hours to 10 seconds Releases over 50+ deployments per hour
  44. 44. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How do I create a business case? What do I have in my environment? How do I get started? How do I move these workloads? What do we do after we migrate? What should I move to the cloud? How do I get my team re-skilled? Common questions
  45. 45. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Executive sponsorship is the starting point
  46. 46. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migration process Assessment Readiness & planning Migration Operations & optimizations
  47. 47. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Assessment Readiness & planning Migration Operations & optimizations Migration process: Assessment
  48. 48. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migration readiness assessment workshop Technical capability focused Platform Applications and infrastructure Security Risk and compliance Operations Hybrid and dynamic Business capability focused Business Value realization People Roles and readiness Governance Prioritization and control
  49. 49. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Discover and build your business case Annual On-Premises Cost Direct Match to AWS Rightsized to AWS 36% savings
  50. 50. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building the business case using value drivers Ability to match supply & demand elastically Elimination of hardware refresh programs Elimination of maintenance programs Transparency drives a lean mindset Cost savings
  51. 51. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building the business case using value drivers Automation drives maintenance efficiencies Reduced cost of planned and unplanned outages Increased developer productivity Staff productivity Cost savings
  52. 52. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Building the business case using value drivers Reduced risk profile/reduced cost of risk mitigation Revenue & margin improvements due to reduced outagesStaff productivity Operational resilience Cost savings
  53. 53. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reduced time to market & innovation Increased operational agility (new market penetration, divestiture, acquisition) Building the business case using value drivers Cost savings Staff productivity Operational resilience Business agility
  54. 54. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Live Nation gained agility, security, and availability while lowering costs Cost savings Staff productivity Operational resilience Business agility 58% total cost savings: 18% immediate and another 40% after optimizations 99.999% application availability, up from 99.9% 10x increase in innovation pipeline 50% reduction in traditional IT operations tasks
  55. 55. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Assessment Readiness & planning Migration Operations & optimizations Migration process: Readiness & planning
  56. 56. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migration planning Disconnected and incomplete data Discover and organize data 7 Rs Applications Performance Infrastructure Level of effort Retire Retain Relocate Rehost Repurchase Re-platform Refactor Tribal knowledge SLA/OLA App configuration data Asset inventories CMDB Architecture Performance Information Automation and guidance AWS Application Discovery Service Amazon Athena
  57. 57. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rehost Automate Manual Install Config Deploy App code development Refactor Redesign ALM/SDLC Integration Seven common migration strategies: “The 7 Rs” Retire Retain Re-platform Determine platform Modify infrastructure Determine Discover VALIDATION Transition Production Assess/ Prioritize Repurchase Buy COTS/SaaS Install/setup Relocate (VMware Cloud on AWS) Automate Use migration tools
  58. 58. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud enablement engines Cloud platform engineering Platform Operations Security Cloud business office Product Architecture Onboarding OCM Financial Delivery TrainingCloud leader Product owner Financial analyst OCM/training specialist Cloud architect Platform engineers Cloud business office Architecture alignment Product management Onboarding Financial management Training Org change management Delivery management Initial cloud enablement engine (6–12 months) Cloud platform engineering Platform Operations Security Cloud foundation team (0–6 months) Cloud enablement engine at scale (12+ months)
  59. 59. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Landing zone facilitates getting started AWS Control Tower Manage accounts and policies Set up environment Enable control Establish cost controls Improve over time
  60. 60. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Securing your cloud migration journey Goals Innovation Migration Foundation: AWS Cloud Adoption Framework Business, People, Governance, Platform, Security, Operations Security on AWS Workshop AWS Jam SRC Blueprint Identity & Access Mgt Data Protection Logging & Monitoring Security Incident Response Simulation Infrastructure Security Incident Response Security Assessment Business Outcomes
  61. 61. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Assessment Readiness & planning Migration Operations & optimizations Migration process: Migration
  62. 62. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Simplify and accelerate migration with CloudEndure Non-disruptiveFlexibleFast Simple setup lets you start in minutes Robust, predictable, nondisruptive continuous replication and minimal cutover windows Wide range of OS, application, and database support Highly secure for regulated environments Secure CloudEndure Migration is now free to all AWS customers
  63. 63. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Run workloads on-premises Run workloads in the cloud Tight integration between on-premises and the cloud Without buying new hardware For customers that want a hybrid approach…
  64. 64. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VMware Cloud on AWS Overcome migration obstacles when moving VMware environments to AWS Cloud VMware SDDC running on AWS bare metal Delivered, operated, and supported by VMware On-demand capacity and flexible consumption Full operational consistency with on-prem SDDC Support for vSphere qualified solutions Global AWS footprint, availability, and scale Direct access to native AWS services AWS Global InfrastructureCustomer Data Center VMware SDDC on-premises AWS services vRealize Suite, third-party vSphere ecosystem vCentervCenter VMware CloudTM on AWS Powered by VMware Cloud Foundation Large-scale application migration vSphere vSAN NSX
  65. 65. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migrate hundreds of live VMware VMs to AWS Cloud instantly VMware Cloud on AWS Cost savings No application re-factoring or re-architecting needed Staff productivity No retraining of staff or revamping of operational processes Operational resilience Familiar and proven VMware environment combined with the global AWS footprint, reach and scale Business agility Bi-directional live application migration to avoid disruption in business transactions, and the ability to scale capacity in a few minutes
  66. 66. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Others have already migrated hundreds of VMs in days On-premises: from request until ready for consumption, on average for an additional host 86D A Y S VMware Cloud on AWS: from request until ready for consumption, on average for an additional host ~10M I N U T E S 650+ workloads in 5 days —LIVE MIGRATED >350 workloads and 30TB in 20 days We have an amazing team with cloud backgrounds, but transforming existing enterprise apps into cloud-native equivalents is extremely difficult. Even for our private cloud apps, migrating them to public cloud presented risks if they were not carefully re-platformed and re-tested. VMware Cloud on AWS coupled with Trend Micro Deep Security smooths that out, saving us months of time and thousands of man hours. Zack Milem, Cloud Solutions Architect, Trend Micro “ ”
  67. 67. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Assessment Readiness & Planning Migration Operations & optimizations Migration process: Operations & optimizations
  68. 68. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Operating your cloud • AWS Service Catalog • AWS Systems Manager • AWS management tools and services • Modeling and provisioning • Automation and operations • Monitoring and logging • Third-party tools Self-managed • 40+ curated services • “Month-to-month” terms • Addresses security & compliance (PCI/SOC/ISO/HIPAA/NIST certified/compliant) • 7 management services provided AWS Managed Services (AMS) • 100+ Managed Service Partners (MSP) • Certification program • Third-party audit • Full lifecycle services Partner-managed
  69. 69. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. High-value, rapid impact modernizations to optimize your applications Amazon Elasticsearch Service Improve availability and performance Evolve to breathe new life into your applications Split off microservices from the monolith
  70. 70. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The most comprehensive set of services and expertise AWS and Partner Tools AWS Partners Migration Methodology AWS Investment AWS Training AWS Professional Services AWS Managed Services
  71. 71. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Partners to help you migrate • AWS Migration Competency Partners (40+) • Established AWS migration practice • Current Managed Services or DevOps Competency • At least Advanced level AWS Consulting Partner • AWS certifications and certified consultants • Audited annually against competencies
  72. 72. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Engage an executive champion Engage AWS on Business Case and Readiness Identify your first application to showcase your cloud potential with AWS Create your Cloud Foundation Team Find your learning path with AWS Training and Certification 1 2 4 3 5 Sadegh Nadimi sadeghn@amazon.com Actions to get started
  73. 73. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Industry leaders modernize on AWS
  74. 74. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S E A T T L E Developing a FinOps Culture Arthur Basbaum AWS Cloud Economics The benefits of developing a self-sustained cloud financial management culture without impacting the speed of innovation 08.22.19
  75. 75. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Achieving business value with the Cloud Value Framework Cost savings (TCO) Example 50%+ reduction in TCO (GE) What is it? Infrastructure cost savings/ avoidance from moving to the cloud Cost impact Staff productivity Example More than 500 hours per year of server configuration time saved (Sage) What is it? Efficiency improvement by function on a task-by- task basis Operational resilience Example Critical workloads run in multiple AZs and Regions for robust DR (Expedia) What is it? Benefit of improving SLAs and reducing unplanned outage Business agility Example Launch of new products 75% faster (Unilever) What is it? Deploying new features/ applications faster and reducing errors Value impact AWS has been helping enterprises for 13+ years
  76. 76. AWS lowers prices over time 73 price reductions since 2006 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
  77. 77. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS allows you to eliminate waste and match capacity and demand Traditional hardware spend Demand for IT AWS Cloud Avoided Waste Avoided Waste Large Capex Peak Business Demand Met Cost Optimization
  78. 78. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traditional technology consumption Model Engineers as requesters Finance as approvers Spend is predictable and static Long procurement cycles High cost of failure
  79. 79. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Changing the way IT and Finance operate ??? Model Engineers as requesters and approvers Finance with no visibility Spend is dynamic and less predictable Agile experimentation with occasional waste Lack of communication between Finance and engineers
  80. 80. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud technology consumption FinOps Model Engineers and Finance acting as one (FinOps) Procurement is instant Agile experimentation combined with predictable cost and reasonable budgets Low cost of failure
  81. 81. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Some of the root causes of cloud waste Managing access to on-demand resources Pricing options Services and resource sizes Budgeting and forecasting Cost visibility for resource owners Automation for optimizing deployments Learning curve associated with:
  82. 82. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Jeff Bezos CEO, Amazon.com Good intentions never work, you need good mechanisms to make anything happen
  83. 83. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud Financial Management (CFM) Framework See Account & tagging strategy Cost reporting & monitoring Showback & Chargeback Efficiency/value KPIs Run Partnership between Finance & Technology organizations Invest in people, processes, governance & tools Celebrate wins Save Cost aware architecture, design & service selection Match capacity with demand Choose the right pricing model Resource governance Plan Strategic fit Business case & value articulation POC based cost estimation Budgeting & forecasting variable cloud spend
  84. 84. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Implement a standard account structure and tagging dictionary Establish cost reporting and monitoring process Perform show/charge back for business units Measure and circulate efficiency/value KPIs Track cost and usage to organizational structure Proactively detect and address cost variances Drive cost aware cloud consumption Validate cloud investment decisions and outcomes By tagging all instances in AWS, we are now able to look at specific costs from the application layer down to every resource associated with an application. This has allowed us to surface the hidden costs for operating applications. Chad Marino, Executive Director of Technology Services Activities Outcomes Measurement and accountability
  85. 85. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our old platform was built and used for 6 years on “our night” of television, and never failed. Resilience and redundancy were areas which we really needed to focus on (as we moved to serverless). If the RDS failed then we had SQS, if SQS failed then we had S3 backups. Our (old platform) monthly hosting costs were over $83k, compared to under $6k (for serverless). In fact, the cost of our ”on the night” serverless platform was $92. Caroline Rennie, Product Lead Cost-aware architecture, design and service selection Match demand with supply Choose the right pricing model Implement process to identify resource waste Increased staff productivity and operational resiliency Eliminating spend related to overprovisioning while being able to scale to meet demand Improved unit economics and lower TCO Reinvesting wasteful spend into innovation and experimentation Cost Optimization Activities Outcomes
  86. 86. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. By using AWS, Zynga could carefully plan, test, and develop proof of concepts without needing to commit to long-term fixed IT assets. This resulted in reduced costs and lower risk as it adapted to technology demands in real time, instead of relying on forecast models. Estimate costs through proof of concept Establish a process for budgeting and forecasting variable cloud usage Gain executive buy-in and establish cloud strategy Agile cost forecasting Understand how the cloud can enable or support strategic initiatives Build a business case and articulate expected value Increased business and usage predictability Planning and forecasting Activities Outcomes
  87. 87. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Celebrate wins Bilingual teams: effective finance and technology collaboration and communication Reinforce and encourage cost aware behaviors and culture Establish a partnership between Finance and Technology organizations Invest in people, processes, governance and tools Maximize cost efficiency and agility in a continuous manner at scale Cloud financial operations Activities Outcomes ICONLOOP has established a Task Force Team for continuous cost management and began the Cost Optimization process by identifying and categorizing current resources based on tagging, user, and usage. For the classified resources, we were able to right-size our instances and reduce our EC2 spend by 5%, and apply AWS Reserved Instances for 36% additional overall cost reduction for steady-state workloads. This process has already allowed us to reduce AWS cost significantly and we keep monitoring our resources through a dashboard we built to achieve more savings. Jinwoo Jeong, Infrastructure Team Leader
  88. 88. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  89. 89. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Metrics What success looks like for your company? Ownership Who is responsible for cost mgmt? Cost Allocation How much each team is spending? Selection What’s the best pricing model to your workload? Getting started
  90. 90. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. TAGS Cost allocation tags Environment Project Team Application ID Cost Center AWS Organizations Cost Allocation: Transparency & Visibility
  91. 91. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cost based (efficiency) $ Monthly forecast vs actual $ Average daily spend % Turned off instances % RI coverage and utilization $ Saved $ Untagged resources # Underutilized resources … Value based (business outcomes) $ per User or Transaction $ per Impression or Click $ per Request $ per Application or Business Unit $ per Revenue $ Per Developer # hours per $ invested … Metrics: Link consumption with value created
  92. 92. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. On Demand (OD) Prototyping, demand still unknown Pay only for what you use Pay per second without any commitment Reserved Instances (RI) Known workloads, predictable demand Up to 75% less vs OD Commit to 1 or 3 years and get a significant discount Spot Flexible workloads, stateless Approx. 90% less vs OD Idle capacity, low cost and no commitment Selection: Leverage AWS Pricing Models
  93. 93. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Traditional Enterprise Retail Media Benchmark: This is how a good mix looks like RI OD SP RI OD Spot RI OD Spot
  94. 94. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. #1 First RI purchases, very conservative, made by an engineer with limited AWS experience on pricing models #2 Finance start asking question and better metrics / visibility on AWS costs, lots of meetings to explain deviations #3 Hire someone to take care full time of AWS costs #4 Low complexity activities (RIs and idle resources) are performed regularly. Start to dive deep on more complex topics, right sizing of EC2, DynamoDB and S3, tag revision to add more granularity #5 Increased demand for cost predictability (improvement in the budget process) Migration to Kubernetes and loss of cost visibility #6 Focus on performance and stability, right size containers and leverage Spot FinTech Journey - Developing cloud cost management in a hypergrowth environment
  95. 95. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Product A launch Start to do optimization by squad/team Kubernetes migration New record for customer acquisition Product B launch Preparing for business growth Product C launch 90 services 250+ services RI purchase Cost per user evolution: after growing 3x userbase and launching +150 new services cost per user remained stable
  96. 96. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Reserved Instances Rightsizing prod Scheduling S3 intelligent tiering Delete idle resources Impact Complexity Rightsizing pre-migration Spot, Serverless, Auto Scaling, and other cost- aware architecture* *Typically needs upfront design investment or management support if done reactively Successful Cost Management is a balanced approach
  97. 97. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Identify owners for cloud financial management activities Start with cost transparency (cost allocation tags), make sure teams who are using the platform are aware of how much they are spending Improve cost predictability with AWS Budgets and forecasting Leverage tools (AWS Cost Explorer) to analyze and execute cost optimization activities Define what success looks for your organization (metrics) and build mechanisms to recognize good behavior Best practices
  98. 98. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. FinDay Events Onsite prescriptive education to accelerate your cost optimization journey Benchmark Compare your metrics with the market standards Cost Opt metrics Identify quick wins and cost reduction based on your usage Training Enable your org to develop a cost oriented culture How can AWS help your cloud financial journey?
  99. 99. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. If you want something to happen you need to make it easy
  100. 100. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. We don’t want to make money from customers that aren’t getting value from us… How many of your partners call you up and say “stop spending money with us?” Andy Jassy CEO, AWS © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  101. 101. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cost Optimization aws.amazon.com/pricing/cost-optimization/ AWS Well Architect Cost Opt Whitepaper d1.awsstatic.com/whitepapers/architecture/AWS -Cost-Optimization-Pillar.pdf Cost Optimization Well Architect Labs awscostlabs.com FinOps Foundation finops.org AWS Cost Management aws.amazon.com/blogs/aws-cost-management/ Laying the foundation for Cost Opt Whitepaper d1.awsstatic.com/whitepapers/cost-optimization- laying-the-foundation.pdf Case studies and research aws.amazon.com/solutions/case-studies AWS Cost Management Tools Partners aws.amazon.com/products/management- tools/partner-solutions/ Resources to get you started
  102. 102. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S E A T T L E 08.22.19 Rapid Innovation: Demystifying AI for the Enterprise Kanchan Waikar (kwwaikar@amazon.com) Senior Solutions Architect, AWS Marketplace for Machine Learning
  103. 103. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 40% of digital transformation initiatives supported by AI in 2019 —IDC 2018 InnovationDecision making Customer experience C E N T E R P I E C E F O R D I G I T A L T R A N S F O R M A T I O N Business operations Competitive advantage
  104. 104. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Our mission at AWS Put machine learning in the hands of every developer
  105. 105. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. W H Y A W S F O R M L ? 200 new features and services launched this last year alone Unmatched flexibility Broadest and deepest set of AI and ML services 70% cost reduction in data-labeling 10x faster performance 75% lower inference cost Accelerate your adoption of ML with SageMaker Built on the most comprehensive cloud platform optimized for ML AWS holds the top spots on Stanford’s benchmark, for fastest training time, lowest cost, lowest inference latency
  106. 106. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 10,000+ customers | 2x the customer references | 85% of TensorFlow projects in the cloud happen on AWS
  107. 107. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Innovating in real time with AI: An executive view https://www.youtube.com/watch?v=9dd4bGBc5lQ
  108. 108. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. FRAMEWORKS INTERFACES INFRASTRUCTURE AI Services Broadest and deepest set of capabilities T H E A W S M L S T A C K VISION SPEECH LANGUAGE CHATBOTS FORECASTING RECOMMENDATIONS ML Services ML Frameworks + Infrastructure P O L L Y T R A N S C R I B E T R A N S L A T E C O M P R E H E N D & C O M P R E H E N D M E D I C A L L E X F O R E C A S TR E K O G N I T I O N I M A G E R E K O G N I T I O N V I D E O T E X T R A C T P E R S O N A L I Z E Ground Truth Notebooks Algorithms + Marketplace Reinforcement Learning Training Optimization Deployment HostingAmazon SageMaker F P G A SE C 2 P 3 & P 3 D N E C 2 G 4 E C 2 C 5 I N F E R E N T I AG R E E N G R A S S E L A S T I C I N F E R E N C E D L C O N T A I N E R S & A M I s RL Coach
  109. 109. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Modernize your contact center to improve customer service conversational chat bots | call transcription | intelligent routing | sentiment analysis VoC analytics text-to speech | multilingual omni-channel communication POLLY TRANSCRIBE TRANSLATE COMPREHEND LEX
  110. 110. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Use AI services to strengthen safety and security accurate facial analysis | identity protection | metadata extraction REKOGNITION IMAGE COMPREHEND & COMPREHEND MEDICAL REKOGNITION VIDEO
  111. 111. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. recommendation technology used by Amazon.com | context-aware recommendations sentiment analysis | VoC analytics PERSONALIZE REKOGNITION IMAGE REKOGNITION VIDEO COMPREHEND Personalize customer experiences with targeted recommendations
  112. 112. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. forecasting technology used by Amazon.com | multiple time-series data forecast scheduling and visualization | supply chain integration FORECAST Accurately forecast future business outcomes
  113. 113. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon SageMaker Pre-built notebooks for common problems Collect and prepare training data Built-in, high performance algorithms Choose and optimize your ML algorithm One-click training Optimization Fully managed with auto-scaling, health checks, automatic handling of node failures, and security checks One-click deployment Choose a Machine Learning model from AWS Marketplace Procure Machine Learning algorithm from AWS Marketplace Set up and manage environments for training Train and tune model (trial and error) Deploy model in production Scale and manage the production environment
  114. 114. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS DeepRacerAWS DeepLensAmazon SageMaker Machine Learning Certification Build your machine learning skills NO PhD REQUIRED
  115. 115. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The world’s first deep learning-enabled video camera for developers • Seven new countries: • Hey, AWS DeepLens: Amazon.ca • Hallo, AWS DeepLens: Amazon.de • Hola, AWS DeepLens: Amazon.es • Bonjour, AWS DeepLens: Amazon.fr • Ciao, AWS DeepLens: Amazon.it • こんにちは、ディープレンズ: Amazon.co.jp • Good day, AWS DeepLens: Amazon.co.uk • Howdy, AWS DeepLens: Amazon.com • Run models 2 x faster with Amazon SageMaker Neo optimization • New tutorials: construction worker safety (hard hat detection), coffee drinking detection, sentiment analysis. NEW in the 2019 edition AWS Deeplens
  116. 116. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Extensive Selection Flexible Consumption and Contracts Easy Deployment Consolidated Bill AWS Marketplace: Find, Buy, Test, and Deploy Software • 230,000 active customers • 1,400+ ISVs • One click launch • 18 regions • Over 650 million hours of monthly EC2 • Over 4,800 product listings • Offers 39 categories • Pay as you go • Hourly/monthly/annual • SaaS contracts Amazon SageMaker/containers • Charges consolidated into AWS Billing • For hardware and software
  117. 117. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace for Machine Learning Subscribe in a single click KEY FEATURES Automatic labeling via machine learning IP protection Automated billing and metering Browse or search AWS Marketplace S E L L E R S Broad selection of paid, free, and open-source algorithms and models Data protection Discoverable on your AWS bill B U Y E R S Available in Amazon Sagemaker To learn more about machine learning marketplace, write to aws-mp-bd-ml@amazon.com
  118. 118. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Marketplace for machine learning A V A I L A B L E A L G O R I T H M S & M O D E L S • Over 240+ algorithms and models • 53 categories Natural Language Processing Grammar & Parsing Text OCR Computer Vision Named Entity Recognition Video Classification Speech Recognition Text-to-Speech Speaker Identification Text Classification 3D Images Anomaly Detection Text Generation Object Detection Regression Text Clustering Protection equipment detection Ranking
  119. 119. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Algorithms let you train a custom model.Model packages are pretrained and ready-to-use. Create a model and then use them for: • Batch inference • Real-time inference • Generating Synthetic features Use algorithms for: • Training a model! • Hyperparameter optimization Pre-trained models Train a custom model21 E.g. MXNet ResNet50 Inference, by Intel AI E.g. Intel® DAAL k-Nearest Neighbors (kNN) Intel®DAAL DecisionForest Classification H2O.ai H2O-3 Automl Algorithm What can you find in AWS Marketplace?
  120. 120. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Machine Learning Lifecycle Jupyter notebook Model Training Hyper- param tuning ML Algorithm Deploy model Manage deployment Built-ins BYOA AWS Marketplace for Machine Learning AWS Provided BYOM AWS Marketplace for Machine Learning Build Train Deploy/Host Sourcing algorithms Sourcing models AWS ProvidedAWS Marketplace for Machine Learning
  121. 121. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Computer Vision NLP Video Image TextAudio AWS Marketplace for Machine Learning 66 products 14 vendors 35 products 17 vendors 6 products 2 vendors 34 products 19 vendors 75 products 18 vendors 13 products 3 vendors 13 products 4 vendors Speech Recognition Structured
  122. 122. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. HCLS domain models/algorithms • Modjoul Heat Index Model • Medical No Show Prediction • Prediction of Patient Readmission Rate • Acquired Hypothyroidism Disease State • AFIB Disease State Predictor • Alzheimers Disease State Predictor • AMI Disease State Predictor • Anemia / Asthma Disease State Predictor • Breast Cancer Disease State Predictor/Classification • Bronchiectasis Disease State Predictor • Colorectal Cancer Disease Predictor • COPD Disease State Predictor • Depression Disease State Predictor • Fibromyalgia Disease State Predictor • Heart Failure Disease State Predictor • Heart Transplant Disease State Predictor • Hip Replacement Disease State Predictor • Glaucoma Detection • Hypertension Disease State Predictor • Knee Replacement Disease State Predictor • Leukemia Disease State Predictor • Lung Cancer Disease State Predictor • Lymphoma Disease State Predictor/Subtype Classification • MS Disease State Predictor • Opioid Addiction Disease State Predictor • Ovarian Cancer Disease State Predictor • Parkinson's Disease State Predictor • Resuscitation Disease State Predictor • Senile Dementia Disease State Predictor • Sleep Apnea Disease State Predictor • Total Joint Replacement Disease State • ITP - Inflammation & Immunology • ITP - Lymphoma • ITP - Myeloid • ITP – Solid Tumor • Dementia Prediction
  123. 123. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Domain Some of the many models from AWS Marketplace Insurance – Auto/Industrial IOT domain • Vehical Attribute Detection • Vehicle damage inspection • Deep Vision vehicle recognition • Modjoul Automotive Telematics Model • Construction Machines Detector • Construction Worker Detector • Person and Truck Segmentation • Personal protective equipment detector • Modjoul Geo Fence Model • Modjoul Asset Utilization Model • Modjoul Stationary Work Model • Modjoul Walking Model • Modjoul Lower Lumbar Model • Modjoul Motion Model • Ball Bearings Quality Inspection • Hard hat detector Retail • Retail Store Sales Prediction • Barcode Detection • Credit card detection • Cortexica Fashion Localisation (CPU) • Person Attribute detection • Unbxd AI - Fashion eCommerce NER • Category Recommendation Inference Model • Review Helpfulness Prediction • Basic Churn Predictor • Churn Prediction • Credit Default Prediction • Attrition Prediction • Bike Rentals Predictor
  124. 124. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Category Some of the many models from AWS Marketplace Computer-Vision • Cortexica Interiors Localisation • Cortexica BodyParts Localiser • Deep Vision brand recognition API • Logo Recognition in Images • Cortexica Interiors Localisation (CPU) Image collage classifier • Deep Vision visual search API • Barcode Detection • Vehical Attribute Detection • Cortexica BodyParts Localiser (CPU) • Image collage classifier • Image human classifier • Local Photo ID (Singapore) • Mighty Anonymize (GPU - Advanced) • Face blocking or blurring for Privacy • Face Anonymizer (GPU) • Skin Disease Classification (GPU) • Passport Data Page Detection • Waste Classifier (CPU) • Deep Vision brand recognition API • Local Photo ID (Singapore) • Deep Vision vehicle recognition • Image mosaic classifier • Image text classifier Audio • Deepgram Speech Recognition (en-GB/Spanish) • Deepgram Speech Recognition (General/Phonecall/Meeting) • Audio Gender Classifier • Background Noise Classifier • Automatic Audio or Sound Classification(algorithm) • Music Genre Recognition(algorithm)
  125. 125. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Category/Domain Some of the many models from AWS Marketplace Text • Word Associations Inference Model • Sentiment Analysis Inference Model • Topic Tagging Inference Model • Novetta Text Tagger • Insult detection • Emotion Analysis Inference Model • Abusive Text Content Detection • Sentiment Analysis • Review Helpfulness Prediction • Lemmatizer Inference Model • Named Entity Recognition • Text Similarity • Text Similarity Inference Model • Text Similarity Analyzer • Language Scoring Inference Model • Demisto Phishing Email Classifier • Lyrics Generator (CPU) • Neural Paraphrase Generation • LexisNexis US Legal Taxonomy - Level 1 • Novetta News Tagger - Russia 360° • Novetta News Tagger - Syrian Conflict • Novetta News Tagger (Foreign Policy) • Novetta News Tagger (Humanitarian) • Banking FAQ Intent Matching • Wipro HOLMES™ E-KYC Controller Extractor
  126. 126. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Detect Phishing Websites • NFL Games Predictor • Neural Paraphrase Generation • Detect Phishing Websites • NFL Games Predictor • Crop Quality Inspection • Bitcoin Predictor • Simple Chemistry Binding Predictor • Simple Income Predictor • Automatic Date & Time Features • Attrition Prediction Amazon Web services provided models • GluonCV DeepLab Semantic Segmentation • GluonCV Faster-RCNN Object Detector • GluonCV MobileNet Classifier • GluonCV ResNet50 Classifier • GluonCV SSD Object Detector • GluonCV YOLOv3 Object Detector • GluonNLP English to German Translation • GluonNLP Sentence Generator And many more..
  127. 127. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Insurance company looking to modernize • Current pain-point • 24 hours to receive a response • Goal • Make claims processing quick, easy, and efficient Sample use-case: Insurance claim process
  128. 128. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Vehicle Make /model identification License plate Verification Damage Identification Automate verification 2 Automate verification 3 Automate identification Cross check car information with policy information Cross check support information Identify damage and get confirmation 1 2 3
  129. 129. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon SageMaker Mobile client Amazon Lex AWS Lambda Invoke Amazon SageMaker endpoint AWS Marketplace Vehicle Damage Inspection Pre-trained Model Deep vision vehicle recognition Pre-trained Model Deploy Model 2 3 Amazon DynamoDB 7 5 trigger Claim processing engine 4 8 Amazon API Gateway 6 1
  130. 130. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  131. 131. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mobile client Amazon Lex AWS Lambda 2 3
  132. 132. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  133. 133. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Mobile client Amazon Lex AWS Lambda 2 3 4 Amazon API Gateway
  134. 134. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  135. 135. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon SageMaker Mobile client Amazon Lex AWS Lambda Invoke Amazon SageMaker endpoint AWS Marketplace Vehicle Damage Inspection Pre-trained Model Deep vision vehicle recognition Pre-trained Model Deploy Model 2 3 Amazon DynamoDB 7 5 4 Amazon API Gateway 6 1
  136. 136. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  137. 137. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Amazon SageMaker Mobile client Amazon Lex AWS Lambda Invoke Amazon SageMaker endpoint AWS Marketplace Vehicle Damage Inspection Pre-trained Model Deep vision vehicle recognition Pre-trained Model Deploy Model 2 3 Amazon DynamoDB 7 5 trigger Claim processing engine 4 8 Amazon API Gateway 6 1
  138. 138. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 1 Create the loop Connect technology initiatives with business outcomes 2 Assess your structured and unstructured data sources Advance your data strategy ? 3 Put machine learning in the hands of your developers Organize for success C U L T U R E – S E T T I N G Y O U R O R G A N I Z A T I O N U P F O R S U C C E S S
  139. 139. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S E A T T L E How to Build your Cloud Enablement Engine with the People you Already Have Russell Easter Senior Consultant, AWS 08.22.19
  140. 140. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Agenda Review the AWS migration journey What is an operating model? Activity-based operating models Transitioning from activity-based to product-based operating models Cloud enablement engine The product org driving the transition to AWS Accelerating organizational readiness with training Five questions to think about now Next steps 1 2 4 3 5 6 7 8
  141. 141. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & compliance Landing zone Skills/CoE Operating model Discovery & planning Migrations & expertise Business case Migration plan Migration readiness assessment Migration readiness & planning (MRP) Migrations & operations MRP timing: 2–6 months, partner, and/or ProServe consulting project Readiness briefings & workshops Migration readiness assessment TCO analysis TCO report Rapid discovery We are at the beginning of the migration journey… Operate Optimize Migrate
  142. 142. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Business Operating model IT Operating model New ideas & innovation OutcomesOutcomes Speed & agility Value & results Operational excellence Cost optimization Business capabilities Technology capabilities Security & compliance Business workforce Technology workforce Digital products & services Business processes Technology processes What is an operating model? An operating model should define how the business and IT align their capabilities, processes, and workforce to reach strategic business outcomes. This is often not the case.
  143. 143. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. InfrastructureApplications OperationsEngineering Application engineering Application operations Infrastructure engineering Infrastructure operations Business software Custom developed or common of the shelf Infrastructure Compute, network, storage middleware, runtime, data operations, security Develop, build, and test All activities needed to define and validate platform infrastructure or business applications Deploy, operate, and manage All activities needed to deploy and support platform infrastructure and applications in production This is because most enterprises operate in an “activity-based” model Custom-developed or common, off-the-shelf
  144. 144. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Each step delays time to valueDefects passed downstream are often discovered late in the delivery cycle and have to be revisited Biz case & reqs Business Creative & functional Design Finance & PMO Prioritization Software development Engineering Integration & perf. QA & testing Deploy & manage Infra & ops Policy & compliance Security Defects Defects Defects Defects Defects Wait Wait Wait Wait Wait Wait Wait Wait Defects Cost is optimized by distributing accountability across pools of resources In the process, pervasive handoffs, bottlenecks, and defects are created Idea Value
  145. 145. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The seven wastes of software development DelaysTask switchingDefects Handoffs Relearning Partially done work Extra features But that’s not all… Handoffs and defects are only two forms of waste created by activity-based operating models
  146. 146. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Business outcomes IT outcomes Sustain undifferentiated or commoditized capabilities with minimal investment Optimize cost, keep the lights on, or retire/outsource to MSPs or SaaS providers Optimize and run core business functions Ensure resiliency, availability, security, scalability, and efficiency Grow market share or enter new markets through differentiated digital products Iterate quickly; hypothesize and experiment with A/B testing and continuous delivery; scale dynamically to the unexpected Think beyond a one-size-fits-all approach to maximize the benefits of AWS Differing business outcomes result in different priorities for the business, as well as IT
  147. 147. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sustain “Traditional Operations” Grow “Decentralized DevOps” Optimize “Distributed DevOps” How does your operating model align with business outcomes?PlatformApplications OperationsEngineering Application engineering Application operations Cloud platform engineering Cloud platform operations ITSM PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering Transitional Strategic Strategic
  148. 148. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sustain “Traditional Operations” Grow “Decentralized DevOps” Optimize “Distributed DevOps” How can AWS help accelerate migration for your “sustain” workloads?PlatformApplications OperationsEngineering Application engineering Application operations ITSM PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering Transitional Strategic Strategic Cloud platform engineering AWS Managed Services
  149. 149. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Accelerate AWS adoption with AWS Managed Services while building org confidence and maturity AWS Managed Services provides ongoing management of the AWS infrastructure supporting your sustain workloads, so you can focus your energy on more differentiated optimize and grow workloads PlatformApplications OperationsEngineering Application engineering Application operations ITSM Cloud platform engineering AWS Managed Services Sustain “Traditional Operations” AWS Managed Services Change management Incident management Provisioning management Patch management Access management Security management Continuity management ITSM integration Reporting
  150. 150. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How does my operating model affect my migration path to AWS? Leverage the AWS Six R’s Framework to inform your workloads’ migration paths Retire Retain Refactor Repurchase Replatform Rehost Buy COTS/SaaS Determine platform Redesign Automate Manual Install/setup Modify infrastructure App code development Use migration tools Install Config Deploy ALM/SDLC Integration Transition Production Determine Discover VALIDATION RearchitectLift & shift Lift & reshape Drop & shop
  151. 151. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How does my operating model affect my migration path to AWS? Migration paths should be chosen to support desired business outcomes, not to speed up migration PlatformApplications OperationsEngineering Application engineering Application operations Cloud platform engineering Cloud platform operations ITSM PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering Retire Retain Refactor Repurchase Replatform Rehost Determine Discover Traditional Operations Distributed DevOps Decentralized DevOps PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering Sustain Optimize Grow RearchitectLift & shift Lift & reshape Drop & shop
  152. 152. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sustain “Traditional Operations” Grow “Decentralized DevOps” Optimize “Distributed DevOps” We recommend that over time, you transition “sustain” workloads...PlatformApplications OperationsEngineering Application engineering Application operations ITSM PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering Transitional Strategic Strategic Cloud platform engineering AWS Managed Services Retire SaaS Rearchitect
  153. 153. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Grow “Decentralized DevOps” Optimize “Distributed DevOps” Two models that enable both app and platform to be delivered as products PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering PlatformApplications OperationsEngineering ITSM Application engineering Cloud platform engineering Strategic Strategic
  154. 154. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Growth Customer experience Traffic Sellers Selection Lower prices Lower cost structure Amazon’s success is frequently attributed to its peculiar way of operating, illustrated by the Amazon flywheel
  155. 155. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customer value Customer experience Adoption Feedback Experiments Reduce time to value Decouple EmpowerA similar way of operating drives the flywheel behind our ability to rapidly deliver software and services
  156. 156. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Business applications Cloud platform The flywheel represents a “product-based operating model” powering customer-centric innovation and modernization
  157. 157. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customers realize maximum value from AWS when they build their own flywheels
  158. 158. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. 3 Organize teams around products FROMTO 4 Bring the work to the teams2 Re-envision the world as products 6 Own your entire lifecycle5 Reduce risk through iteration Systems amazon.com Jan. Dec. DeliveryCycleFundingCycle Risk Largebatch Risk FundingCycle M V P M V P M V P Smallbatch DeliveryCycle Jan. May Sept. $ $$ $ Risk Risk Activity-basedteams Business Design Mgmt. PMO Dev Ops Product-basedteams Full Stack. Two Pizzas. Bringworktotheteam Work Work Bringteamtothework amazon.com Promos Cart Products Item Digital Assets Ads Search Account Home Page ImaginingKnowing 1 Work backwards from the customer Full-lifecycleaccountability OperationsEngineering PlatformApplications DevOps platform teams DevOps application teams Distributedaccountability Item Ads OperationsEngineering PlatformApplications Platform Eng. App Eng. App Ops Platform Ops Reduce time to valueCustomer obsession Adoption FeedbackExperimentsDecouple Empower Building a product-based flywheel aligns the business & IT on common goals Six key changes are required
  159. 159. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ● Adaptive home page Experiences Services ● Search ● Cart ● Account ● Item ● Advertising ● Promotions ● Digital asset ● Others... Navigation Promotions Customer Profile Promotion Content Cartridge Recommendations Adaptivehomepage Search Cart Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Cart Account Account Search Promotions Item Item Item Item Item Item Promo Promo Promo Promo Promo Item Item Item Item Item Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset How do you re-envision the world as products? Two kinds of products Advertising
  160. 160. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Navigation Promotions Customer Profile Promotion Content Cartridge Recommendations Adaptivehomepage Search Cart Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Cart Account Account Search Promotions Advertising Item Item Item Item Item Item Promo Promo Promo Promo Promo Item Item Item Item Item Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Digital Asset Adaptive home page Search Account Cart Item Digital asset Advertising Promotions Products are delivered by stable “product teams”
  161. 161. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The seven wastes of software development DelaysTask switchingDefects Handoffs Relearning Partially done work Extra features A product-based model reduces the amount of development waste By collapsing the entire delivery value stream—from idea to production—we incentivize customer obsession, results, and the elimination of waste
  162. 162. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. OCM Training Finance Product management Cloud business office Cloud leadership team Business alignment Sponsorship Outcomes KPIs Product teams at scale Business integration Two-pizza teams Modernization Innovation Security Operations Platform Two-pizza teams Cloud platform engineering Our approach to operating model transformation applies product principles in four key workstreams
  163. 163. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. OCM Training Finance Product management Cloud business office Cloud leadership team Business alignment Sponsorship Outcomes KPIs Product teams at scale Business integration Two-pizza teams Modernization Innovation Security Operations Platform Two-pizza teams Cloud platform engineering Today, we’ll focus on the two platform components of the product-based operating model
  164. 164. AMAZON CONFIDENTIAL Cloud enablement engine Enable agility, value, and governance at cloud scale
  165. 165. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. The cloud enablement engine is a product-based organization The products it creates enable the organization to accelerate cloud adoption, while keeping adoption sustainable and secure. Its core mission is to free development teams to focus on maximizing the cloud’s benefits with their applications, instead of focusing on platform or governance concerns. Customer value Customer experience Adoption Feedback Experiments Reduce time to value Decouple Empower
  166. 166. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud business office Aligns the products and services offered by cloud platform engineering with the needs of enterprise customers and leadership Provides ongoing onboarding, training, and organizational change management to ensure that the organization successfully navigates and embraces the move to the cloud Cloud platform engineering Configures and codifies the AWS platform to align with enterprise standards for architecture, operations, security, and finance Packages and continuously improves these standards as self-service deployable products and consumable services There are two components of an organization’s cloud enablement engine
  167. 167. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud business office Aligns cloud platform products and services with the needs of enterprise customers and leadership, providing ongoing management to ensure successful movement to the cloud Cloud business office (CBO) capabilities PeopleGovernance Architecture alignment Product management Delivery management Customer onboarding Financial management Org change management Training Agile execution support Status reporting Cost optimization Reporting & forecasting Invoice management Adoption support Curriculum strategy Sourcing & management Strategy & execution CommunicationsProvisioning Cloud knowledge hub Demand management Prioritization and roadmap Functional work decomposition Reference architecture alignment Technical work decomposition Engineering support 1 2 3 4 5 6 7 Integration Organizational alignment What products does the cloud business office provide?
  168. 168. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud platform engineering Codifies differences between stock AWS service configurations and the enterprise’s standards, packaged and continuously improved as self- service deployable products to customers Cloud platform engineering (CPE) products PlatformOperationsSecurity Core platformCodified patterns Operate & manageBuild, test & deploy Detect & respond Configuration management Enterprise “stacks” Core networking Accounts, IAM & SSO CaaS/FaaS CI/CD & release management Configuration management Source code & artifact repositories Telemetry, alerts & insights Patch, backup & restore ITSM & self-service Threat & vulnerability management Security information & event management Incident response & forensics Define & enforce IAM & policy management Network security Secrets & encryption 9 10 8 What products does cloud platform engineering provide?
  169. 169. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud operations Security operations Cloud leadership team Executives CEO COO CFO CDO CRO CISO CIO CTO CHRO Together, the cloud enablement engine’s teams support many internal customers Software development teams Sustain Optimize Grow 69 Cloud platform engineering Platform Operations Security Core platform Build, test & deploy Operate & manage Define & enforce Detect & respond Codified patterns PeopleBusiness & governance Architecture alignment Product management Delivery management Customer onboarding Financial management Cloud business office Org change management Training
  170. 170. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Product management Product design Product eng. & test Product operations Viability Desirability Feasibility Operability IT | Engineering manager Career development Accountable for team execution, delivery quality, team-member performance and development, and overall HR responsibilities IT | Engineers Feasibility & operability Accountable for product technical feasibility and delivery across the platform, operations & security; and engineering, testing & (again) operations IT | Scrum master Productivity Facilitates Agile process and ensures forward progress toward business outcomes by the product team IT | Product owners Singularly accountable for platform vision and its viability from a business perspective Viability Fin | Financial analysts Financial budgeting, tracking, and reporting; showbacks/chargebacks and cost optimization Workforce preparedness, communications, training, resource, and career management plans HR | OCM specialists Translates business objectives and governance requirements to platform architecture IT | Cloud architects Desirability The “cloud foundation team” is your first “product team” End-to-end accountability is established by creating a dedicated team of business, design, engineering, and operations disciplines
  171. 171. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud foundation team How do you start your cloud enablement engine? Think big, but start small. Launch a cloud foundation team and a small number of development teams to start the flywheel. Scale as the customer’s cloud transformation accelerates and expands. Platform,governance&people PeopleBusiness & governance 71 Cloud platform engineering Platform Operations Security Architecture alignment Core platform Build, test & deploy Operate & manage Define & enforce Detect & respond Product management Delivery management Customer onboarding Financial management Codified patterns Cloud business office Org change management Training & applied learning Applications Software development teams Sustain Optimize Grow
  172. 172. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Cloud platform engineering Platform Operations Security Cloud business office Product Architecture Onboarding OCM Financial Delivery TrainingCloud leader Product owner Financial analyst OCM/training specialist Cloud architect Platform engineers Cloud business office Architecture alignment Product management Onboarding Financial management Training Org change management Delivery management Initial cloud enablement engine (6–12 months) Cloud platform engineering Platform Operations Security Cloud foundation team (0–6 months) Cloud enablement engine @ scale (12+ months) How do I build and scale a cloud enablement engine?
  173. 173. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Build the cloud talent you need from the people you already have Architecture Infrastructure Operations Security Business/IT alignment Project management Data Applications Cloud Enterprise Architect Cloud Operations Architect Cloud Security Architect Cloud Infrastructure Engineer Cloud Operations Engineer Cloud SysOps Admin Cloud Security Engineer Cloud SecOps Admin Product Owner Agile Scrum Master Cloud Data Engineer Cloud AI/ML Engineer Cloud Data Scientist Cloud Solutions Architect Cloud Software Engineer Enterprise Architect Operations Architect Security Architect Compute Engineer Storage Engineer Network Engineer Middleware Engineer App Platform Engineer Build/Release Engineer Capacity Planner Incident Management Security Engineer IAM Engineer Policy & Compliance Relationship Managers Portfolio Managers Senior Business Analyst Project Manager Product Manager Data Platform Engineer Database Admin Data Architect Enterprise Architect Solutions Architect Application Developer CloudroleTypicallysourcedfrom
  174. 174. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Cloud 101 basic education Role-based foundational cloud education Role-based hands-on ramp-up training Product team DevOps training Area of depth specialty training Target audience All stakeholders impacted by AWS Cloud adoption Stakeholders who will make decisions related to AWS cloud adoption AWS Cloud Platform team, Software Development teams, Operations teams AWS Cloud Platform team, DevOps teams Resources who need an in-depth understanding of security, advanced networking, or big data Optionsfor modeofdelivery • AWS Immersion Day • AWSome Day • AWS Essentials courses • Online training by third-party provider • Hybrid curriculum facilitated by an SME/mentor • Online training by third-party provider • Hybrid curriculum with AWS mentor • Hybrid curriculum with in-house mentor • Online training by third-party provider • DevOps immersion centers • Hybrid curriculum with AWS mentor • Hybrid curriculum with in-house mentor • Online training by third-party provider • Hybrid curriculum • Online training by third-party provider A hybrid curriculum is a combination of instructor-led training, whitepapers, videos, and online learning from AWS and third-party vendors AWS certification • Cloud practitioner • SA—associate • SysOps administrator • Developer • SA—professional • DevOps engineer • Security • Advanced network • Big data Help them along with a comprehensive approach to education and training
  175. 175. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Why are you migrating to the cloud? How will the cloud drive business outcomes? Which applications are you thinking of for your first wave of migrations? What operational capabilities are needed to support these applications? Who should be on your cloud foundation team? How are you going to measure the team’s success (e.g., KPIs)? 1 2 4 3 5 Getting started: Five things to think about
  176. 176. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Work through the five questions internally • Schedule a people & operating model (“POP”) workshop • Create and enable a cloud foundation team during MRP • Ask your account managers about briefings/workshops on other migration topics: cloud business case, security topics, and a migration immersion day 1 2 4 3 Next steps
  177. 177. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. S E A T T L E Elevate Your Security With the Cloud Shllomi Ezra AWS Sr. Business Development Manager - Security Services 08.22.19
  178. 178. Why is security traditionally so hard? Low degree of automationLack of visibility © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  179. 179. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ORMove fast Stay secure Before…
  180. 180. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. ORAND Now… Move fast Stay secure Before…
  181. 181. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Path to cloud Identify & engage stakeholders Capability & enablement Security OF the cloud Operational model Security IN the cloud Regulations Legal agreements Establish security controls (prevent, detect, respond, recover) Regulator approval or notification Internal & external assessment Engage and plan Security readiness Assess and approve
  182. 182. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Shared responsibility model AWS Security OF the Cloud AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud Security IN the Cloud Customer responsibility will be determined by the AWS Cloud services that a customer selects Customer
  183. 183. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Customers are responsible for end-to-end security in their on-premises data center Software Platform, applications, identity, and access management Operating system, network, and firewall configuration Customer data Traditional on-premises security model Client-side data Encryption & data integrity authentication Server-side data File system and/or data Network traffic Protection (encryption, integrity, identity) Hardware/AWS Global Infrastructure Compute Storage Database Networking Regions Availability zones Edge locations
  184. 184. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Understanding the AWS Shared Responsibility Model Customers responsibility for security “in” the cloud Platform, applications, identity, and access management Operating system, network, and firewall configuration Customer data Client-side data Encryption & data integrity authentication Server-side data File system and/or data Network traffic Protection (encryption, integrity, identity) Software Hardware/AWS Global Infrastructure Compute Storage Database Networking Regions Availability zones Edge locations AWS responsibility for security “of” the cloud
  185. 185. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Automate with comprehensive, integrated security services Inherit global security and compliance controls Highest standards for privacy and data security Largest network of security partners and solutions Scale with superior visibility and control Elevate your security with the AWS Cloud
  186. 186. Inherit global security and compliance controls SOC 1 SOC 2 SOC 3 CJIS DoD SRG FERPA SEC Rule 17a-4(f) GxP MPAA My Number Act VPAT Section 508 G-Cloud © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  187. 187. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Control where your data is stored and who can access it Fine-grain identity & access control so resources have the right access Reduce risk via security automation and continuous monitoring Integrate AWS services with your solutions to support existing workflows, streamline ops, and simplify compliance reporting Scale with visibility and control
  188. 188. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Encryption at scale with keys managed by our AWS Key Management Service (KMS) or managing your own encryption keys with AWS CloudHSM using FIPS 140-2 Level 3 validated HSMs Meet data residency requirements Choose an AWS Region and AWS will not replicate it elsewhere unless you choose to do so Access services and tools that enable you to build compliant infrastructure on top of AWS Comply with local data privacy laws by controlling who can access content, its lifecycle, and disposal Highest standards for privacy
  189. 189. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Threat remediation and response Securely deploy business critical applications Operational efficiencies to focus on critical issues Continuous monitoring and protection Automate with integrated services Comprehensive set of APIs and security tools
  190. 190. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Identity & Access Management (IAM) AWS Single Sign-On AWS Directory Service Amazon Cognito AWS Organizations AWS Secrets Manager AWS Resource Access Manager AWS Security Hub Amazon GuardDuty AWS Config AWS CloudTrail Amazon CloudWatch VPC Flow Logs AWS Systems Manager AWS Shield AWS WAF—Web application firewall AWS Firewall Manager Amazon Inspector Amazon Virtual Private Cloud (VPC) AWS Key Management Service (KMS) AWS CloudHSM AWS Certificate Manager Amazon Macie Server-Side Encryption AWS Config Rules AWS Lambda Identity & access management Detective controls Infrastructure protection Incident response Data protection AWS security solutions
  191. 191. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Protect Detect Respond Automate Investigate RecoverIdentify AWS Systems Manager AWS Config AWS Lambda Amazon CloudWatch Amazon Inspector Amazon Macie Amazon GuardDuty AWS Security Hub AWS IoT Device Defender KMSIAM AWS Single Sign-On Snapshot Archive AWS CloudTrail Amazon CloudWatch Amazon VPC AWS WAF AWS Shield AWS Secrets Manager AWS Firewall Manager AWS Foundational and Layered Security Services AWS Organizations Personal Health Dashboard Amazon Route 53 AWS Direct Connect AWS Transit Gateway Amazon VPC PrivateLink AWS Step Functions Amazon Cloud Directory AWS CloudHSM AWS Certificate Manager AWS Control Tower AWS Service Catalog AWS Well- Architected Tool AWS Trusted Advisor Resource Access manager AWS Directory Service Amazon Cognito Amazon S3 Glacier AWS Security Hub AWS Systems Manager AWS CloudFormation AWS OpsWorks
  192. 192. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How Amazon GuardDuty works?
  193. 193. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. VPC flow logs DNS Logs CloudTrail Events FindingsData Sources Threat intelligence Anomaly Detection (ML) AWS Security Hub • Remediate • Partner Solutions • Send to SIEM CloudWatch Event Finding Types Examples Bitcoin Mining C&C Activity Unusual User behavior Example: • Launch instance • Change Network Permissions Amazon GuardDuty Threat Detection Types HIGH MEDIUM LOW Unusual traffic patterns Example: • Unusual ports and volume How Amazon GuardDuty works?
  194. 194. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Backdoor Finding Types Behavior Finding Types Crypto Currency Finding Types PenTest Finding Types 54 Finding types and growing (click to learn more) Persistence Finding Types Policy Finding Types Privilege Escalation Finding Types Recon Finding Types Resource Consumption Finding Types Stealth Finding Types GuardDuty Trojan Finding Types GuardDuty Unauthorized Finding Types What are Amazon GuardDuty findings?
  195. 195. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How Amazon Inspector works? Configure assessment Run assessment Findings Remediation Inspector Partners • SIEM • Reporting • Ticketing Store in Database Vulnerability; Resource affected; Recommendation Take Action 1-Click
  196. 196. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. How AWS Security Hub works?
  197. 197. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Hub Benefits Aggregated findings Compliance standards
  198. 198. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Finding Aggregation Firewalls Vulnerability MSSP Endpoint Compliance Other “Taking Action” AWS Security Hub Amazon CloudWatch Events Partners forwarding findings into AWS Security Hub Amazon GuardDuty Amazon Inspector Amazon Macie AWS Security Services Forwarding findings into AWS Security Hub SIEM SOAR Other
  199. 199. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. AWS Security Hub Benefits Aggregated findings Compliance standards
  200. 200. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Compliance Standards Based on CIS AWS Foundations Benchmark • 43 fully automated, nearly continuous checks • Findings are displayed on main dashboard for quick access. • Best practices information is provided to help mitigate gaps to be in compliance.
  201. 201. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Avoid the use of the "root" account Ensure CloudTrail is enabled in all regions Ensure no Security groups allow ingress from 0.0.0.0/0 to port 22 Ensure IAM policies that allow full "*:*" administrative privileges are not created Examples: Compliance Standards 43 pre configured rules for CIS
  202. 202. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Compliance Standards
  203. 203. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Example: 1.1 Avoid the use of the "root" account Compliance Standards
  204. 204. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Infrastructure security Logging & monitoring Identity & access control Configuration & vulnerability analysis Data protection Largest ecosystem of security partners and solutions
  205. 205. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security engineering Governance, risk, & compliance Security operations & automation Consulting competency partners with demonstrated expertise
  206. 206. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Looks for fraud, abuse, and insider trading over nearly 6 billion shares traded in U.S. equities markets every day • Processes approximately 6 terabytes of data and 37 billion records on an average day • Went from 3–4 weeks for server hardening to 3–4 minutes • DevOps teams focus on automation and tools to raise the compliance bar and simplify controls • Achieved incredible levels of assurance for consistencies of builds and patching via rebooting with automated deployment scripts —John Brady, CISO FINRA Financial industry regulatory authority “I have come to realize that as a relatively small organization, we can be far more secure in the cloud and achieve a higher level of assurance at a much lower cost, in terms of effort and dollars invested. We determined that security in AWS is superior to our on-premises data center across several dimensions, including patching, encryption, auditing and logging, entitlements, and compliance.”
  207. 207. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Migrated all-in on AWS in under 12 months, becoming a HIPAA-compliant cloud-first organization • New York-based startup leveraged infrastructure as code to securely scale to 6 million patients per month • Data liberation—use data to innovate and drive more solutions for patients, reducing patient wait times from 24 days to 24 hours • Maintain end to end visibility of patient data using AWS Online medical care scheduling —Chief Information Security Officer (CISO) “Previously all our servers were configured and updated by hand or through limited automation, we didn’t take full advantage of a configuration management…All our new services are built as stateless docker containers, allowing us to deploy and scale them easily using Amazon’s ECS.” “AWS allowed us to scale our business to handle 6 million patients a month and elevate our security—all while maintaining HIPAA compliance—as we migrated 100% to cloud in less than 12 months.”
  208. 208. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved. • Vodafone Italy is a prominent player in the Italian mobile phone market with over 30 million users • With a rise in SIM transactions, the company wanted to find a way to make it easier for customers to top up using a credit or debit card—and since each SIM card contains valuable personal information, that solution needed to be not only flexible, but also secure • With AWS Cloud, Vodafone Italy was able to users to purchase credits online with strong security and be compliant with the Payment Card Industry Data Security Standard (PCI DSS) • With the muscle of the AWS cloud behind it, Vodafone easily managed top-up requests through the new service as it grew to several thousand daily and spread to multiple online channels, including social media platforms Mobile top-up service —Stefano Harak, Online Senior Product Manager “Amazon Web Services was the clear choice in terms of security and PCI DSS Level 1 compliance compared to an on-premises or co-location data center solution.” “Using AWS, we were able to design and launch a security-compliant solution in three months while reducing our capital expenses by 30 percent.”
  209. 209. Thank you! © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  210. 210. © 2019, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×