SlideShare a Scribd company logo

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS re:Invent 2018

Amazon Web Services
Amazon Web Services

Join us, and learn how we made AWS our backbone, modularized our software for the cloud, and gained an immediate surge in velocity. In this session, we walk you through some of the unexpected security challenges we faced and hopefully save you a few headaches. Discover what security issues you need to address, how to avoid costly unused instances in your deployments, and why your current security tools won’t help. We show you how a major transformation landed us on AWS, and we share how we overcame challenges and advanced our business while innovating in a new direction. This session is brought to you by AWS partner, Barracuda Networks Inc.

1 of 52
Download to read offline
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Moving 400 Engineers to AWS; Our Journey to Secure Adoption Fleming Shi SVP, Technology Barracuda Networks S E C 3 0 6 - 3
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where will your applications be in a few years?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Apps On Premises HQ Apps Hybrid HQ Public Cloud & SaaS HQ Public Cloud & SaaS Public Cloud “All-in” Apps are on the move
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technology evolution at Barracuda 2004 – 2008 • Application-layer security appliances • Hardened hardware appliances • Unified platform • IDC unit volume leader for purpose-built security appliance company 2009 – 2010 2011 - 2013
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technology evolution at Barracuda 2004 – 2008 2009 – 2010 Breaking Deployment Barriers • Added VM offerings for our appliance products • Supporting all major Hypervisors • Continue to win more awards Network Layer Security Appliances • Added Barracuda Next Generation Firewall Storage and Data Protection 2011 - 2013
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technology evolution at Barracuda 2004 – 2008 2009 – 2010 2011 - 2013 Added SaaS Offerings • Remove the need to rack & stack, continue to simplify IT • Email Security Service • Web Security Service • Mobile Device Management Service • Centralized Management for dispersed IT organizations • Barracuda Cloud Control Mobile Security Public Cloud Integrations • AWS
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2014 - Now • Architectural Transformation • Microservices with “API-First” • Containerize for Portability • Continuous Integration and Deployment • We need to build FASTER! Adoption of Microservices
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The days of building software and toss over the wall to the OPS team are long gone Operational efficiency are achieved from continuously: build|integrate|deploy|protect|monitor|remediate DevOps Mentality – Need for Speed
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. High Availability & Geographically Distributed Zero-Trust which leads to “Rehydration” of Workloads DevOps Mentality – SLA
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Need contracts in the continents where customers reside Peering provider and upstream hiccups Remote hands Physical security Just one more thing, “EPO (Emergency Power Off)” Button Time Needed: Months Data Center
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. We have a cage and a network drop, now what? Need racks and plan for expansion Time Needed: Weeks Rack Space Allocation
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rack density depends on the hardware Need to leave half of the racks empty unless you change your hypervisor hardware Time Needed: Weeks Power Consumption
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hypervisor Agility …6 months later… We got everything running, awesome right? Wait… Need more IO performance and space Time to shuffle some guest VMs Expansion takes time and planning… Time Needed: Months
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Breaking Point We actually ran out of cables Question: Is this ever going to end? Unfortunate answer I can anticipate: Probably not  Time Needed: Weeks
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & Compliance Posture A series of questions • Where is everything and how are they related? • Who has access to what? • How do you handle incidents? • What about data privacy issues?
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Low visibility on developer activity How are we asset-tracking for each application? Is there a concept of Dev, Staging then Production? Why are we getting Abuse Reports? Building fast has consequences …
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Abuse Reports Productivity is way up for projects, but start to see security incidents. Yes, I got 3 in 30-day span… embarrassed. Conclusion: We need to watch over the builders via Management and Control Plane natively in the platform.  “Governance with CIS Benchmark and provide auto-remediation”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Application Security Workloads are easy to spin up, but flows in/out of your applications still need protection. Conclusion: We need application layer protection at the data plane.  “Secure Data in Transit”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security for Data at Rest Today, applications are built with UIs, APIs, Databases and Object Storage How do I guarantee the data from my application in Amazon Simple Storage Service (Amazon S3) buckets are clean? Conclusion: We need to protect the Amazon S3 buckets from mis- configuration and malware.  ”Secure Data at Rest with Barracuda ATP, Amazon Macie”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid Cloud I needed a strong mesh of service regions to support our customers. What if we rely on AWS as the backbone, I can benefit from its SLA.  Conclusion: Let’s build our Transit VPC using Barracuda Cloud Gen FWs.  “AWS and Barracuda Better Together”
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. } “dev:sec:ops” // Information Security Software engineer Risk professional Cloud expertise, no security ‘Cloud challenged’, sec pros API only interface GUI with centralized management Open source tools Established ISVs Hard to reach Well established Marketing channel Self-consumption of products (marketplace) open PO POs through established channel Metered-billing Licenses
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Different models
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2 personas Builders vs. IT Professionals There is a natural friction between building fast and staying secure… what can Barracuda do here?
Barracuda is ready to do this with our security expertise in data plane and working with the native controls on AWS.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo Demonstrate how Barracuda identifies threats at “Data at Rest” to protecting the application itself. Demonstrate how “continuous monitoring” is helping in the Build Fast motion and prevent disasters.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Embrace Native Controls AWS is now providing more in-depth capabilities for security professionals. Conclusion: Barracuda can integrate and deploy AWS native controls and services wherever possible.  Amazon GuardDuty  Macie
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Be prescriptive with advanced security controls At the time of policy creation, we can identify the right solution for enforcement. Only use what you need at the right place. Conclusion: Security beyond what the platform provides are readily available, we just need to API orchestrate them and remove deployment complexities. From management plane to data plane  OWASP top 10 for web applications  Advanced Threat Protection for Amazon S3  IPS/IDS in flows
Trust, but verify inspect, but not disrupt remediate, but moderate security needs to be complete and easy-to-use
Do you want to build fast and stay secure? Checkout Barracuda’s booth #2029
Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. - Fleming Shi
© 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

Recommended

Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
 
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Amazon Web Services
 
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...Amazon Web Services
 
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
 
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 

Recommended

Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...
Improve your Security Posture with AWS CloudFormation (DEV341-R2) - AWS re:In...Amazon Web Services
 
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018
Leadership Session: AWS Security (SEC305-L) - AWS re:Invent 2018Amazon Web Services
 
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...
AWS Secrets Manager: Best Practices for Managing, Retrieving, and Rotating Se...Amazon Web Services
 
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018
The Perimeter is Dead. Long Live the Perimeters. (SEC312-S) - AWS re:Invent 2018Amazon Web Services
 
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...
How LogMeIn Automates Governance and Empowers Developers at Scale (SEC302) - ...Amazon Web Services
 
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...
Securing Machine Learning Deployments for the Enterprise (SEC369-R1) - AWS re...Amazon Web Services
 
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018
Top Cloud Security Myths - Dispelled! (SEC202-R1) - AWS re:Invent 2018Amazon Web Services
 
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...
McAfee Skyhigh: Elevating Your AWS Security Posture (SEC307-S) - AWS re:Inven...Amazon Web Services
 
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018Amazon Web Services
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your FirewallAmazon Web Services
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Amazon Web Services
 
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Amazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Amazon Web Services
 
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...Amazon Web Services
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Amazon Web Services
 
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Amazon Web Services
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...Amazon Web Services
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Amazon Web Services
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Amazon Web Services
 
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...Amazon Web Services
 
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...Amazon Web Services
 
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 

More Related Content

What's hot

Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Amazon Web Services
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3Amazon Web Services
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Amazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Amazon Web Services
 
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018Amazon Web Services
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your FirewallAmazon Web Services
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Amazon Web Services
 
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Amazon Web Services
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Amazon Web Services
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Amazon Web Services
 
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...Amazon Web Services
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Amazon Web Services
 
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Amazon Web Services
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...Amazon Web Services
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Amazon Web Services
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Amazon Web Services
 
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...Amazon Web Services
 
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...Amazon Web Services
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Amazon Web Services
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...Amazon Web Services
 

What's hot (20)

Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
Security Best Practices for Microsoft Workloads (WIN307) - AWS re:Invent 2018
 
DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3DEM20 Protecting Your Data in Amazon S3
DEM20 Protecting Your Data in Amazon S3
 
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...Meeting Enterprise Security Requirements with AWS Native Security Services (S...
Meeting Enterprise Security Requirements with AWS Native Security Services (S...
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
GDPR Readiness and Management (SEC206-R1) - AWS re:Invent 2018
 
Come Out From Behind Your Firewall
Come Out From Behind Your FirewallCome Out From Behind Your Firewall
Come Out From Behind Your Firewall
 
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
Drive Self-Service & Standardization in the First 100 Days of Your Cloud Migr...
 
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...Automating Compliance Certification with Automated Mathematical Proof (SEC330...
Automating Compliance Certification with Automated Mathematical Proof (SEC330...
 
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
Building the Technical Foundation for Your Security Practice (GPSCT205) - AWS...
 
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
Continuous Compliance for Modern Application Pipelines (GPSWS402) - AWS re:In...
 
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
NFL and Forwood Safety Deploy Business Analytics at Scale with Amazon QuickSi...
 
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
Best Practices for Securing Serverless Applications (SEC362-R1) - AWS re:Inve...
 
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
Container Security and Avoiding the 2 A.M. Call (CON303-R1) - AWS re:Invent 2018
 
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
A DIY Guide to Runbooks, Security Incident Reports, & Incident Response (SEC3...
 
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
Solving for Identity and Authentication with .NET Apps on AWS (GPSWS408) - AW...
 
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
Configure Your Cloud to Make It Rain on Threats (SEC335-R1) - AWS re:Invent 2018
 
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
How Enterprises Are Modernizing Their Security, Risk Management, & Compliance...
 
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
Inventory and Patch Management Using AWS Systems Manager (ARC332) - AWS re:In...
 
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
Find All the Threats: AWS Threat Detection and Remediation (SEC331) - AWS re:...
 
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
The Theory and Math Behind Data Privacy and Security Assurance (SEC301) - AWS...
 

Similar to Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS re:Invent 2018

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...Amazon Web Services
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Amazon Web Services
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...Martin Klie
 
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Amazon Web Services
 
The Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedThe Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedAmazon Web Services
 
Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018Amazon Web Services
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Amazon Web Services
 
Leadership Session: Using AWS End User Computing Services for Your Modern Wor...
Leadership Session: Using AWS End User Computing Services for Your Modern Wor...Leadership Session: Using AWS End User Computing Services for Your Modern Wor...
Leadership Session: Using AWS End User Computing Services for Your Modern Wor...Amazon Web Services
 
Transforming Enterprise IT - AWS Transformation Day 2018: Detroit
Transforming Enterprise IT - AWS Transformation Day 2018: DetroitTransforming Enterprise IT - AWS Transformation Day 2018: Detroit
Transforming Enterprise IT - AWS Transformation Day 2018: DetroitAmazon Web Services
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesAmazon Web Services
 
How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWSAmazon Web Services
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)Amazon Web Services
 
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...Amazon Web Services
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBoaz Ziniman
 
Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...
Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...
Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...Amazon Web Services
 
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Amazon Web Services
 

Similar to Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS re:Invent 2018 (20)

[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
[REPEAT 1] Safeguard the Integrity of Your Code for Fast and Secure Deploymen...
 
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
Safeguard the Integrity of Your Code for Fast and Secure Deployments (DEV349-...
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
 
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
Best Practices for Safe Deployments on AWS Lambda and Amazon API Gateway (SRV...
 
The Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons LearnedThe Future of Enterprise IT - Lessons Learned
The Future of Enterprise IT - Lessons Learned
 
Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018Transforming Enterprise IT - AWS Transformation Day Boston 2018
Transforming Enterprise IT - AWS Transformation Day Boston 2018
 
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
Executive Security Simulation Workshop (WPS206) - AWS re:Invent 2018
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
Leadership Session: Using AWS End User Computing Services for Your Modern Wor...
Leadership Session: Using AWS End User Computing Services for Your Modern Wor...Leadership Session: Using AWS End User Computing Services for Your Modern Wor...
Leadership Session: Using AWS End User Computing Services for Your Modern Wor...
 
Transforming Enterprise IT - AWS Transformation Day 2018: Detroit
Transforming Enterprise IT - AWS Transformation Day 2018: DetroitTransforming Enterprise IT - AWS Transformation Day 2018: Detroit
Transforming Enterprise IT - AWS Transformation Day 2018: Detroit
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Containers for Startups
Containers for StartupsContainers for Startups
Containers for Startups
 
How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS How to Enhance Your Application Security Strategy with F5 on AWS
How to Enhance Your Application Security Strategy with F5 on AWS
 
Cheat your Way into the Cloud
Cheat your Way into the CloudCheat your Way into the Cloud
Cheat your Way into the Cloud
 
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)How to Architect and Bring to Market SaaS on AWS GovCloud (US)
How to Architect and Bring to Market SaaS on AWS GovCloud (US)
 
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
Making Hybrid Work for You: Getting into the Cloud Fast (GPSTEC308) - AWS re:...
 
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 MinskBuilding Serverless IoT solutions - EPAM SEC 2018 Minsk
Building Serverless IoT solutions - EPAM SEC 2018 Minsk
 
Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...
Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...
Securely Deliver Desktop Applications with Amazon AppStream 2.0 (BAP201) - AW...
 
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
Unlocking Software Innovation with AWS - Adrian White - AWS TechShift ANZ 2018
 
AWSome Day Online Keynote
AWSome Day Online KeynoteAWSome Day Online Keynote
AWSome Day Online Keynote
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Moving 400 Engineers to AWS: Our Journey to Secure Adoption (SEC306-S) - AWS re:Invent 2018

  • 1.
  • 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Moving 400 Engineers to AWS; Our Journey to Secure Adoption Fleming Shi SVP, Technology Barracuda Networks S E C 3 0 6 - 3
  • 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Where will your applications be in a few years?
  • 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Apps On Premises HQ Apps Hybrid HQ Public Cloud & SaaS HQ Public Cloud & SaaS Public Cloud “All-in” Apps are on the move
  • 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technology evolution at Barracuda 2004 – 2008 • Application-layer security appliances • Hardened hardware appliances • Unified platform • IDC unit volume leader for purpose-built security appliance company 2009 – 2010 2011 - 2013
  • 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technology evolution at Barracuda 2004 – 2008 2009 – 2010 Breaking Deployment Barriers • Added VM offerings for our appliance products • Supporting all major Hypervisors • Continue to win more awards Network Layer Security Appliances • Added Barracuda Next Generation Firewall Storage and Data Protection 2011 - 2013
  • 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Technology evolution at Barracuda 2004 – 2008 2009 – 2010 2011 - 2013 Added SaaS Offerings • Remove the need to rack & stack, continue to simplify IT • Email Security Service • Web Security Service • Mobile Device Management Service • Centralized Management for dispersed IT organizations • Barracuda Cloud Control Mobile Security Public Cloud Integrations • AWS
  • 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2014 - Now • Architectural Transformation • Microservices with “API-First” • Containerize for Portability • Continuous Integration and Deployment • We need to build FASTER! Adoption of Microservices
  • 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The days of building software and toss over the wall to the OPS team are long gone Operational efficiency are achieved from continuously: build|integrate|deploy|protect|monitor|remediate DevOps Mentality – Need for Speed
  • 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. High Availability & Geographically Distributed Zero-Trust which leads to “Rehydration” of Workloads DevOps Mentality – SLA
  • 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Need contracts in the continents where customers reside Peering provider and upstream hiccups Remote hands Physical security Just one more thing, “EPO (Emergency Power Off)” Button Time Needed: Months Data Center
  • 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 18. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. We have a cage and a network drop, now what? Need racks and plan for expansion Time Needed: Weeks Rack Space Allocation
  • 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 20. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Rack density depends on the hardware Need to leave half of the racks empty unless you change your hypervisor hardware Time Needed: Weeks Power Consumption
  • 21. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 22. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hypervisor Agility …6 months later… We got everything running, awesome right? Wait… Need more IO performance and space Time to shuffle some guest VMs Expansion takes time and planning… Time Needed: Months
  • 23. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 24. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Breaking Point We actually ran out of cables Question: Is this ever going to end? Unfortunate answer I can anticipate: Probably not  Time Needed: Weeks
  • 25. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 26. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 27. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security & Compliance Posture A series of questions • Where is everything and how are they related? • Who has access to what? • How do you handle incidents? • What about data privacy issues?
  • 28. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 29. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Low visibility on developer activity How are we asset-tracking for each application? Is there a concept of Dev, Staging then Production? Why are we getting Abuse Reports? Building fast has consequences …
  • 30. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 31. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Abuse Reports Productivity is way up for projects, but start to see security incidents. Yes, I got 3 in 30-day span… embarrassed. Conclusion: We need to watch over the builders via Management and Control Plane natively in the platform.  “Governance with CIS Benchmark and provide auto-remediation”
  • 32. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 33. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Application Security Workloads are easy to spin up, but flows in/out of your applications still need protection. Conclusion: We need application layer protection at the data plane.  “Secure Data in Transit”
  • 34. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 35. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Security for Data at Rest Today, applications are built with UIs, APIs, Databases and Object Storage How do I guarantee the data from my application in Amazon Simple Storage Service (Amazon S3) buckets are clean? Conclusion: We need to protect the Amazon S3 buckets from mis- configuration and malware.  ”Secure Data at Rest with Barracuda ATP, Amazon Macie”
  • 36. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 37. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Hybrid Cloud I needed a strong mesh of service regions to support our customers. What if we rely on AWS as the backbone, I can benefit from its SLA.  Conclusion: Let’s build our Transit VPC using Barracuda Cloud Gen FWs.  “AWS and Barracuda Better Together”
  • 38. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 39. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. } “dev:sec:ops” // Information Security Software engineer Risk professional Cloud expertise, no security ‘Cloud challenged’, sec pros API only interface GUI with centralized management Open source tools Established ISVs Hard to reach Well established Marketing channel Self-consumption of products (marketplace) open PO POs through established channel Metered-billing Licenses
  • 40. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Different models
  • 41. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. 2 personas Builders vs. IT Professionals There is a natural friction between building fast and staying secure… what can Barracuda do here?
  • 42. Barracuda is ready to do this with our security expertise in data plane and working with the native controls on AWS.
  • 43. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 44. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Demo Demonstrate how Barracuda identifies threats at “Data at Rest” to protecting the application itself. Demonstrate how “continuous monitoring” is helping in the Build Fast motion and prevent disasters.
  • 45. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 46. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Embrace Native Controls AWS is now providing more in-depth capabilities for security professionals. Conclusion: Barracuda can integrate and deploy AWS native controls and services wherever possible.  Amazon GuardDuty  Macie
  • 47. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
  • 48. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Be prescriptive with advanced security controls At the time of policy creation, we can identify the right solution for enforcement. Only use what you need at the right place. Conclusion: Security beyond what the platform provides are readily available, we just need to API orchestrate them and remove deployment complexities. From management plane to data plane  OWASP top 10 for web applications  Advanced Threat Protection for Amazon S3  IPS/IDS in flows
  • 49. Trust, but verify inspect, but not disrupt remediate, but moderate security needs to be complete and easy-to-use
  • 50. Do you want to build fast and stay secure? Checkout Barracuda’s booth #2029
  • 51. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. - Fleming Shi
  • 52. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.